forked from mirrors/gotosocial
98263a7de6
* start fixing up tests * fix up tests + automate with drone * fiddle with linting * messing about with drone.yml * some more fiddling * hmmm * add cache * add vendor directory * verbose * ci updates * update some little things * update sig
52 lines
1.5 KiB
Go
52 lines
1.5 KiB
Go
// Copyright 2016 The Mellium Contributors.
|
|
// Use of this source code is governed by the BSD 2-clause license that can be
|
|
// found in the LICENSE file.
|
|
|
|
package sasl
|
|
|
|
import (
|
|
"bytes"
|
|
)
|
|
|
|
var plainSep = []byte{0}
|
|
|
|
var plain = Mechanism{
|
|
Name: "PLAIN",
|
|
Start: func(m *Negotiator) (more bool, resp []byte, _ interface{}, err error) {
|
|
username, password, identity := m.credentials()
|
|
payload := make([]byte, 0, len(identity)+len(username)+len(password)+2)
|
|
payload = append(payload, identity...)
|
|
payload = append(payload, '\x00')
|
|
payload = append(payload, username...)
|
|
payload = append(payload, '\x00')
|
|
payload = append(payload, password...)
|
|
return false, payload, nil, nil
|
|
},
|
|
Next: func(m *Negotiator, challenge []byte, _ interface{}) (more bool, resp []byte, _ interface{}, err error) {
|
|
// If we're a client, or we're a server that's past the AuthTextSent step,
|
|
// we should never actually hit this step.
|
|
if m.State()&Receiving != Receiving || m.State()&StepMask != AuthTextSent {
|
|
err = ErrTooManySteps
|
|
return
|
|
}
|
|
|
|
// If we're a server, validate that the challenge looks like:
|
|
// "Identity\x00Username\x00Password"
|
|
parts := bytes.Split(challenge, plainSep)
|
|
if len(parts) != 3 {
|
|
err = ErrInvalidChallenge
|
|
return
|
|
}
|
|
|
|
if m.Permissions(Credentials(func() (Username, Password, Identity []byte) {
|
|
return parts[1], parts[2], parts[0]
|
|
})) {
|
|
// Everything checks out as far as we know and the server should continue
|
|
// to authenticate the user.
|
|
return
|
|
}
|
|
|
|
err = ErrAuthn
|
|
return
|
|
},
|
|
}
|