X-Git-Url: https://git.enpas.org/?a=blobdiff_plain;f=util%2Fsasl%2Fdigest-md5.lua;h=591d85371ace5db490cd90c5ab78b91d9f699709;hb=e29bf2590cc792999e9dc7ee5f197c71ef5dfd88;hp=04acf04dcde50bbc9735c4c16eb78df5aceff663;hpb=184274a5a852fd853eb2e94d01817d658f6060d6;p=prosody.git

diff --git a/util/sasl/digest-md5.lua b/util/sasl/digest-md5.lua
index 04acf04d..591d8537 100644
--- a/util/sasl/digest-md5.lua
+++ b/util/sasl/digest-md5.lua
@@ -1,5 +1,5 @@
 -- sasl.lua v0.4
--- Copyright (C) 2008-2009 Tobias Markmann
+-- Copyright (C) 2008-2010 Tobias Markmann
 --
 --    All rights reserved.
 --
@@ -23,12 +23,28 @@ local to_byte, to_char = string.byte, string.char;
 local md5 = require "util.hashes".md5;
 local log = require "util.logger".init("sasl");
 local generate_uuid = require "util.uuid".generate;
+local nodeprep = require "util.encodings".stringprep.nodeprep;
 
-module "digest-md5"
+module "sasl.digest-md5"
 
 --=========================
 --SASL DIGEST-MD5 according to RFC 2831
 
+--[[
+Supported Authentication Backends
+
+digest_md5:
+	function(username, domain, realm, encoding) -- domain and realm are usually the same; for some broken
+												-- implementations it's not
+		return digesthash, state;
+	end
+
+digest_md5_test:
+	function(username, domain, realm, encoding, digesthash)
+		return true or false, state;
+	end
+]]
+
 local function digest(self, message)
 	--TODO complete support for authzid
 
@@ -124,10 +140,15 @@ local function digest(self, message)
 		end
 
 		-- check for username, it's REQUIRED by RFC 2831
-		if not response["username"] then
+		local username = response["username"];
+		local _nodeprep = self.profile.nodeprep;
+		if username and _nodeprep ~= false then
+			username = (_nodeprep or nodeprep)(username); -- FIXME charset
+		end
+		if not username or username == "" then
 			return "failure", "malformed-request";
 		end
-		self["username"] = response["username"];
+		self.username = username;
 
 		-- check for nonce, ...
 		if not response["nonce"] then
@@ -163,15 +184,14 @@ local function digest(self, message)
 		end
 
 		--TODO maybe realm support
-		self.username = response["username"];
 		local Y, state;
 		if self.profile.plain then
-			local password, state = self.profile.plain(response["username"], self.realm)
+			local password, state = self.profile.plain(self, response["username"], self.realm)
 			if state == nil then return "failure", "not-authorized"
 			elseif state == false then return "failure", "account-disabled" end
 			Y = md5(response["username"]..":"..response["realm"]..":"..password);
 		elseif self.profile["digest-md5"] then
-			Y, state = self.profile["digest-md5"](response["username"], self.realm, response["realm"], response["charset"])
+			Y, state = self.profile["digest-md5"](self, response["username"], self.realm, response["realm"], response["charset"])
 			if state == nil then return "failure", "not-authorized"
 			elseif state == false then return "failure", "account-disabled" end
 		elseif self.profile["digest-md5-test"] then
@@ -225,4 +245,4 @@ function init(registerMechanism)
 	registerMechanism("DIGEST-MD5", {"plain"}, digest);
 end
 
-return _M;
\ No newline at end of file
+return _M;