prosody: util/sasl.lua@44e71e65da86 (annotated)

896 2c0b9e3c11c3 0.3->0.4 Matthew Wild <mwild1@gmail.com> parents: 801 diff changeset	1	-- sasl.lua v0.4
760 90ce865eebd8 Update copyright notices for 2009 Matthew Wild <mwild1@gmail.com> parents: 702 diff changeset	2	-- Copyright (C) 2008-2009 Tobias Markmann
1585 edc066730d11 Switch to using a more generic credentials_callback/handler for SASL auth. nick@lupine.me.uk parents: 1518 diff changeset	3	--
519 cccd610a0ef9 Insert copyright/license headers Matthew Wild <mwild1@gmail.com> parents: 508 diff changeset	4	-- All rights reserved.
1585 edc066730d11 Switch to using a more generic credentials_callback/handler for SASL auth. nick@lupine.me.uk parents: 1518 diff changeset	5	--
519 cccd610a0ef9 Insert copyright/license headers Matthew Wild <mwild1@gmail.com> parents: 508 diff changeset	6	-- Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1585 edc066730d11 Switch to using a more generic credentials_callback/handler for SASL auth. nick@lupine.me.uk parents: 1518 diff changeset	7	--
519 cccd610a0ef9 Insert copyright/license headers Matthew Wild <mwild1@gmail.com> parents: 508 diff changeset	8	-- * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
cccd610a0ef9 Insert copyright/license headers Matthew Wild <mwild1@gmail.com> parents: 508 diff changeset	9	-- * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
cccd610a0ef9 Insert copyright/license headers Matthew Wild <mwild1@gmail.com> parents: 508 diff changeset	10	-- * Neither the name of Tobias Markmann nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
1585 edc066730d11 Switch to using a more generic credentials_callback/handler for SASL auth. nick@lupine.me.uk parents: 1518 diff changeset	11	--
519 cccd610a0ef9 Insert copyright/license headers Matthew Wild <mwild1@gmail.com> parents: 508 diff changeset	12	-- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
cccd610a0ef9 Insert copyright/license headers Matthew Wild <mwild1@gmail.com> parents: 508 diff changeset	13
15 c0d754774db2 adding SASL lib with PLAIN support, not tested yet Tobias Markmann <tm@ayena.de> parents: diff changeset	14
449 c0a4a1e63d70 Completely switched to new hashes library from the old md5 library Waqas Hussain <waqas20@gmail.com> parents: 405 diff changeset	15	local md5 = require "util.hashes".md5;
38 3fdfd6e0cb4e SASL! Matthew Wild <mwild1@gmail.com> parents: 32 diff changeset	16	local log = require "util.logger".init("sasl");
3fdfd6e0cb4e SASL! Matthew Wild <mwild1@gmail.com> parents: 32 diff changeset	17	local tostring = tostring;
3fdfd6e0cb4e SASL! Matthew Wild <mwild1@gmail.com> parents: 32 diff changeset	18	local st = require "util.stanza";
276 30893439d5d1 Some early attempts on DIGEST-MD5. Tobias Markmann <tm@ayena.de> parents: 50 diff changeset	19	local generate_uuid = require "util.uuid".generate;
2176 aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on. Tobias Markmann <tm@ayena.de> parents: 2175 diff changeset	20	local pairs, ipairs = pairs, ipairs;
504 efc5184effa1 Added function latin1toutf8 to sasl.lua, for processing non-utf8 responses Waqas Hussain <waqas20@gmail.com> parents: 496 diff changeset	21	local t_insert, t_concat = table.insert, table.concat;
efc5184effa1 Added function latin1toutf8 to sasl.lua, for processing non-utf8 responses Waqas Hussain <waqas20@gmail.com> parents: 496 diff changeset	22	local to_byte, to_char = string.byte, string.char;
1485 fbefd16d2955 Move to-unicode conversion from mod_saslauth.lua to sasl.lua. Tobias Markmann <tm@ayena.de> parents: 1376 diff changeset	23	local to_unicode = require "util.encodings".idna.to_unicode;
38 3fdfd6e0cb4e SASL! Matthew Wild <mwild1@gmail.com> parents: 32 diff changeset	24	local s_match = string.match;
277 00c2fc751f50 Fixing some parsing and some other stuff. Tobias Markmann <tm@ayena.de> parents: 276 diff changeset	25	local gmatch = string.gmatch
280 516f4c901991 Rewrote SASL Digest-MD5 responce generating code, fixed some realm related issue and tested it successfully with Psi. Thanks to dwd, remko and jake. Tobias Markmann <tm@ayena.de> parents: 278 diff changeset	26	local string = string
276 30893439d5d1 Some early attempts on DIGEST-MD5. Tobias Markmann <tm@ayena.de> parents: 50 diff changeset	27	local math = require "math"
30893439d5d1 Some early attempts on DIGEST-MD5. Tobias Markmann <tm@ayena.de> parents: 50 diff changeset	28	local type = type
