Software /
code /
prosody
Changeset
1159:f81c8cec0e71
Adding minimal support for authorization identities to workaround buggy SASL implementations.
author | Tobias Markmann <tm@ayena.de> |
---|---|
date | Fri, 15 May 2009 17:24:52 +0200 (2009-05-15) |
parents | 1158:7d1e4fc1ee6d |
children | 1160:7e48324f946e |
files | util/sasl.lua |
diffstat | 1 files changed, 11 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/util/sasl.lua Fri May 15 17:05:26 2009 +0200 +++ b/util/sasl.lua Fri May 15 17:24:52 2009 +0200 @@ -203,8 +203,17 @@ local password_encoding, Y = self.password_handler(response["username"], response["realm"], "DIGEST-MD5", decoder) if Y == nil then return "failure", "not-authorized" elseif Y == false then return "failure", "account-disabled" end - - local A1 = Y..":"..response["nonce"]..":"..response["cnonce"]--:authzid + local A1 = ""; + if response.authzid then + if response.authzid == self.username.."@"..self.realm then + log("warn", "Client is violating XMPP RFC. See section 6.1 of RFC 3920"); + A1 = Y..":"..response["nonce"]..":"..response["cnonce"]..":"..response.authzid; + else + A1 = "?"; + end + else + A1 = Y..":"..response["nonce"]..":"..response["cnonce"]; + end local A2 = "AUTHENTICATE:"..protocol.."/"..domain; local HA1 = md5(A1, true)