projects / prosody.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
util.serialization: Proper serialization of Infinity, -Infinity and NaN.
[prosody.git] / util / sasl / digest-md5.lua
diff --git a/util/sasl/digest-md5.lua b/util/sasl/digest-md5.lua
index a14e875bdbba632d5de5c1fde4249bf7d7172a56..2837148ec4723270b92d11b30ac551299e230184 100644 (file)
--- a/util/sasl/digest-md5.lua
+++ b/util/sasl/digest-md5.lua
@@ -1,5 +1,5 @@
 -- sasl.lua v0.4
--- Copyright (C) 2008-2009 Tobias Markmann
+-- Copyright (C) 2008-2010 Tobias Markmann
 --
 --    All rights reserved.
 --
@@ -29,14 +29,27 @@ module "digest-md5"
 --=========================
 --SASL DIGEST-MD5 according to RFC 2831
 
+--[[
+Supported Authentication Backends
+
+digest_md5:
+       function(username, domain, realm, encoding) -- domain and realm are usually the same; for some broken
+                                                                                               -- implementations it's not
+               return digesthash, state;
+       end
+
+digest_md5_test:
+       function(username, domain, realm, encoding, digesthash)
+               return true or false, state;
+       end
+]]
+
 local function digest(self, message)
        --TODO complete support for authzid
 
        local function serialize(message)
                local data = ""
 
-               if type(message) ~= "table" then error("serialize needs an argument of type table.") end
-
                -- testing all possible values
                if message["realm"] then data = data..[[realm="]]..message.realm..[[",]] end
                if message["nonce"] then data = data..[[nonce="]]..message.nonce..[[",]] end
@@ -166,13 +179,14 @@ local function digest(self, message)
 
                --TODO maybe realm support
                self.username = response["username"];
+               local Y, state;
                if self.profile.plain then
                        local password, state = self.profile.plain(response["username"], self.realm)
                        if state == nil then return "failure", "not-authorized"
                        elseif state == false then return "failure", "account-disabled" end
-                       local Y = md5(response["username"]..":"..response["realm"]..":"..password);
+                       Y = md5(response["username"]..":"..response["realm"]..":"..password);
                elseif self.profile["digest-md5"] then
-                       local Y, state = self.profile["digest-md5"](response["username"], self.realm, response["realm"], response["charset"])
+                       Y, state = self.profile["digest-md5"](response["username"], self.realm, response["realm"], response["charset"])
                        if state == nil then return "failure", "not-authorized"
                        elseif state == false then return "failure", "account-disabled" end
                elseif self.profile["digest-md5-test"] then
@@ -211,7 +225,8 @@ local function digest(self, message)
                        KD = HA1..":"..response["nonce"]..":"..response["nc"]..":"..response["cnonce"]..":"..response["qop"]..":"..HA2
                        local rspauth = md5(KD, true);
                        self.authenticated = true;
-                       return "success", serialize({rspauth = rspauth});
+                       --TODO: considering sending the rspauth in a success node for saving one roundtrip; allowed according to http://tools.ietf.org/html/draft-saintandre-rfc3920bis-09#section-7.3.6
+                       return "challenge", serialize({rspauth = rspauth});
                else
                        return "failure", "not-authorized", "The response provided by the client doesn't match the one we calculated."
                end