aboutsummaryrefslogtreecommitdiffstats
path: root/util/sasl
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2010-05-24 19:39:07 +0100
committerMatthew Wild <mwild1@gmail.com>2010-05-24 19:39:07 +0100
commite97ee0eaad41b33c15b562dadb539828e429db84 (patch)
tree2791383deb1c0f64c867a63ed82f96cddbbca552 /util/sasl
parent558778062f4d7fa6e406c243062d1fe2dd3ade9b (diff)
parent227478c80dfe7e28e2230ab8edc71d0634cb9ebf (diff)
downloadprosody-e97ee0eaad41b33c15b562dadb539828e429db84.tar.gz
prosody-e97ee0eaad41b33c15b562dadb539828e429db84.zip
Merge trunk/Tobias->trunk
Diffstat (limited to 'util/sasl')
-rw-r--r--util/sasl/digest-md5.lua4
-rw-r--r--util/sasl/scram.lua13
2 files changed, 12 insertions, 5 deletions
diff --git a/util/sasl/digest-md5.lua b/util/sasl/digest-md5.lua
index 8986ca45..2837148e 100644
--- a/util/sasl/digest-md5.lua
+++ b/util/sasl/digest-md5.lua
@@ -32,13 +32,13 @@ module "digest-md5"
--[[
Supported Authentication Backends
-digest-md5:
+digest_md5:
function(username, domain, realm, encoding) -- domain and realm are usually the same; for some broken
-- implementations it's not
return digesthash, state;
end
-digest-md5-test:
+digest_md5_test:
function(username, domain, realm, encoding, digesthash)
return true or false, state;
end
diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua
index 48536dff..41c7a50a 100644
--- a/util/sasl/scram.lua
+++ b/util/sasl/scram.lua
@@ -32,7 +32,8 @@ module "scram"
--[[
Supported Authentication Backends
-scram-{MECH}:
+scram_{MECH}:
+ -- MECH being a standard hash name (like those at IANA's hash registry) with '-' replaced with '_'
function(username, realm)
return salted_password, iteration_count, salt, state;
end
@@ -92,6 +93,12 @@ local function validate_username(username)
return username;
end
+local function hashprep( hashname )
+ local hash = hashname:lower()
+ hash = hash:gsub("-", "_")
+ return hash
+end
+
function saltedPasswordSHA1(password, salt, iteration_count)
local salted_password
if type(password) ~= "string" or type(salt) ~= "string" or type(iteration_count) ~= "number" then
@@ -156,7 +163,7 @@ local function scram_gen(hash_name, H_f, HMAC_f)
log("error", "Generating salted password failed. Reason: %s", self.state.salted_password);
return "failure", "temporary-auth-failure";
end
- elseif self.profile["scram_"..hash_name] then
+ elseif self.profile["scram_"..hashprep(hash_name)] then
local salted_password, iteration_count, salt, state = self.profile["scram-"..hash_name](self.state.name, self.realm);
if state == nil then return "failure", "not-authorized"
elseif state == false then return "failure", "account-disabled" end
@@ -206,7 +213,7 @@ end
function init(registerMechanism)
local function registerSCRAMMechanism(hash_name, hash, hmac_hash)
- registerMechanism("SCRAM-"..hash_name, {"plain", "scram_"..(hash_name:lower())}, scram_gen(hash_name:lower(), hash, hmac_hash));
+ registerMechanism("SCRAM-"..hash_name, {"plain", "scram_"..(hashprep(hash_name))}, scram_gen(hash_name:lower(), hash, hmac_hash));
end
registerSCRAMMechanism("SHA-1", sha1, hmac_sha1);