-- Prosody IM
-- Copyright (C) 2008-2009 Matthew Wild
-- Copyright (C) 2008-2009 Waqas Hussain
---
+--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--
local sm_make_authenticated = require "core.sessionmanager".make_authenticated;
local base64 = require "util.encodings".base64;
+local nodeprep = require "util.encodings".stringprep.nodeprep;
local datamanager_load = require "util.datamanager".load;
local usermanager_validate_credentials = require "core.usermanager".validate_credentials;
local usermanager_get_supported_methods = require "core.usermanager".get_supported_methods;
local md5 = require "util.hashes".md5;
local config = require "core.configmanager";
-local secure_auth_only = config.get(module:get_host(), "core", "require_encryption");
+local secure_auth_only = config.get(module:get_host(), "core", "c2s_require_encryption") or config.get(module:get_host(), "core", "require_encryption");
local log = module._log;
if status == "failure" then
session.sasl_handler = nil;
elseif status == "success" then
- if not session.sasl_handler.username then -- TODO move this to sessionmanager
+ local username = nodeprep(session.sasl_handler.username);
+ session.sasl_handler = nil;
+ if not username then -- TODO move this to sessionmanager
module:log("warn", "SASL succeeded but we didn't get a username!");
session.sasl_handler = nil;
session:reset_stream();
return;
- end
- sm_make_authenticated(session, session.sasl_handler.username);
- session.sasl_handler = nil;
+ end
+ sm_make_authenticated(session, username);
session:reset_stream();
end
end
local function credentials_callback(mechanism, ...)
- if mechanism == "PLAIN" then
- local username, hostname, password = arg[1], arg[2], arg[3];
- local response = usermanager_validate_credentials(hostname, username, password, mechanism)
- if response == nil then return false
- else return response end
- elseif mechanism == "DIGEST-MD5" then
- function func(x) return x; end
- local node, domain, realm, decoder = arg[1], arg[2], arg[3], arg[4];
- local password = usermanager_get_password(node, domain)
- if password then
- if decoder then node, realm, password = decoder(node), decoder(realm), decoder(password); end
- return func, md5(node..":"..realm..":"..password);
- else
- return func, nil;
- end
- end
+ if mechanism == "PLAIN" then
+ local username, hostname, password = ...;
+ username = nodeprep(username);
+ if not username then
+ return false;
+ end
+ local response = usermanager_validate_credentials(hostname, username, password, mechanism);
+ if response == nil then
+ return false;
+ else
+ return response;
+ end
+ elseif mechanism == "DIGEST-MD5" then
+ function func(x) return x; end
+ local node, domain, realm, decoder = ...;
+ local prepped_node = nodeprep(node);
+ if not prepped_node then
+ return func, nil;
+ end
+ local password = usermanager_get_password(prepped_node, domain);
+ if password then
+ if decoder then
+ node, realm, password = decoder(node), decoder(realm), decoder(password);
+ end
+ return func, md5(node..":"..realm..":"..password);
+ else
+ return func, nil;
+ end
+ end
end
local function sasl_handler(session, stanza)