Wed, 05 May 2010 17:12:32 +0100
net.server_select: Fix typo affecting connections with an onconnect listener that have data pending in the sendbuffer
2182
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
1 | -- sasl.lua v0.4 |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
2 | -- Copyright (C) 2008-2009 Tobias Markmann |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
3 | -- |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
4 | -- All rights reserved. |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
5 | -- |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
6 | -- Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
7 | -- |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
8 | -- * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
9 | -- * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
10 | -- * Neither the name of Tobias Markmann nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
11 | -- |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
12 | -- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
13 | |
2184
1fd38975addd
Add support for plain profile in digest-md5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
14 | local tostring = tostring; |
1fd38975addd
Add support for plain profile in digest-md5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
15 | local type = type; |
1fd38975addd
Add support for plain profile in digest-md5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
16 | |
1fd38975addd
Add support for plain profile in digest-md5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
17 | local s_gmatch = string.gmatch; |
1fd38975addd
Add support for plain profile in digest-md5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
18 | local s_match = string.match; |
1fd38975addd
Add support for plain profile in digest-md5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
19 | local t_concat = table.concat; |
1fd38975addd
Add support for plain profile in digest-md5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
20 | local t_insert = table.insert; |
1fd38975addd
Add support for plain profile in digest-md5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
21 | local to_byte, to_char = string.byte, string.char; |
1fd38975addd
Add support for plain profile in digest-md5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
22 | |
1fd38975addd
Add support for plain profile in digest-md5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
23 | local md5 = require "util.hashes".md5; |
1fd38975addd
Add support for plain profile in digest-md5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
24 | local log = require "util.logger".init("sasl"); |
1fd38975addd
Add support for plain profile in digest-md5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
25 | local generate_uuid = require "util.uuid".generate; |
1fd38975addd
Add support for plain profile in digest-md5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
26 | |
2202 | 27 | module "digest-md5" |
2182
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
28 | |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
29 | --========================= |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
30 | --SASL DIGEST-MD5 according to RFC 2831 |
2184
1fd38975addd
Add support for plain profile in digest-md5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
31 | |
1fd38975addd
Add support for plain profile in digest-md5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
32 | local function digest(self, message) |
2182
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
33 | --TODO complete support for authzid |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
34 | |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
35 | local function serialize(message) |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
36 | local data = "" |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
37 | |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
38 | -- testing all possible values |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
39 | if message["realm"] then data = data..[[realm="]]..message.realm..[[",]] end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
40 | if message["nonce"] then data = data..[[nonce="]]..message.nonce..[[",]] end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
41 | if message["qop"] then data = data..[[qop="]]..message.qop..[[",]] end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
42 | if message["charset"] then data = data..[[charset=]]..message.charset.."," end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
43 | if message["algorithm"] then data = data..[[algorithm=]]..message.algorithm.."," end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
44 | if message["rspauth"] then data = data..[[rspauth=]]..message.rspauth.."," end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
45 | data = data:gsub(",$", "") |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
46 | return data |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
47 | end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
48 | |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
49 | local function utf8tolatin1ifpossible(passwd) |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
50 | local i = 1; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
51 | while i <= #passwd do |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
52 | local passwd_i = to_byte(passwd:sub(i, i)); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
53 | if passwd_i > 0x7F then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
54 | if passwd_i < 0xC0 or passwd_i > 0xC3 then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
55 | return passwd; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
56 | end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
57 | i = i + 1; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
58 | passwd_i = to_byte(passwd:sub(i, i)); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
59 | if passwd_i < 0x80 or passwd_i > 0xBF then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
60 | return passwd; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
61 | end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
62 | end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
63 | i = i + 1; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
64 | end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
65 | |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
66 | local p = {}; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
67 | local j = 0; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
68 | i = 1; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
69 | while (i <= #passwd) do |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
70 | local passwd_i = to_byte(passwd:sub(i, i)); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
71 | if passwd_i > 0x7F then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
72 | i = i + 1; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
73 | local passwd_i_1 = to_byte(passwd:sub(i, i)); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
74 | t_insert(p, to_char(passwd_i%4*64 + passwd_i_1%64)); -- I'm so clever |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
75 | else |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
76 | t_insert(p, to_char(passwd_i)); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
77 | end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
78 | i = i + 1; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
79 | end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
80 | return t_concat(p); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
81 | end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
82 | local function latin1toutf8(str) |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
83 | local p = {}; |
2184
1fd38975addd
Add support for plain profile in digest-md5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
84 | for ch in s_gmatch(str, ".") do |
2182
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
85 | ch = to_byte(ch); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
86 | if (ch < 0x80) then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
87 | t_insert(p, to_char(ch)); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
88 | elseif (ch < 0xC0) then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
89 | t_insert(p, to_char(0xC2, ch)); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
90 | else |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
91 | t_insert(p, to_char(0xC3, ch - 64)); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
92 | end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
93 | end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
94 | return t_concat(p); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
95 | end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
96 | local function parse(data) |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
97 | local message = {} |
2208 | 98 | -- COMPAT: %z in the pattern to work around jwchat bug (sends "charset=utf-8\0") |
2215
4678aa4567c8
SASL: Using locally mapped s_gmatch instead of unavailable gmatch.
