diff options
author | Kim Alvefur <zash@zash.se> | 2013-10-12 21:15:36 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2013-10-12 21:15:36 +0200 |
commit | 9f9050e590c54c817546799f8a678386dc697081 (patch) | |
tree | 35e5dcbdeac4570507f32daf6f457a7f098b82d0 /util/sasl | |
parent | fd4afeecb7be4bce7141a883cbfcb878c61af18d (diff) | |
download | prosody-9f9050e590c54c817546799f8a678386dc697081.tar.gz prosody-9f9050e590c54c817546799f8a678386dc697081.zip |
util.sasl.scram: Compare gs2-header to cbind-input (Thanks Tobias)
Diffstat (limited to 'util/sasl')
-rw-r--r-- | util/sasl/scram.lua | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua index d89eb872..65090719 100644 --- a/util/sasl/scram.lua +++ b/util/sasl/scram.lua @@ -113,8 +113,8 @@ local function scram_gen(hash_name, H_f, HMAC_f) -- TODO: fail if authzid is provided, since we don't support them yet self.state["client_first_message"] = client_first_message; - self.state["gs2_cbind_flag"], self.state["gs2_cbind_name"], self.state["authzid"], self.state["name"], self.state["clientnonce"] - = client_first_message:match("^([ynp])=?([%a%-]*),(.*),n=(.*),r=([^,]*).*"); + self.state["gs2_header"], self.state["gs2_cbind_flag"], self.state["gs2_cbind_name"], self.state["authzid"], self.state["name"], self.state["clientnonce"] + = client_first_message:match("^(([ynp])=?([%a%-]*),(.*),)n=(.*),r=([^,]*).*"); local gs2_cbind_flag = self.state.gs2_cbind_flag; @@ -200,14 +200,14 @@ local function scram_gen(hash_name, H_f, HMAC_f) return "failure", "malformed-request", "Missing an attribute(p, r or c) in SASL message."; end + local client_gs2_header = base64.decode(self.state.channelbinding) + local our_client_gs2_header = self.state["gs2_header"] if self.state.gs2_cbind_name then -- we support channelbinding, so check if the value is valid - local client_gs2_header = base64.decode(self.state.channelbinding) - local our_client_gs2_header = "p="..self.state.gs2_cbind_name..","..self.state["authzid"]..","..self.profile.cb[self.state.gs2_cbind_name](self); - - if client_gs2_header ~= our_client_gs2_header then - return "failure", "malformed-request", "Invalid channel binding value."; - end + our_client_gs2_header = our_client_gs2_header .. self.profile.cb[self.state.gs2_cbind_name](self); + end + if client_gs2_header ~= our_client_gs2_header then + return "failure", "malformed-request", "Invalid channel binding value."; end if self.state.nonce ~= self.state.clientnonce..self.state.servernonce then |