diff options
| author | Kim Alvefur <zash@zash.se> | 2019-12-24 00:39:45 +0100 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2019-12-24 00:39:45 +0100 |
| commit | 1eabf5bdb449b0312dfa272884e02cc84175775c (patch) | |
| tree | 94b4ebcb9443e8e6751e1903ade3c9dc8ec9d678 /plugins/mod_auth_internal_hashed.lua | |
| parent | 575cd4c57d062a1addc761aa0036b1db752900a9 (diff) | |
| parent | 8537138d41a6bca5e855040c8928ef2aae59802f (diff) | |
| download | prosody-1eabf5bdb449b0312dfa272884e02cc84175775c.tar.gz prosody-1eabf5bdb449b0312dfa272884e02cc84175775c.zip | |
Merge 0.11->trunk
Diffstat (limited to 'plugins/mod_auth_internal_hashed.lua')
| -rw-r--r-- | plugins/mod_auth_internal_hashed.lua | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/plugins/mod_auth_internal_hashed.lua b/plugins/mod_auth_internal_hashed.lua index 083f648b..c81830de 100644 --- a/plugins/mod_auth_internal_hashed.lua +++ b/plugins/mod_auth_internal_hashed.lua @@ -9,7 +9,7 @@ local max = math.max; -local getAuthenticationDatabaseSHA1 = require "util.sasl.scram".getAuthenticationDatabaseSHA1; +local scram_hashers = require "util.sasl.scram".hashers; local usermanager = require "core.usermanager"; local generate_uuid = require "util.uuid".generate; local new_sasl = require "util.sasl".new; @@ -21,7 +21,9 @@ local host = module.host; local accounts = module:open_store("accounts"); - +local hash_name = module:get_option_string("password_hash", "SHA-1"); +local get_auth_db = assert(scram_hashers[hash_name], "SCRAM-"..hash_name.." not supported by SASL library"); +local scram_name = "scram_"..hash_name:gsub("%-","_"):lower(); -- Default; can be set per-user local default_iteration_count = 4096; @@ -49,7 +51,7 @@ function provider.test_password(username, password) return nil, "Auth failed. Stored salt and iteration count information is not complete."; end - local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, credentials.salt, credentials.iteration_count); + local valid, stored_key, server_key = get_auth_db(password, credentials.salt, credentials.iteration_count); local stored_key_hex = to_hex(stored_key); local server_key_hex = to_hex(server_key); @@ -67,7 +69,7 @@ function provider.set_password(username, password) if account then account.salt = generate_uuid(); account.iteration_count = max(account.iteration_count or 0, default_iteration_count); - local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, account.salt, account.iteration_count); + local valid, stored_key, server_key = get_auth_db(password, account.salt, account.iteration_count); if not valid then return valid, stored_key; end @@ -101,7 +103,7 @@ function provider.create_user(username, password) return accounts:set(username, {}); end local salt = generate_uuid(); - local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, salt, default_iteration_count); + local valid, stored_key, server_key = get_auth_db(password, salt, default_iteration_count); if not valid then return valid, stored_key; end @@ -122,7 +124,7 @@ function provider.get_sasl_handler() plain_test = function(_, username, password, realm) return usermanager.test_password(username, realm, password), true; end, - scram_sha_1 = function(_, username) + [scram_name] = function(_, username) local credentials = accounts:get(username); if not credentials then return; end if credentials.password then |