[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
master 71397175aa 1/8: Add GS2 authorization to sasl-scram-rfc
|
From: |
Amin Bandali |
|
Subject: |
master 71397175aa 1/8: Add GS2 authorization to sasl-scram-rfc |
|
Date: |
Wed, 23 Nov 2022 21:24:33 -0500 (EST) |
branch: master
commit 71397175aaa51571ba89a2ebf147ae833da5decf
Author: F. Jason Park <jp@neverwas.me>
Commit: Amin Bandali <bandali@gnu.org>
Add GS2 authorization to sasl-scram-rfc
* lisp/net/sasl-scram-rfc.el (sasl-scram-gs2-header-function,
sasl-scram-construct-gs2-header): Add new variable and default
function for determining a SCRAM GSS-API message header. This is
mainly intended for other libraries rather than end users.
(sasl-scram-client-first-message): Use gs2-header function.
(sasl-scram--client-final-message): Use dedicated gs2-header function.
Also remove whitespace when base64-encoding, as per RFC 5802.
(Bug#57956.)
---
lisp/net/sasl-scram-rfc.el | 21 ++++++++++++++-------
1 file changed, 14 insertions(+), 7 deletions(-)
diff --git a/lisp/net/sasl-scram-rfc.el b/lisp/net/sasl-scram-rfc.el
index ee52ed6e07..f7a2e42541 100644
--- a/lisp/net/sasl-scram-rfc.el
+++ b/lisp/net/sasl-scram-rfc.el
@@ -45,14 +45,21 @@
;;; Generic for SCRAM-*
+(defvar sasl-scram-gs2-header-function 'sasl-scram-construct-gs2-header
+ "Function to create GS2 header.
+See https://www.rfc-editor.org/rfc/rfc5801#section-4.";)
+
+(defun sasl-scram-construct-gs2-header (client)
+ ;; The "n," means the client doesn't support channel binding, and
+ ;; the trailing comma is included as per RFC 5801.
+ (let ((authzid (sasl-client-property client 'authenticator-name)))
+ (concat "n," (and authzid "a=") authzid ",")))
+
(defun sasl-scram-client-first-message (client _step)
(let ((c-nonce (sasl-unique-id)))
(sasl-client-set-property client 'c-nonce c-nonce))
(concat
- ;; n = client doesn't support channel binding
- "n,"
- ;; TODO: where would we get authorization id from?
- ","
+ (funcall sasl-scram-gs2-header-function client)
(sasl-scram--client-first-message-bare client)))
(defun sasl-scram--client-first-message-bare (client)
@@ -77,11 +84,11 @@
(c-nonce (sasl-client-property client 'c-nonce))
;; no channel binding, no authorization id
- (cbind-input "n,,"))
+ (cbind-input (funcall sasl-scram-gs2-header-function client)))
(unless (string-prefix-p c-nonce nonce)
(sasl-error "Invalid nonce from server"))
(let* ((client-final-message-without-proof
- (concat "c=" (base64-encode-string cbind-input) ","
+ (concat "c=" (base64-encode-string cbind-input t) ","
"r=" nonce))
(password
;; TODO: either apply saslprep or disallow non-ASCII characters
@@ -113,7 +120,7 @@
(client-proof (funcall string-xor client-key client-signature))
(client-final-message
(concat client-final-message-without-proof ","
- "p=" (base64-encode-string client-proof))))
+ "p=" (base64-encode-string client-proof t))))
(sasl-client-set-property client 'auth-message auth-message)
(sasl-client-set-property client 'salted-password salted-password)
client-final-message)))
- master updated (d47e05219f -> f8b410f4a1), Amin Bandali, 2022/11/23
- master dc6ff142bc 3/8: Make erc--server-reconnecting non-buffer-local, Amin Bandali, 2022/11/23
- master 5258f36168 7/8: Accept functions in place of passwords in ERC, Amin Bandali, 2022/11/23
- master 71397175aa 1/8: Add GS2 authorization to sasl-scram-rfc,
Amin Bandali <=
- master ae254a65cd 5/8: Call erc-login indirectly via new generic wrapper, Amin Bandali, 2022/11/23
- master ed8862c404 6/8: Add non-IRCv3 SASL module to ERC, Amin Bandali, 2022/11/23
- master da30a4908e 2/8: Don't set erc-networks--id until network is known, Amin Bandali, 2022/11/23
- master f8b410f4a1 8/8: Add test scenarios for local ERC modules, Amin Bandali, 2022/11/23
- master 4c4936fab2 4/8: Support local ERC modules in erc-mode buffers, Amin Bandali, 2022/11/23