diff options
author | Tobias Markmann <tm@ayena.de> | 2009-05-15 17:24:52 +0200 |
---|---|---|
committer | Tobias Markmann <tm@ayena.de> | 2009-05-15 17:24:52 +0200 |
commit | a8d9ed20faa9663e2a7578102ffff7692c4793e7 (patch) | |
tree | 922784717a91307b5bd8933f8b11dbb944e4a6ba /util | |
parent | 00122588ee55ef7a2c4495857f5ba6bcbab3a382 (diff) | |
download | prosody-a8d9ed20faa9663e2a7578102ffff7692c4793e7.tar.gz prosody-a8d9ed20faa9663e2a7578102ffff7692c4793e7.zip |
Adding minimal support for authorization identities to workaround buggy SASL implementations.
Diffstat (limited to 'util')
-rw-r--r-- | util/sasl.lua | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/util/sasl.lua b/util/sasl.lua index 6aad20fb..200950e2 100644 --- a/util/sasl.lua +++ b/util/sasl.lua @@ -203,8 +203,17 @@ local function new_digest_md5(realm, password_handler) local password_encoding, Y = self.password_handler(response["username"], response["realm"], "DIGEST-MD5", decoder) if Y == nil then return "failure", "not-authorized" elseif Y == false then return "failure", "account-disabled" end - - local A1 = Y..":"..response["nonce"]..":"..response["cnonce"]--:authzid + local A1 = ""; + if response.authzid then + if response.authzid == self.username.."@"..self.realm then + log("warn", "Client is violating XMPP RFC. See section 6.1 of RFC 3920"); + A1 = Y..":"..response["nonce"]..":"..response["cnonce"]..":"..response.authzid; + else + A1 = "?"; + end + else + A1 = Y..":"..response["nonce"]..":"..response["cnonce"]; + end local A2 = "AUTHENTICATE:"..protocol.."/"..domain; local HA1 = md5(A1, true) |