projects
/
prosody.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge 0.9->0.10
[prosody.git]
/
util
/
sasl
/
plain.lua
diff --git
a/util/sasl/plain.lua
b/util/sasl/plain.lua
index a4c8765da7a523c858f629d31a75ea1e3898060b..c9ec2911797ecaacae50ac0e6f969adb062b5591 100644
(file)
--- a/
util/sasl/plain.lua
+++ b/
util/sasl/plain.lua
@@
-1,5
+1,5
@@
-- sasl.lua v0.4
-- sasl.lua v0.4
--- Copyright (C) 2008-20
09
Tobias Markmann
+-- Copyright (C) 2008-20
10
Tobias Markmann
--
-- All rights reserved.
--
--
-- All rights reserved.
--
@@
-13,18
+13,34
@@
local s_match = string.match;
local saslprep = require "util.encodings".stringprep.saslprep;
local s_match = string.match;
local saslprep = require "util.encodings".stringprep.saslprep;
+local nodeprep = require "util.encodings".stringprep.nodeprep;
local log = require "util.logger".init("sasl");
local log = require "util.logger".init("sasl");
-module "plain"
+module "
sasl.
plain"
-- ================================
-- SASL PLAIN according to RFC 4616
-- ================================
-- SASL PLAIN according to RFC 4616
+
+--[[
+Supported Authentication Backends
+
+plain:
+ function(username, realm)
+ return password, state;
+ end
+
+plain_test:
+ function(username, password, realm)
+ return true or false, state;
+ end
+]]
+
local function plain(self, message)
if not message then
return "failure", "malformed-request";
end
local function plain(self, message)
if not message then
return "failure", "malformed-request";
end
- local authorization, authentication, password = s_match(message, "^([^%z]
+
)%z([^%z]+)%z([^%z]+)");
+ local authorization, authentication, password = s_match(message, "^([^%z]
*
)%z([^%z]+)%z([^%z]+)");
if not authorization then
return "failure", "malformed-request";
if not authorization then
return "failure", "malformed-request";
@@
-39,25
+55,31
@@
local function plain(self, message)
return "failure", "malformed-request", "Invalid username or password.";
end
return "failure", "malformed-request", "Invalid username or password.";
end
+ local _nodeprep = self.profile.nodeprep;
+ if _nodeprep ~= false then
+ authentication = (_nodeprep or nodeprep)(authentication);
+ if not authentication or authentication == "" then
+ return "failure", "malformed-request", "Invalid username or password."
+ end
+ end
+
local correct, state = false, false;
if self.profile.plain then
local correct_password;
local correct, state = false, false;
if self.profile.plain then
local correct_password;
- correct_password, state = self.profile.plain(authentication, self.realm);
- if correct_password == password then correct = true; else correct = false; end
+ correct_password, state = self.profile.plain(
self,
authentication, self.realm);
+ correct = (correct_password == password);
elseif self.profile.plain_test then
elseif self.profile.plain_test then
- correct, state = self.profile.plain_test(
authentication, self.realm, password
);
+ correct, state = self.profile.plain_test(
self, authentication, password, self.realm
);
end
self.username = authentication
end
self.username = authentication
- if
not stat
e then
+ if
state == fals
e then
return "failure", "account-disabled";
return "failure", "account-disabled";
- end
-
- if correct then
- return "success";
- else
+ elseif state == nil or not correct then
return "failure", "not-authorized", "Unable to authorize you with the authentication credentials you've sent.";
end
return "failure", "not-authorized", "Unable to authorize you with the authentication credentials you've sent.";
end
+
+ return "success";
end
function init(registerMechanism)
end
function init(registerMechanism)