prosody
a977227aa9e6

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Changeset

602:a977227aa9e6

Return error when the given realm value does not match the sent realm value. Prevents impersonation of an account on one virtual host, but a user with the same username on another host.
author Waqas Hussain <waqas20@gmail.com>
date Mon, 08 Dec 2008 03:23:37 +0500
parents 601:6cb908ef01c8
children 603:423fd24fff54
files util/sasl.lua
diffstat 1 files changed, 5 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/util/sasl.lua	Mon Dec 08 03:19:11 2008 +0500
+++ b/util/sasl.lua	Mon Dec 08 03:23:37 2008 +0500
@@ -176,7 +176,11 @@
 			if not response["cnonce"] then return "failure", "malformed-request", "Missing entry for cnonce in SASL message." end
 			if not response["qop"] then response["qop"] = "auth" end
 			
-			if response["realm"] == nil then response["realm"] = "" end
+			if response["realm"] == nil then
+				response["realm"] = ""
+			elseif response["realm"] ~= self.realm then
+				return "failure", "not-authorized", "Incorrect realm value";
+			end
 			local decoder;
 			
 			if response["charset"] == nil then