9 local string = string |
9 local string = string |
10 local math = require "math" |
10 local math = require "math" |
11 local type = type |
11 local type = type |
12 local error = error |
12 local error = error |
13 local print = print |
13 local print = print |
|
14 local idna_ascii = require "util.encodings".stringprep.saslprep.to_ascii |
14 |
15 |
15 module "sasl" |
16 module "sasl" |
16 |
17 |
17 local function new_plain(realm, password_handler) |
18 local function new_plain(realm, password_handler) |
18 local object = { mechanism = "PLAIN", realm = realm, password_handler = password_handler} |
19 local object = { mechanism = "PLAIN", realm = realm, password_handler = password_handler} |
128 local password_encoding, Y = self.password_handler(response["username"], response["realm"], "DIGEST-MD5") |
129 local password_encoding, Y = self.password_handler(response["username"], response["realm"], "DIGEST-MD5") |
129 if Y == nil then return "failure", "not-authorized" |
130 if Y == nil then return "failure", "not-authorized" |
130 elseif Y == false then return "failure", "account-disabled" end |
131 elseif Y == false then return "failure", "account-disabled" end |
131 |
132 |
132 local A1 = Y..":"..response["nonce"]..":"..response["cnonce"]--:authzid |
133 local A1 = Y..":"..response["nonce"]..":"..response["cnonce"]--:authzid |
133 local A2 = "AUTHENTICATE:"..protocol.."/"..domain |
134 local A2 = "AUTHENTICATE:"..protocol.."/"..idna_ascii(domain) |
134 |
135 |
135 local HA1 = md5(A1, true) |
136 local HA1 = md5(A1, true) |
136 local HA2 = md5(A2, true) |
137 local HA2 = md5(A2, true) |
137 |
138 |
138 local KD = HA1..":"..response["nonce"]..":"..response["nc"]..":"..response["cnonce"]..":"..response["qop"]..":"..HA2 |
139 local KD = HA1..":"..response["nonce"]..":"..response["nc"]..":"..response["cnonce"]..":"..response["qop"]..":"..HA2 |
139 local response_value = md5(KD, true) |
140 local response_value = md5(KD, true) |
140 |
141 |
141 if response_value == response["response"] then |
142 if response_value == response["response"] then |
142 -- calculate rspauth |
143 -- calculate rspauth |
143 A2 = ":"..protocol.."/"..domain |
144 A2 = ":"..protocol.."/"..idna_ascii(domain) |
144 |
145 |
145 HA1 = md5(A1, true) |
146 HA1 = md5(A1, true) |
146 HA2 = md5(A2, true) |
147 HA2 = md5(A2, true) |
147 |
148 |
148 KD = HA1..":"..response["nonce"]..":"..response["nc"]..":"..response["cnonce"]..":"..response["qop"]..":"..HA2 |
149 KD = HA1..":"..response["nonce"]..":"..response["nc"]..":"..response["cnonce"]..":"..response["qop"]..":"..HA2 |