aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/mod_auth_internal_hashed.lua
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2019-11-16 16:52:31 +0100
committerKim Alvefur <zash@zash.se>2019-11-16 16:52:31 +0100
commit908f5b61c55e4cba39e61ac415b0fca384a1095d (patch)
tree6e391ff6608608f181e42c92ee6dfd7c534da255 /plugins/mod_auth_internal_hashed.lua
parentc4c38d2f01d5f2711b527c7c2412250ed6c58738 (diff)
parentfd9ccf20d5b652dbad1f37cecd540661f4642ee6 (diff)
downloadprosody-908f5b61c55e4cba39e61ac415b0fca384a1095d.tar.gz
prosody-908f5b61c55e4cba39e61ac415b0fca384a1095d.zip
Merge 0.11->trunk
Diffstat (limited to 'plugins/mod_auth_internal_hashed.lua')
-rw-r--r--plugins/mod_auth_internal_hashed.lua14
1 files changed, 8 insertions, 6 deletions
diff --git a/plugins/mod_auth_internal_hashed.lua b/plugins/mod_auth_internal_hashed.lua
index 35764afb..be22a8d8 100644
--- a/plugins/mod_auth_internal_hashed.lua
+++ b/plugins/mod_auth_internal_hashed.lua
@@ -9,7 +9,7 @@
local max = math.max;
-local getAuthenticationDatabaseSHA1 = require "util.sasl.scram".getAuthenticationDatabaseSHA1;
+local scram_hashers = require "util.sasl.scram".hashers;
local usermanager = require "core.usermanager";
local generate_uuid = require "util.uuid".generate;
local new_sasl = require "util.sasl".new;
@@ -21,7 +21,9 @@ local host = module.host;
local accounts = module:open_store("accounts");
-
+local hash_name = module:get_option_string("password_hash", "SHA-1");
+local get_auth_db = assert(scram_hashers[hash_name], "SCRAM-"..hash_name.." not supported by SASL library");
+local scram_name = "scram_"..hash_name:gsub("%-","_"):lower();
-- Default; can be set per-user
local default_iteration_count = 4096;
@@ -49,7 +51,7 @@ function provider.test_password(username, password)
return nil, "Auth failed. Stored salt and iteration count information is not complete.";
end
- local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, credentials.salt, credentials.iteration_count);
+ local valid, stored_key, server_key = get_auth_db(password, credentials.salt, credentials.iteration_count);
local stored_key_hex = to_hex(stored_key);
local server_key_hex = to_hex(server_key);
@@ -67,7 +69,7 @@ function provider.set_password(username, password)
if account then
account.salt = generate_uuid();
account.iteration_count = max(account.iteration_count or 0, default_iteration_count);
- local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, account.salt, account.iteration_count);
+ local valid, stored_key, server_key = get_auth_db(password, account.salt, account.iteration_count);
local stored_key_hex = to_hex(stored_key);
local server_key_hex = to_hex(server_key);
@@ -98,7 +100,7 @@ function provider.create_user(username, password)
return accounts:set(username, {});
end
local salt = generate_uuid();
- local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, salt, default_iteration_count);
+ local valid, stored_key, server_key = get_auth_db(password, salt, default_iteration_count);
local stored_key_hex = to_hex(stored_key);
local server_key_hex = to_hex(server_key);
return accounts:set(username, {
@@ -116,7 +118,7 @@ function provider.get_sasl_handler()
plain_test = function(_, username, password, realm)
return usermanager.test_password(username, realm, password), true;
end,
- scram_sha_1 = function(_, username)
+ [scram_name] = function(_, username)
local credentials = accounts:get(username);
if not credentials then return; end
if credentials.password then