# HG changeset patch # User Matthew Wild # Date 1250773070 -3600 # Node ID fb3137652ea67cc879ac997aa0f17e396de6369e # Parent cf103398e64386d7c9d6111c7b6f38691012ee04# Parent 7682a34c13d00238f7c5bd5bc8ad6aca3691b11c Uncertain merge with 0.5's SASL diff -r cf103398e643 -r fb3137652ea6 plugins/mod_saslauth.lua --- a/plugins/mod_saslauth.lua Tue Aug 18 22:00:37 2009 +0200 +++ b/plugins/mod_saslauth.lua Thu Aug 20 13:57:50 2009 +0100 @@ -1,7 +1,7 @@ -- Prosody IM -- Copyright (C) 2008-2009 Matthew Wild -- Copyright (C) 2008-2009 Waqas Hussain --- +-- -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. -- @@ -13,6 +13,7 @@ local sm_make_authenticated = require "core.sessionmanager".make_authenticated; local base64 = require "util.encodings".base64; +local nodeprep = require "util.encodings".stringprep.nodeprep; local datamanager_load = require "util.datamanager".load; local usermanager_validate_credentials = require "core.usermanager".validate_credentials; local usermanager_get_supported_methods = require "core.usermanager".get_supported_methods; @@ -70,6 +71,10 @@ local function credentials_callback(mechanism, ...) if mechanism == "PLAIN" then local username, hostname, password = ...; + username = nodeprep(username); + if not username then + return false; + end local response = usermanager_validate_credentials(hostname, username, password, mechanism); if response == nil then return false; diff -r cf103398e643 -r fb3137652ea6 util/sasl.lua --- a/util/sasl.lua Tue Aug 18 22:00:37 2009 +0200 +++ b/util/sasl.lua Thu Aug 20 13:57:50 2009 +0100 @@ -38,9 +38,9 @@ function object.feed(self, message) if message == "" or message == nil then return "failure", "malformed-request" end local response = message - local authorization = s_match(response, "([^&%z]+)") - local authentication = s_match(response, "%z([^&%z]+)%z") - local password = s_match(response, "%z[^&%z]+%z([^&%z]+)") + local authorization = s_match(response, "([^%z]+)") + local authentication = s_match(response, "%z([^%z]+)%z") + local password = s_match(response, "%z[^%z]+%z([^%z]+)") if authentication == nil or password == nil then return "failure", "malformed-request" end self.username = authentication @@ -128,7 +128,7 @@ return t_concat(p); end local function parse(data) - message = {} + local message = {} for k, v in gmatch(data, [[([%w%-]+)="?([^",]*)"?,?]]) do -- FIXME The hacky regex makes me shudder message[k] = v; end