aboutsummaryrefslogtreecommitdiffstats
path: root/util
diff options
context:
space:
mode:
Diffstat (limited to 'util')
-rw-r--r--util/filters.lua68
-rw-r--r--util/sasl.lua7
-rw-r--r--util/sasl/anonymous.lua12
-rw-r--r--util/sasl/plain.lua6
-rw-r--r--util/sasl/scram.lua37
-rw-r--r--util/xmppstream.lua168
6 files changed, 270 insertions, 28 deletions
diff --git a/util/filters.lua b/util/filters.lua
new file mode 100644
index 00000000..0ac4cb56
--- /dev/null
+++ b/util/filters.lua
@@ -0,0 +1,68 @@
+-- Prosody IM
+-- Copyright (C) 2008-2010 Matthew Wild
+-- Copyright (C) 2008-2010 Waqas Hussain
+--
+-- This project is MIT/X11 licensed. Please see the
+-- COPYING file in the source package for more information.
+--
+
+local t_insert, t_remove = table.insert, table.remove;
+
+module "filters"
+
+function initialize(session)
+ if not session.filters then
+ local filters = {};
+ session.filters = filters;
+
+ function session.filter(type, data)
+ local filter_list = filters[type];
+ if filter_list then
+ for i = 1, #filter_list do
+ data = filter_list[i](data);
+ if data == nil then break; end
+ end
+ end
+ return data;
+ end
+ end
+ return session.filter;
+end
+
+function add_filter(session, type, callback, priority)
+ if not session.filters then
+ initialize(session);
+ end
+
+ local filter_list = session.filters[type];
+ if not filter_list then
+ filter_list = {};
+ session.filters[type] = filter_list;
+ end
+
+ priority = priority or 0;
+
+ local i = 0;
+ repeat
+ i = i + 1;
+ until not filter_list[i] or filter_list[filter_list[i]] >= priority;
+
+ t_insert(filter_list, i, callback);
+ filter_list[callback] = priority;
+end
+
+function remove_filter(session, type, callback)
+ if not session.filters then return; end
+ local filter_list = session.filters[type];
+ if filter_list and filter_list[callback] then
+ for i=1, #filter_list do
+ if filter_list[i] == callback then
+ t_remove(filter_list, i);
+ filter_list[callback] = nil;
+ return true;
+ end
+ end
+ end
+end
+
+return _M; \ No newline at end of file
diff --git a/util/sasl.lua b/util/sasl.lua
index 306acc0c..c9225f0d 100644
--- a/util/sasl.lua
+++ b/util/sasl.lua
@@ -108,11 +108,8 @@ function method:select(mechanism)
return false;
end
- self.mech_i = mechanisms[mechanism]
- if self.mech_i == nil then
- return false;
- end
- return true;
+ self.mech_i = mechanisms[mechanism];
+ return (self.mech_i ~= nil);
end
-- feed new messages to process into the library
diff --git a/util/sasl/anonymous.lua b/util/sasl/anonymous.lua
index 7b5a5081..6e6f0949 100644
--- a/util/sasl/anonymous.lua
+++ b/util/sasl/anonymous.lua
@@ -20,12 +20,22 @@ module "anonymous"
--=========================
--SASL ANONYMOUS according to RFC 4505
+
+--[[
+Supported Authentication Backends
+
+anonymous:
+ function(username, realm)
+ return true; --for normal usage just return true; if you don't like the supplied username you can return false.
+ end
+]]
+
local function anonymous(self, message)
local username;
repeat
username = generate_uuid();
until self.profile.anonymous(username, self.realm);
- self["username"] = username;
+ self.username = username;
return "success"
end
diff --git a/util/sasl/plain.lua b/util/sasl/plain.lua
index 39821182..1a2ba01e 100644
--- a/util/sasl/plain.lua
+++ b/util/sasl/plain.lua
@@ -29,7 +29,7 @@ plain:
end
plain_test:
- function(username, realm, password)
+ function(username, password, realm)
return true or false, state;
end
]]
@@ -58,9 +58,9 @@ local function plain(self, message)
if self.profile.plain then
local correct_password;
correct_password, state = self.profile.plain(authentication, self.realm);
- if correct_password == password then correct = true; else correct = false; end
+ correct = (correct_password == password);
elseif self.profile.plain_test then
- correct, state = self.profile.plain_test(authentication, self.realm, password);
+ correct, state = self.profile.plain_test(authentication, password, self.realm);
end
self.username = authentication
diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua
index 1340423c..63f6f2fe 100644
--- a/util/sasl/scram.lua
+++ b/util/sasl/scram.lua
@@ -35,7 +35,7 @@ Supported Authentication Backends
scram_{MECH}:
-- MECH being a standard hash name (like those at IANA's hash registry) with '-' replaced with '_'
function(username, realm)
- return salted_password, iteration_count, salt, state;
+ return stored_key, server_key, iteration_count, salt, state;
end
]]
@@ -93,22 +93,21 @@ local function validate_username(username)
return username;
end
-local function hashprep( hashname )
- local hash = hashname:lower()
- hash = hash:gsub("-", "_")
- return hash
+local function hashprep(hashname)
+ return hashname:lower():gsub("-", "_");
end
-function saltedPasswordSHA1(password, salt, iteration_count)
- local salted_password
+function getAuthenticationDatabaseSHA1(password, salt, iteration_count)
if type(password) ~= "string" or type(salt) ~= "string" or type(iteration_count) ~= "number" then
return false, "inappropriate argument types"
end
if iteration_count < 4096 then
log("warn", "Iteration count < 4096 which is the suggested minimum according to RFC 5802.")
