Mercurial > lxmppd-hg-xmllex / changeset

changeset

Adding minimal support for authorization identities to workaround buggy SASL implementations.

Fri, 15 May 2009 17:24:52 +0200

author
Tobias Markmann <tm@ayena.de>
date
Fri, 15 May 2009 17:24:52 +0200
changeset 1159
f81c8cec0e71
parent 1158
7d1e4fc1ee6d
child 1160
7e48324f946e

Adding minimal support for authorization identities to workaround buggy SASL implementations.

util/sasl.lua file | annotate | diff | comparison | revisions 
--- a/util/sasl.lua	Fri May 15 17:05:26 2009 +0200
+++ b/util/sasl.lua	Fri May 15 17:24:52 2009 +0200
@@ -203,8 +203,17 @@
 			local password_encoding, Y = self.password_handler(response["username"], response["realm"], "DIGEST-MD5", decoder)
 			if Y == nil then return "failure", "not-authorized"
 			elseif Y == false then return "failure", "account-disabled" end
-			
-			local A1 = Y..":"..response["nonce"]..":"..response["cnonce"]--:authzid
+			local A1 = "";
+			if response.authzid then
+				if response.authzid == self.username.."@"..self.realm then
+					log("warn", "Client is violating XMPP RFC. See section 6.1 of RFC 3920");
+					A1 = Y..":"..response["nonce"]..":"..response["cnonce"]..":"..response.authzid;
+				else
+					A1 = "?";
+				end
+			else
+				A1 = Y..":"..response["nonce"]..":"..response["cnonce"];
+			end
 			local A2 = "AUTHENTICATE:"..protocol.."/"..domain;
 			
 			local HA1 = md5(A1, true)

Mercurial Repository: lxmppd-hg-xmllex

mercurial