Fix channel binding in SCRAM #284

Closed
wants to merge 1 commit into
from

3 participants

@mathieui

http://tools.ietf.org/html/rfc5802#page-19
It says cbind-data MUST be absent for the "y" and "n" values of gs2-cbind-flag.

This causes authentication failures in SCRAM with ejabberd, leading to the DIGEST-MD5 fallback.

@mathieui mathieui Fix channel binding in SCRAM
http://tools.ietf.org/html/rfc5802#page-19
cbind-data MUST be absent for the "y" and "n" values of
gs2-cbind-flag.
cd423db
@Zash

Or what about this:

diff --git a/sleekxmpp/util/sasl/mechanisms.py b/sleekxmpp/util/sasl/mechanisms.py
index 523eabc..36fcb92 100644
--- a/sleekxmpp/util/sasl/mechanisms.py
+++ b/sleekxmpp/util/sasl/mechanisms.py
@@ -287,7 +287,9 @@ class SCRAM(Mech):
         if nonce[:len(self.cnonce)] != self.cnonce:
             raise SASLCancelled('Invalid nonce')

-        cbind_data = self.credentials['channel_binding']
+        cbind_data = b''
+        if self.use_channel_binding:
+            cbind_data = self.credentials['channel_binding']
         cbind_input = self.gs2_header + cbind_data
         channel_binding = b'c=' + b64encode(cbind_input).replace(b'\n', b'')
@legastero
Collaborator

Used Zash's version.

@legastero legastero closed this Apr 21, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment