projects / prosody.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
mod_storage_sql: Create index when creating a new table
[prosody.git] / util / sasl / scram.lua
diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua
index 63f6f2fe676fa1bf6d7d17d244c17726b059e3d3..530ef5a005614837b2edd440b9df120b8cc203a3 100644 (file)
--- a/util/sasl/scram.lua
+++ b/util/sasl/scram.lua
@@ -27,7 +27,7 @@ local byte = string.byte;
 module "scram"
 
 --=========================
---SASL SCRAM-SHA-1 according to draft-ietf-sasl-scram-10
+--SASL SCRAM-SHA-1 according to RFC 5802
 
 --[[
 Supported Authentication Backends
@@ -65,9 +65,9 @@ local function binaryXOR( a, b )
 end
 
 -- hash algorithm independent Hi(PBKDF2) implementation
-local function Hi(hmac, str, salt, i)
+function Hi(hmac, str, salt, i)
        local Ust = hmac(str, salt.."\0\0\0\1");
-       local res = Ust;        
+       local res = Ust;
        for n=1,i-1 do
                local Und = hmac(str, Ust)
                res = binaryXOR(res, Und)
@@ -80,8 +80,8 @@ local function validate_username(username)
        -- check for forbidden char sequences
        for eq in username:gmatch("=(.?.?)") do
                if eq ~= "2D" and eq ~= "3D" then
-                       return false 
-               end 
+                       return false
+               end
        end
        
        -- replace =2D with , and =3D with =
@@ -143,7 +143,7 @@ local function scram_gen(hash_name, H_f, HMAC_f)
                        
                        -- retreive credentials
                        if self.profile.plain then
-                               local password, state = self.profile.plain(self.state.name, self.realm)
+                               local password, state = self.profile.plain(self, self.state.name, self.realm)
                                if state == nil then return "failure", "not-authorized"
                                elseif state == false then return "failure", "account-disabled" end
                                
@@ -163,7 +163,7 @@ local function scram_gen(hash_name, H_f, HMAC_f)
                                        return "failure", "temporary-auth-failure";
                                end
                        elseif self.profile["scram_"..hashprep(hash_name)] then
-                               local stored_key, server_key, iteration_count, salt, state = self.profile["scram_"..hashprep(hash_name)](self.state.name, self.realm);
+                               local stored_key, server_key, iteration_count, salt, state = self.profile["scram_"..hashprep(hash_name)](self, self.state.name, self.realm);
                                if state == nil then return "failure", "not-authorized"
                                elseif state == false then return "failure", "account-disabled" end