Mercurial Mercurial > prosody > prosody / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
plugins/mod_auth_internal_hashed.lua
changeset 11564 3bbb1af92514
parent 10920 c7ed8f754033
parent 11548 c98aebe601f9
child 12131 baa7cdde69a6
equal deleted inserted replaced
11542:30feeb4d9d0b 11564:3bbb1af92514 
    14 local generate_uuid = require "util.uuid".generate;
 
    14 local generate_uuid = require "util.uuid".generate;
 
    15 local new_sasl = require "util.sasl".new;
 
    15 local new_sasl = require "util.sasl".new;
 
    16 local hex = require"util.hex";
 
    16 local hex = require"util.hex";
 
    17 local to_hex, from_hex = hex.to, hex.from;
 
    17 local to_hex, from_hex = hex.to, hex.from;
 
    18 local saslprep = require "util.encodings".stringprep.saslprep;
 
    18 local saslprep = require "util.encodings".stringprep.saslprep;
 
       
    19 local secure_equals = require "util.hashes".equals;
 
    19 
    20 
    20 local log = module._log;
 
    21 local log = module._log;
 
    21 local host = module.host;
 
    22 local host = module.host;
 
    22 
    23 
    23 local accounts = module:open_store("accounts");
 
    24 local accounts = module:open_store("accounts");
 
    39 	if not password then
 
    40 	if not password then
 
    40 		return nil, "Password fails SASLprep.";
 
    41 		return nil, "Password fails SASLprep.";
 
    41 	end
 
    42 	end
 
    42 
    43 
    43 	if credentials.password ~= nil and string.len(credentials.password) ~= 0 then
 
    44 	if credentials.password ~= nil and string.len(credentials.password) ~= 0 then
 
    44 		if saslprep(credentials.password) ~= password then
 
    45 		if not secure_equals(saslprep(credentials.password), password) then
 
    45 			return nil, "Auth failed. Provided password is incorrect.";
 
    46 			return nil, "Auth failed. Provided password is incorrect.";
 
    46 		end
 
    47 		end
 
    47 
    48 
    48 		if provider.set_password(username, credentials.password) == nil then
 
    49 		if provider.set_password(username, credentials.password) == nil then
 
    49 			return nil, "Auth failed. Could not set hashed password from plaintext.";
 
    50 			return nil, "Auth failed. Could not set hashed password from plaintext.";
 
    59 	local valid, stored_key, server_key = get_auth_db(password, credentials.salt, credentials.iteration_count);
 
    60 	local valid, stored_key, server_key = get_auth_db(password, credentials.salt, credentials.iteration_count);
 
    60 
    61 
    61 	local stored_key_hex = to_hex(stored_key);
 
    62 	local stored_key_hex = to_hex(stored_key);
 
    62 	local server_key_hex = to_hex(server_key);
 
    63 	local server_key_hex = to_hex(server_key);
 
    63 
    64 
    64 	if valid and stored_key_hex == credentials.stored_key and server_key_hex == credentials.server_key then
 
    65 	if valid and secure_equals(stored_key_hex, credentials.stored_key) and secure_equals(server_key_hex, credentials.server_key) then
 
    65 		return true;
 
    66 		return true;
 
    66 	else
 
    67 	else
 
    67 		return nil, "Auth failed. Invalid username, password, or password hash information.";
 
    68 		return nil, "Auth failed. Invalid username, password, or password hash information.";
 
    68 	end
 
    69 	end
 
    69 end
 
    70 end
prosody