Merge 0.9->trunk

5 files changed, 44 insertions, 13 deletions

diff --git a/util/http.lua b/util/http.lua
new file mode 100644
index 00000000..5b49d1d0
--- /dev/null
+++ b/util/http.lua
@@ -0,0 +1,15 @@
+-- Prosody IM
+-- Copyright (C) 2013 Florian Zeitz
+--
+-- This project is MIT/X11 licensed. Please see the
+-- COPYING file in the source package for more information.
+--
+
+local http = {};
+
+function http.contains_token(field, token)
+	field = ","..field:gsub("[ \t]", ""):lower()..",";
+	return field:find(","..token:lower()..",", 1, true) ~= nil;
+end
+
+return http;
diff --git a/util/openssl.lua b/util/openssl.lua
index 8fdb9b4a..b3dc2943 100644
--- a/util/openssl.lua
+++ b/util/openssl.lua
@@ -72,15 +72,11 @@ local function ia5string(s)
 	return s_format("IA5STRING:%s", s);
 end
 
-local util = {};
 _M.util = {
 	utf8string = utf8string,
 	ia5string = ia5string,
 };
 
-local function xmppAddr(t, host)
-end
-
 function ssl_config:add_dNSName(host)
 	t_insert(self.subject_alternative_name.DNS, idna_to_ascii(host));
 end
@@ -95,12 +91,12 @@ function ssl_config:add_xmppAddr(host)
 		s_format("%s;%s", oid_xmppaddr, utf8string(host)));
 end
 
-function ssl_config:from_prosody(hosts, config, certhosts, raw)
+function ssl_config:from_prosody(hosts, config, certhosts)
 	-- TODO Decide if this should go elsewhere
 	local found_matching_hosts = false;
 	for i = 1,#certhosts do
 		local certhost = certhosts[i];
-		for name, host in pairs(hosts) do
+		for name in pairs(hosts) do
 			if name == certhost or name:sub(-1-#certhost) == "."..certhost then
 				found_matching_hosts = true;
 				self:add_dNSName(name);
@@ -137,7 +133,7 @@ do -- Lua to shell calls.
 				end
 			end
 		end
-		for k,v in ipairs(o) do
+		for _,v in ipairs(o) do
 			t_insert(r, ("'%s'"):format(shell_escape(tostring(v))));
 		end
 		return t_concat(r, " ");
@@ -145,7 +141,7 @@ do -- Lua to shell calls.
 
 	local os_execute = os.execute;
 	setmetatable(_M, {
-		__index=function(self,f)
+		__index=function(_,f)
 			return function(opts)
 				return 0 == os_execute(serialize(f, type(opts) == "table" and opts or {}));
 			end;
diff --git a/util/sasl/digest-md5.lua b/util/sasl/digest-md5.lua
index de2538fc..591d8537 100644
--- a/util/sasl/digest-md5.lua
+++ b/util/sasl/digest-md5.lua
@@ -23,6 +23,7 @@ local to_byte, to_char = string.byte, string.char;
 local md5 = require "util.hashes".md5;
 local log = require "util.logger".init("sasl");
 local generate_uuid = require "util.uuid".generate;
+local nodeprep = require "util.encodings".stringprep.nodeprep;
 
 module "sasl.digest-md5"
 
@@ -139,10 +140,15 @@ local function digest(self, message)
 		end
 
 		-- check for username, it's REQUIRED by RFC 2831
-		if not response["username"] then
+		local username = response["username"];
+		local _nodeprep = self.profile.nodeprep;
+		if username and _nodeprep ~= false then
+			username = (_nodeprep or nodeprep)(username); -- FIXME charset
+		end
+		if not username or username == "" then
 			return "failure", "malformed-request";
 		end
-		self["username"] = response["username"];
+		self.username = username;
 
 		-- check for nonce, ...
 		if not response["nonce"] then
@@ -178,7 +184,6 @@ local function digest(self, message)
 		end
 
 		--TODO maybe realm support
-		self.username = response["username"];
 		local Y, state;
 		if self.profile.plain then
 			local password, state = self.profile.plain(self, response["username"], self.realm)
diff --git a/util/sasl/plain.lua b/util/sasl/plain.lua
index d108a40d..c9ec2911 100644
--- a/util/sasl/plain.lua
+++ b/util/sasl/plain.lua
@@ -13,6 +13,7 @@
 
 local s_match = string.match;
 local saslprep = require "util.encodings".stringprep.saslprep;
+local nodeprep = require "util.encodings".stringprep.nodeprep;
 local log = require "util.logger".init("sasl");
 
 module "sasl.plain"
@@ -54,6 +55,14 @@ local function plain(self, message)
 		return "failure", "malformed-request", "Invalid username or password.";
 	end
 
+	local _nodeprep = self.profile.nodeprep;
+	if _nodeprep ~= false then
+		authentication = (_nodeprep or nodeprep)(authentication);
+		if not authentication or authentication == "" then
+			return "failure", "malformed-request", "Invalid username or password."
+		end
+	end
+
 	local correct, state = false, false;
 	if self.profile.plain then
 		local correct_password;
diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua
index 055ba16a..d0e8987c 100644
--- a/util/sasl/scram.lua
+++ b/util/sasl/scram.lua
@@ -19,6 +19,7 @@ local hmac_sha1 = require "util.hmac".sha1;
 local sha1 = require "util.hashes".sha1;
 local generate_uuid = require "util.uuid".generate;
 local saslprep = require "util.encodings".stringprep.saslprep;
+local nodeprep = require "util.encodings".stringprep.nodeprep;
 local log = require "util.logger".init("sasl");
 local t_concat = table.concat;
 local char = string.char;
@@ -76,7 +77,7 @@ function Hi(hmac, str, salt, i)
 	return res
 end
 
-local function validate_username(username)
+local function validate_username(username, _nodeprep)
 	-- check for forbidden char sequences
 	for eq in username:gmatch("=(.?.?)") do
 		if eq ~= "2C" and eq ~= "3D" then
@@ -90,6 +91,11 @@ local function validate_username(username)
 	
 	-- apply SASLprep
 	username = saslprep(username);
+
+	if username and _nodeprep ~= false then
+		username = (_nodeprep or nodeprep)(username);
+	end
+
 	return username and #username>0 and username;
 end
 
@@ -133,7 +139,7 @@ local function scram_gen(hash_name, H_f, HMAC_f)
 				return "failure", "malformed-request", "Channel binding isn't support at this time.";
 			end
 		
-			self.state.name = validate_username(self.state.name);
+			self.state.name = validate_username(self.state.name, self.profile.nodeprep);
 			if not self.state.name then
 				log("debug", "Username violates either SASLprep or contains forbidden character sequences.")
 				return "failure", "malformed-request", "Invalid username.";