func init() {
auth.AddMechanism("SCRAM-SHA-1",
func(e *auth.AuthElement, strm stream.ServerStream) error {
var auth_state *auth.AuthState
if err := strm.State().Get(&auth_state); err != nil {
log.Println("SHAM-SHA-1 AuthState is not set can't get auth data")
return err
}
auth_data, err := auth.DecodeBase64(e.Data, strm)
if err != nil {
return err
}
scram := scram.NewServer(sha1.New, nil)
if err := scram.ParseClientFirst(auth_data); err != nil {
return err
}
scram.SaltPassword([]byte(auth_state.GetPasswordByUserName(scram.UserName())))
handler := newSHAHandler(strm, scram, auth_state)
return handler.Handle()
})
}
func init() {
auth.AddMechanism("PLAIN",
func(e *auth.AuthElement, stream stream.ServerStream) error {
var auth_state *auth.AuthState
if err := stream.State().Get(&auth_state); err != nil {
return err
}
b, err := auth.DecodeBase64(e.Data, stream)
if err != nil {
return err
}
user_password := bytes.Split(b, usernamePasswordSeparator)
if pass := auth_state.GetPasswordByUserName(string(user_password[1])); pass == string(user_password[2]) {
if err := stream.WriteElement(mechanisms.SuccessElement{}); err != nil {
return err
}
auth_state.UserName = string(user_password[1])
auth_state.Mechanism = "PLAIN"
stream.ReOpen()
return nil
} else {
return errors.New("AUTH FAILED")
}
})
}
func (h *shaHandler) Handle() error {
if err := h.strm.WriteElement(mechanisms.NewChallengeElement(h.scram.First())); err != nil {
return err
}
// Receive a response with encoded MD5
resp_el, err := mechanisms.ReadResponse(h.strm)
if err != nil {
return err
}
// Check SHA
raw_resp_data, err := auth.DecodeBase64(resp_el.Data, h.strm)
if err != nil {
return err
}
if err := h.scram.CheckClientFinal(raw_resp_data); err != nil {
return err
}
// Send response
if err := h.strm.WriteElement(mechanisms.NewSuccessElement(h.scram.Final())); err != nil {
log.Println("Could not write signature")
return err
}
h.authState.UserName = h.scram.UserName()
h.strm.ReOpen()
return nil
}
func (h *digestMD5Handler) Handle() error {
var auth_state *auth.AuthState
if err := h.strm.State().Get(&auth_state); err != nil {
auth_state = &auth.AuthState{}
h.strm.State().Push(auth_state)
}
if err := h.strm.WriteElement(mechanisms.NewChallengeElement(h.md5.Challenge())); err != nil {
return err
}
// Receive a response with encoded MD5
resp_el, err := mechanisms.ReadResponse(h.strm)
if err != nil {
return err
}
// Check MD5
raw_resp_data, err := auth.DecodeBase64(resp_el.Data, h.strm)
if err != nil {
return err
}
if err := h.md5.ParseResponse(raw_resp_data); err != nil {
return err
}
password := auth_state.GetPasswordByUserName(h.md5.UserName())
if err := h.md5.Validate(password); err != nil {
return err
}
// Send response
if err := h.strm.WriteElement(mechanisms.NewChallengeElement(h.md5.Final())); err != nil {
return err
}
rsp, err := mechanisms.ReadResponse(h.strm)
if err != nil {
return err
}
if rsp.Data != "" {
return errors.New("Wrong response, expected empty response")
}
if err := h.strm.WriteElement(mechanisms.SuccessElement{}); err != nil {
return err
}
auth_state.UserName = h.md5.AuthID()
h.strm.ReOpen()
return nil
}