Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | util.sasl: Add SASL OAUTHBEARER mechanism (RFC 7628) | Matthew Wild | 2023-03-01 | 1 | -0/+83 |
| | |||||
* | util.sasl.scram: Add 'tls-exporter' as recognised channel binding method | Kim Alvefur | 2022-07-27 | 1 | -1/+1 |
| | | | | | The last missing piece of #1760, otherwise SCRAM-SHA-*-PLUS is not actually advertised. | ||||
* | mod_auth_internal_hashed: Up iteration count to 10000 per XEP-0438 | Kim Alvefur | 2021-12-26 | 1 | -1/+1 |
| | | | | | | | | More security for less pain than switching to SCRAM-SHA-256 The XEP will likely be change to reference the RFC that will probably come from draft-ietf-kitten-password-storage once it is ready, and then we should update to follow that. | ||||
* | util.sasl.scram: Store username property rather than cached local (#399) | Matthew Wild | 2021-12-07 | 1 | -1/+1 |
| | | | | | This should allow modules to override the username in a profile handler by assigning to self.username. | ||||
* | util.sasl.scram: Use util.strbitop for XOR step | Kim Alvefur | 2019-09-07 | 1 | -29/+1 |
| | |||||
* | Merge 0.11->trunk | Kim Alvefur | 2020-06-06 | 2 | -1/+5 |
|\ | |||||
| * | util.sasl.plain: Apply saslprep to stored password | Kim Alvefur | 2020-05-22 | 1 | -1/+1 |
| | | | | | | | | | | | | Fixes something like #1560 here too. The password sent by the user already had saslprep applied. | ||||
| * | util.sasl.scram: Apply saslprep before hashing password, fixes #1560 | Kim Alvefur | 2020-05-22 | 1 | -0/+4 |
| | | |||||
* | | util.sasl.scram: Mention if clients try PLUS without channel binding | Kim Alvefur | 2020-04-26 | 1 | -2/+6 |
| | | | | | | | | This isn't normal, but is it invalid? Likely a client bug in any case. | ||||
* | | util.sasl.digest-md5: Remove, obsolete since 2011 | Kim Alvefur | 2020-04-14 | 1 | -251/+0 |
| | | | | | | | | | | | | | | RFC 6331 lists several problems with this outdated authentication mechanism. The code here was also completely ignored by lint checks and has probably not been used for a long time, as it is incompatible with SCRAM-hashed password storage. | ||||
* | | util.sasl.scram: Ignore unused authzid variable (strict lint) | Kim Alvefur | 2019-12-09 | 1 | -0/+1 |
| | | | | | | | | | | It would be nice if authzid was passed down into the stack and could be used by plugins for things. | ||||
* | | util.sasl.scram: Avoid implicit coersion of number to string | Kim Alvefur | 2019-10-06 | 1 | -1/+1 |
| | | | | | | | | Lua can be compiled without coercion, which would cause an error here. | ||||
* | | util.sasl.scram: Fix old API | Kim Alvefur | 2019-09-29 | 1 | -1/+1 |
| | | | | | | | | | | This function is not directly used by anything in Prosody anymore and should be considered deprecated. | ||||
* | | util.sasl.scram: Add support for SCRAM-SHA-256 | Kim Alvefur | 2019-01-13 | 1 | -0/+1 |
| | | |||||
* | | util.sasl.scram: Factor out SHA-1 specific getAuthenticationDatabaseSHA1 | Kim Alvefur | 2019-01-13 | 1 | -20/+25 |
|/ | | | | This makes the code more generic, allowing SHA-1 to be replaced | ||||
* | util.sasl.anonymous: Shorter! | Kim Alvefur | 2018-06-06 | 1 | -1/+1 |
| | |||||
* | util.sasl.anonymous: Generate shorter random usernames | Kim Alvefur | 2018-05-29 | 1 | -2/+2 |
| | |||||
* | Fix spelling throughout the codebase [codespell] | Kim Alvefur | 2018-02-04 | 1 | -1/+1 |
| | |||||
* | vairious: Add annotation when an empty environment is set [luacheck] | Kim Alvefur | 2018-02-28 | 5 | -0/+5 |
| | |||||
* | util: Various minor changes to please [luacheck] | Kim Alvefur | 2017-11-10 | 2 | -4/+19 |
| | |||||
* | util.sasl.plain,scram: Record username in sasl state earlier | Kim Alvefur | 2017-04-19 | 2 | -2/+3 |
| | |||||