30893439d5d1 Some early attempts on DIGEST-MD5. Tobias Markmann <tm@ayena.de> parents: 50 diff changeset	29	local error = error
30893439d5d1 Some early attempts on DIGEST-MD5. Tobias Markmann <tm@ayena.de> parents: 50 diff changeset	30	local print = print
2175 3ca8755581a1 Initial commit of the SASL redesign. Tobias Markmann <tm@ayena.de> parents: 1585 diff changeset	31	local setmetatable = setmetatable;
3ca8755581a1 Initial commit of the SASL redesign. Tobias Markmann <tm@ayena.de> parents: 1585 diff changeset	32	local assert = assert;
276 30893439d5d1 Some early attempts on DIGEST-MD5. Tobias Markmann <tm@ayena.de> parents: 50 diff changeset	33
2176 aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on. Tobias Markmann <tm@ayena.de> parents: 2175 diff changeset	34	require "util.iterators"
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on. Tobias Markmann <tm@ayena.de> parents: 2175 diff changeset	35	local keys = keys
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on. Tobias Markmann <tm@ayena.de> parents: 2175 diff changeset	36
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on. Tobias Markmann <tm@ayena.de> parents: 2175 diff changeset	37	local array = require "util.array"
38 3fdfd6e0cb4e SASL! Matthew Wild <mwild1@gmail.com> parents: 32 diff changeset	38	module "sasl"
3fdfd6e0cb4e SASL! Matthew Wild <mwild1@gmail.com> parents: 32 diff changeset	39
2177 8505e1da5408 Adding some docu. Tobias Markmann <tm@ayena.de> parents: 2176 diff changeset	40	--[[
8505e1da5408 Adding some docu. Tobias Markmann <tm@ayena.de> parents: 2176 diff changeset	41	Authentication Backend Prototypes:
8505e1da5408 Adding some docu. Tobias Markmann <tm@ayena.de> parents: 2176 diff changeset	42
8505e1da5408 Adding some docu. Tobias Markmann <tm@ayena.de> parents: 2176 diff changeset	43	plain:
8505e1da5408 Adding some docu. Tobias Markmann <tm@ayena.de> parents: 2176 diff changeset	44	function(username, realm)
8505e1da5408 Adding some docu. Tobias Markmann <tm@ayena.de> parents: 2176 diff changeset	45	return password, state;
8505e1da5408 Adding some docu. Tobias Markmann <tm@ayena.de> parents: 2176 diff changeset	46	end
8505e1da5408 Adding some docu. Tobias Markmann <tm@ayena.de> parents: 2176 diff changeset	47
8505e1da5408 Adding some docu. Tobias Markmann <tm@ayena.de> parents: 2176 diff changeset	48	plain-test:
8505e1da5408 Adding some docu. Tobias Markmann <tm@ayena.de> parents: 2176 diff changeset	49	function(username, realm, password)
8505e1da5408 Adding some docu. Tobias Markmann <tm@ayena.de> parents: 2176 diff changeset	50	return true or false, state;
8505e1da5408 Adding some docu. Tobias Markmann <tm@ayena.de> parents: 2176 diff changeset	51	end
8505e1da5408 Adding some docu. Tobias Markmann <tm@ayena.de> parents: 2176 diff changeset	52
8505e1da5408 Adding some docu. Tobias Markmann <tm@ayena.de> parents: 2176 diff changeset	53	digest-md5:
8505e1da5408 Adding some docu. Tobias Markmann <tm@ayena.de> parents: 2176 diff changeset	54	function(username, realm, encoding)
8505e1da5408 Adding some docu. Tobias Markmann <tm@ayena.de> parents: 2176 diff changeset	55	return digesthash, state;
8505e1da5408 Adding some docu. Tobias Markmann <tm@ayena.de> parents: 2176 diff changeset	56	end
8505e1da5408 Adding some docu. Tobias Markmann <tm@ayena.de> parents: 2176 diff changeset	57
8505e1da5408 Adding some docu. Tobias Markmann <tm@ayena.de> parents: 2176 diff changeset	58	digest-md5-test:
8505e1da5408 Adding some docu. Tobias Markmann <tm@ayena.de> parents: 2176 diff changeset	59	function(username, realm, encoding, digesthash)
8505e1da5408 Adding some docu. Tobias Markmann <tm@ayena.de> parents: 2176 diff changeset	60	return true or false, state;
8505e1da5408 Adding some docu. Tobias Markmann <tm@ayena.de> parents: 2176 diff changeset	61	end
8505e1da5408 Adding some docu. Tobias Markmann <tm@ayena.de> parents: 2176 diff changeset	62	]]
8505e1da5408 Adding some docu. Tobias Markmann <tm@ayena.de> parents: 2176 diff changeset	63
2176 aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on. Tobias Markmann <tm@ayena.de> parents: 2175 diff changeset	64	local method = {};
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on. Tobias Markmann <tm@ayena.de> parents: 2175 diff changeset	65	method.__index = method;