Tobias Markmann <tm@ayena.de>
parents:
2208
diff
changeset
|
99 | for k, v in s_gmatch(data, [[([%w%-]+)="?([^",%z]*)"?,?]]) do -- FIXME The hacky regex makes me shudder |
2182
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
100 | message[k] = v; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
101 | end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
102 | return message; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
103 | end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
104 | |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
105 | if not self.nonce then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
106 | self.nonce = generate_uuid(); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
107 | self.step = 0; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
108 | self.nonce_count = {}; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
109 | end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
110 | |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
111 | self.step = self.step + 1; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
112 | if (self.step == 1) then |
2184
1fd38975addd
Add support for plain profile in digest-md5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
113 | local challenge = serialize({ nonce = self.nonce, |
2182
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
114 | qop = "auth", |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
115 | charset = "utf-8", |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
116 | algorithm = "md5-sess", |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
117 | realm = self.realm}); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
118 | return "challenge", challenge; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
119 | elseif (self.step == 2) then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
120 | local response = parse(message); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
121 | -- check for replay attack |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
122 | if response["nc"] then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
123 | if self.nonce_count[response["nc"]] then return "failure", "not-authorized" end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
124 | end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
125 | |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
126 | -- check for username, it's REQUIRED by RFC 2831 |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
127 | if not response["username"] then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
128 | return "failure", "malformed-request"; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
129 | end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
130 | self["username"] = response["username"]; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
131 | |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
132 | -- check for nonce, ... |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
133 | if not response["nonce"] then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
134 | return "failure", "malformed-request"; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
135 | else |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
136 | -- check if it's the right nonce |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
137 | if response["nonce"] ~= tostring(self.nonce) then return "failure", "malformed-request" end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
138 | end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
139 | |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
140 | if not response["cnonce"] then return "failure", "malformed-request", "Missing entry for cnonce in SASL message." end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
141 | if not response["qop"] then response["qop"] = "auth" end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
142 | |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
143 | if response["realm"] == nil or response["realm"] == "" then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
144 | response["realm"] = ""; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
145 | elseif response["realm"] ~= self.realm then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
146 | return "failure", "not-authorized", "Incorrect realm value"; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
147 | end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
148 | |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
149 | local decoder; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
150 | if response["charset"] == nil then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
151 | decoder = utf8tolatin1ifpossible; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
152 | elseif response["charset"] ~= "utf-8" then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
153 | return "failure", "incorrect-encoding", "The client's response uses "..response["charset"].." for encoding with isn't supported by sasl.lua. Supported encodings are latin or utf-8."; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
154 | end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
155 | |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
156 | local domain = ""; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
157 | local protocol = ""; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
158 | if response["digest-uri"] then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
159 | protocol, domain = response["digest-uri"]:match("(%w+)/(.*)$"); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
160 | if protocol == nil or domain == nil then return "failure", "malformed-request" end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
161 | else |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
162 | return "failure", "malformed-request", "Missing entry for digest-uri in SASL message." |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
163 | end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
164 | |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
165 | --TODO maybe realm support |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
166 | self.username = response["username"]; |
2258
e4c5d0d21ac7
util.sasl.digest-md5: Fixing some variable access.
Tobias Markmann <tm@ayena.de>
parents:
2255
diff
changeset
|
167 | local Y, state; |
2184
1fd38975addd
Add support for plain profile in digest-md5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
168 | if self.profile.plain then |
1fd38975addd
Add support for plain profile in digest-md5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
169 | local password, state = self.profile.plain(response["username"], self.realm) |
1fd38975addd
Add support for plain profile in digest-md5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
170 | if state == nil then return "failure", "not-authorized" |
1fd38975addd
Add support for plain profile in digest-md5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
171 | elseif state == false then return "failure", "account-disabled" end |
2185
1182e7ae2964
Broken DIGEST-MD5 client support again.
Tobias Markmann <tm@ayena.de>
parents:
2184
diff
changeset
|
172 | Y = md5(response["username"]..":"..response["realm"]..":"..password); |
2184
1fd38975addd
Add support for plain profile in digest-md5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
173 | elseif self.profile["digest-md5"] then |
2258
e4c5d0d21ac7
util.sasl.digest-md5: Fixing some variable access.
