aboutsummaryrefslogtreecommitdiffstats
path: root/util
diff options
context:
space:
mode:
Diffstat (limited to 'util')
-rw-r--r--util/http.lua15
-rw-r--r--util/openssl.lua12
-rw-r--r--util/sasl/digest-md5.lua11
-rw-r--r--util/sasl/plain.lua9
-rw-r--r--util/sasl/scram.lua10
5 files changed, 44 insertions, 13 deletions
diff --git a/util/http.lua b/util/http.lua
new file mode 100644
index 00000000..5b49d1d0
--- /dev/null
+++ b/util/http.lua
@@ -0,0 +1,15 @@
+-- Prosody IM
+-- Copyright (C) 2013 Florian Zeitz
+--
+-- This project is MIT/X11 licensed. Please see the
+-- COPYING file in the source package for more information.
+--
+
+local http = {};
+
+function http.contains_token(field, token)
+ field = ","..field:gsub("[ \t]", ""):lower()..",";
+ return field:find(","..token:lower()..",", 1, true) ~= nil;
+end
+
+return http;
diff --git a/util/openssl.lua b/util/openssl.lua
index 8fdb9b4a..b3dc2943 100644
--- a/util/openssl.lua
+++ b/util/openssl.lua
@@ -72,15 +72,11 @@ local function ia5string(s)
return s_format("IA5STRING:%s", s);
end
-local util = {};
_M.util = {
utf8string = utf8string,
ia5string = ia5string,
};
-local function xmppAddr(t, host)
-end
-
function ssl_config:add_dNSName(host)
t_insert(self.subject_alternative_name.DNS, idna_to_ascii(host));
end
@@ -95,12 +91,12 @@ function ssl_config:add_xmppAddr(host)
s_format("%s;%s", oid_xmppaddr, utf8string(host)));
end
-function ssl_config:from_prosody(hosts, config, certhosts, raw)
+function ssl_config:from_prosody(hosts, config, certhosts)
-- TODO Decide if this should go elsewhere
local found_matching_hosts = false;
for i = 1,#certhosts do
local certhost = certhosts[i];
- for name, host in pairs(hosts) do
+ for name in pairs(hosts) do
if name == certhost or name:sub(-1-#certhost) == "."..certhost then
found_matching_hosts = true;
self:add_dNSName(name);
@@ -137,7 +133,7 @@ do -- Lua to shell calls.
end
end
end
- for k,v in ipairs(o) do
+ for _,v in ipairs(o) do
t_insert(r, ("'%s'"):format(shell_escape(tostring(v))));
end
return t_concat(r, " ");
@@ -145,7 +141,7 @@ do -- Lua to shell calls.
local os_execute = os.execute;
setmetatable(_M, {
- __index=function(self,f)
+ __index=function(_,f)
return function(opts)
return 0 == os_execute(serialize(f, type(opts) == "table" and opts or {}));
end;
diff --git a/util/sasl/digest-md5.lua b/util/sasl/digest-md5.lua
index de2538fc..591d8537 100644
--- a/util/sasl/digest-md5.lua
+++ b/util/sasl/digest-md5.lua
@@ -23,6 +23,7 @@ local to_byte, to_char = string.byte, string.char;
local md5 = require "util.hashes".md5;
local log = require "util.logger".init("sasl");
local generate_uuid = require "util.uuid".generate;
+local nodeprep = require "util.encodings".stringprep.nodeprep;
module "sasl.digest-md5"
@@ -139,10 +140,15 @@ local function digest(self, message)
end
-- check for username, it's REQUIRED by RFC 2831
- if not response["username"] then
+ local username = response["username"];
+ local _nodeprep = self.profile.nodeprep;
+ if username and _nodeprep ~= false then
+ username = (_nodeprep or nodeprep)(username); -- FIXME charset
+ end
+ if not username or username == "" then
return "failure", "malformed-request";
end
- self["username"] = response["username"];
+ self.username = username;
-- check for nonce, ...
if not response["nonce"] then
@@ -178,7 +184,6 @@ local function digest(self, message)
end
--TODO maybe realm support
- self.username = response["username"];
local Y, state;
if self.profile.plain then
local password, state = self.profile.plain(self, response["username"], self.realm)
diff --git a/util/sasl/plain.lua b/util/sasl/plain.lua
index d108a40d..c9ec2911 100644
--- a/util/sasl/plain.lua
+++ b/util/sasl/plain.lua
@@ -13,6 +13,7 @@
local s_match = string.match;
local saslprep = require "util.encodings".stringprep.saslprep;
+local nodeprep = require "util.encodings".stringprep.nodeprep;
local log = require "util.logger".init("sasl");
module "sasl.plain"
@@ -54,6 +55,14 @@ local function plain(self, message)
return "failure", "malformed-request", "Invalid username or password.";
end
+ local _nodeprep = self.profile.nodeprep;
+ if _nodeprep ~= false then
+ authentication = (_nodeprep or nodeprep)(authentication);
+ if not authentication or authentication == "" then
+ return "failure", "malformed-request", "Invalid username or password."
+ end
+ end
+
local correct, state = false, false;
if self.profile.plain then
local correct_password;
diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua
index 055ba16a..d0e8987c 100644
--- a/util/sasl/scram.lua
+++ b/util/sasl/scram.lua
@@ -19,6 +19,7 @@ local hmac_sha1 = require "util.hmac".sha1;
local sha1 = require "util.hashes".sha1;
local generate_uuid = require "util.uuid".generate;
local saslprep = require "util.encodings".stringprep.saslprep;
+local nodeprep = require "util.encodings".stringprep.nodeprep;
local log = require "util.logger".init("sasl");
local t_concat = table.concat;
local char = string.char;
@@ -76,7 +77,7 @@ function Hi(hmac, str, salt, i)
return res
end
-local function validate_username(username)
+local function validate_username(username, _nodeprep)
-- check for forbidden char sequences
for eq in username:gmatch("=(.?.?)") do
if eq ~= "2C" and eq ~= "3D" then
@@ -90,6 +91,11 @@ local function validate_username(username)
-- apply SASLprep
username = saslprep(username);
+
+ if username and _nodeprep ~= false then
+ username = (_nodeprep or nodeprep)(username);
+ end
+
return username and #username>0 and username;
end
@@ -133,7 +139,7 @@ local function scram_gen(hash_name, H_f, HMAC_f)
return "failure", "malformed-request", "Channel binding isn't support at this time.";
end
- self.state.name = validate_username(self.state.name);
+ self.state.name = validate_username(self.state.name, self.profile.nodeprep);
if not self.state.name then
log("debug", "Username violates either SASLprep or contains forbidden character sequences.")
return "failure", "malformed-request", "Invalid username.";