2175 3ca8755581a1 Initial commit of the SASL redesign. Tobias Markmann <tm@ayena.de> parents: 1585 diff changeset	66	local mechanisms = {};
3ca8755581a1 Initial commit of the SASL redesign. Tobias Markmann <tm@ayena.de> parents: 1585 diff changeset	67	local backend_mechanism = {};
1585 edc066730d11 Switch to using a more generic credentials_callback/handler for SASL auth. nick@lupine.me.uk parents: 1518 diff changeset	68
2175 3ca8755581a1 Initial commit of the SASL redesign. Tobias Markmann <tm@ayena.de> parents: 1585 diff changeset	69	-- register a new SASL mechanims
3ca8755581a1 Initial commit of the SASL redesign. Tobias Markmann <tm@ayena.de> parents: 1585 diff changeset	70	local function registerMechanism(name, backends, f)
3ca8755581a1 Initial commit of the SASL redesign. Tobias Markmann <tm@ayena.de> parents: 1585 diff changeset	71	assert(type(name) == "string", "Parameter name MUST be a string.");
3ca8755581a1 Initial commit of the SASL redesign. Tobias Markmann <tm@ayena.de> parents: 1585 diff changeset	72	assert(type(backends) == "string" or type(backends) == "table", "Parameter backends MUST be either a string or a table.");
3ca8755581a1 Initial commit of the SASL redesign. Tobias Markmann <tm@ayena.de> parents: 1585 diff changeset	73	assert(type(f) == "function", "Parameter f MUST be a function.");
2176 aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on. Tobias Markmann <tm@ayena.de> parents: 2175 diff changeset	74	mechanisms[name] = f
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on. Tobias Markmann <tm@ayena.de> parents: 2175 diff changeset	75	for _, backend_name in ipairs(backends) do
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on. Tobias Markmann <tm@ayena.de> parents: 2175 diff changeset	76	if backend_mechanism[backend_name] == nil then backend_mechanism[backend_name] = {}; end
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on. Tobias Markmann <tm@ayena.de> parents: 2175 diff changeset	77	t_insert(backend_mechanism[backend_name], name);
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on. Tobias Markmann <tm@ayena.de> parents: 2175 diff changeset	78	end
15 c0d754774db2 adding SASL lib with PLAIN support, not tested yet Tobias Markmann <tm@ayena.de> parents: diff changeset	79	end
c0d754774db2 adding SASL lib with PLAIN support, not tested yet Tobias Markmann <tm@ayena.de> parents: diff changeset	80
2175 3ca8755581a1 Initial commit of the SASL redesign. Tobias Markmann <tm@ayena.de> parents: 1585 diff changeset	81	-- create a new SASL object which can be used to authenticate clients
3ca8755581a1 Initial commit of the SASL redesign. Tobias Markmann <tm@ayena.de> parents: 1585 diff changeset	82	function new(realm, profile)
2176 aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on. Tobias Markmann <tm@ayena.de> parents: 2175 diff changeset	83	sasl_i = {profile = profile};
2179 c985536d5452 Making mod_saslauth use the new SASL API. Tobias Markmann <tm@ayena.de> parents: 2178 diff changeset	84	sasl_i.realm = realm;
2175 3ca8755581a1 Initial commit of the SASL redesign. Tobias Markmann <tm@ayena.de> parents: 1585 diff changeset	85	return setmetatable(sasl_i, method);
276 30893439d5d1 Some early attempts on DIGEST-MD5. Tobias Markmann <tm@ayena.de> parents: 50 diff changeset	86	end
30893439d5d1 Some early attempts on DIGEST-MD5. Tobias Markmann <tm@ayena.de> parents: 50 diff changeset	87
2175 3ca8755581a1 Initial commit of the SASL redesign. Tobias Markmann <tm@ayena.de> parents: 1585 diff changeset	88	-- get a list of possible SASL mechanims to use
3ca8755581a1 Initial commit of the SASL redesign. Tobias Markmann <tm@ayena.de> parents: 1585 diff changeset	89	function method:mechanisms()
2176 aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on. Tobias Markmann <tm@ayena.de> parents: 2175 diff changeset	90	local mechanisms = {}
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on. Tobias Markmann <tm@ayena.de> parents: 2175 diff changeset	91	for backend, f in pairs(self.profile) do
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on. Tobias Markmann <tm@ayena.de> parents: 2175 diff changeset	92	print(backend)
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on. Tobias Markmann <tm@ayena.de> parents: 2175 diff changeset	93	if backend_mechanism[backend] then
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on. Tobias Markmann <tm@ayena.de> parents: 2175 diff changeset	94	for _, mechanism in ipairs(backend_mechanism[backend]) do
