Mercurial > prosody-hg
comparison plugins/mod_auth_internal_hashed.lua @ 3208:4b660bf61048
mod_auth_internal_hashed: Coverting salted password to stored_key and server_key.
| author | Tobias Markmann <tm@ayena.de> |
|---|---|
| date | Tue, 08 Jun 2010 15:02:53 +0200 |
| parents | b350d9753804 |
| children | 5e51f8a7179b |
comparison
equal
deleted
inserted
replaced
| 3207:b350d9753804 | 3208:4b660bf61048 |
|---|---|
| 19 local usermanager = require "core.usermanager"; | 19 local usermanager = require "core.usermanager"; |
| 20 local generate_uuid = require "util.uuid".generate; | 20 local generate_uuid = require "util.uuid".generate; |
| 21 local new_sasl = require "util.sasl".new; | 21 local new_sasl = require "util.sasl".new; |
| 22 local nodeprep = require "util.encodings".stringprep.nodeprep; | 22 local nodeprep = require "util.encodings".stringprep.nodeprep; |
| 23 local hosts = hosts; | 23 local hosts = hosts; |
| 24 | |
| 25 -- TODO: remove these two lines in near future | |
| 26 local hmac_sha1 = require "util.hmac".sha1; | |
| 27 local sha1 = require "util.hashes".sha1; | |
| 24 | 28 |
| 25 local prosody = _G.prosody; | 29 local prosody = _G.prosody; |
| 26 | 30 |
| 27 local is_cyrus = usermanager.is_cyrus; | 31 local is_cyrus = usermanager.is_cyrus; |
| 28 | 32 |
| 51 | 55 |
| 52 if credentials.iteration_count == nil or credentials.salt == nil or string.len(credentials.salt) == 0 then | 56 if credentials.iteration_count == nil or credentials.salt == nil or string.len(credentials.salt) == 0 then |
| 53 return nil, "Auth failed. Stored salt and iteration count information is not complete."; | 57 return nil, "Auth failed. Stored salt and iteration count information is not complete."; |
| 54 end | 58 end |
| 55 | 59 |
| 56 if credentials.saltedPasswordSHA1 | 60 local valid, stored_key, server_key |
| 57 | 61 |
| 58 local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, credentials.salt, credentials.iteration_count); | 62 if credentials.hexpass then |
| 63 -- convert hexpass to stored_key and server_key | |
| 64 -- TODO: remove this in near future | |
| 65 valid = true; | |
| 66 local salted_password = credentials.hexpass:gsub("..", function(x) return string.char(tonumber(x, 16)); end); | |
| 67 | |
| 68 stored_key = sha1(hmac_sha1(salted_password, "Client Key")) | |
| 69 server_key = hmac_sha1(salted_password, "Server Key"); | |
| 70 else | |
| 71 valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, credentials.salt, credentials.iteration_count); | |
| 72 end | |
| 73 | |
| 59 local stored_key_hex = stored_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end); | 74 local stored_key_hex = stored_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end); |
| 60 local server_key_hex = server_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end); | 75 local server_key_hex = server_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end); |
| 61 | 76 |
| 62 if valid and stored_key_hex == credentials.stored_key and server_key_hex == credentials.server_key_hex then | 77 if valid and stored_key_hex == credentials.stored_key and server_key_hex == credentials.server_key_hex then |
| 63 return true; | 78 return true; |
