scram: use c-nonce s-nonce, not just c-nonce, in client-reply-final

Kafka does not validate the nonce properly right now, which is why this worked. Same for redpanda. https://issues.apache.org/jira/browse/KAFKA-13464 redpanda-data/redpanda#3015 This also uses RawStdEncoding for nonce since we just care about printable (not base64), and we use the escaper for auth.Zid.
twmb · Nov 18, 2021 · 03c58cb · 03c58cb
1 parent af367fb
commit 03c58cb
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/pkg/sasl/scram/scram.go b/pkg/sasl/scram/scram.go
@@ -113,7 +113,7 @@ func (s scram) Authenticate(ctx context.Context, _ string) (sasl.Session, []byte
 		auth.Nonce = buf
 	}
 
-	auth.Nonce = []byte(base64.StdEncoding.EncodeToString(auth.Nonce))
+	auth.Nonce = []byte(base64.RawStdEncoding.EncodeToString(auth.Nonce))
 
 	clientFirstMsgBare := make([]byte, 0, 100)
 	clientFirstMsgBare = append(clientFirstMsgBare, "n="...)
@@ -126,7 +126,7 @@ func (s scram) Authenticate(ctx context.Context, _ string) (sasl.Session, []byte
 
 	gs2Header := "n," // no channel binding
 	if auth.Zid != "" {
-		gs2Header += "a=" + auth.Zid
+		gs2Header += "a=" + escaper.Replace(auth.Zid)
 	}
 	gs2Header += ","
 	clientFirstMsg := append([]byte(gs2Header), clientFirstMsgBare...)
@@ -219,7 +219,7 @@ func (s *session) authenticateClient(serverFirstMsg []byte) ([]byte, error) {
 	storedKey := h.Sum(nil) // StoredKey := H(ClientKey)
 
 	// biws is `n,,` base64 encoded; we do not use a channel
-	clientFinalMsgWithoutProof := append([]byte("c=biws,r="), s.auth.Nonce...)
+	clientFinalMsgWithoutProof := append([]byte("c=biws,r="), serverNonce...)
 	authMsg := append(s.clientFirstMsgBare, ',')             // AuthMsg := client-first-message-bare + "," +
 	authMsg = append(authMsg, serverFirstMsg...)             //            server-first-message +
 	authMsg = append(authMsg, ',')                           //            "," +