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on. Tobias Markmann <tm@ayena.de> parents: 2175 diff changeset	95	mechanisms[mechanism] = true;
2179 c985536d5452 Making mod_saslauth use the new SASL API. Tobias Markmann <tm@ayena.de> parents: 2178 diff changeset	96	end
2176 aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on. Tobias Markmann <tm@ayena.de> parents: 2175 diff changeset	97	end
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on. Tobias Markmann <tm@ayena.de> parents: 2175 diff changeset	98	end
2177 8505e1da5408 Adding some docu. Tobias Markmann <tm@ayena.de> parents: 2176 diff changeset	99	self["possible_mechanisms"] = mechanisms;
2176 aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on. Tobias Markmann <tm@ayena.de> parents: 2175 diff changeset	100	return array.collect(keys(mechanisms));
799 b7ea802f3527 Adding inital support for ANONYMOUS mechanism in SASL. Tobias Markmann <tm@ayena.de> parents: 760 diff changeset	101	end
b7ea802f3527 Adding inital support for ANONYMOUS mechanism in SASL. Tobias Markmann <tm@ayena.de> parents: 760 diff changeset	102
2175 3ca8755581a1 Initial commit of the SASL redesign. Tobias Markmann <tm@ayena.de> parents: 1585 diff changeset	103	-- select a mechanism to use
2176 aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on. Tobias Markmann <tm@ayena.de> parents: 2175 diff changeset	104	function method:select(mechanism)
2178 28d841403a21 Adjust SASL PLAIN mechanism to the new API. Tobias Markmann <tm@ayena.de> parents: 2177 diff changeset	105	self.mech_i = mechanisms[mechanism]
2179 c985536d5452 Making mod_saslauth use the new SASL API. Tobias Markmann <tm@ayena.de> parents: 2178 diff changeset	106	if self.mech_i == nil then
c985536d5452 Making mod_saslauth use the new SASL API. Tobias Markmann <tm@ayena.de> parents: 2178 diff changeset	107	return false;
c985536d5452 Making mod_saslauth use the new SASL API. Tobias Markmann <tm@ayena.de> parents: 2178 diff changeset	108	end
2178 28d841403a21 Adjust SASL PLAIN mechanism to the new API. Tobias Markmann <tm@ayena.de> parents: 2177 diff changeset	109	return true;
2176 aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on. Tobias Markmann <tm@ayena.de> parents: 2175 diff changeset	110	end
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on. Tobias Markmann <tm@ayena.de> parents: 2175 diff changeset	111
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on. Tobias Markmann <tm@ayena.de> parents: 2175 diff changeset	112	-- feed new messages to process into the library
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on. Tobias Markmann <tm@ayena.de> parents: 2175 diff changeset	113	function method:process(message)
2178 28d841403a21 Adjust SASL PLAIN mechanism to the new API. Tobias Markmann <tm@ayena.de> parents: 2177 diff changeset	114	if message == "" or message == nil then return "failure", "malformed-request" end
28d841403a21 Adjust SASL PLAIN mechanism to the new API. Tobias Markmann <tm@ayena.de> parents: 2177 diff changeset	115	return self.mech_i(self, message);
15 c0d754774db2 adding SASL lib with PLAIN support, not tested yet Tobias Markmann <tm@ayena.de> parents: diff changeset	116	end
c0d754774db2 adding SASL lib with PLAIN support, not tested yet Tobias Markmann <tm@ayena.de> parents: diff changeset	117
2176 aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on. Tobias Markmann <tm@ayena.de> parents: 2175 diff changeset	118	--=========================
2181 d5cd6a868959 List RFC numbers. Tobias Markmann <tm@ayena.de> parents: 2180 diff changeset	119	--SASL PLAIN according to RFC 4616
2178 28d841403a21 Adjust SASL PLAIN mechanism to the new API. Tobias Markmann <tm@ayena.de> parents: 2177 diff changeset	120	local function sasl_mechanism_plain(self, message)
28d841403a21 Adjust SASL PLAIN mechanism to the new API. Tobias Markmann <tm@ayena.de> parents: 2177 diff changeset	121	local response = message
2180 8de2f7f5b870 Allow ampersands in passwords for SASL PLAIN mechanism. Tobias Markmann <tm@ayena.de> parents: 2179 diff changeset	122	local authorization = s_match(response, "([^%z]+)")
8de2f7f5b870 Allow ampersands in passwords for SASL PLAIN mechanism. Tobias Markmann <tm@ayena.de> parents: 2179 diff changeset	123	local authentication = s_match(response, "%z([^%z]+)%z")
