diff options
author | Tobias Markmann <tm@ayena.de> | 2011-02-06 13:39:32 +0100 |
---|---|---|
committer | Tobias Markmann <tm@ayena.de> | 2011-02-06 13:39:32 +0100 |
commit | f575f1eb40aef2e7196badfe41d217b6f7fbf350 (patch) | |
tree | 9c5d6946b7801e15497634c8c2113e95c6f927aa | |
parent | 051ca76fbe398f3e177386c212dafd78bc6ecbe4 (diff) | |
download | prosody-f575f1eb40aef2e7196badfe41d217b6f7fbf350.tar.gz prosody-f575f1eb40aef2e7196badfe41d217b6f7fbf350.zip |
sasl.util.scarm: Rearrage some code so it makes more sense.
-rw-r--r-- | util/sasl/scram.lua | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua index 19d0bf7b..ad26658b 100644 --- a/util/sasl/scram.lua +++ b/util/sasl/scram.lua @@ -132,7 +132,7 @@ local function scram_gen(hash_name, H_f, HMAC_f) = client_first_message:match("^(%a)=?([%a%-]*),(.*),n=(.*),r=([^,]*).*"); -- check for invalid gs2_flag_type start - local gs2_flag_type == string.sub(self.state.gs2_cbind_flag, 0, 1) + local gs2_flag_type = string.sub(self.state.gs2_cbind_flag, 0, 1) if gs2_flag_type ~= "y" and gs2_flag_type ~= "n" and gs2_flag_type ~= "p" then return "failure", "malformed-request", "The GS2 header has to start with 'y', 'n', or 'p'." end @@ -206,17 +206,18 @@ local function scram_gen(hash_name, H_f, HMAC_f) log("debug", "client_final_message: %s", client_final_message); self.state["channelbinding"], self.state["nonce"], self.state["proof"] = client_final_message:match("^c=(.*),r=(.*),.*p=(.*)"); + if not self.state.proof or not self.state.nonce or not self.state.channelbinding then + return "failure", "malformed-request", "Missing an attribute(p, r or c) in SASL message."; + end + if self.state.gs2_cbind_name then + -- we support channelbinding, so check if the value is valid local client_gs2_header = base64.decode(self.state.channelbinding) local our_client_gs2_header = "p="..self.state.gs2_cbind_name..","..self.state["authzid"]..","..self.profile.cb[self.state.gs2_cbind_name](self); if client_gs2_header ~= our_client_gs2_header then return "failure", "malformed-request", "Invalid channel binding value."; end - else - if not self.state.proof or not self.state.nonce or not self.state.channelbinding then - return "failure", "malformed-request", "Missing an attribute(p, r or c) in SASL message."; - end end if self.state.nonce ~= self.state.clientnonce..self.state.servernonce then |