X-Git-Url: https://git.enpas.org/?a=blobdiff_plain;f=util%2Fsasl%2Fdigest-md5.lua;h=2837148ec4723270b92d11b30ac551299e230184;hb=f2c0726e2c08c9c7c4d82075de645c05eac2623e;hp=f8e0e393fdabd9e1474e4a7aaa3de445eb1f5126;hpb=2b69d1586fadb43f2838d4c17bc8ab08eb578057;p=prosody.git

diff --git a/util/sasl/digest-md5.lua b/util/sasl/digest-md5.lua
index f8e0e393..2837148e 100644
--- a/util/sasl/digest-md5.lua
+++ b/util/sasl/digest-md5.lua
@@ -1,5 +1,5 @@
 -- sasl.lua v0.4
--- Copyright (C) 2008-2009 Tobias Markmann
+-- Copyright (C) 2008-2010 Tobias Markmann
 --
 --    All rights reserved.
 --
@@ -28,10 +28,21 @@ module "digest-md5"
 
 --=========================
 --SASL DIGEST-MD5 according to RFC 2831
-local function digest_response()
-	
-	return response, A1, A2
-end
+
+--[[
+Supported Authentication Backends
+
+digest_md5:
+	function(username, domain, realm, encoding) -- domain and realm are usually the same; for some broken
+												-- implementations it's not
+		return digesthash, state;
+	end
+
+digest_md5_test:
+	function(username, domain, realm, encoding, digesthash)
+		return true or false, state;
+	end
+]]
 
 local function digest(self, message)
 	--TODO complete support for authzid
@@ -39,8 +50,6 @@ local function digest(self, message)
 	local function serialize(message)
 		local data = ""
 
-		if type(message) ~= "table" then error("serialize needs an argument of type table.") end
-
 		-- testing all possible values
 		if message["realm"] then data = data..[[realm="]]..message.realm..[[",]] end
 		if message["nonce"] then data = data..[[nonce="]]..message.nonce..[[",]] end
@@ -170,13 +179,14 @@ local function digest(self, message)
 
 		--TODO maybe realm support
 		self.username = response["username"];
+		local Y, state;
 		if self.profile.plain then
 			local password, state = self.profile.plain(response["username"], self.realm)
 			if state == nil then return "failure", "not-authorized"
 			elseif state == false then return "failure", "account-disabled" end
 			Y = md5(response["username"]..":"..response["realm"]..":"..password);
 		elseif self.profile["digest-md5"] then
-			local Y, state = self.profile["digest-md5"](response["username"], self.realm, response["realm"], response["charset"])
+			Y, state = self.profile["digest-md5"](response["username"], self.realm, response["realm"], response["charset"])
 			if state == nil then return "failure", "not-authorized"
 			elseif state == false then return "failure", "account-disabled" end
 		elseif self.profile["digest-md5-test"] then
@@ -215,7 +225,8 @@ local function digest(self, message)
 			KD = HA1..":"..response["nonce"]..":"..response["nc"]..":"..response["cnonce"]..":"..response["qop"]..":"..HA2
 			local rspauth = md5(KD, true);
 			self.authenticated = true;
-			return "success", serialize({rspauth = rspauth});
+			--TODO: considering sending the rspauth in a success node for saving one roundtrip; allowed according to http://tools.ietf.org/html/draft-saintandre-rfc3920bis-09#section-7.3.6
+			return "challenge", serialize({rspauth = rspauth});
 		else
 			return "failure", "not-authorized", "The response provided by the client doesn't match the one we calculated."
 		end