diff options
Diffstat (limited to 'util')
-rw-r--r-- | util/http.lua | 15 | ||||
-rw-r--r-- | util/openssl.lua | 12 | ||||
-rw-r--r-- | util/sasl/digest-md5.lua | 11 | ||||
-rw-r--r-- | util/sasl/plain.lua | 9 | ||||
-rw-r--r-- | util/sasl/scram.lua | 10 |
5 files changed, 44 insertions, 13 deletions
diff --git a/util/http.lua b/util/http.lua new file mode 100644 index 00000000..5b49d1d0 --- /dev/null +++ b/util/http.lua @@ -0,0 +1,15 @@ +-- Prosody IM +-- Copyright (C) 2013 Florian Zeitz +-- +-- This project is MIT/X11 licensed. Please see the +-- COPYING file in the source package for more information. +-- + +local http = {}; + +function http.contains_token(field, token) + field = ","..field:gsub("[ \t]", ""):lower()..","; + return field:find(","..token:lower()..",", 1, true) ~= nil; +end + +return http; diff --git a/util/openssl.lua b/util/openssl.lua index 8fdb9b4a..b3dc2943 100644 --- a/util/openssl.lua +++ b/util/openssl.lua @@ -72,15 +72,11 @@ local function ia5string(s) return s_format("IA5STRING:%s", s); end -local util = {}; _M.util = { utf8string = utf8string, ia5string = ia5string, }; -local function xmppAddr(t, host) -end - function ssl_config:add_dNSName(host) t_insert(self.subject_alternative_name.DNS, idna_to_ascii(host)); end @@ -95,12 +91,12 @@ function ssl_config:add_xmppAddr(host) s_format("%s;%s", oid_xmppaddr, utf8string(host))); end -function ssl_config:from_prosody(hosts, config, certhosts, raw) +function ssl_config:from_prosody(hosts, config, certhosts) -- TODO Decide if this should go elsewhere local found_matching_hosts = false; for i = 1,#certhosts do local certhost = certhosts[i]; - for name, host in pairs(hosts) do + for name in pairs(hosts) do if name == certhost or name:sub(-1-#certhost) == "."..certhost then found_matching_hosts = true; self:add_dNSName(name); @@ -137,7 +133,7 @@ do -- Lua to shell calls. end end end - for k,v in ipairs(o) do + for _,v in ipairs(o) do t_insert(r, ("'%s'"):format(shell_escape(tostring(v)))); end return t_concat(r, " "); @@ -145,7 +141,7 @@ do -- Lua to shell calls. local os_execute = os.execute; setmetatable(_M, { - __index=function(self,f) + __index=function(_,f) return function(opts) return 0 == os_execute(serialize(f, type(opts) == "table" and opts or {})); end; diff --git a/util/sasl/digest-md5.lua b/util/sasl/digest-md5.lua index de2538fc..591d8537 100644 --- a/util/sasl/digest-md5.lua +++ b/util/sasl/digest-md5.lua @@ -23,6 +23,7 @@ local to_byte, to_char = string.byte, string.char; local md5 = require "util.hashes".md5; local log = require "util.logger".init("sasl"); local generate_uuid = require "util.uuid".generate; +local nodeprep = require "util.encodings".stringprep.nodeprep; module "sasl.digest-md5" @@ -139,10 +140,15 @@ local function digest(self, message) end -- check for username, it's REQUIRED by RFC 2831 - if not response["username"] then + local username = response["username"]; + local _nodeprep = self.profile.nodeprep; + if username and _nodeprep ~= false then + username = (_nodeprep or nodeprep)(username); -- FIXME charset + end + if not username or username == "" then return "failure", "malformed-request"; end - self["username"] = response["username"]; + self.username = username; -- check for nonce, ... if not response["nonce"] then @@ -178,7 +184,6 @@ local function digest(self, message) end --TODO maybe realm support - self.username = response["username"]; local Y, state; if self.profile.plain then local password, state = self.profile.plain(self, response["username"], self.realm) diff --git a/util/sasl/plain.lua b/util/sasl/plain.lua index d108a40d..c9ec2911 100644 --- a/util/sasl/plain.lua +++ b/util/sasl/plain.lua @@ -13,6 +13,7 @@ local s_match = string.match; local saslprep = require "util.encodings".stringprep.saslprep; +local nodeprep = require "util.encodings".stringprep.nodeprep; local log = require "util.logger".init("sasl"); module "sasl.plain" @@ -54,6 +55,14 @@ local function plain(self, message) return "failure", "malformed-request", "Invalid username or password."; end + local _nodeprep = self.profile.nodeprep; + if _nodeprep ~= false then + authentication = (_nodeprep or nodeprep)(authentication); + if not authentication or authentication == "" then + return "failure", "malformed-request", "Invalid username or password." + end + end + local correct, state = false, false; if self.profile.plain then local correct_password; diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua index 055ba16a..d0e8987c 100644 --- a/util/sasl/scram.lua +++ b/util/sasl/scram.lua @@ -19,6 +19,7 @@ local hmac_sha1 = require "util.hmac".sha1; local sha1 = require "util.hashes".sha1; local generate_uuid = require "util.uuid".generate; local saslprep = require "util.encodings".stringprep.saslprep; +local nodeprep = require "util.encodings".stringprep.nodeprep; local log = require "util.logger".init("sasl"); local t_concat = table.concat; local char = string.char; @@ -76,7 +77,7 @@ function Hi(hmac, str, salt, i) return res end -local function validate_username(username) +local function validate_username(username, _nodeprep) -- check for forbidden char sequences for eq in username:gmatch("=(.?.?)") do if eq ~= "2C" and eq ~= "3D" then @@ -90,6 +91,11 @@ local function validate_username(username) -- apply SASLprep username = saslprep(username); + + if username and _nodeprep ~= false then + username = (_nodeprep or nodeprep)(username); + end + return username and #username>0 and username; end @@ -133,7 +139,7 @@ local function scram_gen(hash_name, H_f, HMAC_f) return "failure", "malformed-request", "Channel binding isn't support at this time."; end - self.state.name = validate_username(self.state.name); + self.state.name = validate_username(self.state.name, self.profile.nodeprep); if not self.state.name then log("debug", "Username violates either SASLprep or contains forbidden character sequences.") return "failure", "malformed-request", "Invalid username."; |