diff options
Diffstat (limited to 'util')
| -rw-r--r-- | util/sasl.lua | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/util/sasl.lua b/util/sasl.lua index a5657c8c..12e8953e 100644 --- a/util/sasl.lua +++ b/util/sasl.lua @@ -24,18 +24,20 @@ local function new_plain(realm, password_handler) local authentication = s_match(response, "%z([^&%z]+)%z") local password = s_match(response, "%z[^&%z]+%z([^&%z]+)") + if authentication == nil or password == nil then return "failure", "malformed-request" end + local password_encoding, correct_password = self.password_handler(authentication, self.realm, "PLAIN") + if correct_password == nil then return "failure", "malformed-request" end + local claimed_password = "" if password_encoding == nil then claimed_password = password else claimed_password = password_encoding(password) end self.username = authentication if claimed_password == correct_password then - log("debug", "success") return "success" else - log("debug", "failure") return "failure", "not-authorized" end end @@ -63,10 +65,8 @@ local function new_digest_md5(realm, password_handler) local function parse(data) message = {} - log("debug", "parse-message: "..data) for k, v in gmatch(data, [[([%w%-]+)="?([%w%-%/%.%+=]+)"?,?]]) do message[k] = v - log("debug", " "..k.." = "..v) end return message end @@ -79,7 +79,6 @@ local function new_digest_md5(realm, password_handler) object.nonce_count = {} function object.feed(self, message) - log("debug", "SASL step: "..self.step) self.step = self.step + 1 if (self.step == 1) then local challenge = serialize({ nonce = object.nonce, @@ -87,7 +86,6 @@ local function new_digest_md5(realm, password_handler) charset = "utf-8", algorithm = "md5-sess", realm = self.realm}); - log("debug", "challenge: "..challenge) return "challenge", challenge elseif (self.step == 2) then local response = parse(message) @@ -119,6 +117,7 @@ local function new_digest_md5(realm, password_handler) local protocol = "" if response["digest-uri"] then protocol, domain = response["digest-uri"]:match("(%w+)/(.*)$") + if protocol == nil or domain == nil then return "failure", "malformed-request" end else return "failure", "malformed-request", "Missing entry for digest-uri in SASL message." end @@ -126,6 +125,8 @@ local function new_digest_md5(realm, password_handler) --TODO maybe realm support self.username = response["username"] local password_encoding, Y = self.password_handler(response["username"], response["realm"], "DIGEST-MD5") + if Y == nil then return "failure", "malformed-request" end + local A1 = Y..":"..response["nonce"]..":"..response["cnonce"]--:authzid local A2 = "AUTHENTICATE:"..protocol.."/"..domain @@ -135,8 +136,6 @@ local function new_digest_md5(realm, password_handler) local KD = HA1..":"..response["nonce"]..":"..response["nc"]..":"..response["cnonce"]..":"..response["qop"]..":"..HA2 local response_value = md5.sumhexa(KD) - log("debug", "response_value: "..response_value); - log("debug", "response: "..response["response"]); if response_value == response["response"] then -- calculate rspauth A2 = ":"..protocol.."/"..domain |