From 686d852e2b2e034a5a68c04c2e7d6ccc599afaab Mon Sep 17 00:00:00 2001 From: jesopo Date: Fri, 15 Feb 2019 20:09:32 +0000 Subject: [PATCH] SCRAM.error should be within standardised errors (put raw in self.raw_error) --- modules/sasl/scram.py | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/modules/sasl/scram.py b/modules/sasl/scram.py index b3c75313..b16bd448 100644 --- a/modules/sasl/scram.py +++ b/modules/sasl/scram.py @@ -7,6 +7,20 @@ import base64, enum, hashlib, hmac, os, typing ALGORITHMS = [ "MD5", "SHA-1", "SHA-224", "SHA-256", "SHA-384", "SHA-512"] +SCRAM_ERRORS = [ + "invalid-encoding", + "extensions-not-supported", # unrecognized 'm' value + "invalid-proof", + "channel-bindings-dont-match", + "server-does-support-channel-binding", + "channel-binding-not-supported", + "unsupported-channel-binding-type", + "unknown-user", + "invalid-username-encoding", # invalid utf8 of bad SASLprep + "no-resources", + "other-error" +] + def _scram_nonce() -> bytes: return base64.b64encode(os.urandom(32)) def _scram_escape(s: bytes) -> bytes: @@ -38,6 +52,7 @@ class SCRAM(object): self.state = SCRAMState.Uninitialised self.error = "" + self.raw_error = "" self._client_first = b"" self._salted_password = b"" @@ -93,7 +108,13 @@ class SCRAM(object): def server_final(self, data: bytes) -> bool: pieces = self._get_pieces(data) if b"e" in pieces: - self.error = pieces[b"e"].decode("utf8") + error = pieces[b"e"].decode("utf8") + self.raw_error = error + if error in SCRAM_ERRORS: + self.error = error + else: + self.error = "other-error" + self.state = SCRAMState.Failed return False