projects / prosody.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge 0.10->trunk
[prosody.git] / plugins / mod_auth_internal_hashed.lua
diff --git a/plugins/mod_auth_internal_hashed.lua b/plugins/mod_auth_internal_hashed.lua
index fb87bb9f317088690a2353898dbf54a2dd44c55b..78abe50d04be08d7747e01435e317c381bdcbd8d 100644 (file)
--- a/plugins/mod_auth_internal_hashed.lua
+++ b/plugins/mod_auth_internal_hashed.lua
@@ -7,39 +7,24 @@
 -- COPYING file in the source package for more information.
 --
 
+local max = math.max;
+
 local getAuthenticationDatabaseSHA1 = require "util.sasl.scram".getAuthenticationDatabaseSHA1;
 local usermanager = require "core.usermanager";
 local generate_uuid = require "util.uuid".generate;
 local new_sasl = require "util.sasl".new;
+local hex = require"util.hex";
+local to_hex, from_hex = hex.to, hex.from;
 
 local log = module._log;
 local host = module.host;
 
 local accounts = module:open_store("accounts");
 
-local to_hex;
-do
-       local function replace_byte_with_hex(byte)
-               return ("%02x"):format(byte:byte());
-       end
-       function to_hex(binary_string)
-               return binary_string:gsub(".", replace_byte_with_hex);
-       end
-end
-
-local from_hex;
-do
-       local function replace_hex_with_byte(hex)
-               return string.char(tonumber(hex, 16));
-       end
-       function from_hex(hex_string)
-               return hex_string:gsub("..", replace_hex_with_byte);
-       end
-end
 
 
 -- Default; can be set per-user
-local iteration_count = 4096;
+local default_iteration_count = 4096;
 
 -- define auth provider
 local provider = {};
@@ -80,8 +65,8 @@ function provider.set_password(username, password)
        log("debug", "set_password for username '%s'", username);
        local account = accounts:get(username);
        if account then
-               account.salt = account.salt or generate_uuid();
-               account.iteration_count = account.iteration_count or iteration_count;
+               account.salt = generate_uuid();
+               account.iteration_count = max(account.iteration_count or 0, default_iteration_count);
                local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, account.salt, account.iteration_count);
                local stored_key_hex = to_hex(stored_key);
                local server_key_hex = to_hex(server_key);
@@ -113,10 +98,10 @@ function provider.create_user(username, password)
                return accounts:set(username, {});
        end
        local salt = generate_uuid();
-       local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, salt, iteration_count);
+       local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, salt, default_iteration_count);
        local stored_key_hex = to_hex(stored_key);
        local server_key_hex = to_hex(server_key);
-       return accounts:set(username, {stored_key = stored_key_hex, server_key = server_key_hex, salt = salt, iteration_count = iteration_count});
+       return accounts:set(username, {stored_key = stored_key_hex, server_key = server_key_hex, salt = salt, iteration_count = default_iteration_count});
 end
 
 function provider.delete_user(username)