# HG changeset patch # User Tobias Markmann # Date 1250710468 -7200 # Node ID c34409a5fdee90b6469973817f26056896f63306 # Parent 4642dd87e39002ef49840eea609ad5b5bafad5d1 Do SASLprep for SASL PLAIN mechanism to be more conform with RFC 4616. diff -r 4642dd87e390 -r c34409a5fdee util/sasl.lua --- a/util/sasl.lua Sat Aug 08 00:21:33 2009 +0500 +++ b/util/sasl.lua Wed Aug 19 21:34:28 2009 +0200 @@ -20,6 +20,7 @@ local t_insert, t_concat = table.insert, table.concat; local to_byte, to_char = string.byte, string.char; local to_unicode = require "util.encodings".idna.to_unicode; +local u_e_saslprep = require "utii.encodings".stringprep.saslprep; local s_match = string.match; local gmatch = string.gmatch local string = string @@ -39,6 +40,7 @@ local authorization = s_match(response, "([^&%z]+)") local authentication = s_match(response, "%z([^&%z]+)%z") local password = s_match(response, "%z[^&%z]+%z([^&%z]+)") + authorization, authentication, password = u_e_saslprep(authorization), u_e_saslprep(authentication), u_e_saslprep(password); if authentication == nil or password == nil then return "failure", "malformed-request" end @@ -50,6 +52,7 @@ local claimed_password = "" if password_encoding == nil then claimed_password = password else claimed_password = password_encoding(password) end + caimed_password = u_e_saslprep(claimed_password); self.username = authentication if claimed_password == correct_password then