8de2f7f5b870 Allow ampersands in passwords for SASL PLAIN mechanism. Tobias Markmann <tm@ayena.de> parents: 2179 diff changeset	124	local password = s_match(response, "%z[^%z]+%z([^%z]+)")
2178 28d841403a21 Adjust SASL PLAIN mechanism to the new API. Tobias Markmann <tm@ayena.de> parents: 2177 diff changeset	125
2179 c985536d5452 Making mod_saslauth use the new SASL API. Tobias Markmann <tm@ayena.de> parents: 2178 diff changeset	126	if authentication == nil or password == nil then
c985536d5452 Making mod_saslauth use the new SASL API. Tobias Markmann <tm@ayena.de> parents: 2178 diff changeset	127	return "failure", "malformed-request";
c985536d5452 Making mod_saslauth use the new SASL API. Tobias Markmann <tm@ayena.de> parents: 2178 diff changeset	128	end
2176 aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on. Tobias Markmann <tm@ayena.de> parents: 2175 diff changeset	129
2179 c985536d5452 Making mod_saslauth use the new SASL API. Tobias Markmann <tm@ayena.de> parents: 2178 diff changeset	130	local correct, state = false, false;
2178 28d841403a21 Adjust SASL PLAIN mechanism to the new API. Tobias Markmann <tm@ayena.de> parents: 2177 diff changeset	131	if self.profile.plain then
2179 c985536d5452 Making mod_saslauth use the new SASL API. Tobias Markmann <tm@ayena.de> parents: 2178 diff changeset	132	local correct_password;
c985536d5452 Making mod_saslauth use the new SASL API. Tobias Markmann <tm@ayena.de> parents: 2178 diff changeset	133	correct_password, state = self.profile.plain(authentication, self.realm);
2178 28d841403a21 Adjust SASL PLAIN mechanism to the new API. Tobias Markmann <tm@ayena.de> parents: 2177 diff changeset	134	if correct_password == password then correct = true; else correct = false; end
2179 c985536d5452 Making mod_saslauth use the new SASL API. Tobias Markmann <tm@ayena.de> parents: 2178 diff changeset	135	elseif self.profile.plain_test then
2178 28d841403a21 Adjust SASL PLAIN mechanism to the new API. Tobias Markmann <tm@ayena.de> parents: 2177 diff changeset	136	correct, state = self.profile.plain_test(authentication, self.realm, password);
28d841403a21 Adjust SASL PLAIN mechanism to the new API. Tobias Markmann <tm@ayena.de> parents: 2177 diff changeset	137	end
2176 aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on. Tobias Markmann <tm@ayena.de> parents: 2175 diff changeset	138
2178 28d841403a21 Adjust SASL PLAIN mechanism to the new API. Tobias Markmann <tm@ayena.de> parents: 2177 diff changeset	139	self.username = authentication
28d841403a21 Adjust SASL PLAIN mechanism to the new API. Tobias Markmann <tm@ayena.de> parents: 2177 diff changeset	140	if not state then
28d841403a21 Adjust SASL PLAIN mechanism to the new API. Tobias Markmann <tm@ayena.de> parents: 2177 diff changeset	141	return "failure", "account-disabled";
2176 aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on. Tobias Markmann <tm@ayena.de> parents: 2175 diff changeset	142	end
2178 28d841403a21 Adjust SASL PLAIN mechanism to the new API. Tobias Markmann <tm@ayena.de> parents: 2177 diff changeset	143
28d841403a21 Adjust SASL PLAIN mechanism to the new API. Tobias Markmann <tm@ayena.de> parents: 2177 diff changeset	144	if correct then
28d841403a21 Adjust SASL PLAIN mechanism to the new API. Tobias Markmann <tm@ayena.de> parents: 2177 diff changeset	145	return "success";
28d841403a21 Adjust SASL PLAIN mechanism to the new API. Tobias Markmann <tm@ayena.de> parents: 2177 diff changeset	146	else
28d841403a21 Adjust SASL PLAIN mechanism to the new API. Tobias Markmann <tm@ayena.de> parents: 2177 diff changeset	147	return "failure", "not-authorized";
28d841403a21 Adjust SASL PLAIN mechanism to the new API. Tobias Markmann <tm@ayena.de> parents: 2177 diff changeset	148	end
2176 aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on. Tobias Markmann <tm@ayena.de> parents: 2175 diff changeset	149	end
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on. Tobias Markmann <tm@ayena.de> parents: 2175 diff changeset	150	registerMechanism("PLAIN", {"plain", "plain_test"}, sasl_mechanism_plain);
aaf2b2df61f7 Mostly making the code run; includes fixing typos and so on. Tobias Markmann <tm@ayena.de> parents: 2175 diff changeset	151
2181 d5cd6a868959 List RFC numbers. Tobias Markmann <tm@ayena.de> parents: 2180 diff changeset	152	--=========================
