diff options
| author | Kim Alvefur <zash@zash.se> | 2019-10-15 21:58:10 +0200 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2019-10-15 21:58:10 +0200 |
| commit | 668089d57cc81ec71f421eb76eb6ea71af7a2d15 (patch) | |
| tree | c3de22ef64e893844de4a70fb0c9177e454fef98 /plugins/mod_saslauth.lua | |
| parent | a375a343326a80bab8d98d86118772d1e0791be1 (diff) | |
| download | prosody-668089d57cc81ec71f421eb76eb6ea71af7a2d15.tar.gz prosody-668089d57cc81ec71f421eb76eb6ea71af7a2d15.zip | |
mod_saslauth: Use the power of Set Theory to mange sets of SASL mechanisms
This makes sets of excluded mechanisms easily available for use later.
Diffstat (limited to 'plugins/mod_saslauth.lua')
| -rw-r--r-- | plugins/mod_saslauth.lua | 30 |
1 files changed, 24 insertions, 6 deletions
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index cfaa1f9c..3d3620cf 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -12,6 +12,7 @@ local st = require "util.stanza"; local sm_bind_resource = require "core.sessionmanager".bind_resource; local sm_make_authenticated = require "core.sessionmanager".make_authenticated; local base64 = require "util.encodings".base64; +local set = require "util.set"; local usermanager_get_sasl_handler = require "core.usermanager".get_sasl_handler; @@ -264,15 +265,32 @@ module:hook("stream-features", function(event) end local mechanisms = st.stanza("mechanisms", mechanisms_attr); local sasl_mechanisms = sasl_handler:mechanisms() + local available_mechanisms = set.new(); for mechanism in pairs(sasl_mechanisms) do - if disabled_mechanisms:contains(mechanism) then - log("debug", "Not offering disabled mechanism %s", mechanism); - elseif not origin.secure and insecure_mechanisms:contains(mechanism) then - log("debug", "Not offering mechanism %s on insecure connection", mechanism); - else - log("debug", "Offering mechanism %s", mechanism); + available_mechanisms:add(mechanism); + end + log("debug", "SASL mechanisms supported by handler: %s", available_mechanisms); + + local usable_mechanisms = available_mechanisms - disabled_mechanisms; + + local available_disabled = set.intersection(available_mechanisms, disabled_mechanisms); + if not available_disabled:empty() then + log("debug", "Not offering disabled mechanisms: %s", available_disabled); + end + + local available_insecure = set.intersection(available_mechanisms, insecure_mechanisms); + if not origin.secure and not available_insecure:empty() then + log("debug", "Session is not secure, not offering insecure mechanisms: %s", available_insecure); + usable_mechanisms = usable_mechanisms - insecure_mechanisms; + end + + if not usable_mechanisms:empty() then + log("debug", "Offering usable mechanisms: %s", usable_mechanisms); + for mechanism in available_mechanisms do mechanisms:tag("mechanism"):text(mechanism):up(); end + features:add_child(mechanisms); + return; end if mechanisms[1] then features:add_child(mechanisms); |