--- a/plugins/mod_saslauth.lua Tue Aug 18 22:00:37 2009 +0200
+++ b/plugins/mod_saslauth.lua Thu Aug 20 13:57:50 2009 +0100
@@ -1,7 +1,7 @@
-- Prosody IM
-- Copyright (C) 2008-2009 Matthew Wild
-- Copyright (C) 2008-2009 Waqas Hussain
---
+--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--
@@ -13,6 +13,7 @@
local sm_make_authenticated = require "core.sessionmanager".make_authenticated;
local base64 = require "util.encodings".base64;
+local nodeprep = require "util.encodings".stringprep.nodeprep;
local datamanager_load = require "util.datamanager".load;
local usermanager_validate_credentials = require "core.usermanager".validate_credentials;
local usermanager_get_supported_methods = require "core.usermanager".get_supported_methods;
@@ -70,6 +71,10 @@
local function credentials_callback(mechanism, ...)
if mechanism == "PLAIN" then
local username, hostname, password = ...;
+ username = nodeprep(username);
+ if not username then
+ return false;
+ end
local response = usermanager_validate_credentials(hostname, username, password, mechanism);
if response == nil then
return false;
--- a/util/sasl.lua Tue Aug 18 22:00:37 2009 +0200
+++ b/util/sasl.lua Thu Aug 20 13:57:50 2009 +0100
@@ -38,9 +38,9 @@
function object.feed(self, message)
if message == "" or message == nil then return "failure", "malformed-request" end
local response = message
- local authorization = s_match(response, "([^&%z]+)")
- local authentication = s_match(response, "%z([^&%z]+)%z")
- local password = s_match(response, "%z[^&%z]+%z([^&%z]+)")
+ local authorization = s_match(response, "([^%z]+)")
+ local authentication = s_match(response, "%z([^%z]+)%z")
+ local password = s_match(response, "%z[^%z]+%z([^%z]+)")
if authentication == nil or password == nil then return "failure", "malformed-request" end
self.username = authentication
@@ -128,7 +128,7 @@
return t_concat(p);
end
local function parse(data)
- message = {}
+ local message = {}
for k, v in gmatch(data, [[([%w%-]+)="?([^",]*)"?,?]]) do -- FIXME The hacky regex makes me shudder
message[k] = v;
end