aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2019-10-15 22:05:51 +0200
committerKim Alvefur <zash@zash.se>2019-10-15 22:05:51 +0200
commit57a86c0b0c206495acf6a36fc22f2506ea438f3f (patch)
treedde4fdd39a984f6d0f2660cc97700a846498f934
parent668089d57cc81ec71f421eb76eb6ea71af7a2d15 (diff)
downloadprosody-57a86c0b0c206495acf6a36fc22f2506ea438f3f.tar.gz
prosody-57a86c0b0c206495acf6a36fc22f2506ea438f3f.zip
mod_saslauth: Improve logging of why no SASL mechanisms were offered
-rw-r--r--plugins/mod_saslauth.lua24
1 files changed, 18 insertions, 6 deletions
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua
index 3d3620cf..be57e8d8 100644
--- a/plugins/mod_saslauth.lua
+++ b/plugins/mod_saslauth.lua
@@ -292,14 +292,26 @@ module:hook("stream-features", function(event)
features:add_child(mechanisms);
return;
end
- if mechanisms[1] then
- features:add_child(mechanisms);
- elseif not next(sasl_mechanisms) then
- local authmod = module:get_option_string("authentication", "internal_plain");
+
+ local authmod = module:get_option_string("authentication", "internal_plain");
+ if available_mechanisms:empty() then
log("error", "No available SASL mechanisms, verify that the configured authentication module '%s' is loaded and configured correctly", authmod);
- else
- log("warn", "All available authentication mechanisms are either disabled or not suitable for an insecure connection");
+ return;
+ end
+
+ if not origin.secure and not available_insecure:empty() then
+ if not available_disabled:empty() then
+ log("error", "All SASL mechanisms provided by authentication module '%s' are forbidden on insecure connections (%s) or disabled (%s)",
+ authmod, available_insecure, available_disabled);
+ else
+ log("error", "All SASL mechanisms provided by authentication module '%s' are forbidden on insecure connections (%s)",
+ authmod, available_insecure);
+ end
+ elseif not available_disabled:empty() then
+ log("error", "All SASL mechanisms provided by authentication module '%s' are disabled (%s)",
+ authmod, available_disabled);
end
+
else
features:tag("bind", bind_attr):tag("required"):up():up();
features:tag("session", xmpp_session_attr):tag("optional"):up():up();