verse
f95e797895ee

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / verse

Changeset

356:f95e797895ee

SCRAM: Add channel binding support (SCRAM-SHA-1-PLUS)
author Kim Alvefur <zash@zash.se>
date Thu, 18 Sep 2014 19:03:15 +0200
parents 355:dfe095fcf89c
children 357:ed12e00991b1
files util/sasl/scram.lua
diffstat 1 files changed, 10 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/util/sasl/scram.lua	Thu Sep 18 19:02:13 2014 +0200
+++ b/util/sasl/scram.lua	Thu Sep 18 19:03:15 2014 +0200
@@ -50,7 +50,11 @@
 	local nonce = "r=" .. c_nonce;
 	local client_first_message_bare = username .. "," .. nonce;
 	local cbind_data = "";
-	local gs2_cbind_flag = "n" -- TODO channel binding
+	local gs2_cbind_flag = "y";
+	if name == "SCRAM-SHA-1-PLUS" then
+		cbind_data = stream.conn:socket():getfinished();
+		gs2_cbind_flag = "p=tls-unique";
+	end
 	local gs2_header = gs2_cbind_flag .. ",,";
 	local client_first_message = gs2_header .. client_first_message_bare;
 	local cont, server_first_message = coroutine.yield(client_first_message);
@@ -98,6 +102,10 @@
 	if stream.username and (stream.password or (stream.client_key or stream.server_key)) then
 		mechanisms["SCRAM-SHA-1"] = scram;
 		preference["SCRAM-SHA-1"] = 99;
-		-- TODO SCRAM-SHA-1-PLUS
+		local sock = stream.conn:ssl() and stream.conn:socket();
+		if sock and sock.getfinished then
+			mechanisms["SCRAM-SHA-1-PLUS"] = scram;
+			preference["SCRAM-SHA-1-PLUS"] = 100
+		end
 	end
 end