aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2009-06-20 22:50:38 +0100
committerMatthew Wild <mwild1@gmail.com>2009-06-20 22:50:38 +0100
commit0f51eb5fa1f49a1a094e291528bf954c63dfadfd (patch)
tree0cb3818beb12b4b9cdb4f49f58c27b00c9e4cef3
parent7d05900c4bbe9630cc1bb93f88ea57bf7ddedde2 (diff)
parentf5a6ea54cf8b7ed92185326def5af3c14058da96 (diff)
downloadprosody-0f51eb5fa1f49a1a094e291528bf954c63dfadfd.tar.gz
prosody-0f51eb5fa1f49a1a094e291528bf954c63dfadfd.zip
Merge with Tobias
-rw-r--r--plugins/mod_saslauth.lua8
-rw-r--r--util/sasl.lua7
2 files changed, 8 insertions, 7 deletions
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua
index 78417c0f..02ba41cf 100644
--- a/plugins/mod_saslauth.lua
+++ b/plugins/mod_saslauth.lua
@@ -64,15 +64,15 @@ local function handle_status(session, status)
end
end
-local function password_callback(node, host, mechanism, decoder)
- local password = (datamanager_load(node, host, "accounts") or {}).password; -- FIXME handle hashed passwords
+local function password_callback(node, hostname, realm, mechanism, decoder)
+ local password = (datamanager_load(node, hostname, "accounts") or {}).password; -- FIXME handle hashed passwords
local func = function(x) return x; end;
if password then
if mechanism == "PLAIN" then
return func, password;
elseif mechanism == "DIGEST-MD5" then
- if decoder then node, host, password = decoder(node), decoder(host), decoder(password); end
- return func, md5(node..":"..host..":"..password);
+ if decoder then node, hostname, password = decoder(node), decoder(hostname), decoder(password); end
+ return func, md5(node..":"..realm..":"..password);
end
end
return func, nil;
diff --git a/util/sasl.lua b/util/sasl.lua
index 7f023321..a343d608 100644
--- a/util/sasl.lua
+++ b/util/sasl.lua
@@ -41,7 +41,7 @@ local function new_plain(realm, password_handler)
if authentication == nil or password == nil then return "failure", "malformed-request" end
- local password_encoding, correct_password = self.password_handler(authentication, self.realm, "PLAIN")
+ local password_encoding, correct_password = self.password_handler(authentication, self.realm, self.realm, "PLAIN")
if correct_password == nil then return "failure", "not-authorized"
elseif correct_password == false then return "failure", "account-disabled" end
@@ -176,7 +176,7 @@ local function new_digest_md5(realm, password_handler)
if not response["qop"] then response["qop"] = "auth" end
if response["realm"] == nil or response["realm"] == "" then
- response["realm"] = self.realm;
+ response["realm"] = "";
elseif response["realm"] ~= self.realm then
return "failure", "not-authorized", "Incorrect realm value";
end
@@ -199,12 +199,13 @@ local function new_digest_md5(realm, password_handler)
--TODO maybe realm support
self.username = response["username"];
- local password_encoding, Y = self.password_handler(response["username"], response["realm"], "DIGEST-MD5", decoder)
+ local password_encoding, Y = self.password_handler(response["username"], domain, response["realm"], "DIGEST-MD5", decoder);
if Y == nil then return "failure", "not-authorized"
elseif Y == false then return "failure", "account-disabled" end
local A1 = "";
if response.authzid then
if response.authzid == self.username.."@"..self.realm then
+ -- COMPAT
log("warn", "Client is violating XMPP RFC. See section 6.1 of RFC 3920.");
A1 = Y..":"..response["nonce"]..":"..response["cnonce"]..":"..response.authzid;
else