Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

(WIP) SASL SCRAM #1706

Open
wants to merge 11 commits into
base: develop
Choose a base branch
from
Open

Conversation

michaelortmann
Copy link
Member

@michaelortmann michaelortmann commented Oct 20, 2024

Found by:
Patch by: michaelortmann
Fixes:

One-line summary:

Additional description (if needed):
This PR implements SASL_MECHANISM_SCRAM_SHA_256 and SASL_MECHANISM_SCRAM_SHA_512
State machine for sasl scram
Add Tcl_TraceVar() for sasl-mechanism
Cache client and server key for sasl scram
Modularized sasl stuff into sasl.c / Refactor
Updated doc
Set sasl-username to username, if not set
Enhance logging
Leave got900() in servmsg.c instead of sasl.c
Constant time memory comparison
Update valid cap sasl mechanism list on server 908
Handle SASL AUTHENTICATE server error
pre sasl mechanism ECDH-X25519-CHALLENGE

Checks 2 boxes in #832:
#688 (comment) - grawity proposed replacing sasl state processing with real state keeping.
Implement scram authentication

Test cases demonstrating functionality (if applicable):

set sasl 1
set sasl-mechanism 4
[...]
[09:25:49] SASL: Starting authentication process
[09:25:49] SASL: AUTHENTICATE SCRAM-SHA-512
[...]
[09:25:50] SASL: authentication of server successful
[09:25:50] [m->] AUTHENTICATE +
[09:25:51] [@] :zen.home.arpa 900 BotA BotA!BotA@localhost BotA :You are now logged in as BotA
[09:25:51] zen.home.arpa: You are now logged in as BotA
[09:25:52] [@] :zen.home.arpa 903 BotA :SASL authentication successful
[09:25:52] SASL: SASL authentication successful

State machine for sasl scram
Add Tcl_TraceVar() for sasl-mechanism
Modularized sasl stuff into sasl.c / Refactor
Updated doc
Set sasl-username to username, if not set
Enhance logging
Leave got900() in servmsg.c instead of sasl.c
Constant time memory comparison
Update valid cap sasl mechanism list on server 908
Handle SASL AUTHENTICATE server error
pre sasl mechanism ECDH-X25519-CHALLENGE
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant