# HG changeset patch
# User Tobias Markmann <tm@ayena.de>
# Date 1242401092 -7200
# Node ID f81c8cec0e71e7e6b7bdd746f8750a686cbeadc6
# Parent  7d1e4fc1ee6d7410ae6dc23d2ccf0e23a1499926
Adding minimal support for authorization identities to workaround buggy SASL implementations.

diff -r 7d1e4fc1ee6d -r f81c8cec0e71 util/sasl.lua
--- a/util/sasl.lua	Fri May 15 17:05:26 2009 +0200
+++ b/util/sasl.lua	Fri May 15 17:24:52 2009 +0200
@@ -203,8 +203,17 @@
 			local password_encoding, Y = self.password_handler(response["username"], response["realm"], "DIGEST-MD5", decoder)
 			if Y == nil then return "failure", "not-authorized"
 			elseif Y == false then return "failure", "account-disabled" end
-			
-			local A1 = Y..":"..response["nonce"]..":"..response["cnonce"]--:authzid
+			local A1 = "";
+			if response.authzid then
+				if response.authzid == self.username.."@"..self.realm then
+					log("warn", "Client is violating XMPP RFC. See section 6.1 of RFC 3920");
+					A1 = Y..":"..response["nonce"]..":"..response["cnonce"]..":"..response.authzid;
+				else
+					A1 = "?";
+				end
+			else
+				A1 = Y..":"..response["nonce"]..":"..response["cnonce"];
+			end
 			local A2 = "AUTHENTICATE:"..protocol.."/"..domain;
 			
 			local HA1 = md5(A1, true)