trunk / files

changeset

Merge with Tobias

2009-06-20

author
Matthew Wild <mwild1@gmail.com>
date
Sat Jun 20 22:50:38 2009 +0100
changeset 1377
ae88b9dc7890
parent 1373
120275376bbb
parent 1376
13587cf24435
child 1378
d09ecc8ee1ef
child 1392
9935ddfd8ccf

Merge with Tobias

     1.1 --- a/plugins/mod_saslauth.lua	Sat Jun 20 22:47:12 2009 +0100
     1.2 +++ b/plugins/mod_saslauth.lua	Sat Jun 20 22:50:38 2009 +0100
     1.3 @@ -64,15 +64,15 @@
     1.4  	end
     1.5  end
     1.6  
     1.7 -local function password_callback(node, host, mechanism, decoder)
     1.8 -	local password = (datamanager_load(node, host, "accounts") or {}).password; -- FIXME handle hashed passwords
     1.9 +local function password_callback(node, hostname, realm, mechanism, decoder)
    1.10 +	local password = (datamanager_load(node, hostname, "accounts") or {}).password; -- FIXME handle hashed passwords
    1.11  	local func = function(x) return x; end;
    1.12  	if password then
    1.13  		if mechanism == "PLAIN" then
    1.14  			return func, password;
    1.15  		elseif mechanism == "DIGEST-MD5" then
    1.16 -			if decoder then node, host, password = decoder(node), decoder(host), decoder(password); end
    1.17 -			return func, md5(node..":"..host..":"..password);
    1.18 +			if decoder then node, hostname, password = decoder(node), decoder(hostname), decoder(password); end
    1.19 +			return func, md5(node..":"..realm..":"..password);
    1.20  		end
    1.21  	end
    1.22  	return func, nil;

     2.1 --- a/util/sasl.lua	Sat Jun 20 22:47:12 2009 +0100
     2.2 +++ b/util/sasl.lua	Sat Jun 20 22:50:38 2009 +0100
     2.3 @@ -41,7 +41,7 @@
     2.4  		
     2.5  		if authentication == nil or password == nil then return "failure", "malformed-request" end
     2.6  		
     2.7 -		local password_encoding, correct_password = self.password_handler(authentication, self.realm, "PLAIN")
     2.8 +		local password_encoding, correct_password = self.password_handler(authentication, self.realm, self.realm, "PLAIN")
     2.9  		
    2.10  		if correct_password == nil then return "failure", "not-authorized"
    2.11  		elseif correct_password == false then return "failure", "account-disabled" end
    2.12 @@ -176,7 +176,7 @@
    2.13  			if not response["qop"] then response["qop"] = "auth" end
    2.14  			
    2.15  			if response["realm"] == nil or response["realm"] == "" then
    2.16 -				response["realm"] = self.realm;
    2.17 +				response["realm"] = "";
    2.18  			elseif response["realm"] ~= self.realm then
    2.19  				return "failure", "not-authorized", "Incorrect realm value";
    2.20  			end
    2.21 @@ -199,12 +199,13 @@
    2.22  			
    2.23  			--TODO maybe realm support
    2.24  			self.username = response["username"];
    2.25 -			local password_encoding, Y = self.password_handler(response["username"], response["realm"], "DIGEST-MD5", decoder)
    2.26 +			local password_encoding, Y = self.password_handler(response["username"], domain, response["realm"], "DIGEST-MD5", decoder);
    2.27  			if Y == nil then return "failure", "not-authorized"
    2.28  			elseif Y == false then return "failure", "account-disabled" end
    2.29  			local A1 = "";
    2.30  			if response.authzid then
    2.31  				if response.authzid == self.username.."@"..self.realm then
    2.32 +					-- COMPAT
    2.33  					log("warn", "Client is violating XMPP RFC. See section 6.1 of RFC 3920.");
    2.34  					A1 = Y..":"..response["nonce"]..":"..response["cnonce"]..":"..response.authzid;
    2.35  				else

Mercurial Repository: trunk

mercurial