Commit graph

36 commits

Author SHA1 Message Date
jesopo
d0ad43b027 Support a USERPASS sasl mechanism that picks the best user:pass mech (sasl) 2019-02-14 11:57:53 +00:00
jesopo
460d56eb74 Never allow use of MD2 (sasl.scram) 2019-02-12 23:52:09 +00:00
jesopo
ac958384fe SCRAM doesn't need constant_time_compare, nonces prevent replay (scram.py) 2019-02-12 23:47:24 +00:00
jesopo
9667b8a6e0 Move constant-time compare function to utils.security 2019-02-12 11:57:49 +00:00
jesopo
305b998a52 Use hmac.compare_digest to do a constant-time compare (sasl.scram) 2019-02-12 11:50:37 +00:00
jesopo
6018cc098d We still need to 'CAP REQ :sasl' when we get 'CAP NEW :sasl' (sasl) 2019-02-09 02:58:25 +00:00
jesopo
697ce2ba30 Do a SASL reauthentication when we get CAP NEW for SASL (sasl) 2019-02-08 23:12:14 +00:00
jesopo
7d25ce44ad Use HTML entity for less-than symbol (sasl README.md) 2019-02-07 13:53:46 +00:00
jesopo
35ad1c7c7b Add SASL README.md 2019-02-07 13:51:08 +00:00
jesopo
a3ca29dabe Show server name when we log a SASL failure (sasl) 2019-02-07 12:23:11 +00:00
jesopo
7dd1eca7ae Don't use string concat when we're already using %s formatting (sasl.scram) 2019-02-06 23:04:26 +00:00
jesopo
65766a093a Add more comments, re-seperate out self._ variables and seperate some compound
function calls on to different lines for readability (sasl.scram)
2019-02-06 22:58:16 +00:00
jesopo
c77d8aaac8 Default error to "", _client_first/_salted_password/_auth_message to b""
(sasl.scram)
2019-02-06 22:36:25 +00:00
jesopo
1bac2f67de Add type hints to SCRAM ctor (sasl.scram) 2019-02-06 22:33:30 +00:00
jesopo
50a8de2792 Restrict scram algorithms to IANA Hash Function Textual Names (sasl.scram) 2019-02-06 22:28:50 +00:00
jesopo
4e3e782519 Remove pointless local auth_message variable (sasl.scram) 2019-02-06 22:00:23 +00:00
jesopo
efbbe4c3db Move parsing username, password and algorithm to the only place that uses it and
add comments (sasl.scram)
2019-02-06 21:49:44 +00:00
jesopo
bffd43648d uuid.uuid4() is not random enough for a nonce (sasl.scram) 2019-02-06 21:49:24 +00:00
jesopo
67252833c4 Remove pointless local salted_password variable (sasl.scram) 2019-02-06 21:19:25 +00:00
jesopo
cbdd8d6fc9 Remove pointless local assign of self._password (sasl.scram) 2019-02-06 21:16:55 +00:00
jesopo
90b540d5dc Add type annotations to scram util functions (sasl) 2019-02-06 21:05:20 +00:00
jesopo
bf3986a1be Log a WARN when we get a 904 (failed sasl) 2019-02-06 16:25:43 +00:00
jesopo
16ea48cb54 Assume we'll receive a 904 when SCRAM fails with an e= param (sasl) 2019-02-06 15:50:42 +00:00
jesopo
c006435fa1 Set SCRAM state to just Failure if there's a server-final-message error (sasl) 2019-02-06 15:41:31 +00:00
jesopo
09eb3d3314 Only panic about a scram failure if it's a server-final-message failure (sasl) 2019-02-06 15:38:59 +00:00
jesopo
0e63700761 Only send auth_text if it's not None (sasl) 2019-02-06 15:37:34 +00:00
jesopo
be95514174 auth_text would not be present in a failure scenario 2019-02-06 15:36:59 +00:00
jesopo
cfa590eef7 Handle error on server-final-message (sasl.scram) 2019-02-06 15:28:17 +00:00
jesopo
3e54542b6a arguments was not defined if they weren't provided (sasl) 2019-02-06 11:22:13 +00:00
jesopo
0004a8a59c Fix mypy linting issue with dict creation (scram.py) 2019-02-06 11:09:45 +00:00
jesopo
a7554b835e "+" as part of a SASL handshake is irc-specific so remove it from scram.py 2019-02-06 11:07:50 +00:00
jesopo
6b4bb7cdba Type annotate scram.py and don't pass base64 data to scram.py functions 2019-02-06 08:50:19 +00:00
jesopo
aa7aa17ec1 Split hash and hmac logic out to their own functions (sasl.scram) 2019-02-05 22:53:55 +00:00
jesopo
ff2d5ef7e7 Disconnect from server and throw an exception if SCRAM server verification fails
(sasl)
2019-02-05 17:04:00 +00:00
jesopo
b742b1ecee Remove debug print in sasl/__init__.py 2019-02-05 15:58:11 +00:00
jesopo
1fe20a2c98 Move sasl.py to a directory module and move SCRAM logic to a different file,
move `github/module.py` to `github/__init__.py`
2019-02-05 15:54:20 +00:00