Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SASL/SCRAM authentication fix: avoid concatenating client side nonce once more #4895

Merged
merged 1 commit into from
Nov 7, 2024
Merged

SASL/SCRAM authentication fix: avoid concatenating client side nonce once more #4895

merged 1 commit into from
Nov 7, 2024

Conversation

emasab
Copy link
Contributor

@emasab emasab commented Nov 7, 2024
edited
Loading

as it's already prepended in server sent nonce.
librdkafka was incorrectly concatenating the client side nonce again, leading to this fix being made on AK side, released with 3.8.1, with endsWith instead of equals.
Happening since v0.0.99

Tested with trivup started with --sasl SCRAM-SHA-512 parameter and test 0135

@emasab emasab requested a review from a team as a code owner November 7, 2024 09:57
@confluent-cla-assistant
Copy link

🎉 All Contributor License Agreements have been signed. Ready to merge.
Please push an empty commit if you would like to re-run the checks to verify CLA status for all contributors.

@emasab
Fix for SCRAM client final message, the 'r' parameter
12c1e0a 
must be equal to the server sent nonce, that already contains the client side nonce. librdkafka was incorrectly concatenating the client side nonce again, leading to this fix being made on AK side, released in 3.8.1, with endsWith instead of equals.
apache/kafka@0a00456
@airlock-confluentinc airlock-confluentinc bot force-pushed the dev_fix_scram_client_final_message_nonce branch from 66eaf7c to 12c1e0a Compare November 7, 2024 10:02
@emasab emasab merged commit 816df5e into master Nov 7, 2024
2 checks passed
@emasab emasab deleted the dev_fix_scram_client_final_message_nonce branch November 7, 2024 13:27
airlock-confluentinc bot pushed a commit that referenced this pull request Nov 29, 2024
@emasab @PratRanj07
Fix for SCRAM client final message, the 'r' parameter (#4895)
e0e1ee9 
must be equal to the server sent nonce, that already contains the client side nonce. librdkafka was incorrectly concatenating the client side nonce again, leading to this fix being made on AK side, released in 3.8.1, with endsWith instead of equals.
apache/kafka@0a00456
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@milindl milindl milindl approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@emasab @milindl