diff options
| author | Kim Alvefur <zash@zash.se> | 2020-06-06 00:54:28 +0200 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2020-06-06 00:54:28 +0200 |
| commit | bcb73345a91c30fe9979c557e7cae2870dc97c08 (patch) | |
| tree | 5dab399947091600ef0a5f4937cd915844ad6584 /util | |
| parent | 90ae8d8e1d3fc0ba58c24501b0a39b2c999233a0 (diff) | |
| parent | 3ce91067f6299da1d8d9b4c8a1fdbf304cf91914 (diff) | |
| download | prosody-bcb73345a91c30fe9979c557e7cae2870dc97c08.tar.gz prosody-bcb73345a91c30fe9979c557e7cae2870dc97c08.zip | |
Merge 0.11->trunk
Diffstat (limited to 'util')
| -rw-r--r-- | util/sasl/plain.lua | 2 | ||||
| -rw-r--r-- | util/sasl/scram.lua | 4 |
2 files changed, 5 insertions, 1 deletions
diff --git a/util/sasl/plain.lua b/util/sasl/plain.lua index 00c6bd20..43a66c5b 100644 --- a/util/sasl/plain.lua +++ b/util/sasl/plain.lua @@ -70,7 +70,7 @@ local function plain(self, message) if self.profile.plain then local correct_password; correct_password, state = self.profile.plain(self, authentication, self.realm); - correct = (correct_password == password); + correct = (saslprep(correct_password) == password); elseif self.profile.plain_test then correct, state = self.profile.plain_test(self, authentication, password, self.realm); end diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua index b3370d4b..009a01ce 100644 --- a/util/sasl/scram.lua +++ b/util/sasl/scram.lua @@ -105,6 +105,10 @@ local function get_scram_hasher(H, HMAC, Hi) if iteration_count < 4096 then log("warn", "Iteration count < 4096 which is the suggested minimum according to RFC 5802.") end + password = saslprep(password); + if not password then + return false, "password fails SASLprep"; + end local salted_password = Hi(password, salt, iteration_count); local stored_key = H(HMAC(salted_password, "Client Key")) local server_key = HMAC(salted_password, "Server Key"); |