aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTobias Markmann <tm@ayena.de>2010-06-09 17:51:08 +0200
committerTobias Markmann <tm@ayena.de>2010-06-09 17:51:08 +0200
commitd543622be3cad382c9f2b4febf1e8cb7f47d21d8 (patch)
treec9deaad4e80a8858ea22bc4a8f5debdea824c37a
parent9184608dec00737844498068a4541a4e0238acc8 (diff)
downloadprosody-d543622be3cad382c9f2b4febf1e8cb7f47d21d8.tar.gz
prosody-d543622be3cad382c9f2b4febf1e8cb7f47d21d8.zip
mod_auth_internal_hashed: Convert hashpass to server_key/stored_key on PLAIN login.
-rw-r--r--plugins/mod_auth_internal_hashed.lua32
1 files changed, 13 insertions, 19 deletions
diff --git a/plugins/mod_auth_internal_hashed.lua b/plugins/mod_auth_internal_hashed.lua
index 4e554584..59aef1ec 100644
--- a/plugins/mod_auth_internal_hashed.lua
+++ b/plugins/mod_auth_internal_hashed.lua
@@ -59,22 +59,22 @@ function new_hashpass_provider(host)
local valid, stored_key, server_key
- if credentials.hexpass then
- -- convert hexpass to stored_key and server_key
- -- TODO: remove this in near future
+ -- convert hexpass to stored_key and server_key
+ -- TODO: remove this in near future
+ if credentials.hashpass then
valid = true;
- local salted_password = credentials.hexpass:gsub("..", function(x) return string.char(tonumber(x, 16)); end);
-
- stored_key = sha1(hmac_sha1(salted_password, "Client Key"))
- server_key = hmac_sha1(salted_password, "Server Key");
- else
- valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, credentials.salt, credentials.iteration_count);
+ local salted_password = credentials.hashpass:gsub("..", function(x) return string.char(tonumber(x, 16)); end);
+ log("debug", "salted_password in bin: %s", tostring(salted_password));
+ credentials.stored_key = sha1(hmac_sha1(salted_password, "Client Key")):gsub(".", function (c) return ("%02x"):format(c:byte()); end);
+ credentials.server_key = hmac_sha1(salted_password, "Server Key"):gsub(".", function (c) return ("%02x"):format(c:byte()); end);
end
+ local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, credentials.salt, credentials.iteration_count);
+
local stored_key_hex = stored_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end);
local server_key_hex = server_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end);
- if valid and stored_key_hex == credentials.stored_key and server_key_hex == credentials.server_key_hex then
+ if valid and stored_key_hex == credentials.stored_key and server_key_hex == credentials.server_key then
return true;
else
return nil, "Auth failed. Invalid username, password, or password hash information.";
@@ -85,15 +85,9 @@ function new_hashpass_provider(host)
if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end
local account = datamanager.load(username, host, "accounts");
if account then
- if account.iteration_count == nil then
- account.iteration_count = iteration_count;
- end
-
- if account.salt == nil then
- account.salt = generate_uuid();
- end
-
- local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, credentials.salt, credentials.iteration_count);
+ account.salt = account.salt or generate_uuid();
+ account.iteration_count = account.iteration_count or iteration_count;
+ local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, account.salt, account.iteration_count);
local stored_key_hex = stored_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end);
local server_key_hex = server_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end);