Software / code / prosody
Diff
util/sasl/scram.lua @ 5840:4b484e8feafc
sasl.util.scarm: Rearrage some code so it makes more sense.
| author | Tobias Markmann <tm@ayena.de> |
|---|---|
| date | Sun, 06 Feb 2011 13:39:32 +0100 |
| parent | 5839:a65b56348034 |
| child | 5841:1b0c7e7c6be8 |
line wrap: on
line diff
--- a/util/sasl/scram.lua Sun Feb 06 13:20:17 2011 +0100 +++ b/util/sasl/scram.lua Sun Feb 06 13:39:32 2011 +0100 @@ -132,7 +132,7 @@ = client_first_message:match("^(%a)=?([%a%-]*),(.*),n=(.*),r=([^,]*).*"); -- check for invalid gs2_flag_type start - local gs2_flag_type == string.sub(self.state.gs2_cbind_flag, 0, 1) + local gs2_flag_type = string.sub(self.state.gs2_cbind_flag, 0, 1) if gs2_flag_type ~= "y" and gs2_flag_type ~= "n" and gs2_flag_type ~= "p" then return "failure", "malformed-request", "The GS2 header has to start with 'y', 'n', or 'p'." end @@ -206,17 +206,18 @@ log("debug", "client_final_message: %s", client_final_message); self.state["channelbinding"], self.state["nonce"], self.state["proof"] = client_final_message:match("^c=(.*),r=(.*),.*p=(.*)"); + if not self.state.proof or not self.state.nonce or not self.state.channelbinding then + return "failure", "malformed-request", "Missing an attribute(p, r or c) in SASL message."; + end + if self.state.gs2_cbind_name then + -- we support channelbinding, so check if the value is valid local client_gs2_header = base64.decode(self.state.channelbinding) local our_client_gs2_header = "p="..self.state.gs2_cbind_name..","..self.state["authzid"]..","..self.profile.cb[self.state.gs2_cbind_name](self); if client_gs2_header ~= our_client_gs2_header then return "failure", "malformed-request", "Invalid channel binding value."; end - else - if not self.state.proof or not self.state.nonce or not self.state.channelbinding then - return "failure", "malformed-request", "Missing an attribute(p, r or c) in SASL message."; - end end if self.state.nonce ~= self.state.clientnonce..self.state.servernonce then
