comparison plugins/mod_auth_internal_hashed.lua @ 4797:e239668aa6d2

Merge 0.9->trunk
author Matthew Wild <mwild1@gmail.com>
date Sun, 29 Apr 2012 02:10:55 +0100
parents 0df5b2d5dff3
children 5f9066db1b4d
comparison
equal deleted inserted replaced
4796:04a34287dc12 4797:e239668aa6d2
7 -- COPYING file in the source package for more information. 7 -- COPYING file in the source package for more information.
8 -- 8 --
9 9
10 local datamanager = require "util.datamanager"; 10 local datamanager = require "util.datamanager";
11 local log = require "util.logger".init("auth_internal_hashed"); 11 local log = require "util.logger".init("auth_internal_hashed");
12 local type = type;
13 local error = error;
14 local ipairs = ipairs;
15 local hashes = require "util.hashes";
16 local jid_bare = require "util.jid".bare;
17 local getAuthenticationDatabaseSHA1 = require "util.sasl.scram".getAuthenticationDatabaseSHA1; 12 local getAuthenticationDatabaseSHA1 = require "util.sasl.scram".getAuthenticationDatabaseSHA1;
18 local config = require "core.configmanager";
19 local usermanager = require "core.usermanager"; 13 local usermanager = require "core.usermanager";
20 local generate_uuid = require "util.uuid".generate; 14 local generate_uuid = require "util.uuid".generate;
21 local new_sasl = require "util.sasl".new; 15 local new_sasl = require "util.sasl".new;
22 local nodeprep = require "util.encodings".stringprep.nodeprep; 16 local nodeprep = require "util.encodings".stringprep.nodeprep;
23 local hosts = hosts;
24
25 -- COMPAT w/old trunk: remove these two lines before 0.8 release
26 local hmac_sha1 = require "util.hmac".sha1;
27 local sha1 = require "util.hashes".sha1;
28 17
29 local to_hex; 18 local to_hex;
30 do 19 do
31 local function replace_byte_with_hex(byte) 20 local function replace_byte_with_hex(byte)
32 return ("%02x"):format(byte:byte()); 21 return ("%02x"):format(byte:byte());
45 return hex_string:gsub("..", replace_hex_with_byte); 34 return hex_string:gsub("..", replace_hex_with_byte);
46 end 35 end
47 end 36 end
48 37
49 38
50 local prosody = _G.prosody;
51
52 -- Default; can be set per-user 39 -- Default; can be set per-user
53 local iteration_count = 4096; 40 local iteration_count = 4096;
54 41
55 function new_hashpass_provider(host) 42 function new_hashpass_provider(host)
56 local provider = { name = "internal_hashed" }; 43 local provider = { name = "internal_hashed" };
57 log("debug", "initializing hashpass authentication provider for host '%s'", host); 44 log("debug", "initializing internal_hashed authentication provider for host '%s'", host);
58 45
59 function provider.test_password(username, password) 46 function provider.test_password(username, password)
60 local credentials = datamanager.load(username, host, "accounts") or {}; 47 local credentials = datamanager.load(username, host, "accounts") or {};
61 48
62 if credentials.password ~= nil and string.len(credentials.password) ~= 0 then 49 if credentials.password ~= nil and string.len(credentials.password) ~= 0 then
71 end 58 end
72 end 59 end
73 60
74 if credentials.iteration_count == nil or credentials.salt == nil or string.len(credentials.salt) == 0 then 61 if credentials.iteration_count == nil or credentials.salt == nil or string.len(credentials.salt) == 0 then
75 return nil, "Auth failed. Stored salt and iteration count information is not complete."; 62 return nil, "Auth failed. Stored salt and iteration count information is not complete.";
76 end
77
78 -- convert hexpass to stored_key and server_key
79 -- COMPAT w/old trunk: remove before 0.8 release
80 if credentials.hashpass then
81 local salted_password = from_hex(credentials.hashpass);
82 credentials.stored_key = sha1(hmac_sha1(salted_password, "Client Key"), true);
83 credentials.server_key = to_hex(hmac_sha1(salted_password, "Server Key"));
84 credentials.hashpass = nil
85 datamanager.store(username, host, "accounts", credentials);
86 end 63 end
87 64
88 local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, credentials.salt, credentials.iteration_count); 65 local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, credentials.salt, credentials.iteration_count);
89 66
90 local stored_key_hex = to_hex(stored_key); 67 local stored_key_hex = to_hex(stored_key);
156 usermanager.set_password(username, credentials.password, host); 133 usermanager.set_password(username, credentials.password, host);
157 credentials = datamanager.load(username, host, "accounts"); 134 credentials = datamanager.load(username, host, "accounts");
158 if not credentials then return; end 135 if not credentials then return; end
159 end 136 end
160 137
161 -- convert hexpass to stored_key and server_key
162 -- COMPAT w/old trunk: remove before 0.8 release
163 if credentials.hashpass then
164 local salted_password = from_hex(credentials.hashpass);
165 credentials.stored_key = sha1(hmac_sha1(salted_password, "Client Key"), true);
166 credentials.server_key = to_hex(hmac_sha1(salted_password, "Server Key"));
167 credentials.hashpass = nil
168 datamanager.store(username, host, "accounts", credentials);
169 end
170
171 local stored_key, server_key, iteration_count, salt = credentials.stored_key, credentials.server_key, credentials.iteration_count, credentials.salt; 138 local stored_key, server_key, iteration_count, salt = credentials.stored_key, credentials.server_key, credentials.iteration_count, credentials.salt;
172 stored_key = stored_key and from_hex(stored_key); 139 stored_key = stored_key and from_hex(stored_key);
173 server_key = server_key and from_hex(server_key); 140 server_key = server_key and from_hex(server_key);
174 return stored_key, server_key, iteration_count, salt, true; 141 return stored_key, server_key, iteration_count, salt, true;
175 end 142 end