SCRAM Mechanism returns incorrect error code on wrong password

[quanah]

This was incorrectly reported to the OpenLDAP project: https://www.openldap.org/its/index.cgi/?findid=8936

The code remains wrong in current cyrus-sasl master:

1431     for (k = 0; k < hash_size; k++) {
1432     if (CalculatedStoredKey[k] != text->StoredKey[k]) {
1433         SETERROR(sparams->utils, "StoredKey mismatch");
1434         result = SASL_BADPROT;
1435         goto cleanup;
1436     }

[Neustradamus]

@quanah: Any news?

[quanah]

@Neustradamus This project appears to primarily be ignored by Fastmail, so no.

[Neustradamus]

@ksmurchison: What do you think about this ticket from @quanah?

SCRAM is very important for projects which use it, currently it is very limited.

@brong, @ksmurchison, do not forget: There is a problem of priority for SCRAM-SHA-256 and SCRAM-SHA-1:

• Prioritize SCRAM-SHA-256 over SCRAM-SHA-1 #577

Any news for other points?

• Add SCRAM-SHA-1-PLUS, SCRAM-SHA-224-PLUS, SCRAM-SHA-256-PLUS, SCRAM-SHA-384-PLUS, SCRAM-SHA-512-PLUS, SCRAM-SHA3-512(-PLUS) supports #552

It is easy to add -PLUS part, no?

Documentation problems:

• There is a problem in documentations, please update documentations #549

[ksmurchison]

Is there a PR to fix the error code?

[quanah]

Is there a PR to fix the error code?

There is now. :)

[Neustradamus]

@ksmurchison, @quanah: Thanks for your changes but any news for tickets cited previously?

• Prioritize SCRAM-SHA-256 over SCRAM-SHA-1 #577
• Add SCRAM-SHA-1-PLUS, SCRAM-SHA-224-PLUS, SCRAM-SHA-256-PLUS, SCRAM-SHA-384-PLUS, SCRAM-SHA-512-PLUS, SCRAM-SHA3-512(-PLUS) supports #552
• There is a problem in documentations, please update documentations #549