Changeset

1377:ae88b9dc7890

Merge with Tobias
author Matthew Wild <mwild1@gmail.com>
date Sat, 20 Jun 2009 22:50:38 +0100
parents 1373:120275376bbb (current diff) 1376:13587cf24435 (diff)
children 1378:d09ecc8ee1ef 1392:9935ddfd8ccf
files
diffstat 2 files changed, 8 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/plugins/mod_saslauth.lua	Sat Jun 20 22:47:12 2009 +0100
+++ b/plugins/mod_saslauth.lua	Sat Jun 20 22:50:38 2009 +0100
@@ -64,15 +64,15 @@
 	end
 end
 
-local function password_callback(node, host, mechanism, decoder)
-	local password = (datamanager_load(node, host, "accounts") or {}).password; -- FIXME handle hashed passwords
+local function password_callback(node, hostname, realm, mechanism, decoder)
+	local password = (datamanager_load(node, hostname, "accounts") or {}).password; -- FIXME handle hashed passwords
 	local func = function(x) return x; end;
 	if password then
 		if mechanism == "PLAIN" then
 			return func, password;
 		elseif mechanism == "DIGEST-MD5" then
-			if decoder then node, host, password = decoder(node), decoder(host), decoder(password); end
-			return func, md5(node..":"..host..":"..password);
+			if decoder then node, hostname, password = decoder(node), decoder(hostname), decoder(password); end
+			return func, md5(node..":"..realm..":"..password);
 		end
 	end
 	return func, nil;
--- a/util/sasl.lua	Sat Jun 20 22:47:12 2009 +0100
+++ b/util/sasl.lua	Sat Jun 20 22:50:38 2009 +0100
@@ -41,7 +41,7 @@
 		
 		if authentication == nil or password == nil then return "failure", "malformed-request" end
 		
-		local password_encoding, correct_password = self.password_handler(authentication, self.realm, "PLAIN")
+		local password_encoding, correct_password = self.password_handler(authentication, self.realm, self.realm, "PLAIN")
 		
 		if correct_password == nil then return "failure", "not-authorized"
 		elseif correct_password == false then return "failure", "account-disabled" end
@@ -176,7 +176,7 @@
 			if not response["qop"] then response["qop"] = "auth" end
 			
 			if response["realm"] == nil or response["realm"] == "" then
-				response["realm"] = self.realm;
+				response["realm"] = "";
 			elseif response["realm"] ~= self.realm then
 				return "failure", "not-authorized", "Incorrect realm value";
 			end
@@ -199,12 +199,13 @@
 			
 			--TODO maybe realm support
 			self.username = response["username"];
-			local password_encoding, Y = self.password_handler(response["username"], response["realm"], "DIGEST-MD5", decoder)
+			local password_encoding, Y = self.password_handler(response["username"], domain, response["realm"], "DIGEST-MD5", decoder);
 			if Y == nil then return "failure", "not-authorized"
 			elseif Y == false then return "failure", "account-disabled" end
 			local A1 = "";
 			if response.authzid then
 				if response.authzid == self.username.."@"..self.realm then
+					-- COMPAT
 					log("warn", "Client is violating XMPP RFC. See section 6.1 of RFC 3920.");
 					A1 = Y..":"..response["nonce"]..":"..response["cnonce"]..":"..response.authzid;
 				else