diff options
author | Kim Alvefur <zash@zash.se> | 2020-04-26 14:31:43 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2020-04-26 14:31:43 +0200 |
commit | 23ae3a4adabb9c38bf33ae597bcae4138f739135 (patch) | |
tree | f4f8a20d757e982cb326bcb5b4bd679988e56695 /util | |
parent | e5327bcc31cb602df89d19f9c9c73aa90d4bec37 (diff) | |
download | prosody-23ae3a4adabb9c38bf33ae597bcae4138f739135.tar.gz prosody-23ae3a4adabb9c38bf33ae597bcae4138f739135.zip |
util.sasl.scram: Mention if clients try PLUS without channel binding
This isn't normal, but is it invalid? Likely a client bug in any case.
Diffstat (limited to 'util')
-rw-r--r-- | util/sasl/scram.lua | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua index e2ce00f5..b3370d4b 100644 --- a/util/sasl/scram.lua +++ b/util/sasl/scram.lua @@ -112,7 +112,7 @@ local function get_scram_hasher(H, HMAC, Hi) end end -local function scram_gen(hash_name, H_f, HMAC_f, get_auth_db) +local function scram_gen(hash_name, H_f, HMAC_f, get_auth_db, expect_cb) local profile_name = "scram_" .. hashprep(hash_name); local function scram_hash(self, message) local support_channel_binding = false; @@ -141,6 +141,10 @@ local function scram_gen(hash_name, H_f, HMAC_f, get_auth_db) if gs2_cbind_flag == "n" then -- "n" -> client doesn't support channel binding. + if expect_cb then + log("debug", "Client unexpectedly doesn't support channel binding"); + -- XXX Is it sensible to abort if the client starts -PLUS but doesn't use channel binding? + end support_channel_binding = false; end @@ -260,7 +264,7 @@ local function init(registerMechanism) -- register channel binding equivalent registerMechanism("SCRAM-"..hash_name.."-PLUS", {"plain", "scram_"..(hashprep(hash_name))}, - scram_gen(hash_name:lower(), hash, hmac_hash, get_auth_db), {"tls-unique"}); + scram_gen(hash_name:lower(), hash, hmac_hash, get_auth_db, true), {"tls-unique"}); end registerSCRAMMechanism("SHA-1", hashes.sha1, hashes.hmac_sha1, hashes.pbkdf2_hmac_sha1); |