gotosocial/vendor/mellium.im/sasl/plain.go
Tobi Smethurst 98263a7de6
Grand test fixup (#138)
* start fixing up tests

* fix up tests + automate with drone

* fiddle with linting

* messing about with drone.yml

* some more fiddling

* hmmm

* add cache

* add vendor directory

* verbose

* ci updates

* update some little things

* update sig
2021-08-12 21:03:24 +02:00

52 lines
1.5 KiB
Go

// Copyright 2016 The Mellium Contributors.
// Use of this source code is governed by the BSD 2-clause license that can be
// found in the LICENSE file.
package sasl
import (
"bytes"
)
var plainSep = []byte{0}
var plain = Mechanism{
Name: "PLAIN",
Start: func(m *Negotiator) (more bool, resp []byte, _ interface{}, err error) {
username, password, identity := m.credentials()
payload := make([]byte, 0, len(identity)+len(username)+len(password)+2)
payload = append(payload, identity...)
payload = append(payload, '\x00')
payload = append(payload, username...)
payload = append(payload, '\x00')
payload = append(payload, password...)
return false, payload, nil, nil
},
Next: func(m *Negotiator, challenge []byte, _ interface{}) (more bool, resp []byte, _ interface{}, err error) {
// If we're a client, or we're a server that's past the AuthTextSent step,
// we should never actually hit this step.
if m.State()&Receiving != Receiving || m.State()&StepMask != AuthTextSent {
err = ErrTooManySteps
return
}
// If we're a server, validate that the challenge looks like:
// "Identity\x00Username\x00Password"
parts := bytes.Split(challenge, plainSep)
if len(parts) != 3 {
err = ErrInvalidChallenge
return
}
if m.Permissions(Credentials(func() (Username, Password, Identity []byte) {
return parts[1], parts[2], parts[0]
})) {
// Everything checks out as far as we know and the server should continue
// to authenticate the user.
return
}
err = ErrAuthn
return
},
}