summaryrefslogtreecommitdiff
path: root/lisp/net/sasl-scram-rfc.el
diff options
context:
space:
mode:
Diffstat (limited to 'lisp/net/sasl-scram-rfc.el')
-rw-r--r--lisp/net/sasl-scram-rfc.el21
1 files changed, 14 insertions, 7 deletions
diff --git a/lisp/net/sasl-scram-rfc.el b/lisp/net/sasl-scram-rfc.el
index ee52ed6e071..f7a2e425412 100644
--- a/lisp/net/sasl-scram-rfc.el
+++ b/lisp/net/sasl-scram-rfc.el
@@ -45,14 +45,21 @@
;;; Generic for SCRAM-*
+(defvar sasl-scram-gs2-header-function 'sasl-scram-construct-gs2-header
+ "Function to create GS2 header.
+See https://www.rfc-editor.org/rfc/rfc5801#section-4.")
+
+(defun sasl-scram-construct-gs2-header (client)
+ ;; The "n," means the client doesn't support channel binding, and
+ ;; the trailing comma is included as per RFC 5801.
+ (let ((authzid (sasl-client-property client 'authenticator-name)))
+ (concat "n," (and authzid "a=") authzid ",")))
+
(defun sasl-scram-client-first-message (client _step)
(let ((c-nonce (sasl-unique-id)))
(sasl-client-set-property client 'c-nonce c-nonce))
(concat
- ;; n = client doesn't support channel binding
- "n,"
- ;; TODO: where would we get authorization id from?
- ","
+ (funcall sasl-scram-gs2-header-function client)
(sasl-scram--client-first-message-bare client)))
(defun sasl-scram--client-first-message-bare (client)
@@ -77,11 +84,11 @@
(c-nonce (sasl-client-property client 'c-nonce))
;; no channel binding, no authorization id
- (cbind-input "n,,"))
+ (cbind-input (funcall sasl-scram-gs2-header-function client)))
(unless (string-prefix-p c-nonce nonce)
(sasl-error "Invalid nonce from server"))
(let* ((client-final-message-without-proof
- (concat "c=" (base64-encode-string cbind-input) ","
+ (concat "c=" (base64-encode-string cbind-input t) ","
"r=" nonce))
(password
;; TODO: either apply saslprep or disallow non-ASCII characters
@@ -113,7 +120,7 @@
(client-proof (funcall string-xor client-key client-signature))
(client-final-message
(concat client-final-message-without-proof ","
- "p=" (base64-encode-string client-proof))))
+ "p=" (base64-encode-string client-proof t))))
(sasl-client-set-property client 'auth-message auth-message)
(sasl-client-set-property client 'salted-password salted-password)
client-final-message)))
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-03 07:30:13 +0000