* | util.sasl.scram: Rename variable in places missed in 65e36b81d56a (thanks mt) | Kim Alvefur | 2016-02-28 | 1 | -2/+2 |
| | |||||
* | util.sasl.scram: Remove unused initial value [luacheck] | Kim Alvefur | 2016-02-28 | 1 | -1/+1 |
| | |||||
* | util.sasl.scram: Rename variable to avoid name clash [luacheck] | Kim Alvefur | 2016-02-28 | 1 | -5/+5 |
| | |||||
* | util.sasl.anonymous: Remove unused locals [luacheck] | Kim Alvefur | 2016-02-28 | 1 | -2/+0 |
| | |||||
* | util.sasl.scram: Get rid of module call | Kim Alvefur | 2015-04-07 | 1 | -4/+7 |
| | |||||
* | util.*: Remove use of module() function, make all module functions local and ↵ | Kim Alvefur | 2015-02-21 | 4 | -12/+20 |
| | | | | return them in a table at the end | ||||
* | util.sasl.scram: Rename variable for clarity | Kim Alvefur | 2013-10-13 | 1 | -7/+7 |
| | |||||
* | util.sasl.scram: Cache profile name instead of concatenating when used | Kim Alvefur | 2013-10-13 | 1 | -2/+3 |
| | |||||
* | util.sasl.scram: Rewrite patterns and capture client-first-message-bare, ↵ | Kim Alvefur | 2013-10-13 | 1 | -5/+6 |
| | | | | client-final-message-without-proof | ||||
* | util.sasl.scram: Create the state table as late as possible, keep state in ↵ | Kim Alvefur | 2013-10-13 | 1 | -41/+40 |
| | | | | locals for faster access | ||||
* | util.sasl.scram: Compare gs2-header to cbind-input (Thanks Tobias) | Kim Alvefur | 2013-10-12 | 1 | -8/+8 |
| | |||||
* | util.sasl.scram: Remove unused function and import | Kim Alvefur | 2013-10-06 | 1 | -9/+0 |
| | |||||
* | util.sasl.scram: Simplify validation of client-first-message | Kim Alvefur | 2013-09-22 | 1 | -14/+18 |
| | |||||
* | Merge Tobias SCRAM-PLUS work | Kim Alvefur | 2013-09-22 | 1 | -5/+42 |
|\ | |||||
| * | Only advertise mechanisms needing channel binding if a channel binding ↵ | Tobias Markmann | 2011-02-07 | 1 | -1/+1 |
| | | | | | | | | backend is avaliable. | ||||
| * | sasl.util.scarm: Rearrage some code so it makes more sense. | Tobias Markmann | 2011-02-06 | 1 | -5/+6 |
| | | |||||
| * | util.sasl.scram: Checking the GS2 header for valid start flag. | Tobias Markmann | 2011-02-06 | 1 | -0/+7 |
| | | |||||
| * | util.sasl.scram: Remove some debugging output. | Tobias Markmann | 2011-01-17 | 1 | -6/+0 |
| | | |||||
| * | util.sasl.scram: Adding reference to RFC 5929 'Channel Bindings for TLS'. | Tobias Markmann | 2011-01-17 | 1 | -0/+4 |
| | | |||||
| * | util.sasl.scram: Validate channel binding data of client final message. | Tobias Markmann | 2011-01-17 | 1 | -3/+12 |
| | | |||||
| * | util.sasl.scram: Use self.profile.cb for detection whether channel binding ↵ | Tobias Markmann | 2011-01-17 | 1 | -3/+3 |
| | | | | | | | | is supported or not. | ||||
| * | Check whether we support the proposed channel binding type. | Tobias Markmann | 2011-01-15 | 1 | -0/+5 |
| | | |||||
| * | Adding some code for channel binding advertising. | Tobias Markmann | 2011-01-12 | 1 | -6/+23 |
| | | |||||
| * | util.sasl.*, mod_auth_*, mod_saslauth: Pass SASL handler as first parameter ↵ | Waqas Hussain | 2010-12-27 | 4 | -7/+7 |
| | | | | | | | | to SASL profile callbacks. | ||||
* | | Remove all trailing whitespace | Florian Zeitz | 2013-08-09 | 1 | -14/+14 |
| | | |||||
* | | util.sasl.external: Add SASL EXTERNAL mechanism | Kim Alvefur | 2013-06-13 | 1 | -0/+25 |
| | | |||||
* | | util.hashes, util.sasl.scram: Implement SCRAM-SHA1's Hi in C | Florian Zeitz | 2013-04-28 | 1 | -13/+2 |
| | | |||||
* | | util.hmac, util.hashes: Implement HMAC functions in C, and move to util.hashes | Florian Zeitz | 2013-04-27 | 1 | -1/+1 |
| | | |||||
* | | util.sasl.{plain,scram,digest-md5}: nodeprep username before passing to ↵ | Waqas Hussain | 2013-01-22 | 3 | -5/+25 |
| | | | | | | | | callbacks, so callbacks don't have to. |