Mercurial > lxmppd-hg-xmllex / changeset
changeset
SASLprep usernames and passwords.
Wed, 18 Nov 2009 11:59:50 +0100
- author
- Tobias Markmann <tm@ayena.de>
- date
- Wed, 18 Nov 2009 11:59:50 +0100
- changeset 2195
- 08a6b91bfe7b
- parent 2194
- d18b4d22b8da
- child 2196
- dd0b250cb6c4
SASLprep usernames and passwords.
| util/sasl/scram.lua | file | annotate | diff | comparison | revisions |
--- a/util/sasl/scram.lua Tue Nov 17 22:39:18 2009 +0100 +++ b/util/sasl/scram.lua Wed Nov 18 11:59:50 2009 +0100 @@ -19,6 +19,8 @@ local hmac_sha1 = require "util.hmac".sha1; local sha1 = require "util.hashes".sha1; local generate_uuid = require "util.uuid".generate; +local saslprep = require "util.encodings".stringprep.saslprep; +local log = require "util.logger".init("sasl"); module "plain" @@ -70,6 +72,7 @@ -- replace =2D with , and =3D with = -- apply SASLprep + username = saslprep(username); return username; end @@ -83,10 +86,16 @@ self.state["name"] = client_first_message:match("n=(.+),r=") self.state["clientnonce"] = client_first_message:match("r=([^,]+)") - self.state.name = validate_username(self.state.name); if not self.state.name or not self.state.clientnonce then return "failure", "malformed-request"; end + + self.state.name = validate_username(self.state.name); + if not self.state.name then + log("debug", "Username violates either SASLprep or contains forbidden character sequences.") + return "failure", "malformed-request"; + end + self.state["servernonce"] = generate_uuid(); self.state["salt"] = generate_uuid(); @@ -110,6 +119,11 @@ password, state = self.profile.plain(self.state.name, self.realm) if state == nil then return "failure", "not-authorized" elseif state == false then return "failure", "account-disabled" end + password = saslprep(password); + if not password then + log("debug", "Password violates SASLprep."); + return "failure", "not-authorized" + end end local SaltedPassword = Hi(hmac_sha1, password, self.state.salt, default_i)
