Fri, 21 Nov 2008 05:59:03 +0000
Now possible to specify nil origin to core_route_stanza. Origin will be chosen as the host of the 'from' attribute on the stanza. Returns false on no such host.
15
c0d754774db2
adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
1 | |
276
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
2 | local md5 = require "md5" |
38 | 3 | local log = require "util.logger".init("sasl"); |
4 | local tostring = tostring; | |
5 | local st = require "util.stanza"; | |
276
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
6 | local generate_uuid = require "util.uuid".generate; |
38 | 7 | local s_match = string.match; |
277
00c2fc751f50
Fixing some parsing and some other stuff.
Tobias Markmann <tm@ayena.de>
parents:
276
diff
changeset
|
8 | local gmatch = string.gmatch |
280
516f4c901991
Rewrote SASL Digest-MD5 responce generating code, fixed some realm related issue and tested it successfully with Psi. Thanks to dwd, remko and jake.
Tobias Markmann <tm@ayena.de>
parents:
278
diff
changeset
|
9 | local string = string |
276
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
10 | local math = require "math" |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
11 | local type = type |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
12 | local error = error |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
13 | local print = print |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
14 | |
38 | 15 | module "sasl" |
16 | ||
285
372d0891e8fd
Made PLAIN method in sasl.lua module follow new interface.
Tobias Markmann <tm@ayena.de>
parents:
280
diff
changeset
|
17 | local function new_plain(realm, password_handler) |
372d0891e8fd
Made PLAIN method in sasl.lua module follow new interface.
Tobias Markmann <tm@ayena.de>
parents:
280
diff
changeset
|
18 | local object = { mechanism = "PLAIN", realm = realm, password_handler = password_handler} |
297
15b375870b40
Providing some human readable error messages and some fixes.
Tobias Markmann <tm@ayena.de>
parents:
294
diff
changeset
|
19 | function object.feed(self, message) |
15b375870b40
Providing some human readable error messages and some fixes.
Tobias Markmann <tm@ayena.de>
parents:
294
diff
changeset
|
20 | |
15b375870b40
Providing some human readable error messages and some fixes.
Tobias Markmann <tm@ayena.de>
parents:
294
diff
changeset
|
21 | if message == "" or message == nil then return "failure", "malformed-request" end |
15b375870b40
Providing some human readable error messages and some fixes.
Tobias Markmann <tm@ayena.de>
parents:
294
diff
changeset
|
22 | local response = message |
15b375870b40
Providing some human readable error messages and some fixes.
Tobias Markmann <tm@ayena.de>
parents:
294
diff
changeset
|
23 | local authorization = s_match(response, "([^&%z]+)") |
15b375870b40
Providing some human readable error messages and some fixes.
Tobias Markmann <tm@ayena.de>
parents:
294
diff
changeset
|
24 | local authentication = s_match(response, "%z([^&%z]+)%z") |
15b375870b40
Providing some human readable error messages and some fixes.
Tobias Markmann <tm@ayena.de>
parents:
294
diff
changeset
|
25 | local password = s_match(response, "%z[^&%z]+%z([^&%z]+)") |
15b375870b40
Providing some human readable error messages and some fixes.
Tobias Markmann <tm@ayena.de>
parents:
294
diff
changeset
|
26 | |
15b375870b40
Providing some human readable error messages and some fixes.
Tobias Markmann <tm@ayena.de>
parents:
294
diff
changeset
|
27 | local password_encoding, correct_password = self.password_handler(authentication, self.realm, "PLAIN") |
15b375870b40
Providing some human readable error messages and some fixes.
Tobias Markmann <tm@ayena.de>
parents:
294
diff
changeset
|
28 | |
15b375870b40
Providing some human readable error messages and some fixes.
Tobias Markmann <tm@ayena.de>
parents:
294
diff
changeset
|
29 | local claimed_password = "" |
15b375870b40
Providing some human readable error messages and some fixes.
Tobias Markmann <tm@ayena.de>
parents:
294
diff
changeset
|
30 | if password_encoding == nil then claimed_password = password |
15b375870b40
Providing some human readable error messages and some fixes.
Tobias Markmann <tm@ayena.de>
parents:
294
diff
changeset
|
31 | else claimed_password = password_encoding(password) end |
15b375870b40
Providing some human readable error messages and some fixes.
Tobias Markmann <tm@ayena.de>
parents:
294
diff
changeset
|
32 | |
15b375870b40
Providing some human readable error messages and some fixes.
Tobias Markmann <tm@ayena.de>
parents:
294
diff
changeset
|
33 | self.username = authentication |
15b375870b40
Providing some human readable error messages and some fixes.
Tobias Markmann <tm@ayena.de>
parents:
294
diff
changeset
|
34 | if claimed_password == correct_password then |
15b375870b40
Providing some human readable error messages and some fixes.
Tobias Markmann <tm@ayena.de>
parents:
294
diff
changeset
|
35 | log("debug", "success") |
15b375870b40
Providing some human readable error messages and some fixes.
Tobias Markmann <tm@ayena.de>
parents:
294
diff
changeset
|
36 | return "success" |
15b375870b40
Providing some human readable error messages and some fixes.
