From 3ce91067f6299da1d8d9b4c8a1fdbf304cf91914 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 23 May 2020 14:17:04 +0200 Subject: mod_auth_internal_*: Apply saslprep to passwords Related to #1560 --- plugins/mod_auth_internal_hashed.lua | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'plugins/mod_auth_internal_hashed.lua') diff --git a/plugins/mod_auth_internal_hashed.lua b/plugins/mod_auth_internal_hashed.lua index 083f648b..15058098 100644 --- a/plugins/mod_auth_internal_hashed.lua +++ b/plugins/mod_auth_internal_hashed.lua @@ -15,6 +15,7 @@ local generate_uuid = require "util.uuid".generate; local new_sasl = require "util.sasl".new; local hex = require"util.hex"; local to_hex, from_hex = hex.to, hex.from; +local saslprep = require "util.encodings".stringprep.saslprep; local log = module._log; local host = module.host; @@ -32,9 +33,13 @@ local provider = {}; function provider.test_password(username, password) log("debug", "test password for user '%s'", username); local credentials = accounts:get(username) or {}; + password = saslprep(password); + if not password then + return nil, "Password fails SASLprep."; + end if credentials.password ~= nil and string.len(credentials.password) ~= 0 then - if credentials.password ~= password then + if saslprep(credentials.password) ~= password then return nil, "Auth failed. Provided password is incorrect."; end -- cgit v1.2.3