aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--plugins/mod_saslauth.lua9
-rw-r--r--util/sasl.lua35
2 files changed, 41 insertions, 3 deletions
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua
index 52ef68c7..9884ec5c 100644
--- a/plugins/mod_saslauth.lua
+++ b/plugins/mod_saslauth.lua
@@ -41,11 +41,13 @@ local new_sasl = require "util.sasl".new;
local function build_reply(status, ret, err_msg)
local reply = st.stanza(status, {xmlns = xmlns_sasl});
if status == "challenge" then
+ log("challenge", ret or "");
reply:text(base64.encode(ret or ""));
elseif status == "failure" then
reply:tag(ret):up();
if err_msg then reply:tag("text"):text(err_msg); end
elseif status == "success" then
+ log("success", ret or "");
reply:text(base64.encode(ret or ""));
else
error("Unknown sasl status: "..status);
@@ -65,13 +67,15 @@ local function handle_status(session, status)
end
local function password_callback(node, host, mechanism, raw_host)
- local password = (datamanager.load(node, host, "accounts") or {}).password; -- FIXME handle hashed passwords
+ log("host", host);
+ log("raw_host", raw_host);
+ local password = (datamanager.load(node, raw_host, "accounts") or {}).password; -- FIXME handle hashed passwords
local func = function(x) return x; end;
if password then
if mechanism == "PLAIN" then
return func, password;
elseif mechanism == "DIGEST-MD5" then
- return func, md5(node..":"..raw_host..":"..password);
+ return func, md5(node..":"..host..":"..password);
end
end
return func, nil;
@@ -87,6 +91,7 @@ function sasl_handler(session, stanza)
local text = stanza[1];
if text then
text = base64.decode(text);
+ log("recieved", text);
if not text then
session.sasl_handler = nil;
session.send(build_reply("failure", "incorrect-encoding"));
diff --git a/util/sasl.lua b/util/sasl.lua
index ab8b814b..75f1da96 100644
--- a/util/sasl.lua
+++ b/util/sasl.lua
@@ -81,6 +81,39 @@ local function new_digest_md5(realm, password_handler)
return data
end
+ local function utf8tolatin1ifpossible(passwd)
+ local i = 1;
+ while i <= #passwd do
+ local passwd_i = to_byte(passwd:sub(i, i));
+ if passwd_i > 0x7F then
+ if passwd_i < 0xC0 or passwd_i > 0xC3 then
+ return passwd;
+ end
+ i = i + 1;
+ passwd_i = to_byte(passwd:sub(i, i));
+ if passwd_i < 0x80 or passwd_i > 0xBF then
+ return passwd;
+ end
+ end
+ i = i + 1;
+ end
+
+ local p = {};
+ local j = 0;
+ i = 1;
+ while (i <= #passwd) do
+ local passwd_i = to_byte(passwd:sub(i, i));
+ if passwd_i > 0x7F then
+ i = i + 1;
+ local passwd_i_1 = to_byte(passwd:sub(i, i));
+ t_insert(p, to_char(passwd_i%4*64 + passwd_i_1%64)); -- I'm so clever
+ else
+ t_insert(p, to_char(passwd_i));
+ end
+ i = i + 1;
+ end
+ return t_concat(p);
+ end
local function latin1toutf8(str)
local p = {};
for ch in gmatch(str, ".") do
@@ -148,7 +181,7 @@ local function new_digest_md5(realm, password_handler)
if response["charset"] == nil then
response["username"] = latin1toutf8(response["username"])
- response["realm"] = latin1toutf8(response["realm"])
+ response["realm"] = utf8tolatin1ifpossible(response["realm"])
elseif response["charset"] ~= "utf-8" then
return "failure", "incorrect-encoding", "The client's response uses "..response["charset"].." for encoding with isn't supported by sasl.lua. Supported encodings are latin or utf-8."
end