Commit 5f0e1da0 authored by Philipp Hörist's avatar Philipp Hörist
Browse files

feat: Implement SCRAM-SHA-512

parent 4c0e15d0
Pipeline #9606 failed with stages
in 43 seconds
......@@ -119,7 +119,10 @@ class SASL:
self._log.info('Chosen auth mechanism: %s', chosen_mechanism)
if chosen_mechanism in ('SCRAM-SHA-256', 'SCRAM-SHA-1', 'PLAIN'):
if chosen_mechanism in ('SCRAM-SHA-512',
'SCRAM-SHA-256',
'SCRAM-SHA-1',
'PLAIN'):
if not self._password:
self._on_sasl_finished(False, 'no-password')
return
......@@ -134,7 +137,11 @@ class SASL:
# channel_binding_data)
# self._method.initiate(self._client.username, self._password)
if chosen_mechanism == 'SCRAM-SHA-256':
if chosen_mechanism == 'SCRAM-SHA-512':
self._method = SCRAM_SHA_512(self._client, None)
self._method.initiate(self._client.username, self._password)
elif chosen_mechanism == 'SCRAM-SHA-256':
self._method = SCRAM_SHA_256(self._client, None)
self._method.initiate(self._client.username, self._password)
......@@ -442,5 +449,12 @@ class SCRAM_SHA_256_PLUS(SCRAM_SHA_256):
_channel_binding = 'p=tls-unique,,'
class SCRAM_SHA_512(SCRAM):
_mechanism = 'SCRAM-SHA-512'
_channel_binding = 'n,,'
_hash_method = 'sha512'
class AuthFail(Exception):
pass
......@@ -284,7 +284,8 @@ class Client(Observable):
@property
def mechs(self):
return set(self._allowed_mechs or set(['SCRAM-SHA-256',
return set(self._allowed_mechs or set(['SCRAM-SHA-512',
'SCRAM-SHA-256',
'SCRAM-SHA-1',
'PLAIN']))
......
......@@ -44,6 +44,7 @@ def ascii_upper(s):
return s.upper()
SASL_AUTH_MECHS = [
'SCRAM-SHA-512',
'SCRAM-SHA-256-PLUS',
'SCRAM-SHA-256',
'SCRAM-SHA-1-PLUS',
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment