Mercurial > lxmppd-hg-xmllex / changeset
changeset
Uncertain merge with 0.5's SASL
Thu, 20 Aug 2009 13:57:50 +0100
- author
- Matthew Wild <mwild1@gmail.com>
- date
- Thu, 20 Aug 2009 13:57:50 +0100
- changeset 1725
- fb3137652ea6
- parent 1719
- cf103398e643 (current diff)
- parent 1724
- 7682a34c13d0 (diff)
- child 1727
- cbdc7bf61e0f
Uncertain merge with 0.5's SASL
| plugins/mod_saslauth.lua | file | annotate | diff | comparison | revisions | |
| util/sasl.lua | file | annotate | diff | comparison | revisions |
--- a/plugins/mod_saslauth.lua Tue Aug 18 22:00:37 2009 +0200 +++ b/plugins/mod_saslauth.lua Thu Aug 20 13:57:50 2009 +0100 @@ -1,7 +1,7 @@ -- Prosody IM -- Copyright (C) 2008-2009 Matthew Wild -- Copyright (C) 2008-2009 Waqas Hussain --- +-- -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. -- @@ -13,6 +13,7 @@ local sm_make_authenticated = require "core.sessionmanager".make_authenticated; local base64 = require "util.encodings".base64; +local nodeprep = require "util.encodings".stringprep.nodeprep; local datamanager_load = require "util.datamanager".load; local usermanager_validate_credentials = require "core.usermanager".validate_credentials; local usermanager_get_supported_methods = require "core.usermanager".get_supported_methods; @@ -70,6 +71,10 @@ local function credentials_callback(mechanism, ...) if mechanism == "PLAIN" then local username, hostname, password = ...; + username = nodeprep(username); + if not username then + return false; + end local response = usermanager_validate_credentials(hostname, username, password, mechanism); if response == nil then return false;
--- a/util/sasl.lua Tue Aug 18 22:00:37 2009 +0200 +++ b/util/sasl.lua Thu Aug 20 13:57:50 2009 +0100 @@ -38,9 +38,9 @@ function object.feed(self, message) if message == "" or message == nil then return "failure", "malformed-request" end local response = message - local authorization = s_match(response, "([^&%z]+)") - local authentication = s_match(response, "%z([^&%z]+)%z") - local password = s_match(response, "%z[^&%z]+%z([^&%z]+)") + local authorization = s_match(response, "([^%z]+)") + local authentication = s_match(response, "%z([^%z]+)%z") + local password = s_match(response, "%z[^%z]+%z([^%z]+)") if authentication == nil or password == nil then return "failure", "malformed-request" end self.username = authentication @@ -128,7 +128,7 @@ return t_concat(p); end local function parse(data) - message = {} + local message = {} for k, v in gmatch(data, [[([%w%-]+)="?([^",]*)"?,?]]) do -- FIXME The hacky regex makes me shudder message[k] = v; end