Tobias Markmann <tm@ayena.de>
parents:
294
diff
changeset
|
37 | else |
15b375870b40
Providing some human readable error messages and some fixes.
Tobias Markmann <tm@ayena.de>
parents:
294
diff
changeset
|
38 | log("debug", "failure") |
15b375870b40
Providing some human readable error messages and some fixes.
Tobias Markmann <tm@ayena.de>
parents:
294
diff
changeset
|
39 | return "failure", "not-authorized" |
15b375870b40
Providing some human readable error messages and some fixes.
Tobias Markmann <tm@ayena.de>
parents:
294
diff
changeset
|
40 | end |
15b375870b40
Providing some human readable error messages and some fixes.
Tobias Markmann <tm@ayena.de>
parents:
294
diff
changeset
|
41 | end |
15
c0d754774db2
adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
42 | return object |
c0d754774db2
adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
43 | end |
c0d754774db2
adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
44 | |
294
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
45 | local function new_digest_md5(realm, password_handler) |
280
516f4c901991
Rewrote SASL Digest-MD5 responce generating code, fixed some realm related issue and tested it successfully with Psi. Thanks to dwd, remko and jake.
Tobias Markmann <tm@ayena.de>
parents:
278
diff
changeset
|
46 | --TODO maybe support for authzid |
276
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
47 | |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
48 | local function serialize(message) |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
49 | local data = "" |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
50 | |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
51 | if type(message) ~= "table" then error("serialize needs an argument of type table.") end |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
52 | |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
53 | -- testing all possible values |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
54 | if message["nonce"] then data = data..[[nonce="]]..message.nonce..[[",]] end |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
55 | if message["qop"] then data = data..[[qop="]]..message.qop..[[",]] end |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
56 | if message["charset"] then data = data..[[charset=]]..message.charset.."," end |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
57 | if message["algorithm"] then data = data..[[algorithm=]]..message.algorithm.."," end |
280
516f4c901991
Rewrote SASL Digest-MD5 responce generating code, fixed some realm related issue and tested it successfully with Psi. Thanks to dwd, remko and jake.
Tobias Markmann <tm@ayena.de>
parents:
278
diff
changeset
|
58 | if message["realm"] then data = data..[[realm="]]..message.realm..[[",]] end |
516f4c901991
Rewrote SASL Digest-MD5 responce generating code, fixed some realm related issue and tested it successfully with Psi. Thanks to dwd, remko and jake.
Tobias Markmann <tm@ayena.de>
parents:
278
diff
changeset
|
59 | if message["rspauth"] then data = data..[[rspauth=]]..message.rspauth.."," end |
276
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
60 | data = data:gsub(",$", "") |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
61 | return data |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
62 | end |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
63 | |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
64 | local function parse(data) |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
65 | message = {} |
280
516f4c901991
Rewrote SASL Digest-MD5 responce generating code, fixed some realm related issue and tested it successfully with Psi. Thanks to dwd, remko and jake.
Tobias Markmann <tm@ayena.de>
parents:
278
diff
changeset
|
66 | log("debug", "parse-message: "..data) |
516f4c901991
Rewrote SASL Digest-MD5 responce generating code, fixed some realm related issue and tested it successfully with Psi. Thanks to dwd, remko and jake.
Tobias Markmann <tm@ayena.de>
parents:
278
diff
changeset
|
67 | for k, v in gmatch(data, [[([%w%-]+)="?([%w%-%/%.%+=]+)"?,?]]) do |
276
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
68 | message[k] = v |
280
516f4c901991
Rewrote SASL Digest-MD5 responce generating code, fixed some realm related issue and tested it successfully with Psi. Thanks to dwd, remko and jake.
Tobias Markmann <tm@ayena.de>
parents:
278
diff
changeset
|
69 | log("debug", " "..k.." = "..v) |
276
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
70 | end |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
71 | return message |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
72 | end |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
73 | |
294
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
74 | local object = { mechanism = "DIGEST-MD5", realm = realm, password_handler = password_handler} |
276
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
75 | |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
76 | --TODO: something better than math.random would be nice, maybe OpenSSL's random number generator |
280
516f4c901991
Rewrote SASL Digest-MD5 responce generating code, fixed some realm related issue and tested it successfully with Psi. Thanks to dwd, remko and jake.
