[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
GSASL_CB_TLS_EXPORTER leads to a failure with non-PLUS SCRAM methods
From: |
defanor |
Subject: |
GSASL_CB_TLS_EXPORTER leads to a failure with non-PLUS SCRAM methods |
Date: |
Wed, 28 Aug 2024 17:30:45 +0300 |
User-agent: |
mu4e 1.8.13; emacs 28.2 |
Hello,
I noticed that GSASL reads the GSASL_CB_TLS_EXPORTER property even when
a non-"PLUS" SCRAM method is used, and if it is provided, the
authentication process fails at once. This does seem wrong: I think it
would be nicer if it did not fail when unnecessary information is
provided, and if it did not ask for that (e.g., via a callback), either.
Sample code to reproduce this behaviour:
---- gsasl-test.c ----
#include <gsasl.h>
int main() {
int rc;
Gsasl *ctx = NULL;
rc = gsasl_init (&ctx);
if (rc != GSASL_OK) {
printf ("Init error (%d): %s\n", rc, gsasl_strerror (rc));
}
Gsasl_session *session;
rc = gsasl_client_start (ctx, "SCRAM-SHA-1", &session);
if (rc != GSASL_OK) {
printf ("Start error (%d): %s\n", rc, gsasl_strerror (rc));
}
rc = gsasl_property_set (session, GSASL_AUTHID, "foo");
if (rc != GSASL_OK) {
printf ("Property set error (%d): %s\n", rc, gsasl_strerror (rc));
}
rc = gsasl_property_set (session, GSASL_CB_TLS_EXPORTER,
"YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWE=");
if (rc != GSASL_OK) {
printf ("Property set error (%d): %s\n", rc, gsasl_strerror (rc));
}
rc = gsasl_property_set (session, GSASL_PASSWORD, "foo");
if (rc != GSASL_OK) {
printf ("Property set error (%d): %s\n", rc, gsasl_strerror (rc));
}
char *buf;
rc = gsasl_step64(session, "", &buf);
if (rc != GSASL_OK) {
printf ("Authentication error (%d): %s\n", rc, gsasl_strerror (rc));
}
gsasl_finish (session);
gsasl_done (ctx);
}
---- end of gsasl-test.c ----
That prints "Authentication error (31): Error authenticating user" here,
with gsasl 2.2.0-1. Replacing "SCRAM-SHA-1" with "SCRAM-SHA-1-PLUS", or
not setting GSASL_CB_TLS_EXPORTER, proceeds without an error, asking for
more data.
- GSASL_CB_TLS_EXPORTER leads to a failure with non-PLUS SCRAM methods,
defanor <=