prosody
fb3137652ea6

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Changeset

1725:fb3137652ea6

Uncertain merge with 0.5's SASL
author Matthew Wild <mwild1@gmail.com>
date Thu, 20 Aug 2009 13:57:50 +0100
parents 1719:cf103398e643 (current diff) 1724:7682a34c13d0 (diff)
children 1727:cbdc7bf61e0f
files plugins/mod_saslauth.lua util/sasl.lua
diffstat 2 files changed, 10 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/plugins/mod_saslauth.lua	Tue Aug 18 22:00:37 2009 +0200
+++ b/plugins/mod_saslauth.lua	Thu Aug 20 13:57:50 2009 +0100
@@ -1,7 +1,7 @@
 -- Prosody IM
 -- Copyright (C) 2008-2009 Matthew Wild
 -- Copyright (C) 2008-2009 Waqas Hussain
---
+-- 
 -- This project is MIT/X11 licensed. Please see the
 -- COPYING file in the source package for more information.
 --
@@ -13,6 +13,7 @@
 local sm_make_authenticated = require "core.sessionmanager".make_authenticated;
 local base64 = require "util.encodings".base64;
 
+local nodeprep = require "util.encodings".stringprep.nodeprep;
 local datamanager_load = require "util.datamanager".load;
 local usermanager_validate_credentials = require "core.usermanager".validate_credentials;
 local usermanager_get_supported_methods = require "core.usermanager".get_supported_methods;
@@ -70,6 +71,10 @@
 local function credentials_callback(mechanism, ...)
 	if mechanism == "PLAIN" then
 		local username, hostname, password = ...;
+		username = nodeprep(username);
+		if not username then
+			return false;
+		end
 		local response = usermanager_validate_credentials(hostname, username, password, mechanism);
 		if response == nil then
 			return false;
--- a/util/sasl.lua	Tue Aug 18 22:00:37 2009 +0200
+++ b/util/sasl.lua	Thu Aug 20 13:57:50 2009 +0100
@@ -38,9 +38,9 @@
 	function object.feed(self, message)
 		if message == "" or message == nil then return "failure", "malformed-request" end
 		local response = message
-		local authorization = s_match(response, "([^&%z]+)")
-		local authentication = s_match(response, "%z([^&%z]+)%z")
-		local password = s_match(response, "%z[^&%z]+%z([^&%z]+)")
+		local authorization = s_match(response, "([^%z]+)")
+		local authentication = s_match(response, "%z([^%z]+)%z")
+		local password = s_match(response, "%z[^%z]+%z([^%z]+)")
 
     if authentication == nil or password == nil then return "failure", "malformed-request" end
     self.username = authentication
@@ -128,7 +128,7 @@
 		return t_concat(p);
 	end
 	local function parse(data)
-		message = {}
+		local message = {}
 		for k, v in gmatch(data, [[([%w%-]+)="?([^",]*)"?,?]]) do -- FIXME The hacky regex makes me shudder
 			message[k] = v;
 		end