From 8be1d2e2d67939f263e0e1b2ed202e2aa9ea4eff Mon Sep 17 00:00:00 2001 From: Tobias Markmann Date: Sat, 20 Jun 2009 19:06:04 +0200 Subject: Adding COMPAT comment. --- util/sasl.lua | 1 + 1 file changed, 1 insertion(+) diff --git a/util/sasl.lua b/util/sasl.lua index 7f023321..11a25f3a 100644 --- a/util/sasl.lua +++ b/util/sasl.lua @@ -205,6 +205,7 @@ local function new_digest_md5(realm, password_handler) local A1 = ""; if response.authzid then if response.authzid == self.username.."@"..self.realm then + -- COMPAT log("warn", "Client is violating XMPP RFC. See section 6.1 of RFC 3920."); A1 = Y..":"..response["nonce"]..":"..response["cnonce"]..":"..response.authzid; else -- cgit v1.2.3 From 968abac4691ef34b3238f2f8079bd3fc91da28ce Mon Sep 17 00:00:00 2001 From: Tobias Markmann Date: Sat, 20 Jun 2009 19:34:30 +0200 Subject: Adding a parameter for realm to the password_callback. --- plugins/mod_saslauth.lua | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index 78417c0f..02ba41cf 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -64,15 +64,15 @@ local function handle_status(session, status) end end -local function password_callback(node, host, mechanism, decoder) - local password = (datamanager_load(node, host, "accounts") or {}).password; -- FIXME handle hashed passwords +local function password_callback(node, hostname, realm, mechanism, decoder) + local password = (datamanager_load(node, hostname, "accounts") or {}).password; -- FIXME handle hashed passwords local func = function(x) return x; end; if password then if mechanism == "PLAIN" then return func, password; elseif mechanism == "DIGEST-MD5" then - if decoder then node, host, password = decoder(node), decoder(host), decoder(password); end - return func, md5(node..":"..host..":"..password); + if decoder then node, hostname, password = decoder(node), decoder(hostname), decoder(password); end + return func, md5(node..":"..realm..":"..password); end end return func, nil; -- cgit v1.2.3 From f5a6ea54cf8b7ed92185326def5af3c14058da96 Mon Sep 17 00:00:00 2001 From: Tobias Markmann Date: Sat, 20 Jun 2009 22:19:24 +0200 Subject: Adjust PLAIN and DIGEST-MD5 mechanisms to new password_handler API. --- util/sasl.lua | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/util/sasl.lua b/util/sasl.lua index 11a25f3a..a343d608 100644 --- a/util/sasl.lua +++ b/util/sasl.lua @@ -41,7 +41,7 @@ local function new_plain(realm, password_handler) if authentication == nil or password == nil then return "failure", "malformed-request" end - local password_encoding, correct_password = self.password_handler(authentication, self.realm, "PLAIN") + local password_encoding, correct_password = self.password_handler(authentication, self.realm, self.realm, "PLAIN") if correct_password == nil then return "failure", "not-authorized" elseif correct_password == false then return "failure", "account-disabled" end @@ -176,7 +176,7 @@ local function new_digest_md5(realm, password_handler) if not response["qop"] then response["qop"] = "auth" end if response["realm"] == nil or response["realm"] == "" then - response["realm"] = self.realm; + response["realm"] = ""; elseif response["realm"] ~= self.realm then return "failure", "not-authorized", "Incorrect realm value"; end @@ -199,7 +199,7 @@ local function new_digest_md5(realm, password_handler) --TODO maybe realm support self.username = response["username"]; - local password_encoding, Y = self.password_handler(response["username"], response["realm"], "DIGEST-MD5", decoder) + local password_encoding, Y = self.password_handler(response["username"], domain, response["realm"], "DIGEST-MD5", decoder); if Y == nil then return "failure", "not-authorized" elseif Y == false then return "failure", "account-disabled" end local A1 = ""; -- cgit v1.2.3