From 03c58cbf39e9cd53f457a71277b311fe4bcf4c66 Mon Sep 17 00:00:00 2001 From: Travis Bischel Date: Thu, 18 Nov 2021 16:44:06 -0700 Subject: [PATCH] scram: use c-nonce s-nonce, not just c-nonce, in client-reply-final Kafka does not validate the nonce properly right now, which is why this worked. Same for redpanda. https://issues.apache.org/jira/browse/KAFKA-13464 https://github.com/vectorizedio/redpanda/issues/3015 This also uses RawStdEncoding for nonce since we just care about printable (not base64), and we use the escaper for auth.Zid. --- pkg/sasl/scram/scram.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/sasl/scram/scram.go b/pkg/sasl/scram/scram.go index 5921184c..87c81bfa 100644 --- a/pkg/sasl/scram/scram.go +++ b/pkg/sasl/scram/scram.go @@ -113,7 +113,7 @@ func (s scram) Authenticate(ctx context.Context, _ string) (sasl.Session, []byte auth.Nonce = buf } - auth.Nonce = []byte(base64.StdEncoding.EncodeToString(auth.Nonce)) + auth.Nonce = []byte(base64.RawStdEncoding.EncodeToString(auth.Nonce)) clientFirstMsgBare := make([]byte, 0, 100) clientFirstMsgBare = append(clientFirstMsgBare, "n="...) @@ -126,7 +126,7 @@ func (s scram) Authenticate(ctx context.Context, _ string) (sasl.Session, []byte gs2Header := "n," // no channel binding if auth.Zid != "" { - gs2Header += "a=" + auth.Zid + gs2Header += "a=" + escaper.Replace(auth.Zid) } gs2Header += "," clientFirstMsg := append([]byte(gs2Header), clientFirstMsgBare...) @@ -219,7 +219,7 @@ func (s *session) authenticateClient(serverFirstMsg []byte) ([]byte, error) { storedKey := h.Sum(nil) // StoredKey := H(ClientKey) // biws is `n,,` base64 encoded; we do not use a channel - clientFinalMsgWithoutProof := append([]byte("c=biws,r="), s.auth.Nonce...) + clientFinalMsgWithoutProof := append([]byte("c=biws,r="), serverNonce...) authMsg := append(s.clientFirstMsgBare, ',') // AuthMsg := client-first-message-bare + "," + authMsg = append(authMsg, serverFirstMsg...) // server-first-message + authMsg = append(authMsg, ',') // "," +