From 4ce4daa933c634484d41cae527b2e0d0992c1944 Mon Sep 17 00:00:00 2001
From: Dana Powers <dana.powers@gmail.com>
Date: Sat, 14 Oct 2017 17:22:00 -0700
Subject: validate sasl_mechanism against SaslHandShakeResponse
 enabled_mechanisms

---
 kafka/conn.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'kafka/conn.py')

diff --git a/kafka/conn.py b/kafka/conn.py
index 2f560d0..7ca2652 100644
--- a/kafka/conn.py
+++ b/kafka/conn.py
@@ -460,7 +460,12 @@ class BrokerConnection(object):
             self.close(error=error)
             return future.failure(error_type(self))
 
-        if self.config['sasl_mechanism'] == 'PLAIN':
+        if self.config['sasl_mechanism'] not in response.enabled_mechanisms:
+            return future.failure(
+                Errors.UnsupportedSaslMechanismError(
+                    'Kafka broker does not support %s sasl mechanism. Enabled mechanisms are: %s'
+                    % (self.config['sasl_mechanism'], response.enabled_mechanisms)))
+        elif self.config['sasl_mechanism'] == 'PLAIN':
             return self._try_authenticate_plain(future)
         elif self.config['sasl_mechanism'] == 'GSSAPI':
             return self._try_authenticate_gssapi(future)
-- 
cgit v1.2.1