2182 27c7d287345e Importing SASL Digest-MD5 code. Tobias Markmann <tm@ayena.de> parents: 2181 diff changeset	153	--SASL DIGEST-MD5 according to RFC 2831
2183 44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	154	local function new_digest_md5(realm, credentials_handler)
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	155	--TODO complete support for authzid
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	156
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	157	local function serialize(message)
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	158	local data = ""
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	159
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	160	if type(message) ~= "table" then error("serialize needs an argument of type table.") end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	161
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	162	-- testing all possible values
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	163	if message["realm"] then data = data..[[realm="]]..message.realm..[[",]] end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	164	if message["nonce"] then data = data..[[nonce="]]..message.nonce..[[",]] end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	165	if message["qop"] then data = data..[[qop="]]..message.qop..[[",]] end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	166	if message["charset"] then data = data..[[charset=]]..message.charset.."," end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	167	if message["algorithm"] then data = data..[[algorithm=]]..message.algorithm.."," end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	168	if message["rspauth"] then data = data..[[rspauth=]]..message.rspauth.."," end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	169	data = data:gsub(",$", "")
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	170	return data
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	171	end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	172
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	173	local function utf8tolatin1ifpossible(passwd)
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	174	local i = 1;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	175	while i <= #passwd do
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	176	local passwd_i = to_byte(passwd:sub(i, i));
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	177	if passwd_i > 0x7F then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	178	if passwd_i < 0xC0 or passwd_i > 0xC3 then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	179	return passwd;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	180	end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	181	i = i + 1;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	182	passwd_i = to_byte(passwd:sub(i, i));
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	183	if passwd_i < 0x80 or passwd_i > 0xBF then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	184	return passwd;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	185	end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	186	end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	187	i = i + 1;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	188	end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	189
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	190	local p = {};
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	191	local j = 0;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	192	i = 1;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	193	while (i <= #passwd) do
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	194	local passwd_i = to_byte(passwd:sub(i, i));
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	195	if passwd_i > 0x7F then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	196	i = i + 1;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	197	local passwd_i_1 = to_byte(passwd:sub(i, i));
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	198	t_insert(p, to_char(passwd_i%4*64 + passwd_i_1%64)); -- I'm so clever
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	199	else
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	200	t_insert(p, to_char(passwd_i));
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	201	end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	202	i = i + 1;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	203	end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	204	return t_concat(p);
