Mercurial > prosody-hg
comparison plugins/mod_auth_internal_hashed.lua @ 3288:1a84d7d6f667
mod_auth_internal_hashed: Remove far too many instances of inline hex conversion using gsub, which was creating useless closures and what-not
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Tue, 22 Jun 2010 20:52:43 +0100 |
| parents | e425e27c12be |
| children | 180a0b3b018d |
comparison
equal
deleted
inserted
replaced
| 3287:e425e27c12be | 3288:1a84d7d6f667 |
|---|---|
| 23 local hosts = hosts; | 23 local hosts = hosts; |
| 24 | 24 |
| 25 -- TODO: remove these two lines in near future | 25 -- TODO: remove these two lines in near future |
| 26 local hmac_sha1 = require "util.hmac".sha1; | 26 local hmac_sha1 = require "util.hmac".sha1; |
| 27 local sha1 = require "util.hashes".sha1; | 27 local sha1 = require "util.hashes".sha1; |
| 28 | |
| 29 local to_hex; | |
| 30 do | |
| 31 local function replace_byte_with_hex(byte) | |
| 32 return ("%02x"):format(byte:byte()); | |
| 33 end | |
| 34 function to_hex(binary_string) | |
| 35 return binary_string:gsub(".", replace_byte_with_hex); | |
| 36 end | |
| 37 end | |
| 38 | |
| 39 local from_hex; | |
| 40 do | |
| 41 local function replace_hex_with_byte(hex) | |
| 42 return string.char(tonumber(hex, 16)); | |
| 43 end | |
| 44 function from_hex(hex_string) | |
| 45 return hex_string:gsub("..", replace_hex_with_byte); | |
| 46 end | |
| 47 end | |
| 48 | |
| 28 | 49 |
| 29 local prosody = _G.prosody; | 50 local prosody = _G.prosody; |
| 30 | 51 |
| 31 -- Default; can be set per-user | 52 -- Default; can be set per-user |
| 32 local iteration_count = 4096; | 53 local iteration_count = 4096; |
| 55 end | 76 end |
| 56 | 77 |
| 57 -- convert hexpass to stored_key and server_key | 78 -- convert hexpass to stored_key and server_key |
| 58 -- TODO: remove this in near future | 79 -- TODO: remove this in near future |
| 59 if credentials.hashpass then | 80 if credentials.hashpass then |
| 60 local salted_password = credentials.hashpass:gsub("..", function(x) return string.char(tonumber(x, 16)); end); | 81 local salted_password = from_hex(credentials.hashpass); |
| 61 credentials.stored_key = sha1(hmac_sha1(salted_password, "Client Key")):gsub(".", function (c) return ("%02x"):format(c:byte()); end); | 82 credentials.stored_key = sha1(hmac_sha1(salted_password, "Client Key"), true); |
| 62 credentials.server_key = hmac_sha1(salted_password, "Server Key"):gsub(".", function (c) return ("%02x"):format(c:byte()); end); | 83 credentials.server_key = to_hex(hmac_sha1(salted_password, "Server Key")); |
| 63 credentials.hashpass = nil | 84 credentials.hashpass = nil |
| 64 datamanager.store(username, host, "accounts", credentials); | 85 datamanager.store(username, host, "accounts", credentials); |
| 65 end | 86 end |
| 66 | 87 |
| 67 local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, credentials.salt, credentials.iteration_count); | 88 local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, credentials.salt, credentials.iteration_count); |
| 68 | 89 |
| 69 local stored_key_hex = stored_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end); | 90 local stored_key_hex = to_hex(stored_key); |
| 70 local server_key_hex = server_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end); | 91 local server_key_hex = to_hex(server_key); |
| 71 | 92 |
| 72 if valid and stored_key_hex == credentials.stored_key and server_key_hex == credentials.server_key then | 93 if valid and stored_key_hex == credentials.stored_key and server_key_hex == credentials.server_key then |
| 73 return true; | 94 return true; |
| 74 else | 95 else |
| 75 return nil, "Auth failed. Invalid username, password, or password hash information."; | 96 return nil, "Auth failed. Invalid username, password, or password hash information."; |
| 80 local account = datamanager.load(username, host, "accounts"); | 101 local account = datamanager.load(username, host, "accounts"); |
| 81 if account then | 102 if account then |
| 82 account.salt = account.salt or generate_uuid(); | 103 account.salt = account.salt or generate_uuid(); |
| 83 account.iteration_count = account.iteration_count or iteration_count; | 104 account.iteration_count = account.iteration_count or iteration_count; |
