Comparison

util/sasl.lua @ 1159:f81c8cec0e71

Adding minimal support for authorization identities to workaround buggy SASL implementations.
author Tobias Markmann <tm@ayena.de>
date Fri, 15 May 2009 17:24:52 +0200
parent 1158:7d1e4fc1ee6d
child 1160:7e48324f946e
comparison
equal deleted inserted replaced
1158:7d1e4fc1ee6d 1159:f81c8cec0e71
201 --TODO maybe realm support 201 --TODO maybe realm support
202 self.username = response["username"] 202 self.username = response["username"]
203 local password_encoding, Y = self.password_handler(response["username"], response["realm"], "DIGEST-MD5", decoder) 203 local password_encoding, Y = self.password_handler(response["username"], response["realm"], "DIGEST-MD5", decoder)
204 if Y == nil then return "failure", "not-authorized" 204 if Y == nil then return "failure", "not-authorized"
205 elseif Y == false then return "failure", "account-disabled" end 205 elseif Y == false then return "failure", "account-disabled" end
206 206 local A1 = "";
207 local A1 = Y..":"..response["nonce"]..":"..response["cnonce"]--:authzid 207 if response.authzid then
208 if response.authzid == self.username.."@"..self.realm then
209 log("warn", "Client is violating XMPP RFC. See section 6.1 of RFC 3920");
210 A1 = Y..":"..response["nonce"]..":"..response["cnonce"]..":"..response.authzid;
211 else
212 A1 = "?";
213 end
214 else
215 A1 = Y..":"..response["nonce"]..":"..response["cnonce"];
216 end
208 local A2 = "AUTHENTICATE:"..protocol.."/"..domain; 217 local A2 = "AUTHENTICATE:"..protocol.."/"..domain;
209 218
210 local HA1 = md5(A1, true) 219 local HA1 = md5(A1, true)
211 local HA2 = md5(A2, true) 220 local HA2 = md5(A2, true)
212 221