Tobias Markmann <tm@ayena.de>
parents:
278
diff
changeset
|
77 | object.nonce = generate_uuid() |
294
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
78 | object.step = 0 |
276
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
79 | object.nonce_count = {} |
294
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
80 | |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
81 | function object.feed(self, message) |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
82 | log("debug", "SASL step: "..self.step) |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
83 | self.step = self.step + 1 |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
84 | if (self.step == 1) then |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
85 | local challenge = serialize({ nonce = object.nonce, |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
86 | qop = "auth", |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
87 | charset = "utf-8", |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
88 | algorithm = "md5-sess", |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
89 | realm = self.realm}); |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
90 | log("debug", "challenge: "..challenge) |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
91 | return "challenge", challenge |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
92 | elseif (self.step == 2) then |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
93 | local response = parse(message) |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
94 | -- check for replay attack |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
95 | if response["nc"] then |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
96 | if self.nonce_count[response["nc"]] then return "failure", "not-authorized" end |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
97 | end |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
98 | |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
99 | -- check for username, it's REQUIRED by RFC 2831 |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
100 | if not response["username"] then |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
101 | return "failure", "malformed-request" |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
102 | end |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
103 | self["username"] = response["username"] |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
104 | |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
105 | -- check for nonce, ... |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
106 | if not response["nonce"] then |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
107 | return "failure", "malformed-request" |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
108 | else |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
109 | -- check if it's the right nonce |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
110 | if response["nonce"] ~= tostring(self.nonce) then return "failure", "malformed-request" end |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
111 | end |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
112 | |
297
15b375870b40
Providing some human readable error messages and some fixes.
Tobias Markmann <tm@ayena.de>
parents:
294
diff
changeset
|
113 | if not response["cnonce"] then return "failure", "malformed-request", "Missing entry for cnonce in SASL message." end |
294
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
114 | if not response["qop"] then response["qop"] = "auth" end |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
115 | |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
116 | if response["realm"] == nil then response["realm"] = "" end |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
117 | |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
118 | local domain = "" |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
119 | local protocol = "" |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
120 | if response["digest-uri"] then |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
121 | protocol, domain = response["digest-uri"]:match("(%w+)/(.*)$") |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
122 | else |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
123 | return "failure", "malformed-request", "Missing entry for digest-uri in SASL message." |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
124 | end |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
125 | |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
126 | --TODO maybe realm support |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
127 | self.username = response["username"] |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
128 | local password_encoding, Y = self.password_handler(response["username"], response["realm"], "DIGEST-MD5") |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
129 | local A1 = Y..":"..response["nonce"]..":"..response["cnonce"]--:authzid |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
130 | local A2 = "AUTHENTICATE:"..protocol.."/"..domain |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
131 | |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
132 | local HA1 = md5.sumhexa(A1) |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
133 | local HA2 = md5.sumhexa(A2) |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
134 | |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
135 | local KD = HA1..":"..response["nonce"]..":"..response["nc"]..":"..response["cnonce"]..":"..response["qop"]..":"..HA2 |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
136 | local response_value = md5.sumhexa(KD) |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
137 | |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
138 | log("debug", "response_value: "..response_value); |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
139 | log("debug", "response: "..response["response"]); |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
140 | if response_value == response["response"] then |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
141 | -- calculate rspauth |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
142 | A2 = ":"..protocol.."/"..domain |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
143 | |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
144 | HA1 = md5.sumhexa(A1) |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
145 | HA2 = md5.sumhexa(A2) |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
146 | |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
147 | KD = HA1..":"..response["nonce"]..":"..response["nc"]..":"..response["cnonce"]..":"..response["qop"]..":"..HA2 |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
148 | local rspauth = md5.sumhexa(KD) |
297
15b375870b40
Providing some human readable error messages and some fixes.
Tobias Markmann <tm@ayena.de>
parents:
294
diff
changeset
|
149 | self.authenticated = true |
294
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
150 | return "challenge", serialize({rspauth = rspauth}) |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
151 | else |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
152 | return "failure", "not-authorized", "The response provided by the client doesn't match the one we calculated." |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
153 | end |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
154 | elseif self.step == 3 then |
297
15b375870b40
Providing some human readable error messages and some fixes.
Tobias Markmann <tm@ayena.de>
parents:
294
diff
changeset
|
155 | if self.authenticated ~= nil then return "success" |
15b375870b40
Providing some human readable error messages and some fixes.
Tobias Markmann <tm@ayena.de>
parents:
294
diff
changeset
|
156 | else return "failure", "malformed-request" end |
294
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
157 | end |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
158 | end |
276
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
159 | return object |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
160 | end |
30893439d5d1
Some early attempts on DIGEST-MD5.
Tobias Markmann <tm@ayena.de>
parents:
50
diff
changeset
|
161 | |
294
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
162 | function new(mechanism, realm, password_handler) |
15
c0d754774db2
adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
163 | local object |
294
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
164 | if mechanism == "PLAIN" then object = new_plain(realm, password_handler) |
5d861d6e5bbd
Made SASL module fit the new interface.
Tobias Markmann <tm@ayena.de>
parents:
292
diff
changeset
|
165 | elseif mechanism == "DIGEST-MD5" then object = new_digest_md5(realm, password_handler) |
38 | 166 | else |
167 | log("debug", "Unsupported SASL mechanism: "..tostring(mechanism)); | |
285
372d0891e8fd
Made PLAIN method in sasl.lua module follow new interface.
Tobias Markmann <tm@ayena.de>
parents:
280
diff
changeset
|
168 | return nil |
15
c0d754774db2
adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
169 | end |
c0d754774db2
adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
170 | return object |
c0d754774db2
adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
171 | end |
c0d754774db2
adding SASL lib with PLAIN support, not tested yet
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
172 | |
38 | 173 | return _M; |