Add command line flag to disable XEP-0474: SASL SCRAM Downgrade Protection.

CHANGELOG.md

@@ -6,6 +6,7 @@
 - Properly close stream if `Ctrl+C` is pressed in listening mode.
 - Print OS, architecture and go version for flag `--version`.
 - Improve closing of connection (via go-xmpp v0.1.3).
+- New command line flag `SSDP-off` to disable XEP-0474: SASL SCRAM Downgrade Protection (requires go-xmpp > v0.1.3).
 
 ## [v0.8.4] 2024-03-09
 ### Changed

README.md

@@ -75,7 +75,7 @@ If no configuration file is present or if the values should be overridden it is
 the account details via command line options:
 
 ```plain
-Usage: go-sendxmpp [-cdilnt] [-a value] [-f value] [--headline] [--help] [-h value] [-j value] [-m value] [--muc-password value] [--oob-file value] [--ox] [--ox-delete-nodes] [--ox-genprivkey-rsa] [--ox-genprivkey-x25519] [--ox-import-privkey value] [--ox-passphrase value] [-p value] [--raw] [--scram-mech-pinning value] [--timeout value] [--tls-version value] [-u value] [--version] [recipients…]
+Usage: go-sendxmpp [-cdilnt] [-a value] [-f value] [--headline] [--help] [-h value] [-j value] [-m value] [--muc-password value] [--oob-file value] [--ox] [--ox-delete-nodes] [--ox-genprivkey-rsa] [--ox-genprivkey-x25519] [--ox-import-privkey value] [--ox-passphrase value] [-p value] [--raw] [--scram-mech-pinning value] [--SSDP-off] [--timeout value] [--tls-version value] [-u value] [--version] [recipients…]
  -a, --alias=value  Set alias/nicknamefor chatrooms.
  -c, --chatroom     Send message to a chatroom.
  -d, --debug        Show debugging info.
@@ -116,6 +116,7 @@ Usage: go-sendxmpp [-cdilnt] [-a value] [-f value] [--headline] [--help] [-h val
      --raw          Send raw XML.
      --scram-mech-pinning=value
                     Enforce the use of a certain SCRAM authentication mechanism.
+     --SSDP-off     Disable XEP-0474: SASL SCRAM Downgrade Protection.
      --timeout=value
                     Connection timeout in seconds. [10]
  -t, --tls          Use direct TLS.

go.mod

@@ -7,7 +7,7 @@ require (
 	github.com/beevik/etree v1.3.0
 	github.com/gabriel-vasile/mimetype v1.4.3
 	github.com/pborman/getopt/v2 v2.1.0
-	github.com/xmppo/go-xmpp v0.1.4-0.20240326182619-bc81053dbcc0
+	github.com/xmppo/go-xmpp v0.1.4-0.20240326203615-862c21f845b0
 	salsa.debian.org/mdosch/xmppsrv v0.2.6
 )
 

go.sum

@@ -25,8 +25,8 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/xmppo/go-xmpp v0.1.4-0.20240326182619-bc81053dbcc0 h1:ApKIu0yuChFMs1W84Se1Df9R5BYuL5TLfBWzTpS/TVU=
-github.com/xmppo/go-xmpp v0.1.4-0.20240326182619-bc81053dbcc0/go.mod h1:yyTnJMs6I6KUKv3BjXc4i3NU/iWBxY3yBGiUvUcW0Qg=
+github.com/xmppo/go-xmpp v0.1.4-0.20240326203615-862c21f845b0 h1:vk8yO+cYE4ZW2mYQpvyCwryOkmdvxZWainjy9ZXjn/s=
+github.com/xmppo/go-xmpp v0.1.4-0.20240326203615-862c21f845b0/go.mod h1:yyTnJMs6I6KUKv3BjXc4i3NU/iWBxY3yBGiUvUcW0Qg=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=

main.go

@@ -134,6 +134,7 @@ func main() {
 	flagOOBFile := getopt.StringLong("oob-file", 0, "", "URL to send a file as out of band data.")
 	flagHeadline := getopt.BoolLong("headline", 0, "Send message as type headline.")
 	flagSCRAMPinning := getopt.StringLong("scram-mech-pinning", 0, "", "Enforce the use of a certain SCRAM authentication mechanism.")
+	flagSSDPOff := getopt.BoolLong("SSDP-off", 0, "Disable XEP-0474: SASL SCRAM Downgrade Protection.")
 
 	// Parse command line flags.
 	getopt.Parse()
@@ -285,6 +286,7 @@ func main() {
 		Debug:     *flagDebug,
 		TLSConfig: &tlsConfig,
 		Mechanism: *flagSCRAMPinning,
+		SSDP:      !*flagSSDPOff,
 	}
 
 	// Read message from file.

man/go-sendxmpp.1

@@ -4,7 +4,7 @@
 .SH "NAME"
 \fBgo\-sendxmpp\fR \- A tool to send messages to an XMPP contact or MUC\.
 .SH "SYNOPSIS"
