Chapril/xmpp.chapril.org-ejabberd
25
1
Fork 0
mirror of https://github.com/processone/ejabberd.git synced 2024-11-20 16:15:59 +01:00
Code Releases Activity

Merge pull request #396 from hamano/scram-stringprep-checking

Browse Source 
checking stringprep in scram authentication
This commit is contained in:
Evgeny Khramtsov 2015-01-08 11:02:23 +03:00
commit 4ef2d08456
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/cyrsasl_scram.erl
View File

@ -76,9 +76,11 @@ mech_step(#state{step = 2} = State, ClientIn) ->
UserName ->
case parse_attribute(ClientNonceAttribute) of
{$r, ClientNonce} ->
case (State#state.get_password)(UserName) of
{Ret, _AuthModule} = (State#state.get_password)(UserName),
case {Ret, jlib:resourceprep(Ret)} of
{false, _} -> {error, <<"not-authorized">>, UserName};
{Ret, _AuthModule} ->
{_, error} -> ?WARNING_MSG("invalid password", []), {error, <<"not-authorized">>, UserName};
{Ret, _} ->
{StoredKey, ServerKey, Salt, IterationCount} =
if is_tuple(Ret) -> Ret;
true ->