Mercurial > prosody-modules
comparison mod_sasl_ssdp/mod_sasl_ssdp.lua @ 5773:3a7349aa95c7
mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Tue, 05 Dec 2023 12:39:00 +0000 |
| parents | |
| children | bb51cf204dd4 |
comparison
equal
deleted
inserted
replaced
| 5772:5ff8022466ab | 5773:3a7349aa95c7 |
|---|---|
| 1 local array = require "util.array"; | |
| 2 local hashes = require "util.hashes"; | |
| 3 local it = require "util.iterators"; | |
| 4 local base64_enc = require "util.encodings".base64.encode; | |
| 5 | |
| 6 local hash_functions = { | |
| 7 ["SCRAM-SHA-1"] = hashes.sha1; | |
| 8 ["SCRAM-SHA-1-PLUS"] = hashes.sha1; | |
| 9 ["SCRAM-SHA-256"] = hashes.sha256; | |
| 10 ["SCRAM-SHA-256-PLUS"] = hashes.sha256; | |
| 11 }; | |
| 12 | |
| 13 function add_ssdp_info(event) | |
| 14 local sasl_handler = event.session.sasl_handler; | |
| 15 local hash = hash_functions[sasl_handler.selected]; | |
| 16 if not hash then | |
| 17 module:log("debug", "Not enabling SSDP for unsupported mechanism: %s", sasl_handler.selected); | |
| 18 return; | |
| 19 end | |
| 20 local mechanism_list = array.collect(it.keys(sasl_handler:mechanisms())):sort(); | |
| 21 local cb = sasl_handler.profile.cb; | |
| 22 local cb_list = cb and array.collect(it.keys(cb)):sort(); | |
| 23 local ssdp_string; | |
| 24 if cb_list then | |
| 25 ssdp_string = mechanism_list:concat(",").."|"..cb_list:concat(","); | |
| 26 else | |
| 27 ssdp_string = mechanism_list:concat(","); | |
| 28 end | |
| 29 module:log("debug", "Calculated SSDP string: %s", ssdp_string); | |
| 30 event.message = event.message..",d="..base64_enc(hash(ssdp_string)); | |
| 31 sasl_handler.state.server_first_message = event.message; | |
| 32 end | |
| 33 | |
| 34 module:hook("sasl/reply/challenge", add_ssdp_info, 1); | |
| 35 module:hook("sasl2/c2s/challenge", add_ssdp_info, 1); | |
| 36 |