aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2014-02-19 20:10:23 +0100
committerKim Alvefur <zash@zash.se>2014-02-19 20:10:23 +0100
commitf27987785f1a4cce95652eb87eea5d2281d13d4d (patch)
tree5110e98da3ce0b1a10fa2300eee28a6b6b566fe1
parent741b175347e86a18273060fc884b1d5c8899cc5e (diff)
parente4186638c7e61215b1df2020a98ae5e7dce313f4 (diff)
downloadprosody-f27987785f1a4cce95652eb87eea5d2281d13d4d.tar.gz
prosody-f27987785f1a4cce95652eb87eea5d2281d13d4d.zip
Merge 0.10->trunk
-rw-r--r--plugins/mod_auth_internal_hashed.lua12
1 files changed, 7 insertions, 5 deletions
diff --git a/plugins/mod_auth_internal_hashed.lua b/plugins/mod_auth_internal_hashed.lua
index fb87bb9f..954392c9 100644
--- a/plugins/mod_auth_internal_hashed.lua
+++ b/plugins/mod_auth_internal_hashed.lua
@@ -7,6 +7,8 @@
-- COPYING file in the source package for more information.
--
+local max = math.max;
+
local getAuthenticationDatabaseSHA1 = require "util.sasl.scram".getAuthenticationDatabaseSHA1;
local usermanager = require "core.usermanager";
local generate_uuid = require "util.uuid".generate;
@@ -39,7 +41,7 @@ end
-- Default; can be set per-user
-local iteration_count = 4096;
+local default_iteration_count = 4096;
-- define auth provider
local provider = {};
@@ -80,8 +82,8 @@ function provider.set_password(username, password)
log("debug", "set_password for username '%s'", username);
local account = accounts:get(username);
if account then
- account.salt = account.salt or generate_uuid();
- account.iteration_count = account.iteration_count or iteration_count;
+ account.salt = generate_uuid();
+ account.iteration_count = max(account.iteration_count or 0, default_iteration_count);
local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, account.salt, account.iteration_count);
local stored_key_hex = to_hex(stored_key);
local server_key_hex = to_hex(server_key);
@@ -113,10 +115,10 @@ function provider.create_user(username, password)
return accounts:set(username, {});
end
local salt = generate_uuid();
- local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, salt, iteration_count);
+ local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, salt, default_iteration_count);
local stored_key_hex = to_hex(stored_key);
local server_key_hex = to_hex(server_key);
- return accounts:set(username, {stored_key = stored_key_hex, server_key = server_key_hex, salt = salt, iteration_count = iteration_count});
+ return accounts:set(username, {stored_key = stored_key_hex, server_key = server_key_hex, salt = salt, iteration_count = default_iteration_count});
end
function provider.delete_user(username)