X-Git-Url: https://git.enpas.org/?a=blobdiff_plain;f=util%2Fsasl%2Fscram.lua;h=530ef5a005614837b2edd440b9df120b8cc203a3;hb=e2615fb00f14ddcb436afd00c7729e1135667d42;hp=63f6f2fe676fa1bf6d7d17d244c17726b059e3d3;hpb=fc67a891781b47c31eda0c38f70fbd6908e77d26;p=prosody.git

diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua
index 63f6f2fe..530ef5a0 100644
--- a/util/sasl/scram.lua
+++ b/util/sasl/scram.lua
@@ -27,7 +27,7 @@ local byte = string.byte;
 module "scram"
 
 --=========================
---SASL SCRAM-SHA-1 according to draft-ietf-sasl-scram-10
+--SASL SCRAM-SHA-1 according to RFC 5802
 
 --[[
 Supported Authentication Backends
@@ -65,9 +65,9 @@ local function binaryXOR( a, b )
 end
 
 -- hash algorithm independent Hi(PBKDF2) implementation
-local function Hi(hmac, str, salt, i)
+function Hi(hmac, str, salt, i)
 	local Ust = hmac(str, salt.."\0\0\0\1");
-	local res = Ust;	
+	local res = Ust;
 	for n=1,i-1 do
 		local Und = hmac(str, Ust)
 		res = binaryXOR(res, Und)
@@ -80,8 +80,8 @@ local function validate_username(username)
 	-- check for forbidden char sequences
 	for eq in username:gmatch("=(.?.?)") do
 		if eq ~= "2D" and eq ~= "3D" then
-			return false 
-		end 
+			return false
+		end
 	end
 	
 	-- replace =2D with , and =3D with =
@@ -143,7 +143,7 @@ local function scram_gen(hash_name, H_f, HMAC_f)
 			
 			-- retreive credentials
 			if self.profile.plain then
-				local password, state = self.profile.plain(self.state.name, self.realm)
+				local password, state = self.profile.plain(self, self.state.name, self.realm)
 				if state == nil then return "failure", "not-authorized"
 				elseif state == false then return "failure", "account-disabled" end
 				
@@ -163,7 +163,7 @@ local function scram_gen(hash_name, H_f, HMAC_f)
 					return "failure", "temporary-auth-failure";
 				end
 			elseif self.profile["scram_"..hashprep(hash_name)] then
-				local stored_key, server_key, iteration_count, salt, state = self.profile["scram_"..hashprep(hash_name)](self.state.name, self.realm);
+				local stored_key, server_key, iteration_count, salt, state = self.profile["scram_"..hashprep(hash_name)](self, self.state.name, self.realm);
 				if state == nil then return "failure", "not-authorized"
 				elseif state == false then return "failure", "account-disabled" end