end
-
- return true, Hi(hmac_sha1, password, salt, iteration_count);
+ local salted_password = Hi(hmac_sha1, password, salt, iteration_count);
+ local stored_key = sha1(hmac_sha1(salted_password, "Client Key"))
+ local server_key = hmac_sha1(salted_password, "Server Key");
+ return true, stored_key, server_key
end
local function scram_gen(hash_name, H_f, HMAC_f)
@@ -158,17 +157,18 @@ local function scram_gen(hash_name, H_f, HMAC_f)
self.state.iteration_count = default_i;
local succ = false;
- succ, self.state.salted_password = saltedPasswordSHA1(password, self.state.salt, default_i, self.state.iteration_count);
+ succ, self.state.stored_key, self.state.server_key = getAuthenticationDatabaseSHA1(password, self.state.salt, default_i, self.state.iteration_count);
if not succ then
- log("error", "Generating salted password failed. Reason: %s", self.state.salted_password);
+ log("error", "Generating authentication database failed. Reason: %s", self.state.stored_key);
return "failure", "temporary-auth-failure";
end
elseif self.profile["scram_"..hashprep(hash_name)] then
- local salted_password, iteration_count, salt, state = self.profile["scram_"..hashprep(hash_name)](self.state.name, self.realm);
+ local stored_key, server_key, iteration_count, salt, state = self.profile["scram_"..hashprep(hash_name)](self.state.name, self.realm);
if state == nil then return "failure", "not-authorized"
elseif state == false then return "failure", "account-disabled" end
- self.state.salted_password = salted_password;
+ self.state.stored_key = stored_key;
+ self.state.server_key = server_key;
self.state.iteration_count = iteration_count;
self.state.salt = salt
end
@@ -190,16 +190,15 @@ local function scram_gen(hash_name, H_f, HMAC_f)
return "failure", "malformed-request", "Wrong nonce in client-final-message.";
end
- local SaltedPassword = self.state.salted_password;
- local ClientKey = HMAC_f(SaltedPassword, "Client Key")
- local ServerKey = HMAC_f(SaltedPassword, "Server Key")
- local StoredKey = H_f(ClientKey)
+ local ServerKey = self.state.server_key;
+ local StoredKey = self.state.stored_key;
+
local AuthMessage = "n=" .. s_match(self.state.client_first_message,"n=(.+)") .. "," .. self.state.server_first_message .. "," .. s_match(client_final_message, "(.+),p=.+")
local ClientSignature = HMAC_f(StoredKey, AuthMessage)
- local ClientProof = binaryXOR(ClientKey, ClientSignature)
+ local ClientKey = binaryXOR(ClientSignature, base64.decode(self.state.proof))
local ServerSignature = HMAC_f(ServerKey, AuthMessage)
- if base64.encode(ClientProof) == self.state.proof then
+ if StoredKey == H_f(ClientKey) then
local server_final_message = "v="..base64.encode(ServerSignature);
self["username"] = self.state.name;
return "success", server_final_message;
diff --git a/util/xmppstream.lua b/util/xmppstream.lua
new file mode 100644
index 00000000..ed5395b5
--- /dev/null
+++ b/util/xmppstream.lua
@@ -0,0 +1,168 @@
+-- Prosody IM
+-- Copyright (C) 2008-2010 Matthew Wild
+-- Copyright (C) 2008-2010 Waqas Hussain
+--
+-- This project is MIT/X11 licensed. Please see the
+-- COPYING file in the source package for more information.