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	205	end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	206	local function latin1toutf8(str)
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	207	local p = {};
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	208	for ch in gmatch(str, ".") do
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	209	ch = to_byte(ch);
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	210	if (ch < 0x80) then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	211	t_insert(p, to_char(ch));
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	212	elseif (ch < 0xC0) then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	213	t_insert(p, to_char(0xC2, ch));
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	214	else
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	215	t_insert(p, to_char(0xC3, ch - 64));
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	216	end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	217	end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	218	return t_concat(p);
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	219	end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	220	local function parse(data)
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	221	local message = {}
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	222	for k, v in gmatch(data, [[([%w%-]+)="?([^",]*)"?,?]]) do -- FIXME The hacky regex makes me shudder
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	223	message[k] = v;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	224	end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	225	return message;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	226	end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	227
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	228	local object = { mechanism = "DIGEST-MD5", realm = realm, credentials_handler = credentials_handler};
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	229
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	230	object.nonce = generate_uuid();
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	231	object.step = 0;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	232	object.nonce_count = {};
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	233
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	234	function object.feed(self, message)
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	235	self.step = self.step + 1;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	236	if (self.step == 1) then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	237	local challenge = serialize({ nonce = object.nonce,
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	238	qop = "auth",
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	239	charset = "utf-8",
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	240	algorithm = "md5-sess",
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	241	realm = self.realm});
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	242	return "challenge", challenge;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	243	elseif (self.step == 2) then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	244	local response = parse(message);
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	245	-- check for replay attack
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	246	if response["nc"] then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	247	if self.nonce_count[response["nc"]] then return "failure", "not-authorized" end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	248	end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	249
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	250	-- check for username, it's REQUIRED by RFC 2831
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	251	if not response["username"] then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	252	return "failure", "malformed-request";
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	253	end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	254	self["username"] = response["username"];
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	255
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	256	-- check for nonce, ...
