X-Git-Url: https://git.enpas.org/?a=blobdiff_plain;f=util%2Fsasl%2Fplain.lua;h=c9ec2911797ecaacae50ac0e6f969adb062b5591;hb=eb667887d3e88dca83c75c485654e9e74e60d5ee;hp=ae5c777a77423f466ecd5977f696e0f9bec7e313;hpb=9450538570c47da9ba653106c1978beb3b4d8d60;p=prosody.git diff --git a/util/sasl/plain.lua b/util/sasl/plain.lua index ae5c777a..c9ec2911 100644 --- a/util/sasl/plain.lua +++ b/util/sasl/plain.lua @@ -1,5 +1,5 @@ -- sasl.lua v0.4 --- Copyright (C) 2008-2009 Tobias Markmann +-- Copyright (C) 2008-2010 Tobias Markmann -- -- All rights reserved. -- @@ -13,12 +13,28 @@ local s_match = string.match; local saslprep = require "util.encodings".stringprep.saslprep; +local nodeprep = require "util.encodings".stringprep.nodeprep; local log = require "util.logger".init("sasl"); -module "plain" +module "sasl.plain" -- ================================ -- SASL PLAIN according to RFC 4616 + +--[[ +Supported Authentication Backends + +plain: + function(username, realm) + return password, state; + end + +plain_test: + function(username, password, realm) + return true or false, state; + end +]] + local function plain(self, message) if not message then return "failure", "malformed-request"; @@ -39,25 +55,31 @@ local function plain(self, message) return "failure", "malformed-request", "Invalid username or password."; end + local _nodeprep = self.profile.nodeprep; + if _nodeprep ~= false then + authentication = (_nodeprep or nodeprep)(authentication); + if not authentication or authentication == "" then + return "failure", "malformed-request", "Invalid username or password." + end + end + local correct, state = false, false; if self.profile.plain then local correct_password; - correct_password, state = self.profile.plain(authentication, self.realm); - if correct_password == password then correct = true; else correct = false; end + correct_password, state = self.profile.plain(self, authentication, self.realm); + correct = (correct_password == password); elseif self.profile.plain_test then - correct, state = self.profile.plain_test(authentication, self.realm, password); + correct, state = self.profile.plain_test(self, authentication, password, self.realm); end self.username = authentication - if not state then + if state == false then return "failure", "account-disabled"; - end - - if correct then - return "success"; - else + elseif state == nil or not correct then return "failure", "not-authorized", "Unable to authorize you with the authentication credentials you've sent."; end + + return "success"; end function init(registerMechanism)