Mercurial > prosody-hg
comparison plugins/mod_auth_internal_hashed.lua @ 3210:5e51f8a7179b
mod_auth_internal_hashed: Convert hashpass to server_key/stored_key on PLAIN login.
| author | Tobias Markmann <tm@ayena.de> |
|---|---|
| date | Wed, 09 Jun 2010 17:51:08 +0200 |
| parents | 4b660bf61048 |
| children | d69e90ffbc09 |
comparison
equal
deleted
inserted
replaced
| 3209:cbceb398c1e4 | 3210:5e51f8a7179b |
|---|---|
| 57 return nil, "Auth failed. Stored salt and iteration count information is not complete."; | 57 return nil, "Auth failed. Stored salt and iteration count information is not complete."; |
| 58 end | 58 end |
| 59 | 59 |
| 60 local valid, stored_key, server_key | 60 local valid, stored_key, server_key |
| 61 | 61 |
| 62 if credentials.hexpass then | 62 -- convert hexpass to stored_key and server_key |
| 63 -- convert hexpass to stored_key and server_key | 63 -- TODO: remove this in near future |
| 64 -- TODO: remove this in near future | 64 if credentials.hashpass then |
| 65 valid = true; | 65 valid = true; |
| 66 local salted_password = credentials.hexpass:gsub("..", function(x) return string.char(tonumber(x, 16)); end); | 66 local salted_password = credentials.hashpass:gsub("..", function(x) return string.char(tonumber(x, 16)); end); |
| 67 | 67 log("debug", "salted_password in bin: %s", tostring(salted_password)); |
| 68 stored_key = sha1(hmac_sha1(salted_password, "Client Key")) | 68 credentials.stored_key = sha1(hmac_sha1(salted_password, "Client Key")):gsub(".", function (c) return ("%02x"):format(c:byte()); end); |
| 69 server_key = hmac_sha1(salted_password, "Server Key"); | 69 credentials.server_key = hmac_sha1(salted_password, "Server Key"):gsub(".", function (c) return ("%02x"):format(c:byte()); end); |
| 70 else | |
| 71 valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, credentials.salt, credentials.iteration_count); | |
| 72 end | 70 end |
| 71 | |
| 72 local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, credentials.salt, credentials.iteration_count); | |
| 73 | 73 |
| 74 local stored_key_hex = stored_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end); | 74 local stored_key_hex = stored_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end); |
| 75 local server_key_hex = server_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end); | 75 local server_key_hex = server_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end); |
| 76 | 76 |
| 77 if valid and stored_key_hex == credentials.stored_key and server_key_hex == credentials.server_key_hex then | 77 if valid and stored_key_hex == credentials.stored_key and server_key_hex == credentials.server_key then |
| 78 return true; | 78 return true; |
| 79 else | 79 else |
| 80 return nil, "Auth failed. Invalid username, password, or password hash information."; | 80 return nil, "Auth failed. Invalid username, password, or password hash information."; |
| 81 end | 81 end |
| 82 end | 82 end |
| 83 | 83 |
| 84 function provider.set_password(username, password) | 84 function provider.set_password(username, password) |
| 85 if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end | 85 if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end |
| 86 local account = datamanager.load(username, host, "accounts"); | 86 local account = datamanager.load(username, host, "accounts"); |
| 87 if account then | 87 if account then |
| 88 if account.iteration_count == nil then | 88 account.salt = account.salt or generate_uuid(); |
| 89 account.iteration_count = iteration_count; | 89 account.iteration_count = account.iteration_count or iteration_count; |
| 90 end | 90 local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, account.salt, account.iteration_count); |
| 91 | |
| 92 if account.salt == nil then | |
| 93 account.salt = generate_uuid(); | |
| 94 end | |
| 95 | |
| 96 local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, credentials.salt, credentials.iteration_count); | |
| 97 local stored_key_hex = stored_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end); | 91 local stored_key_hex = stored_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end); |
| 98 local server_key_hex = server_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end); | 92 local server_key_hex = server_key:gsub(".", function (c) return ("%02x"):format(c:byte()); end); |
| 99 | 93 |
| 100 account.stored_key = stored_key_hex | 94 account.stored_key = stored_key_hex |
| 101 account.server_key = server_key_hex | 95 account.server_key = server_key_hex |