-\fBgo\-sendxmpp [\-cdilnt] [\-a value] [\-f value] [\-\-headline] [\-\-help] [\-h value] [\-j value] [\-m value] [\-\-muc\-password value] [\-\-oob\-file value] [\-\-ox] [\-\-ox\-delete\-nodes] [\-\-ox\-genprivkey\-rsa] [\-\-ox\-genprivkey\-x25519] [\-\-ox\-import\-privkey value] [\-\-ox\-passphrase value] [\-p value] [\-\-raw] [\-\-scram\-mech\-pinning value] [\-\-timeout value] [\-\-tls\-version value] [\-u value] [\-\-version] [recipients…]\fR
+\fBgo\-sendxmpp [\-cdilnt] [\-a value] [\-f value] [\-\-headline] [\-\-help] [\-h value] [\-j value] [\-m value] [\-\-muc\-password value] [\-\-oob\-file value] [\-\-ox] [\-\-ox\-delete\-nodes] [\-\-ox\-genprivkey\-rsa] [\-\-ox\-genprivkey\-x25519] [\-\-ox\-import\-privkey value] [\-\-ox\-passphrase value] [\-p value] [\-\-raw] [\-\-scram\-mech\-pinning value] [\-\-SSDP\-off] [\-\-timeout value] [\-\-tls\-version value] [\-u value] [\-\-version] [recipients…]\fR
 .SH "DESCRIPTION"
 A tool to send messages to an XMPP contact or MUC inspired by \fBsendxmpp\fR\.
 .br
@@ -89,6 +89,9 @@ Send raw XML\. To send raw XML to a contact as normal chat message no contact mu
 \fB\-\-scram\-mech\-pinning=[<value>]\fR
 Enforce the use of a certain SCRAM authentication mechanism\. Currently go\-sendxmpp supports \fBSCRAM\-SHA\-1\fR, \fBSCRAM\-SHA\-1\-PLUS\fR, \fBSCRAM\-SHA\-256\fR, \fBSCRAM\-SHA\-256\-PLUS\fR, \fBSCRAM\-SHA\-512\fR and \fBSCRAM\-SHA\-512\-PLUS\fR\. You should know what you are doing when using this setting and make sure the chosen mechanism is supported by the server\. If not set, go\-sendxmpp will use XEP\-0474 to prevent downgrade attacks (needs server support)\.
 .TP
+\fB\-\-SSDP\-off\fR
+Disable XEP\-0474: SASL SCRAM Downgrade Protection\.
+.TP
 \fB\-\-timeout=\fR[\fIvalue\fR]
 Connection timeout in seconds\. (Default: 10)
 .TP

man/go-sendxmpp.1.html

@@ -82,7 +82,7 @@
 
 <p><code>go-sendxmpp [-cdilnt] [-a value] [-f value] [--headline] [--help] [-h value] [-j value] [-m value] [--muc-password value]
 [--oob-file value] [--ox] [--ox-delete-nodes] [--ox-genprivkey-rsa] [--ox-genprivkey-x25519] [--ox-import-privkey value]
-[--ox-passphrase value] [-p value] [--raw] [--scram-mech-pinning value] [--timeout value] [--tls-version value] [-u value]
+[--ox-passphrase value] [-p value] [--raw] [--scram-mech-pinning value] [--SSDP-off] [--timeout value] [--tls-version value] [-u value]
 [--version] [recipients…]</code></p>
 
 <h2 id="DESCRIPTION">DESCRIPTION</h2>
@@ -191,6 +191,8 @@ To send raw XML to a MUC you have to specify the MUC via <code>-c</code> and go-
 and <strong>SCRAM-SHA-512-PLUS</strong>. You should know what you are doing when using this setting and 
 make sure the chosen mechanism is supported by the server. If not set, go-sendxmpp will use XEP-0474
 to prevent downgrade attacks (needs server support).</dd>
+<dt><code>--SSDP-off</code></dt>
+<dd>Disable XEP-0474: SASL SCRAM Downgrade Protection.</dd>
 <dt>
 <code>--timeout=</code>[<var>value</var>]</dt>
 <dd>Connection timeout in seconds. (Default: 10)</dd>

man/go-sendxmpp.1.ronn

@@ -5,7 +5,7 @@ go-sendxmpp(1) -- A tool to send messages to an XMPP contact or MUC.
 
 `go-sendxmpp [-cdilnt] [-a value] [-f value] [--headline] [--help] [-h value] [-j value] [-m value] [--muc-password value]
 [--oob-file value] [--ox] [--ox-delete-nodes] [--ox-genprivkey-rsa] [--ox-genprivkey-x25519] [--ox-import-privkey value]
-[--ox-passphrase value] [-p value] [--raw] [--scram-mech-pinning value] [--timeout value] [--tls-version value] [-u value]
+[--ox-passphrase value] [-p value] [--raw] [--scram-mech-pinning value] [--SSDP-off] [--timeout value] [--tls-version value] [-u value]
 [--version] [recipients…]`
 
 ## DESCRIPTION
@@ -117,6 +117,9 @@ and **SCRAM-SHA-512-PLUS**. You should know what you are doing when using this s
 make sure the chosen mechanism is supported by the server. If not set, go-sendxmpp will use XEP-0474
 to prevent downgrade attacks (needs server support).
 
+* `--SSDP-off`:
+Disable XEP-0474: SASL SCRAM Downgrade Protection.
+
 * `--timeout=`[<value>]:
 Connection timeout in seconds. (Default: 10)