+--
+
+
+local lxp = require "lxp";
+local st = require "util.stanza";
+
+local tostring = tostring;
+local t_insert = table.insert;
+local t_concat = table.concat;
+
+local default_log = require "util.logger".init("xmlhandlers");
+
+local error = error;
+
+module "xmppstream"
+
+local new_parser = lxp.new;
+
+local ns_prefixes = {
+ ["http://www.w3.org/XML/1998/namespace"] = "xml";
+};
+
+local xmlns_streams = "http://etherx.jabber.org/streams";
+
+local ns_separator = "\1";
+local ns_pattern = "^([^"..ns_separator.."]*)"..ns_separator.."?(.*)$";
+
+function new_sax_handlers(session, stream_callbacks)
+ local xml_handlers = {};
+
+ local log = session.log or default_log;
+
+ local cb_streamopened = stream_callbacks.streamopened;
+ local cb_streamclosed = stream_callbacks.streamclosed;
+ local cb_error = stream_callbacks.error or function(session, e) error("XML stream error: "..tostring(e)); end;
+ local cb_handlestanza = stream_callbacks.handlestanza;
+
+ local stream_ns = stream_callbacks.stream_ns or xmlns_streams;
+ local stream_tag = stream_ns..ns_separator..(stream_callbacks.stream_tag or "stream");
+ local stream_error_tag = stream_ns..ns_separator..(stream_callbacks.error_tag or "error");
+
+ local stream_default_ns = stream_callbacks.default_ns;
+
+ local chardata, stanza = {};
+ function xml_handlers:StartElement(tagname, attr)
+ if stanza and #chardata > 0 then
+ -- We have some character data in the buffer
+ stanza:text(t_concat(chardata));
+ chardata = {};
+ end
+ local curr_ns,name = tagname:match(ns_pattern);
+ if name == "" then
+ curr_ns, name = "", curr_ns;
+ end
+
+ if curr_ns ~= stream_default_ns then
+ attr.xmlns = curr_ns;
+ end
+
+ -- FIXME !!!!!
+ for i=1,#attr do
+ local k = attr[i];
+ attr[i] = nil;
+ local ns, nm = k:match(ns_pattern);
+ if nm ~= "" then
+ ns = ns_prefixes[ns];
+ if ns then
+ attr[ns..":"..nm] = attr[k];
+ attr[k] = nil;
+ end
+ end
+ end
+
+ if not stanza then --if we are not currently inside a stanza
+ if session.notopen then
+ if tagname == stream_tag then
+ if cb_streamopened then
+ cb_streamopened(session, attr);
+ end
+ else
+ -- Garbage before stream?
+ cb_error(session, "no-stream");
+ end
+ return;
+ end
+ if curr_ns == "jabber:client" and name ~= "iq" and name ~= "presence" and name ~= "message" then
+ cb_error(session, "invalid-top-level-element");
+ end
+
+ stanza = st.stanza(name, attr);
+ else -- we are inside a stanza, so add a tag
+ attr.xmlns = nil;
+ if curr_ns ~= stream_default_ns then
+ attr.xmlns = curr_ns;
+ end
+ stanza:tag(name, attr);
+ end
+ end
+ function xml_handlers:CharacterData(data)
+ if stanza then
+ t_insert(chardata, data);
+ end
+ end
+ function xml_handlers:EndElement(tagname)
+ if stanza then
+ if #chardata > 0 then
+ -- We have some character data in the buffer
+ stanza:text(t_concat(chardata));
+ chardata = {};
+ end
+ -- Complete stanza
+ if #stanza.last_add == 0 then
+ if tagname ~= stream_error_tag then
+ cb_handlestanza(session, stanza);
+ else
+ cb_error(session, "stream-error", stanza);
+ end
+ stanza = nil;
+ else
+ stanza:up();
+ end
+ else
+ if tagname == stream_tag then
+ if cb_streamclosed then
+ cb_streamclosed(session);
+ end
+ else
+ local curr_ns,name = tagname:match(ns_pattern);
+ if name == "" then
+ curr_ns, name = "", curr_ns;
+ end
+ cb_error(session, "parse-error", "unexpected-element-close", name);
+ end
+ stanza, chardata = nil, {};
+ end
+ end
+
+ local function reset()
+ stanza, chardata = nil, {};
+ end
+
+ return xml_handlers, { reset = reset };
+end
+
+function new(session, stream_callbacks)
+ local handlers, meta = new_sax_handlers(session, stream_callbacks);
+ local parser = new_parser(handlers, ns_separator);
+ local parse = parser.parse;
+
+ return {
+ reset = function ()
+ parser = new_parser(handlers, ns_separator);
+ parse = parser.parse;
+ meta.reset();
+ end,
+ feed = function (self, data)
+ return parse(parser, data);
+ end
+ };
+end
+
+return _M;