Restrict scram algorithms to IANA Hash Function Textual Names (sasl.scram)
This commit is contained in:
parent
4e3e782519
commit
50a8de2792
2 changed files with 11 additions and 2 deletions
|
@ -70,7 +70,7 @@ class Module(ModuleManager.BaseModule):
|
||||||
|
|
||||||
# create SCRAM helper
|
# create SCRAM helper
|
||||||
sasl_username, sasl_password = sasl["args"].split(":", 1)
|
sasl_username, sasl_password = sasl["args"].split(":", 1)
|
||||||
algo = mechanism.split("SCRAM-", 1)[1].replace("-", "")
|
algo = mechanism.split("SCRAM-", 1)[1]
|
||||||
event["server"]._scram = scram.SCRAM(
|
event["server"]._scram = scram.SCRAM(
|
||||||
algo, sasl_username, sasl_password)
|
algo, sasl_username, sasl_password)
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,11 @@
|
||||||
import base64, enum, hashlib, hmac, os, typing
|
import base64, enum, hashlib, hmac, os, typing
|
||||||
|
|
||||||
|
# IANA Hash Function Textual Names
|
||||||
|
# https://tools.ietf.org/html/rfc5802#section-4
|
||||||
|
# https://www.iana.org/assignments/hash-function-text-names/
|
||||||
|
ALGORITHMS = [
|
||||||
|
"MD2", "MD5", "SHA-1", "SHA-224", "SHA-256", "SHA-384", "SHA-512"]
|
||||||
|
|
||||||
def _scram_nonce() -> bytes:
|
def _scram_nonce() -> bytes:
|
||||||
return base64.b64encode(os.urandom(32))
|
return base64.b64encode(os.urandom(32))
|
||||||
def _scram_escape(s: bytes) -> bytes:
|
def _scram_escape(s: bytes) -> bytes:
|
||||||
|
@ -22,7 +28,10 @@ class SCRAMError(Exception):
|
||||||
|
|
||||||
class SCRAM(object):
|
class SCRAM(object):
|
||||||
def __init__(self, algo, username, password):
|
def __init__(self, algo, username, password):
|
||||||
self._algo = algo
|
if not algo in ALGORITHMS:
|
||||||
|
raise ValueError("Unknown SCRAM algorithm '%s'" % algo)
|
||||||
|
|
||||||
|
self._algo = algo.replace("-", "") # SHA-1 -> SHA1
|
||||||
self._username = username.encode("utf8")
|
self._username = username.encode("utf8")
|
||||||
self._password = password.encode("utf8")
|
self._password = password.encode("utf8")
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue