diff options
author | Kim Alvefur <zash@zash.se> | 2019-10-15 21:58:10 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2019-10-15 21:58:10 +0200 |
commit | 2177adab441cbe4ea69beb6cb277808a4a13c33a (patch) | |
tree | c3de22ef64e893844de4a70fb0c9177e454fef98 /plugins | |
parent | 96b4d467b9173a8dd3f758ab692f108c28b2f523 (diff) | |
download | prosody-2177adab441cbe4ea69beb6cb277808a4a13c33a.tar.gz prosody-2177adab441cbe4ea69beb6cb277808a4a13c33a.zip |
mod_saslauth: Use the power of Set Theory to mange sets of SASL mechanisms
This makes sets of excluded mechanisms easily available for use later.
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/mod_saslauth.lua | 30 |
1 files changed, 24 insertions, 6 deletions
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index cfaa1f9c..3d3620cf 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -12,6 +12,7 @@ local st = require "util.stanza"; local sm_bind_resource = require "core.sessionmanager".bind_resource; local sm_make_authenticated = require "core.sessionmanager".make_authenticated; local base64 = require "util.encodings".base64; +local set = require "util.set"; local usermanager_get_sasl_handler = require "core.usermanager".get_sasl_handler; @@ -264,15 +265,32 @@ module:hook("stream-features", function(event) end local mechanisms = st.stanza("mechanisms", mechanisms_attr); local sasl_mechanisms = sasl_handler:mechanisms() + local available_mechanisms = set.new(); for mechanism in pairs(sasl_mechanisms) do - if disabled_mechanisms:contains(mechanism) then - log("debug", "Not offering disabled mechanism %s", mechanism); - elseif not origin.secure and insecure_mechanisms:contains(mechanism) then - log("debug", "Not offering mechanism %s on insecure connection", mechanism); - else - log("debug", "Offering mechanism %s", mechanism); + available_mechanisms:add(mechanism); + end + log("debug", "SASL mechanisms supported by handler: %s", available_mechanisms); + + local usable_mechanisms = available_mechanisms - disabled_mechanisms; + + local available_disabled = set.intersection(available_mechanisms, disabled_mechanisms); + if not available_disabled:empty() then + log("debug", "Not offering disabled mechanisms: %s", available_disabled); + end + + local available_insecure = set.intersection(available_mechanisms, insecure_mechanisms); + if not origin.secure and not available_insecure:empty() then + log("debug", "Session is not secure, not offering insecure mechanisms: %s", available_insecure); + usable_mechanisms = usable_mechanisms - insecure_mechanisms; + end + + if not usable_mechanisms:empty() then + log("debug", "Offering usable mechanisms: %s", usable_mechanisms); + for mechanism in available_mechanisms do mechanisms:tag("mechanism"):text(mechanism):up(); end + features:add_child(mechanisms); + return; end if mechanisms[1] then features:add_child(mechanisms); |