| 84 local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, account.salt, account.iteration_count); | 105 local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, account.salt, account.iteration_count); |
| 85 local stored_key_hex = stored_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end); | 106 local stored_key_hex = to_hex(stored_key); |
| 86 local server_key_hex = server_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end); | 107 local server_key_hex = to_hex(server_key); |
| 87 | 108 |
| 88 account.stored_key = stored_key_hex | 109 account.stored_key = stored_key_hex |
| 89 account.server_key = server_key_hex | 110 account.server_key = server_key_hex |
| 90 | 111 |
| 91 account.password = nil; | 112 account.password = nil; |
| 108 end | 129 end |
| 109 | 130 |
| 110 function provider.create_user(username, password) | 131 function provider.create_user(username, password) |
| 111 local salt = generate_uuid(); | 132 local salt = generate_uuid(); |
| 112 local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, salt, iteration_count); | 133 local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, salt, iteration_count); |
| 113 local stored_key_hex = stored_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end); | 134 local stored_key_hex = to_hex(stored_key); |
| 114 local server_key_hex = server_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end); | 135 local server_key_hex = to_hex(server_key); |
| 115 return datamanager.store(username, host, "accounts", {stored_key = stored_key_hex, server_key = server_key_hex, salt = salt, iteration_count = iteration_count}); | 136 return datamanager.store(username, host, "accounts", {stored_key = stored_key_hex, server_key = server_key_hex, salt = salt, iteration_count = iteration_count}); |
| 116 end | 137 end |
| 117 | 138 |
| 118 function provider.get_sasl_handler() | 139 function provider.get_sasl_handler() |
| 119 local realm = module:get_option("sasl_realm") or module.host; | 140 local realm = module:get_option("sasl_realm") or module.host; |
| 134 end | 155 end |
| 135 | 156 |
| 136 -- convert hexpass to stored_key and server_key | 157 -- convert hexpass to stored_key and server_key |
| 137 -- TODO: remove this in near future | 158 -- TODO: remove this in near future |
| 138 if credentials.hashpass then | 159 if credentials.hashpass then |
| 139 local salted_password = credentials.hashpass:gsub("..", function(x) return string.char(tonumber(x, 16)); end); | 160 local salted_password = from_hex(credentials.hashpass); |
| 140 credentials.stored_key = sha1(hmac_sha1(salted_password, "Client Key")):gsub(".", function (c) return ("%02x"):format(c:byte()); end); | 161 credentials.stored_key = sha1(hmac_sha1(salted_password, "Client Key"), true); |
| 141 credentials.server_key = hmac_sha1(salted_password, "Server Key"):gsub(".", function (c) return ("%02x"):format(c:byte()); end); | 162 credentials.server_key = to_hex(hmac_sha1(salted_password, "Server Key")); |
| 142 credentials.hashpass = nil | 163 credentials.hashpass = nil |
| 143 datamanager.store(username, host, "accounts", credentials); | 164 datamanager.store(username, host, "accounts", credentials); |
| 144 end | 165 end |
| 145 | 166 |
| 146 local stored_key, server_key, iteration_count, salt = credentials.stored_key, credentials.server_key, credentials.iteration_count, credentials.salt; | 167 local stored_key, server_key, iteration_count, salt = credentials.stored_key, credentials.server_key, credentials.iteration_count, credentials.salt; |
| 147 stored_key = stored_key and stored_key:gsub("..", function(x) return string.char(tonumber(x, 16)); end); | 168 stored_key = stored_key and from_hex(stored_key); |
| 148 server_key = server_key and server_key:gsub("..", function(x) return string.char(tonumber(x, 16)); end); | 169 server_key = server_key and from_hex(server_key); |
| 149 return stored_key, server_key, iteration_count, salt, true; | 170 return stored_key, server_key, iteration_count, salt, true; |
| 150 end | 171 end |
| 151 }; | 172 }; |
| 152 return new_sasl(realm, testpass_authentication_profile); | 173 return new_sasl(realm, testpass_authentication_profile); |
| 153 end | 174 end |
