3
0
mirror of https://github.com/ergochat/ergo.git synced 2024-11-25 05:19:25 +01:00

remove SCRAM-SHA-256 from advertised SASL mechanisms

Advertising SCRAM-SHA-256 breaks irccloud, which doesn't fall back to PLAIN
if it sees SCRAM advertised but SCRAM then fails (as is the case for any
account password hashed on Ergo 2.7 or lower).

Leave a config option for irctest to enable it in the controller.
This commit is contained in:
Shivaram Lingamneni 2021-08-25 15:57:41 -04:00
parent 9c77f89bc2
commit 12947644e2

View File

@ -303,6 +303,7 @@ func (t *ThrottleConfig) UnmarshalYAML(unmarshal func(interface{}) error) (err e
type AccountConfig struct { type AccountConfig struct {
Registration AccountRegistrationConfig Registration AccountRegistrationConfig
AuthenticationEnabled bool `yaml:"authentication-enabled"` AuthenticationEnabled bool `yaml:"authentication-enabled"`
AdvertiseSCRAM bool `yaml:"advertise-scram"` // undocumented, see #1782
RequireSasl struct { RequireSasl struct {
Enabled bool Enabled bool
Exempted []string Exempted []string
@ -1379,7 +1380,12 @@ func LoadConfig(filename string) (config *Config, err error) {
config.Accounts.VHosts.validRegexp = defaultValidVhostRegex config.Accounts.VHosts.validRegexp = defaultValidVhostRegex
} }
config.Server.capValues[caps.SASL] = "PLAIN,EXTERNAL,SCRAM-SHA-256" saslCapValue := "PLAIN,EXTERNAL,SCRAM-SHA-256"
// TODO(#1782) clean this up:
if !config.Accounts.AdvertiseSCRAM {
saslCapValue = "PLAIN,EXTERNAL"
}
config.Server.capValues[caps.SASL] = saslCapValue
if !config.Accounts.AuthenticationEnabled { if !config.Accounts.AuthenticationEnabled {
config.Server.supportedCaps.Disable(caps.SASL) config.Server.supportedCaps.Disable(caps.SASL)
} }