aboutsummaryrefslogtreecommitdiffstats
path: root/util/sasl
diff options
context:
space:
mode:
Diffstat (limited to 'util/sasl')
-rw-r--r--util/sasl/plain.lua2
-rw-r--r--util/sasl/scram.lua4
2 files changed, 5 insertions, 1 deletions
diff --git a/util/sasl/plain.lua b/util/sasl/plain.lua
index 00c6bd20..43a66c5b 100644
--- a/util/sasl/plain.lua
+++ b/util/sasl/plain.lua
@@ -70,7 +70,7 @@ local function plain(self, message)
if self.profile.plain then
local correct_password;
correct_password, state = self.profile.plain(self, authentication, self.realm);
- correct = (correct_password == password);
+ correct = (saslprep(correct_password) == password);
elseif self.profile.plain_test then
correct, state = self.profile.plain_test(self, authentication, password, self.realm);
end
diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua
index b3370d4b..009a01ce 100644
--- a/util/sasl/scram.lua
+++ b/util/sasl/scram.lua
@@ -105,6 +105,10 @@ local function get_scram_hasher(H, HMAC, Hi)
if iteration_count < 4096 then
log("warn", "Iteration count < 4096 which is the suggested minimum according to RFC 5802.")
end
+ password = saslprep(password);
+ if not password then
+ return false, "password fails SASLprep";
+ end
local salted_password = Hi(password, salt, iteration_count);
local stored_key = H(HMAC(salted_password, "Client Key"))
local server_key = HMAC(salted_password, "Server Key");