From 286802ca555f3ba07bfe4f130892ef6d9a815b33 Mon Sep 17 00:00:00 2001 From: reshke Date: Wed, 30 Aug 2023 18:27:29 +0500 Subject: [PATCH] Do not offer scram-256-plus over non-SSL connection (#528) --- sources/auth.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/sources/auth.c b/sources/auth.c index d92ad71b8..2564485ec 100644 --- a/sources/auth.c +++ b/sources/auth.c @@ -335,10 +335,16 @@ static inline int od_auth_frontend_scram_sha_256(od_client_t *client) { od_instance_t *instance = client->global->instance; char *mechanisms[2] = { "SCRAM-SHA-256", "SCRAM-SHA-256-PLUS" }; - + /* request AuthenticationSASL */ - machine_msg_t *msg = - kiwi_be_write_authentication_sasl(NULL, mechanisms, 2); + machine_msg_t *msg; + + if (client->tls == NULL) { + msg = kiwi_be_write_authentication_sasl(NULL, mechanisms, 1); + } else { + msg = kiwi_be_write_authentication_sasl(NULL, mechanisms, 2); + } + if (msg == NULL) return -1;