From 12947644e234302544a7fc98e670867f4218c5aa Mon Sep 17 00:00:00 2001 From: Shivaram Lingamneni Date: Wed, 25 Aug 2021 15:57:41 -0400 Subject: [PATCH 1/2] remove SCRAM-SHA-256 from advertised SASL mechanisms Advertising SCRAM-SHA-256 breaks irccloud, which doesn't fall back to PLAIN if it sees SCRAM advertised but SCRAM then fails (as is the case for any account password hashed on Ergo 2.7 or lower). Leave a config option for irctest to enable it in the controller. --- irc/config.go | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/irc/config.go b/irc/config.go index b8558727..ec0ee96e 100644 --- a/irc/config.go +++ b/irc/config.go @@ -303,6 +303,7 @@ func (t *ThrottleConfig) UnmarshalYAML(unmarshal func(interface{}) error) (err e type AccountConfig struct { Registration AccountRegistrationConfig AuthenticationEnabled bool `yaml:"authentication-enabled"` + AdvertiseSCRAM bool `yaml:"advertise-scram"` // undocumented, see #1782 RequireSasl struct { Enabled bool Exempted []string @@ -1379,7 +1380,12 @@ func LoadConfig(filename string) (config *Config, err error) { config.Accounts.VHosts.validRegexp = defaultValidVhostRegex } - config.Server.capValues[caps.SASL] = "PLAIN,EXTERNAL,SCRAM-SHA-256" + saslCapValue := "PLAIN,EXTERNAL,SCRAM-SHA-256" + // TODO(#1782) clean this up: + if !config.Accounts.AdvertiseSCRAM { + saslCapValue = "PLAIN,EXTERNAL" + } + config.Server.capValues[caps.SASL] = saslCapValue if !config.Accounts.AuthenticationEnabled { config.Server.supportedCaps.Disable(caps.SASL) } From a1d4b8ac8220b805fe6737b4cef2caa6f0367193 Mon Sep 17 00:00:00 2001 From: Shivaram Lingamneni Date: Wed, 25 Aug 2021 19:00:33 -0400 Subject: [PATCH 2/2] bump irctest to latest --- irctest | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/irctest b/irctest index 9de76b60..125a1cc1 160000 --- a/irctest +++ b/irctest @@ -1 +1 @@ -Subproject commit 9de76b6063c8c837399d7449218f3b87fb1a1524 +Subproject commit 125a1cc106655b8c34705fd74a2704fccb8ec91e