Tobias Markmann <tm@ayena.de>
parents:
2255
diff
changeset
|
174 | Y, state = self.profile["digest-md5"](response["username"], self.realm, response["realm"], response["charset"]) |
2187
e79c0ce6cf54
Adding support for digest-md5 profile in DIGEST-MD5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2185
diff
changeset
|
175 | if state == nil then return "failure", "not-authorized" |
e79c0ce6cf54
Adding support for digest-md5 profile in DIGEST-MD5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2185
diff
changeset
|
176 | elseif state == false then return "failure", "account-disabled" end |
2184
1fd38975addd
Add support for plain profile in digest-md5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
177 | elseif self.profile["digest-md5-test"] then |
2185
1182e7ae2964
Broken DIGEST-MD5 client support again.
Tobias Markmann <tm@ayena.de>
parents:
2184
diff
changeset
|
178 | -- TODO |
2184
1fd38975addd
Add support for plain profile in digest-md5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
179 | end |
1fd38975addd
Add support for plain profile in digest-md5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
180 | --local password_encoding, Y = self.credentials_handler("DIGEST-MD5", response["username"], self.realm, response["realm"], decoder); |
1fd38975addd
Add support for plain profile in digest-md5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
181 | --if Y == nil then return "failure", "not-authorized" |
1fd38975addd
Add support for plain profile in digest-md5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
182 | --elseif Y == false then return "failure", "account-disabled" end |
2182
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
183 | local A1 = ""; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
184 | if response.authzid then |
2189 | 185 | if response.authzid == self.username or response.authzid == self.username.."@"..self.realm then |
2182
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
186 | -- COMPAT |
2189 | 187 | log("warn", "Client is violating RFC 3920 (section 6.1, point 7)."); |
2182
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
188 | A1 = Y..":"..response["nonce"]..":"..response["cnonce"]..":"..response.authzid; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
189 | else |
2189 | 190 | return "failure", "invalid-authzid"; |
2182
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
191 | end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
192 | else |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
193 | A1 = Y..":"..response["nonce"]..":"..response["cnonce"]; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
194 | end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
195 | local A2 = "AUTHENTICATE:"..protocol.."/"..domain; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
196 | |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
197 | local HA1 = md5(A1, true); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
198 | local HA2 = md5(A2, true); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
199 | |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
200 | local KD = HA1..":"..response["nonce"]..":"..response["nc"]..":"..response["cnonce"]..":"..response["qop"]..":"..HA2; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
201 | local response_value = md5(KD, true); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
202 | |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
203 | if response_value == response["response"] then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
204 | -- calculate rspauth |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
205 | A2 = ":"..protocol.."/"..domain; |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
206 | |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
207 | HA1 = md5(A1, true); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
208 | HA2 = md5(A2, true); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
209 | |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
210 | KD = HA1..":"..response["nonce"]..":"..response["nc"]..":"..response["cnonce"]..":"..response["qop"]..":"..HA2 |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
211 | local rspauth = md5(KD, true); |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
212 | self.authenticated = true; |
2568
25e1a544a096
util.sasl.digest-md5: Revert changeset 6094a4e2b6f3 as it breaks some clients, re-visit some time down the line
Matthew Wild <mwild1@gmail.com>
parents:
2207
diff
changeset
|
213 | --TODO: considering sending the rspauth in a success node for saving one roundtrip; allowed according to http://tools.ietf.org/html/draft-saintandre-rfc3920bis-09#section-7.3.6 |
25e1a544a096
util.sasl.digest-md5: Revert changeset 6094a4e2b6f3 as it breaks some clients, re-visit some time down the line
Matthew Wild <mwild1@gmail.com>
parents:
2207
diff
changeset
|
214 | return "challenge", serialize({rspauth = rspauth}); |
2182
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
215 | else |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
216 | return "failure", "not-authorized", "The response provided by the client doesn't match the one we calculated." |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
217 | end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
218 | elseif self.step == 3 then |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
219 | if self.authenticated ~= nil then return "success" |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
220 | else return "failure", "malformed-request" end |
1112871916eb
Move each mechanism in an own file.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
221 | end |
2184
1fd38975addd
Add support for plain profile in digest-md5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
222 | end |
1fd38975addd
Add support for plain profile in digest-md5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
223 | |
1fd38975addd
Add support for plain profile in digest-md5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
224 | function init(registerMechanism) |
1fd38975addd
Add support for plain profile in digest-md5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
225 | registerMechanism("DIGEST-MD5", {"plain"}, digest); |
1fd38975addd
Add support for plain profile in digest-md5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
226 | end |
1fd38975addd
Add support for plain profile in digest-md5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
227 | |
1fd38975addd
Add support for plain profile in digest-md5 implementation.
Tobias Markmann <tm@ayena.de>
parents:
2182
diff
changeset
|
228 | return _M; |