93 end |
93 end |
94 |
94 |
95 self.state.name = validate_username(self.state.name); |
95 self.state.name = validate_username(self.state.name); |
96 if not self.state.name then |
96 if not self.state.name then |
97 log("debug", "Username violates either SASLprep or contains forbidden character sequences.") |
97 log("debug", "Username violates either SASLprep or contains forbidden character sequences.") |
98 return "failure", "malformed-request"; |
98 return "failure", "malformed-request", "Invalid username."; |
99 end |
99 end |
100 |
100 |
101 self.state["servernonce"] = generate_uuid(); |
101 self.state["servernonce"] = generate_uuid(); |
102 self.state["salt"] = generate_uuid(); |
102 self.state["salt"] = generate_uuid(); |
103 |
103 |
111 |
111 |
112 self.state["proof"] = client_final_message:match("p=(.+)"); |
112 self.state["proof"] = client_final_message:match("p=(.+)"); |
113 self.state["nonce"] = client_final_message:match("r=(.+),p="); |
113 self.state["nonce"] = client_final_message:match("r=(.+),p="); |
114 self.state["channelbinding"] = client_final_message:match("c=(.+),r="); |
114 self.state["channelbinding"] = client_final_message:match("c=(.+),r="); |
115 if not self.state.proof or not self.state.nonce or not self.state.channelbinding then |
115 if not self.state.proof or not self.state.nonce or not self.state.channelbinding then |
116 return "failure", "malformed-request"; |
116 return "failure", "malformed-request", "Missing an attribute(p, r or c) in SASL message."; |
117 end |
117 end |
118 |
118 |
119 local password; |
119 local password; |
120 if self.profile.plain then |
120 if self.profile.plain then |
121 password, state = self.profile.plain(self.state.name, self.realm) |
121 password, state = self.profile.plain(self.state.name, self.realm) |
122 if state == nil then return "failure", "not-authorized" |
122 if state == nil then return "failure", "not-authorized" |
123 elseif state == false then return "failure", "account-disabled" end |
123 elseif state == false then return "failure", "account-disabled" end |
124 password = saslprep(password); |
124 password = saslprep(password); |
125 if not password then |
125 if not password then |
126 log("debug", "Password violates SASLprep."); |
126 log("debug", "Password violates SASLprep."); |
127 return "failure", "not-authorized" |
127 return "failure", "not-authorized", "Invalid password." |
128 end |
128 end |
129 end |
129 end |
130 |
130 |
131 local SaltedPassword = Hi(hmac_sha1, password, self.state.salt, default_i) |
131 local SaltedPassword = Hi(hmac_sha1, password, self.state.salt, default_i) |
132 local ClientKey = hmac_sha1(SaltedPassword, "Client Key") |
132 local ClientKey = hmac_sha1(SaltedPassword, "Client Key") |