aboutsummaryrefslogtreecommitdiffstats
path: root/util/sasl
Commit message (Collapse)AuthorAgeFilesLines
* util.sasl: Add SASL OAUTHBEARER mechanism (RFC 7628)Matthew Wild2023-03-011-0/+83
|
* util.sasl.scram: Add 'tls-exporter' as recognised channel binding methodKim Alvefur2022-07-271-1/+1
| | | | | The last missing piece of #1760, otherwise SCRAM-SHA-*-PLUS is not actually advertised.
* mod_auth_internal_hashed: Up iteration count to 10000 per XEP-0438Kim Alvefur2021-12-261-1/+1
| | | | | | | | More security for less pain than switching to SCRAM-SHA-256 The XEP will likely be change to reference the RFC that will probably come from draft-ietf-kitten-password-storage once it is ready, and then we should update to follow that.
* util.sasl.scram: Store username property rather than cached local (#399)Matthew Wild2021-12-071-1/+1
| | | | | This should allow modules to override the username in a profile handler by assigning to self.username.
* util.sasl.scram: Use util.strbitop for XOR stepKim Alvefur2019-09-071-29/+1
|
* Merge 0.11->trunkKim Alvefur2020-06-062-1/+5
|\
| * util.sasl.plain: Apply saslprep to stored passwordKim Alvefur2020-05-221-1/+1
| | | | | | | | | | | | Fixes something like #1560 here too. The password sent by the user already had saslprep applied.
| * util.sasl.scram: Apply saslprep before hashing password, fixes #1560Kim Alvefur2020-05-221-0/+4
| |
* | util.sasl.scram: Mention if clients try PLUS without channel bindingKim Alvefur2020-04-261-2/+6
| | | | | | | | This isn't normal, but is it invalid? Likely a client bug in any case.
* | util.sasl.digest-md5: Remove, obsolete since 2011Kim Alvefur2020-04-141-251/+0
| | | | | | | | | | | | | | RFC 6331 lists several problems with this outdated authentication mechanism. The code here was also completely ignored by lint checks and has probably not been used for a long time, as it is incompatible with SCRAM-hashed password storage.
* | util.sasl.scram: Ignore unused authzid variable (strict lint)Kim Alvefur2019-12-091-0/+1
| | | | | | | | | | It would be nice if authzid was passed down into the stack and could be used by plugins for things.
* | util.sasl.scram: Avoid implicit coersion of number to stringKim Alvefur2019-10-061-1/+1
| | | | | | | | Lua can be compiled without coercion, which would cause an error here.
* | util.sasl.scram: Fix old APIKim Alvefur2019-09-291-1/+1
| | | | | | | | | | This function is not directly used by anything in Prosody anymore and should be considered deprecated.
* | util.sasl.scram: Add support for SCRAM-SHA-256Kim Alvefur2019-01-131-0/+1
| |
* | util.sasl.scram: Factor out SHA-1 specific getAuthenticationDatabaseSHA1Kim Alvefur2019-01-131-20/+25
|/ | | | This makes the code more generic, allowing SHA-1 to be replaced
* util.sasl.anonymous: Shorter!Kim Alvefur2018-06-061-1/+1
|
* util.sasl.anonymous: Generate shorter random usernamesKim Alvefur2018-05-291-2/+2
|
* Fix spelling throughout the codebase [codespell]Kim Alvefur2018-02-041-1/+1
|
* vairious: Add annotation when an empty environment is set [luacheck]Kim Alvefur2018-02-285-0/+5
|
* util: Various minor changes to please [luacheck]Kim Alvefur2017-11-102-4/+19
|
* util.sasl.plain,scram: Record username in sasl state earlierKim Alvefur2017-04-192-2/+3
|
* util.sasl.scram: Rename variable in places missed in 65e36b81d56a (thanks mt)Kim Alvefur2016-02-281-2/+2
|
* util.sasl.scram: Remove unused initial value [luacheck]Kim Alvefur2016-02-281-1/+1
|
* util.sasl.scram: Rename variable to avoid name clash [luacheck]Kim Alvefur2016-02-281-5/+5
|
* util.sasl.anonymous: Remove unused locals [luacheck]Kim Alvefur2016-02-281-2/+0
|
* util.sasl.scram: Get rid of module callKim Alvefur2015-04-071-4/+7
|
* util.*: Remove use of module() function, make all module functions local and ↵Kim Alvefur2015-02-214-12/+20
| | | | return them in a table at the end
* util.sasl.scram: Rename variable for clarityKim Alvefur2013-10-131-7/+7
|
* util.sasl.scram: Cache profile name instead of concatenating when usedKim Alvefur2013-10-131-2/+3
|
* util.sasl.scram: Rewrite patterns and capture client-first-message-bare, ↵Kim Alvefur2013-10-131-5/+6
| | | | client-final-message-without-proof
* util.sasl.scram: Create the state table as late as possible, keep state in ↵Kim Alvefur2013-10-131-41/+40
| | | | locals for faster access
* util.sasl.scram: Compare gs2-header to cbind-input (Thanks Tobias)Kim Alvefur2013-10-121-8/+8
|
* util.sasl.scram: Remove unused function and importKim Alvefur2013-10-061-9/+0
|
* util.sasl.scram: Simplify validation of client-first-messageKim Alvefur2013-09-221-14/+18
|
* Merge Tobias SCRAM-PLUS workKim Alvefur2013-09-221-5/+42
|\
| * Only advertise mechanisms needing channel binding if a channel binding ↵Tobias Markmann2011-02-071-1/+1
| | | | | | | | backend is avaliable.
| * sasl.util.scarm: Rearrage some code so it makes more sense.Tobias Markmann2011-02-061-5/+6
| |
| * util.sasl.scram: Checking the GS2 header for valid start flag.Tobias Markmann2011-02-061-0/+7
| |
| * util.sasl.scram: Remove some debugging output.Tobias Markmann2011-01-171-6/+0
| |
| * util.sasl.scram: Adding reference to RFC 5929 'Channel Bindings for TLS'.Tobias Markmann2011-01-171-0/+4
| |
| * util.sasl.scram: Validate channel binding data of client final message.Tobias Markmann2011-01-171-3/+12
| |
| * util.sasl.scram: Use self.profile.cb for detection whether channel binding ↵Tobias Markmann2011-01-171-3/+3
| | | | | | | | is supported or not.
| * Check whether we support the proposed channel binding type.Tobias Markmann2011-01-151-0/+5
| |
| * Adding some code for channel binding advertising.Tobias Markmann2011-01-121-6/+23
| |
| * util.sasl.*, mod_auth_*, mod_saslauth: Pass SASL handler as first parameter ↵Waqas Hussain2010-12-274-7/+7
| | | | | | | | to SASL profile callbacks.
* | Remove all trailing whitespaceFlorian Zeitz2013-08-091-14/+14
| |
* | util.sasl.external: Add SASL EXTERNAL mechanismKim Alvefur2013-06-131-0/+25
| |
* | util.hashes, util.sasl.scram: Implement SCRAM-SHA1's Hi in CFlorian Zeitz2013-04-281-13/+2
| |
* | util.hmac, util.hashes: Implement HMAC functions in C, and move to util.hashesFlorian Zeitz2013-04-271-1/+1
| |
* | util.sasl.{plain,scram,digest-md5}: nodeprep username before passing to ↵Waqas Hussain2013-01-223-5/+25
| | | | | | | | callbacks, so callbacks don't have to.