Mercurial > lxmppd-hg-xmllex / changeset

--- a/plugins/mod_saslauth.lua	Sun Nov 09 22:45:17 2008 +0100
+++ b/plugins/mod_saslauth.lua	Mon Nov 10 16:28:15 2008 +0100
@@ -15,50 +15,55 @@
 
 local new_sasl = require "util.sasl".new;
 
-add_handler("c2s_unauthed", "auth", xmlns_sasl,
-		function (session, stanza)
-			if not session.sasl_handler then
-				session.sasl_handler = new_sasl(stanza.attr.mechanism, 
-					function (username, password)
-						-- onAuth
-						require "core.usermanager"
-						if usermanager_validate_credentials(session.host, username, password) then
-							return true;
-						end
-						return false;
-					end,
-					function (username)
-						-- onSuccess
-						local success, err = sessionmanager.make_authenticated(session, username);
-						if not success then
-							sessionmanager.destroy_session(session);
-							return;
-						end
-						session.sasl_handler = nil;
-						session:reset_stream();
-					end,
-					function (reason)
-						-- onFail
-						log("debug", "SASL failure, reason: %s", reason);
-					end,
-					function (stanza)
-						-- onWrite
-						log("debug", "SASL writes: %s", tostring(stanza));
-						send(session, stanza);
-					end
-				);
-				session.sasl_handler:feed(stanza);	
-			else
-				error("Client tried to negotiate SASL again", 0);
+add_handler("c2s_unauthed", "auth", xmlns_sasl, function (session, stanza)
+	if not session.sasl_handler then
+		session.sasl_handler = new_sasl(stanza.attr.mechanism, 
+			function (username, password)
+				-- onAuth
+				require "core.usermanager"
+				if usermanager_validate_credentials(session.host, username, password) then
+					return true;
+				end
+				return false;
+			end,
+			function (username)
+				-- onSuccess
+				local success, err = sessionmanager.make_authenticated(session, username);
+				if not success then
+					sessionmanager.destroy_session(session);
+					return;
+				end
+				session.sasl_handler = nil;
+				session:reset_stream();
+			end,
+			function (reason)
+				-- onFail
+				log("debug", "SASL failure, reason: %s", reason);
+			end,
+			function (stanza)
+				-- onWrite
+				log("debug", "SASL writes: %s", tostring(stanza));
+				send(session, stanza);
 			end
-			
-		end);
+		);
+		session.sasl_handler:feed(stanza);	
+	else
+		error("Client tried to negotiate SASL again", 0);
+	end	
+end);
+
+add_handler("c2s_unauthed", "response", xmlns_sasl, function (session, stanza)
+	if session.sasl_handler then
+		session.sasl_handler:feed(stanza);	
+	end	
+end);
 		
 add_event_hook("stream-features", 
 					function (session, features)												
 						if not session.username then
 							t_insert(features, "<mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>");
 								t_insert(features, "<mechanism>PLAIN</mechanism>");
+								t_insert(features, "<mechanism>DIGEST-MD5</mechanism>");
 							t_insert(features, "</mechanisms>");
 						else
 							t_insert(features, "<bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'><required/></bind>");

--- a/util/sasl.lua	Sun Nov 09 22:45:17 2008 +0100
+++ b/util/sasl.lua	Mon Nov 10 16:28:15 2008 +0100
@@ -139,11 +139,13 @@
 							end
 														
 							-- compare response_value with own calculation
-							local A1-- = H(response["username"]..":"..realm-value, ":", passwd } ),
-							        --   ":", nonce-value, ":", cnonce-value)
-							local A2
+							--local A1 = usermanager.get_md5(response["username"], hostname)..":"..response["nonce"]..response["cnonce"]
+							local A1 = H("tobias:luaetta.ath.cx:tobias")..":"..response["nonce"]..response["cnonce"]
+							local A2 = "AUTHENTICATE:"..response["digest-uri"]
 							
-							--local response_value = HEX(KD(HEX(H(A1)), response["nonce"]..":"..response["nonce-count"]..":"..response["cnonce-value"]..":"..response["qop"]..":"..HEX(H(A2))))
+							local response_value = HEX(KD(HEX(H(A1)), response["nonce"]..":"..response["nonce-count"]..":"..response["cnonce-value"]..":"..response["qop"]..":"..HEX(H(A2))))
+							
+							log("debug", "response_value: "..response_value);
 							
 							if response["qop"] == "auth" then