From ff2d5ef7e7f39356a03bfc7d660b5f718777d351 Mon Sep 17 00:00:00 2001 From: jesopo Date: Tue, 5 Feb 2019 17:03:41 +0000 Subject: [PATCH] Disconnect from server and throw an exception if SCRAM server verification fails (sasl) --- modules/sasl/__init__.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/sasl/__init__.py b/modules/sasl/__init__.py index f032d230..0c74cc97 100644 --- a/modules/sasl/__init__.py +++ b/modules/sasl/__init__.py @@ -79,6 +79,11 @@ class Module(ModuleManager.BaseModule): elif current_scram.state == scram.SCRAMState.ClientFinal: auth_text = current_scram.server_final(event["message"]) del event["server"]._scram + + if current_scram.state == scram.SCRAMState.VerifyFailed: + event["server"].disconnect() + raise ValueError("Server SCRAM verification failed") + else: raise ValueError("unknown sasl mechanism '%s'" % mechanism)