prosody
6279caf921f1

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Changeset

5301:6279caf921f1

util.sasl.{plain,scram,digest-md5}: nodeprep username before passing to callbacks, so callbacks don't have to.
author Waqas Hussain <waqas20@gmail.com>
date Tue, 22 Jan 2013 08:21:05 +0500
parents 5300:fcb1be0b4a5c
children 5302:52fe5df91c65
files util/sasl/digest-md5.lua util/sasl/plain.lua util/sasl/scram.lua
diffstat 3 files changed, 25 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/util/sasl/digest-md5.lua	Sat Jan 12 17:26:50 2013 +0100
+++ b/util/sasl/digest-md5.lua	Tue Jan 22 08:21:05 2013 +0500
@@ -23,6 +23,7 @@
 local md5 = require "util.hashes".md5;
 local log = require "util.logger".init("sasl");
 local generate_uuid = require "util.uuid".generate;
+local nodeprep = require "util.encodings".stringprep.nodeprep;
 
 module "sasl.digest-md5"
 
@@ -139,10 +140,15 @@
 		end
 
 		-- check for username, it's REQUIRED by RFC 2831
-		if not response["username"] then
+		local username = response["username"];
+		local _nodeprep = self.profile.nodeprep;
+		if username and _nodeprep ~= false then
+			username = (_nodeprep or nodeprep)(username); -- FIXME charset
+		end
+		if not username or username == "" then
 			return "failure", "malformed-request";
 		end
-		self["username"] = response["username"];
+		self.username = username;
 
 		-- check for nonce, ...
 		if not response["nonce"] then
@@ -178,7 +184,6 @@
 		end
 
 		--TODO maybe realm support
-		self.username = response["username"];
 		local Y, state;
 		if self.profile.plain then
 			local password, state = self.profile.plain(self, response["username"], self.realm)
--- a/util/sasl/plain.lua	Sat Jan 12 17:26:50 2013 +0100
+++ b/util/sasl/plain.lua	Tue Jan 22 08:21:05 2013 +0500
@@ -13,6 +13,7 @@
 
 local s_match = string.match;
 local saslprep = require "util.encodings".stringprep.saslprep;
+local nodeprep = require "util.encodings".stringprep.nodeprep;
 local log = require "util.logger".init("sasl");
 
 module "sasl.plain"
@@ -54,6 +55,14 @@
 		return "failure", "malformed-request", "Invalid username or password.";
 	end
 
+	local _nodeprep = self.profile.nodeprep;
+	if _nodeprep ~= false then
+		authentication = (_nodeprep or nodeprep)(authentication);
+		if not authentication or authentication == "" then
+			return "failure", "malformed-request", "Invalid username or password."
+		end
+	end
+
 	local correct, state = false, false;
 	if self.profile.plain then
 		local correct_password;
--- a/util/sasl/scram.lua	Sat Jan 12 17:26:50 2013 +0100
+++ b/util/sasl/scram.lua	Tue Jan 22 08:21:05 2013 +0500
@@ -19,6 +19,7 @@
 local sha1 = require "util.hashes".sha1;
 local generate_uuid = require "util.uuid".generate;
 local saslprep = require "util.encodings".stringprep.saslprep;
+local nodeprep = require "util.encodings".stringprep.nodeprep;
 local log = require "util.logger".init("sasl");
 local t_concat = table.concat;
 local char = string.char;
@@ -76,7 +77,7 @@
 	return res
 end
 
-local function validate_username(username)
+local function validate_username(username, _nodeprep)
 	-- check for forbidden char sequences
 	for eq in username:gmatch("=(.?.?)") do
 		if eq ~= "2C" and eq ~= "3D" then
@@ -90,6 +91,11 @@
 	
 	-- apply SASLprep
 	username = saslprep(username);
+
+	if username and _nodeprep ~= false then
+		username = (_nodeprep or nodeprep)(username);
+	end
+
 	return username and #username>0 and username;
 end
 
@@ -133,7 +139,7 @@
 				return "failure", "malformed-request", "Channel binding isn't support at this time.";
 			end
 		
-			self.state.name = validate_username(self.state.name);
+			self.state.name = validate_username(self.state.name, self.profile.nodeprep);
 			if not self.state.name then
 				log("debug", "Username violates either SASLprep or contains forbidden character sequences.")
 				return "failure", "malformed-request", "Invalid username.";