Mercurial > lxmppd-hg-xmllex / changeset

changeset

Merging with main branch.

Sun, 23 Nov 2008 20:44:48 +0100

author
Tobias Markmann <tm@ayena.de>
date
Sun, 23 Nov 2008 20:44:48 +0100
changeset 403
da92afa267cf
parent 402
50f1c09541cd (diff)
parent 400
068a813b6454 (current diff)
child 404
4801dbeccc2a

Merging with main branch.

lxmppd.cfg.dist file | annotate | diff | comparison | revisions 
--- a/util/sasl.lua	Sun Nov 23 05:49:08 2008 +0000
+++ b/util/sasl.lua	Sun Nov 23 20:44:48 2008 +0100
@@ -24,18 +24,20 @@
 		local authentication = s_match(response, "%z([^&%z]+)%z")
 		local password = s_match(response, "%z[^&%z]+%z([^&%z]+)")
 		
+		if authentication == nil or password == nil then return "failure", "malformed-request" end
+		
 		local password_encoding, correct_password = self.password_handler(authentication, self.realm, "PLAIN")
 		
+		if correct_password == nil then return "failure", "malformed-request" end
+		
 		local claimed_password = ""
 		if password_encoding == nil then claimed_password = password
 		else claimed_password = password_encoding(password) end
 		
 		self.username = authentication
 		if claimed_password == correct_password then
-			log("debug", "success")
 			return "success"
 		else
-			log("debug", "failure")
 			return "failure", "not-authorized"
 		end
 	end
@@ -63,10 +65,8 @@
 	
 	local function parse(data)
 		message = {}
-		log("debug", "parse-message: "..data)
 		for k, v in gmatch(data, [[([%w%-]+)="?([%w%-%/%.%+=]+)"?,?]]) do
 			message[k] = v
-		log("debug", "               "..k.." = "..v)
 		end
 		return message
 	end
@@ -79,7 +79,6 @@
 	object.nonce_count = {}
 												
 	function object.feed(self, message)
-		log("debug", "SASL step: "..self.step)
 		self.step = self.step + 1
 		if (self.step == 1) then
 			local challenge = serialize({	nonce = object.nonce, 
@@ -87,7 +86,6 @@
 											charset = "utf-8",
 											algorithm = "md5-sess",
 											realm = self.realm});
-			log("debug", "challenge: "..challenge)
 			return "challenge", challenge
 		elseif (self.step == 2) then
 			local response = parse(message)
@@ -119,6 +117,7 @@
 			local protocol = ""
 			if response["digest-uri"] then
 				protocol, domain = response["digest-uri"]:match("(%w+)/(.*)$")
+				if protocol == nil or domain == nil then return "failure", "malformed-request" end
 			else
 				return "failure", "malformed-request", "Missing entry for digest-uri in SASL message."
 			end
@@ -126,6 +125,8 @@
 			--TODO maybe realm support
 			self.username = response["username"]
 			local password_encoding, Y = self.password_handler(response["username"], response["realm"], "DIGEST-MD5")
+			if Y == nil then return "failure", "malformed-request" end
+			
 			local A1 = Y..":"..response["nonce"]..":"..response["cnonce"]--:authzid
 			local A2 = "AUTHENTICATE:"..protocol.."/"..domain
 			
@@ -135,8 +136,6 @@
 			local KD = HA1..":"..response["nonce"]..":"..response["nc"]..":"..response["cnonce"]..":"..response["qop"]..":"..HA2
 			local response_value = md5.sumhexa(KD)
 			
-			log("debug", "response_value: "..response_value);
-			log("debug", "response:       "..response["response"]);
 			if response_value == response["response"] then
 				-- calculate rspauth
 				A2 = ":"..protocol.."/"..domain

Mercurial Repository: lxmppd-hg-xmllex

mercurial