Chapril/xmpp.chapril.org-ejabberd
24
1
Fork 0
mirror of https://github.com/processone/ejabberd.git synced 2024-06-06 21:37:17 +02:00
Code Releases Activity

Merge pull request #396 from hamano/scram-stringprep-checking

Browse Source 
checking stringprep in scram authentication
This commit is contained in:
Evgeny Khramtsov 2015-01-08 11:02:23 +03:00
commit 4ef2d08456
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/cyrsasl_scram.erl
View File

@ -76,9 +76,11 @@ mech_step(#state{step = 2} = State, ClientIn) ->
UserName -> UserName ->
case parse_attribute(ClientNonceAttribute) of case parse_attribute(ClientNonceAttribute) of
{$r, ClientNonce} -> {$r, ClientNonce} ->
case (State#state.get_password)(UserName) of {Ret, _AuthModule} = (State#state.get_password)(UserName),
case {Ret, jlib:resourceprep(Ret)} of
{false, _} -> {error, <<"not-authorized">>, UserName}; {false, _} -> {error, <<"not-authorized">>, UserName};
{Ret, _AuthModule} -> {_, error} -> ?WARNING_MSG("invalid password", []), {error, <<"not-authorized">>, UserName};
{Ret, _} ->
{StoredKey, ServerKey, Salt, IterationCount} = {StoredKey, ServerKey, Salt, IterationCount} =
if is_tuple(Ret) -> Ret; if is_tuple(Ret) -> Ret;
true -> true ->