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	257	if not response["nonce"] then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	258	return "failure", "malformed-request";
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	259	else
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	260	-- check if it's the right nonce
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	261	if response["nonce"] ~= tostring(self.nonce) then return "failure", "malformed-request" end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	262	end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	263
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	264	if not response["cnonce"] then return "failure", "malformed-request", "Missing entry for cnonce in SASL message." end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	265	if not response["qop"] then response["qop"] = "auth" end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	266
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	267	if response["realm"] == nil or response["realm"] == "" then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	268	response["realm"] = "";
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	269	elseif response["realm"] ~= self.realm then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	270	return "failure", "not-authorized", "Incorrect realm value";
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	271	end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	272
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	273	local decoder;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	274	if response["charset"] == nil then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	275	decoder = utf8tolatin1ifpossible;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	276	elseif response["charset"] ~= "utf-8" then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	277	return "failure", "incorrect-encoding", "The client's response uses "..response["charset"].." for encoding with isn't supported by sasl.lua. Supported encodings are latin or utf-8.";
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	278	end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	279
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	280	local domain = "";
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	281	local protocol = "";
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	282	if response["digest-uri"] then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	283	protocol, domain = response["digest-uri"]:match("(%w+)/(.*)$");
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	284	if protocol == nil or domain == nil then return "failure", "malformed-request" end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	285	else
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	286	return "failure", "malformed-request", "Missing entry for digest-uri in SASL message."
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	287	end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	288
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	289	--TODO maybe realm support
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	290	self.username = response["username"];
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	291	local password_encoding, Y = self.credentials_handler("DIGEST-MD5", response["username"], self.realm, response["realm"], decoder);
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	292	if Y == nil then return "failure", "not-authorized"
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	293	elseif Y == false then return "failure", "account-disabled" end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	294	local A1 = "";
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	295	if response.authzid then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	296	if response.authzid == self.username.."@"..self.realm then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	297	-- COMPAT
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	298	log("warn", "Client is violating XMPP RFC. See section 6.1 of RFC 3920.");
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	299	A1 = Y..":"..response["nonce"]..":"..response["cnonce"]..":"..response.authzid;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	300	else
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	301	A1 = "?";
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	302	end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	303	else
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	304	A1 = Y..":"..response["nonce"]..":"..response["cnonce"];
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	305	end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	306	local A2 = "AUTHENTICATE:"..protocol.."/"..domain;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	307
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	308	local HA1 = md5(A1, true);
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	309	local HA2 = md5(A2, true);
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	310
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	311	local KD = HA1..":"..response["nonce"]..":"..response["nc"]..":"..response["cnonce"]..":"..response["qop"]..":"..HA2;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	312	local response_value = md5(KD, true);
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	313
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	314	if response_value == response["response"] then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	315	-- calculate rspauth
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	316	A2 = ":"..protocol.."/"..domain;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	317
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	318	HA1 = md5(A1, true);
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	319	HA2 = md5(A2, true);
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	320
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	321	KD = HA1..":"..response["nonce"]..":"..response["nc"]..":"..response["cnonce"]..":"..response["qop"]..":"..HA2
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	322	local rspauth = md5(KD, true);
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	323	self.authenticated = true;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	324	return "challenge", serialize({rspauth = rspauth});
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	325	else
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	326	return "failure", "not-authorized", "The response provided by the client doesn't match the one we calculated."
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	327	end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	328	elseif self.step == 3 then
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	329	if self.authenticated ~= nil then return "success"
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	330	else return "failure", "malformed-request" end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	331	end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	332	end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	333	return object;
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	334	end
44e71e65da86 Importing SASL Digest-MD5 code. Now for real. Tobias Markmann <tm@ayena.de> parents: 2182 diff changeset	335
519 cccd610a0ef9 Insert copyright/license headers Matthew Wild <mwild1@gmail.com> parents: 508 diff changeset	336	return _M;

author	Tobias Markmann <tm@ayena.de>
	Fri, 28 Aug 2009 19:57:09 +0200
branch	sasl
changeset 2183	44e71e65da86
parent 2182	27c7d287345e
child 2184	0d1740f7b6e8
permissions	-rw-r--r--