Software / code / prosody
Changeset
10774:207691ad98fe
util.sasl.scram: Mention if clients try PLUS without channel binding
This isn't normal, but is it invalid? Likely a client bug in any case.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 26 Apr 2020 14:31:43 +0200 |
| parents | 10773:3e1046b39484 |
| children | 10775:1641e33f1d36 |
| files | util/sasl/scram.lua |
| diffstat | 1 files changed, 6 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/util/sasl/scram.lua Sun Apr 26 14:28:00 2020 +0200 +++ b/util/sasl/scram.lua Sun Apr 26 14:31:43 2020 +0200 @@ -112,7 +112,7 @@ end end -local function scram_gen(hash_name, H_f, HMAC_f, get_auth_db) +local function scram_gen(hash_name, H_f, HMAC_f, get_auth_db, expect_cb) local profile_name = "scram_" .. hashprep(hash_name); local function scram_hash(self, message) local support_channel_binding = false; @@ -141,6 +141,10 @@ if gs2_cbind_flag == "n" then -- "n" -> client doesn't support channel binding. + if expect_cb then + log("debug", "Client unexpectedly doesn't support channel binding"); + -- XXX Is it sensible to abort if the client starts -PLUS but doesn't use channel binding? + end support_channel_binding = false; end @@ -260,7 +264,7 @@ -- register channel binding equivalent registerMechanism("SCRAM-"..hash_name.."-PLUS", {"plain", "scram_"..(hashprep(hash_name))}, - scram_gen(hash_name:lower(), hash, hmac_hash, get_auth_db), {"tls-unique"}); + scram_gen(hash_name:lower(), hash, hmac_hash, get_auth_db, true), {"tls-unique"}); end registerSCRAMMechanism("SHA-1", hashes.sha1, hashes.hmac_sha1, hashes.pbkdf2_hmac_sha1);
