diff options
author | Jeff Mitchell <jeff@jefferai.org> | 2010-05-27 10:54:11 -0400 |
---|---|---|
committer | Jeff Mitchell <jeff@jefferai.org> | 2010-05-27 10:54:11 -0400 |
commit | b9196dd592b734c54b1282c04d3f6825f6bf4c53 (patch) | |
tree | d3334c9ec506907b4ecb5e76f903f7998b411a2e | |
parent | 534d1b91a46511fe3ad5c98c9a1d0766af74f770 (diff) | |
download | prosody-b9196dd592b734c54b1282c04d3f6825f6bf4c53.tar.gz prosody-b9196dd592b734c54b1282c04d3f6825f6bf4c53.zip |
Add mechanism for upgrading to hashed passwords from default. Remove some extra debug.
-rw-r--r-- | core/usermanager.lua | 13 | ||||
-rw-r--r-- | plugins/mod_hashpassauth.lua | 38 |
2 files changed, 27 insertions, 24 deletions
diff --git a/core/usermanager.lua b/core/usermanager.lua index 0920eb62..ccbf5fb5 100644 --- a/core/usermanager.lua +++ b/core/usermanager.lua @@ -30,27 +30,16 @@ function new_null_provider() end local function host_handler(host) - log("debug", "host_handler called with host '%s'", host); local host_session = hosts[host]; host_session.events.add_handler("item-added/auth-provider", function (event) local provider = event.item; - if provider == nil then - log("debug", "auth provider is nil"); - else - log("debug", "auth provider is not nil"); - end - if provider.name == nil then - log("debug", "authentication provider name is nil"); - else - log("debug", "authentication provider name = '%s'", provider.name); - end if config.get(host, "core", "authentication") == nil and provider.name == "default" then host_session.users = provider; elseif config.get(host, "core", "authentication") == provider.name then host_session.users = provider; end if host_session.users ~= nil and host_session.users.name ~= nil then - log("debug", "host_session.users.name for host '%s' now '%s'", host, host_session.users.name); + log("debug", "host '%s' now set to use user provider '%s'", host, host_session.users.name); end end); host_session.events.add_handler("item-removed/auth-provider", function (event) diff --git a/plugins/mod_hashpassauth.lua b/plugins/mod_hashpassauth.lua index 3c5cd291..8f38f03f 100644 --- a/plugins/mod_hashpassauth.lua +++ b/plugins/mod_hashpassauth.lua @@ -32,22 +32,28 @@ function new_hashpass_provider(host) log("debug", "initializing hashpass authentication provider for host '%s'", host); function provider.test_password(username, password) - log("debug", "test password for user %s at host %s", username, module.host); if is_cyrus(host) then return nil, "Legacy auth not supported with Cyrus SASL."; end local credentials = datamanager.load(username, host, "accounts") or {}; - if credentials.hashpass == nil or credentials.iteration_count == nil or credentials.salt == nil then - return nil, "Auth failed. Stored credential information is not complete."; + if credentials.iteration_count == nil or credentials.salt == nil or string.len(credentials.salt) == 0 then + return nil, "Auth failed. Stored salt and iteration count information is not complete."; + end + + if credentials.password ~= nil and string.len(credentials.password) ~= 0 then + if credentials.password ~= password then + return nil, "Auth failed. Provided password is incorrect."; + end + + if provider.set_password(username, credentials.password) == nil then + return nil, "Auth failed. Could not set hashed password from plaintext."; + else + return true; + end end local valid, binpass = saltedPasswordSHA1(password, credentials.salt, credentials.iteration_count); local hexpass = binpass:gsub(".", function (c) return ("%02x"):format(c:byte()); end); - if valid then - log("debug", "salted password returned valid"); - else - log("debug", "salted password returned not valid"); - end - log("debug", "hexpass is '%s', stored pass is '%s'", hexpass, credentials.hashpass); + if valid and hexpass == credentials.hashpass then return true; else @@ -56,9 +62,16 @@ function new_hashpass_provider(host) end function provider.get_password(username) - log("debug", "get_password for username '%s' at host '%s'", username, module.host); if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end - return (datamanager.load(username, host, "accounts") or {}).hashpass; + local credentials = datamanager.load(username, host, "accounts") or {}; + if(credentials.password ~= nil or (credentials.password ~= nil and string.len(credentials.password) ~= 0)) then + if provider.set_password(username, credentials.password) == nil then + return nil, "Problem setting plaintext password to hashed password."; + end + credentials = datamanager.load(username, host, "accounts"); + return credentials.hashpass; + end + return credentials.hashpass; end function provider.set_password(username, password) @@ -77,6 +90,7 @@ function new_hashpass_provider(host) local hexpass = binpass:gsub(".", function (c) return ("%02x"):format(c:byte()); end); account.hashpass = hexpass; + account.password = nil; return datamanager.store(username, host, "accounts", account); end return nil, "Account not available."; @@ -89,7 +103,7 @@ function new_hashpass_provider(host) log("debug", "account not found for username '%s' at host '%s'", username, module.host); return nil, "Auth failed. Invalid username"; end - if account.hashpass == nil or string.len(account.hashpass) == 0 then + if (account.hashpass == nil or string.len(account.hashpass) == 0) and (account.password == nil or string.len(account.password) == 0) then log("debug", "account password not set or zero-length for username '%s' at host '%s'", username, module.host); return nil, "Auth failed. Password invalid."; end |