prosody
f81c8cec0e71
util/sasl.lua
Software / code / prosody
Comparison
util/sasl.lua @ 1159:f81c8cec0e71
Adding minimal support for authorization identities to workaround buggy SASL implementations.
| author | Tobias Markmann <tm@ayena.de> |
|---|---|
| date | Fri, 15 May 2009 17:24:52 +0200 |
| parent | 1158:7d1e4fc1ee6d |
| child | 1160:7e48324f946e |
comparison
equal
deleted
inserted
replaced
| 1158:7d1e4fc1ee6d | 1159:f81c8cec0e71 |
|---|---|
| 201 --TODO maybe realm support | 201 --TODO maybe realm support |
| 202 self.username = response["username"] | 202 self.username = response["username"] |
| 203 local password_encoding, Y = self.password_handler(response["username"], response["realm"], "DIGEST-MD5", decoder) | 203 local password_encoding, Y = self.password_handler(response["username"], response["realm"], "DIGEST-MD5", decoder) |
| 204 if Y == nil then return "failure", "not-authorized" | 204 if Y == nil then return "failure", "not-authorized" |
| 205 elseif Y == false then return "failure", "account-disabled" end | 205 elseif Y == false then return "failure", "account-disabled" end |
| 206 | 206 local A1 = ""; |
| 207 local A1 = Y..":"..response["nonce"]..":"..response["cnonce"]--:authzid | 207 if response.authzid then |
| 208 if response.authzid == self.username.."@"..self.realm then | |
| 209 log("warn", "Client is violating XMPP RFC. See section 6.1 of RFC 3920"); | |
| 210 A1 = Y..":"..response["nonce"]..":"..response["cnonce"]..":"..response.authzid; | |
| 211 else | |
| 212 A1 = "?"; | |
| 213 end | |
| 214 else | |
| 215 A1 = Y..":"..response["nonce"]..":"..response["cnonce"]; | |
| 216 end | |
| 208 local A2 = "AUTHENTICATE:"..protocol.."/"..domain; | 217 local A2 = "AUTHENTICATE:"..protocol.."/"..domain; |
| 209 | 218 |
| 210 local HA1 = md5(A1, true) | 219 local HA1 = md5(A1, true) |
| 211 local HA2 = md5(A2, true) | 220 local HA2 = md5(A2, true) |
| 212 | 221 |
