33 |
33 |
34 function provider.test_password(username, password) |
34 function provider.test_password(username, password) |
35 if is_cyrus(host) then return nil, "Legacy auth not supported with Cyrus SASL."; end |
35 if is_cyrus(host) then return nil, "Legacy auth not supported with Cyrus SASL."; end |
36 local credentials = datamanager.load(username, host, "accounts") or {}; |
36 local credentials = datamanager.load(username, host, "accounts") or {}; |
37 |
37 |
38 if credentials.iteration_count == nil or credentials.salt == nil or string.len(credentials.salt) == 0 then |
|
39 return nil, "Auth failed. Stored salt and iteration count information is not complete."; |
|
40 end |
|
41 |
|
42 if credentials.password ~= nil and string.len(credentials.password) ~= 0 then |
38 if credentials.password ~= nil and string.len(credentials.password) ~= 0 then |
43 if credentials.password ~= password then |
39 if credentials.password ~= password then |
44 return nil, "Auth failed. Provided password is incorrect."; |
40 return nil, "Auth failed. Provided password is incorrect."; |
45 end |
41 end |
46 |
42 |
49 else |
45 else |
50 return true; |
46 return true; |
51 end |
47 end |
52 end |
48 end |
53 |
49 |
|
50 if credentials.iteration_count == nil or credentials.salt == nil or string.len(credentials.salt) == 0 then |
|
51 return nil, "Auth failed. Stored salt and iteration count information is not complete."; |
|
52 end |
|
53 |
54 local valid, binpass = saltedPasswordSHA1(password, credentials.salt, credentials.iteration_count); |
54 local valid, binpass = saltedPasswordSHA1(password, credentials.salt, credentials.iteration_count); |
55 local hexpass = binpass:gsub(".", function (c) return ("%02x"):format(c:byte()); end); |
55 local hexpass = binpass:gsub(".", function (c) return ("%02x"):format(c:byte()); end); |
56 |
56 |
57 if valid and hexpass == credentials.hashpass then |
57 if valid and hexpass == credentials.hashpass then |
58 return true; |
58 return true; |
59 else |
59 else |
60 return nil, "Auth failed. Invalid username, password, or password hash information."; |
60 return nil, "Auth failed. Invalid username, password, or password hash information."; |
61 end |
61 end |
62 end |
62 end |
63 |
63 |
64 function provider.get_password(username) |
|
65 if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end |
|
66 local credentials = datamanager.load(username, host, "accounts") or {}; |
|
67 if(credentials.password ~= nil or (credentials.password ~= nil and string.len(credentials.password) ~= 0)) then |
|
68 if provider.set_password(username, credentials.password) == nil then |
|
69 return nil, "Problem setting plaintext password to hashed password."; |
|
70 end |
|
71 credentials = datamanager.load(username, host, "accounts"); |
|
72 return credentials.hashpass; |
|
73 end |
|
74 return credentials.hashpass; |
|
75 end |
|
76 |
|
77 function provider.set_password(username, password) |
64 function provider.set_password(username, password) |
78 if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end |
65 if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end |
79 local account = datamanager.load(username, host, "accounts"); |
66 local account = datamanager.load(username, host, "accounts"); |
80 if account then |
67 if account then |
81 if account.iteration_count == nil then |
68 if account.iteration_count == nil then |