3
0
mirror of https://github.com/ergochat/ergo.git synced 2024-11-25 21:39:25 +01:00

Merge pull request #1768 from slingamn/scram_clientid

fix SCRAM not supporting client IDs
This commit is contained in:
Shivaram Lingamneni 2021-08-03 23:51:10 -04:00 committed by GitHub
commit 1c5a485c17
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 16 additions and 4 deletions

View File

@ -2008,6 +2008,11 @@ func (am *AccountManager) NewScramConversation() *scram.ServerConversation {
} }
func (am *AccountManager) lookupSCRAMCreds(accountName string) (creds scram.StoredCredentials, err error) { func (am *AccountManager) lookupSCRAMCreds(accountName string) (creds scram.StoredCredentials, err error) {
// strip client ID if present:
if strudelIndex := strings.IndexByte(accountName, '@'); strudelIndex != -1 {
accountName = accountName[:strudelIndex]
}
acct, err := am.LoadAccount(accountName) acct, err := am.LoadAccount(accountName)
if err != nil { if err != nil {
return return

View File

@ -354,20 +354,27 @@ func authScramHandler(server *Server, client *Client, session *Session, value []
if session.sasl.scramConv.Done() { if session.sasl.scramConv.Done() {
continueAuth = false continueAuth = false
if session.sasl.scramConv.Valid() { if session.sasl.scramConv.Valid() {
accountName := session.sasl.scramConv.Username() authcid := session.sasl.scramConv.Username()
if strudelIndex := strings.IndexByte(authcid, '@'); strudelIndex != -1 {
var deviceID string
authcid, deviceID = authcid[:strudelIndex], authcid[strudelIndex+1:]
if !client.registered {
rb.session.deviceID = deviceID
}
}
authzid := session.sasl.scramConv.AuthzID() authzid := session.sasl.scramConv.AuthzID()
if authzid != "" && authzid != accountName { if authzid != "" && authzid != authcid {
rb.Add(nil, server.name, ERR_SASLFAIL, client.nick, client.t("SASL authentication failed: authcid and authzid should be the same")) rb.Add(nil, server.name, ERR_SASLFAIL, client.nick, client.t("SASL authentication failed: authcid and authzid should be the same"))
return false return false
} }
account, err := server.accounts.LoadAccount(accountName) account, err := server.accounts.LoadAccount(authcid)
if err == nil { if err == nil {
server.accounts.Login(client, account) server.accounts.Login(client, account)
if fixupNickEqualsAccount(client, rb, server.Config(), "") { if fixupNickEqualsAccount(client, rb, server.Config(), "") {
sendSuccessfulAccountAuth(nil, client, rb, true) sendSuccessfulAccountAuth(nil, client, rb, true)
} }
} else { } else {
server.logger.Error("internal", "SCRAM succeeded but couldn't load account", accountName, err.Error()) server.logger.Error("internal", "SCRAM succeeded but couldn't load account", authcid, err.Error())
rb.Add(nil, server.name, ERR_SASLFAIL, client.nick, client.t("SASL authentication failed")) rb.Add(nil, server.name, ERR_SASLFAIL, client.nick, client.t("SASL authentication failed"))
} }
} else { } else {