mirror of
https://github.com/ergochat/ergo.git
synced 2024-11-25 21:39:25 +01:00
Merge pull request #1768 from slingamn/scram_clientid
fix SCRAM not supporting client IDs
This commit is contained in:
commit
1c5a485c17
@ -2008,6 +2008,11 @@ func (am *AccountManager) NewScramConversation() *scram.ServerConversation {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (am *AccountManager) lookupSCRAMCreds(accountName string) (creds scram.StoredCredentials, err error) {
|
func (am *AccountManager) lookupSCRAMCreds(accountName string) (creds scram.StoredCredentials, err error) {
|
||||||
|
// strip client ID if present:
|
||||||
|
if strudelIndex := strings.IndexByte(accountName, '@'); strudelIndex != -1 {
|
||||||
|
accountName = accountName[:strudelIndex]
|
||||||
|
}
|
||||||
|
|
||||||
acct, err := am.LoadAccount(accountName)
|
acct, err := am.LoadAccount(accountName)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
|
@ -354,20 +354,27 @@ func authScramHandler(server *Server, client *Client, session *Session, value []
|
|||||||
if session.sasl.scramConv.Done() {
|
if session.sasl.scramConv.Done() {
|
||||||
continueAuth = false
|
continueAuth = false
|
||||||
if session.sasl.scramConv.Valid() {
|
if session.sasl.scramConv.Valid() {
|
||||||
accountName := session.sasl.scramConv.Username()
|
authcid := session.sasl.scramConv.Username()
|
||||||
|
if strudelIndex := strings.IndexByte(authcid, '@'); strudelIndex != -1 {
|
||||||
|
var deviceID string
|
||||||
|
authcid, deviceID = authcid[:strudelIndex], authcid[strudelIndex+1:]
|
||||||
|
if !client.registered {
|
||||||
|
rb.session.deviceID = deviceID
|
||||||
|
}
|
||||||
|
}
|
||||||
authzid := session.sasl.scramConv.AuthzID()
|
authzid := session.sasl.scramConv.AuthzID()
|
||||||
if authzid != "" && authzid != accountName {
|
if authzid != "" && authzid != authcid {
|
||||||
rb.Add(nil, server.name, ERR_SASLFAIL, client.nick, client.t("SASL authentication failed: authcid and authzid should be the same"))
|
rb.Add(nil, server.name, ERR_SASLFAIL, client.nick, client.t("SASL authentication failed: authcid and authzid should be the same"))
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
account, err := server.accounts.LoadAccount(accountName)
|
account, err := server.accounts.LoadAccount(authcid)
|
||||||
if err == nil {
|
if err == nil {
|
||||||
server.accounts.Login(client, account)
|
server.accounts.Login(client, account)
|
||||||
if fixupNickEqualsAccount(client, rb, server.Config(), "") {
|
if fixupNickEqualsAccount(client, rb, server.Config(), "") {
|
||||||
sendSuccessfulAccountAuth(nil, client, rb, true)
|
sendSuccessfulAccountAuth(nil, client, rb, true)
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
server.logger.Error("internal", "SCRAM succeeded but couldn't load account", accountName, err.Error())
|
server.logger.Error("internal", "SCRAM succeeded but couldn't load account", authcid, err.Error())
|
||||||
rb.Add(nil, server.name, ERR_SASLFAIL, client.nick, client.t("SASL authentication failed"))
|
rb.Add(nil, server.name, ERR_SASLFAIL, client.nick, client.t("SASL authentication failed"))
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
Loading…
Reference in New Issue
Block a user