diff options
| author | Evgeny Khramtsov <xramtsov@gmail.com> | 2015-01-08 11:02:23 +0300 |
|---|---|---|
| committer | Evgeny Khramtsov <xramtsov@gmail.com> | 2015-01-08 11:02:23 +0300 |
| commit | 4ef2d08456f3e5a535273152fe47b78529647981 (patch) | |
| tree | 579e80d693d8b57e96597fbbcf6845a254f5139b /src | |
| parent | Fix missing presences when adding shared groups (Github PR#99, thanks to Bokner) (diff) | |
| parent | checking stringprep in scram authentication (diff) | |
Merge pull request #396 from hamano/scram-stringprep-checking
checking stringprep in scram authentication
Diffstat (limited to '')
| -rw-r--r-- | src/cyrsasl_scram.erl | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/cyrsasl_scram.erl b/src/cyrsasl_scram.erl index 1175af1e..26e03700 100644 --- a/src/cyrsasl_scram.erl +++ b/src/cyrsasl_scram.erl @@ -76,9 +76,11 @@ mech_step(#state{step = 2} = State, ClientIn) -> UserName -> case parse_attribute(ClientNonceAttribute) of {$r, ClientNonce} -> - case (State#state.get_password)(UserName) of + {Ret, _AuthModule} = (State#state.get_password)(UserName), + case {Ret, jlib:resourceprep(Ret)} of {false, _} -> {error, <<"not-authorized">>, UserName}; - {Ret, _AuthModule} -> + {_, error} -> ?WARNING_MSG("invalid password", []), {error, <<"not-authorized">>, UserName}; + {Ret, _} -> {StoredKey, ServerKey, Salt, IterationCount} = if is_tuple(Ret) -> Ret; true -> |