diff options
author | Waqas Hussain <waqas20@gmail.com> | 2009-03-30 03:51:37 +0500 |
---|---|---|
committer | Waqas Hussain <waqas20@gmail.com> | 2009-03-30 03:51:37 +0500 |
commit | 178fbe509c7e99cbe1283fffd8304fefacbc9abf (patch) | |
tree | 12a7e5e96be8acf8b83b9fbc252daf918411eb5c /plugins/mod_saslauth.lua | |
parent | e48219e159bea32146882493ca3b89e9f987562e (diff) | |
download | prosody-178fbe509c7e99cbe1283fffd8304fefacbc9abf.tar.gz prosody-178fbe509c7e99cbe1283fffd8304fefacbc9abf.zip |
Fixed: mod_saslauth: "anonymous_login" currently makes SASL ANONYMOUS an exclusive mechanism. Corrected advertised mechanisms and error replies.
Diffstat (limited to 'plugins/mod_saslauth.lua')
-rw-r--r-- | plugins/mod_saslauth.lua | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index 32047719..3018b825 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -72,7 +72,15 @@ end local function sasl_handler(session, stanza) if stanza.name == "auth" then -- FIXME ignoring duplicates because ejabberd does + if config.get(session.host or "*", "core", "anonymous_login") and stanza.attr.mechanism ~= "ANONYMOUS" then + return session.send(build_reply("failure", "invalid-mechanism")); + elseif mechanism == "ANONYMOUS" then + return session.send(build_reply("failure", "mechanism-too-weak")); + end session.sasl_handler = new_sasl(stanza.attr.mechanism, session.host, password_callback); + if not session.sasl_handler then + return session.send(build_reply("failure", "invalid-mechanism")); + end elseif not session.sasl_handler then return; -- FIXME ignoring out of order stanzas because ejabberd does end @@ -105,10 +113,11 @@ module:add_event_hook("stream-features", if not session.username then features:tag("mechanisms", mechanisms_attr); -- TODO: Provide PLAIN only if TLS is active, this is a SHOULD from the introduction of RFC 4616. This behavior could be overridden via configuration but will issuing a warning or so. - features:tag("mechanism"):text("PLAIN"):up(); - features:tag("mechanism"):text("DIGEST-MD5"):up(); if config.get(session.host or "*", "core", "anonymous_login") then features:tag("mechanism"):text("ANONYMOUS"):up(); + else + features:tag("mechanism"):text("DIGEST-MD5"):up(); + features:tag("mechanism"):text("PLAIN"):up(); end features:up(); else |