projects / prosody.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
util.pluginloader: Return full file path from internal file loader on success, not...
[prosody.git] / util / sasl / plain.lua
diff --git a/util/sasl/plain.lua b/util/sasl/plain.lua
index 46a86bb92ef65239535756a58a53dcd1c5de65f1..fb20cf97d45e0424afd7c7044c5062dc37d68b73 100644 (file)
--- a/util/sasl/plain.lua
+++ b/util/sasl/plain.lua
@@ -1,5 +1,5 @@
 -- sasl.lua v0.4
--- Copyright (C) 2008-2009 Tobias Markmann
+-- Copyright (C) 2008-2010 Tobias Markmann
 --
 --    All rights reserved.
 --
@@ -15,24 +15,40 @@ local s_match = string.match;
 local saslprep = require "util.encodings".stringprep.saslprep;
 local log = require "util.logger".init("sasl");
 
-module "plain"
+module "sasl.plain"
+
+-- ================================
+-- SASL PLAIN according to RFC 4616
+
+--[[
+Supported Authentication Backends
+
+plain:
+       function(username, realm)
+               return password, state;
+       end
+
+plain_test:
+       function(username, password, realm)
+               return true or false, state;
+       end
+]]
 
---=========================
---SASL PLAIN according to RFC 4616
 local function plain(self, message)
-       local response = message
-       local authorization = s_match(response, "([^%z]+)")
-       local authentication = s_match(response, "%z([^%z]+)%z")
-       local password = s_match(response, "%z[^%z]+%z([^%z]+)")
+       if not message then
+               return "failure", "malformed-request";
+       end
+
+       local authorization, authentication, password = s_match(message, "^([^%z]*)%z([^%z]+)%z([^%z]+)");
 
-       if authentication == nil or password == nil then
+       if not authorization then
                return "failure", "malformed-request";
        end
-       
+
        -- SASLprep password and authentication
        authentication = saslprep(authentication);
        password = saslprep(password);
-       
+
        if (not password) or (password == "") or (not authentication) or (authentication == "") then
                log("debug", "Username or password violates SASLprep.");
                return "failure", "malformed-request", "Invalid username or password.";
@@ -41,10 +57,10 @@ local function plain(self, message)
        local correct, state = false, false;
        if self.profile.plain then
                local correct_password;
-               correct_password, state = self.profile.plain(authentication, self.realm);
-               if correct_password == password then correct = true; else correct = false; end
+               correct_password, state = self.profile.plain(self, authentication, self.realm);
+               correct = (correct_password == password);
        elseif self.profile.plain_test then
-               correct, state = self.profile.plain_test(authentication, self.realm, password);
+               correct, state = self.profile.plain_test(self, authentication, password, self.realm);
        end
 
        self.username = authentication
@@ -63,4 +79,4 @@ function init(registerMechanism)
        registerMechanism("PLAIN", {"plain", "plain_test"}, plain);
 end
 
-return _M;
\ No newline at end of file
+return _M;