Mercurial > prosody-hg
comparison plugins/mod_hashpassauth.lua @ 3167:546695e80e0a
Correct out of order logic in mod_hashpassauth
Make saslauth check the existence of the get_password and test_password functions to determine which authentication profile to use.
| author | Jeff Mitchell <jeff@jefferai.org> |
|---|---|
| date | Fri, 28 May 2010 14:47:32 -0400 |
| parents | 3c46cb94caed |
| children |
comparison
equal
deleted
inserted
replaced
| 3166:3c46cb94caed | 3167:546695e80e0a |
|---|---|
| 33 | 33 |
| 34 function provider.test_password(username, password) | 34 function provider.test_password(username, password) |
| 35 if is_cyrus(host) then return nil, "Legacy auth not supported with Cyrus SASL."; end | 35 if is_cyrus(host) then return nil, "Legacy auth not supported with Cyrus SASL."; end |
| 36 local credentials = datamanager.load(username, host, "accounts") or {}; | 36 local credentials = datamanager.load(username, host, "accounts") or {}; |
| 37 | 37 |
| 38 if credentials.iteration_count == nil or credentials.salt == nil or string.len(credentials.salt) == 0 then | |
| 39 return nil, "Auth failed. Stored salt and iteration count information is not complete."; | |
| 40 end | |
| 41 | |
| 42 if credentials.password ~= nil and string.len(credentials.password) ~= 0 then | 38 if credentials.password ~= nil and string.len(credentials.password) ~= 0 then |
| 43 if credentials.password ~= password then | 39 if credentials.password ~= password then |
| 44 return nil, "Auth failed. Provided password is incorrect."; | 40 return nil, "Auth failed. Provided password is incorrect."; |
| 45 end | 41 end |
| 46 | 42 |
| 49 else | 45 else |
| 50 return true; | 46 return true; |
| 51 end | 47 end |
| 52 end | 48 end |
| 53 | 49 |
| 50 if credentials.iteration_count == nil or credentials.salt == nil or string.len(credentials.salt) == 0 then | |
| 51 return nil, "Auth failed. Stored salt and iteration count information is not complete."; | |
| 52 end | |
| 53 | |
| 54 local valid, binpass = saltedPasswordSHA1(password, credentials.salt, credentials.iteration_count); | 54 local valid, binpass = saltedPasswordSHA1(password, credentials.salt, credentials.iteration_count); |
| 55 local hexpass = binpass:gsub(".", function (c) return ("%02x"):format(c:byte()); end); | 55 local hexpass = binpass:gsub(".", function (c) return ("%02x"):format(c:byte()); end); |
| 56 | 56 |
| 57 if valid and hexpass == credentials.hashpass then | 57 if valid and hexpass == credentials.hashpass then |
| 58 return true; | 58 return true; |
| 59 else | 59 else |
| 60 return nil, "Auth failed. Invalid username, password, or password hash information."; | 60 return nil, "Auth failed. Invalid username, password, or password hash information."; |
| 61 end | 61 end |
| 62 end | 62 end |
| 63 | 63 |
| 64 function provider.get_password(username) | |
| 65 if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end | |
| 66 local credentials = datamanager.load(username, host, "accounts") or {}; | |
| 67 if(credentials.password ~= nil or (credentials.password ~= nil and string.len(credentials.password) ~= 0)) then | |
| 68 if provider.set_password(username, credentials.password) == nil then | |
| 69 return nil, "Problem setting plaintext password to hashed password."; | |
| 70 end | |
| 71 credentials = datamanager.load(username, host, "accounts"); | |
| 72 return credentials.hashpass; | |
| 73 end | |
| 74 return credentials.hashpass; | |
| 75 end | |
| 76 | |
| 77 function provider.set_password(username, password) | 64 function provider.set_password(username, password) |
| 78 if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end | 65 if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end |
| 79 local account = datamanager.load(username, host, "accounts"); | 66 local account = datamanager.load(username, host, "accounts"); |
| 80 if account then | 67 if account then |
| 81 if account.iteration_count == nil then | 68 if account.iteration_count == nil then |
