Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | s2s et al.: Add counters for connection state transitions | Jonas Schäfer | 2021-04-21 | 1 | -2/+2 |
| | |||||
* | Merge 0.11->trunk | Kim Alvefur | 2021-04-10 | 1 | -0/+3 |
|\ | |||||
| * | mod_saslauth: Use a defined SASL error | Kim Alvefur | 2021-03-18 | 1 | -1/+1 |
| | | |||||
| * | mod_saslauth: Improve code style | Kim Alvefur | 2021-03-18 | 1 | -1/+3 |
| | | | | | | | | | | | | This many returns deserve their own line. `session["sasl_handler"]` style isn't used anywhere else. | ||||
| * | mod_saslauth: Don't throw errors in async code when connections are gone | tmolitor | 2021-03-18 | 1 | -0/+1 |
| | | | | | | | | Fixes #1515 | ||||
* | | Merge 0.11->trunk | Kim Alvefur | 2020-11-23 | 1 | -1/+4 |
|\| | |||||
| * | mod_saslauth: Only advertise channel binding if a finished message is available | Kim Alvefur | 2020-11-23 | 1 | -1/+1 |
| | | | | | | | | In some cases this method returns nothing, unclear why. | ||||
| * | mod_saslauth: Disable 'tls-unique' channel binding with TLS 1.3 (closes #1542) | Kim Alvefur | 2020-11-23 | 1 | -1/+4 |
| | | | | | | | | | | | | | | | | The 'tls-unique' channel binding is undefined in TLS 1.3 according to a single sentence in parenthesis in Apendix C of RFC 8446 This may trigger downgrade protection in clients that were expecting channel binding to be available. | ||||
* | | mod_saslauth: Pass through any auth scope from the SASL handler to ↵ | Matthew Wild | 2020-02-05 | 1 | -1/+1 |
| | | | | | | | | sessionmanager.make_authenticated() | ||||
* | | mod_saslauth: Set a nicer bounce error explaining SASL EXTERNAL failures | Kim Alvefur | 2019-12-07 | 1 | -1/+4 |
| | | | | | | | | | | | | | | | | Better than the previous string concatenation of SASL failure condition and optional text sent by the remote server. Would be nice to have a text per condition, other than the probably most common 'not-authorized'. | ||||
* | | mod_saslauth: Collect SASL EXTERNAL failures into an util.error object | Kim Alvefur | 2019-12-07 | 1 | -5/+12 |
| | | | | | | | | | | Will be easier than that concatenated string to extract info out of for use elsewhere. | ||||
* | | mod_saslauth: Advertise correct set of mechanisms | Kim Alvefur | 2019-12-02 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | | | Mistakenly iterates over the set of all supported mechanisms instead of the one without insecure mechanisms if the connection is insecure. Not a problem if c2s_require_encryption is true Introduced in 56a0f68b7797 | ||||
* | | mod_saslauth: Demote "no SASL mechanisms" error back to warning | Kim Alvefur | 2019-10-15 | 1 | -4/+4 |
| | | | | | | | | | | This gets printed before TLS if c2s_require_encryption = false, in which case it is just annoying. | ||||
* | | mod_saslauth: Improve logging of why no SASL mechanisms were offered | Kim Alvefur | 2019-10-15 | 1 | -6/+18 |
| | | |||||
* | | mod_saslauth: Use the power of Set Theory to mange sets of SASL mechanisms | Kim Alvefur | 2019-10-15 | 1 | -6/+24 |
| | | | | | | | | This makes sets of excluded mechanisms easily available for use later. | ||||
* | | mod_saslauth: Log (debug) messages about channel binding | Kim Alvefur | 2019-10-15 | 1 | -0/+5 |
| | | |||||
* | | mod_saslauth: Remove useless debug log line | Kim Alvefur | 2019-10-13 | 1 | -1/+0 |
| | | | | | | | | | | | | Fairly useless to only log half of SASL messages. Use mod_stanza_debug instead to get the full exchange. | ||||
* | | mod_saslauth: Remove commented-out debug log line | Kim Alvefur | 2019-10-13 | 1 | -1/+0 |
| | | |||||
* | | plugins: Remove tostring call from logging | Kim Alvefur | 2019-07-30 | 1 | -2/+1 |
| | | | | | | | | | | | | Taken care of by loggingmanager now Mass-rewrite using lua pattern like `tostring%b()` | ||||
* | | Fix various spelling mistakes [codespell] | Kim Alvefur | 2019-05-03 | 1 | -1/+1 |
| | | |||||
* | | mod_saslauth: Improve log message when no SASL mechanisms offered (thanks hexa) | Kim Alvefur | 2018-11-24 | 1 | -1/+2 |
|/ | |||||
* | mod_saslauth: Ignore unused argument [luacheck] | Kim Alvefur | 2018-02-04 | 1 | -1/+1 |
| | |||||
* | mod_saslauth: Use renamed API for hooking non-stanzas | Kim Alvefur | 2018-02-04 | 1 | -1/+1 |
| | |||||
* | mod_saslauth: Pass SASL EXTERNAL failure reason on to be used in error bounces | Kim Alvefur | 2018-02-04 | 1 | -1/+2 |
| | |||||
* | mod_saslauth: Close connection if no fallback kicks in on SASL EXTERNAL failure | Kim Alvefur | 2018-02-04 | 1 | -1/+3 |
| | |||||
* | Backed out changeset 89c42aff8510: The problem in ejabberd has reportedly ↵ | Kim Alvefur | 2018-02-04 | 1 | -2/+4 |
| | | | | been resolved and this change causes more problems than it solves (fixes #1006) | ||||
* | mod_saslauth: Log which mechanisms are offered | Kim Alvefur | 2017-12-21 | 1 | -0/+1 |
| | |||||
* | mod_saslauth: Remove unused argument [luacheck] | Kim Alvefur | 2017-04-01 | 1 | -1/+1 |
| | |||||
* | mod_saslauth: Fix typoed variable name [luacheck] | Kim Alvefur | 2017-03-06 | 1 | -1/+1 |
| | |||||
* | mod_saslauth: Switch to hook_tag from hook_stanza which was renamed in ↵ | Kim Alvefur | 2017-03-06 | 1 | -3/+3 |
| | | | | 2087d42f1e77 | ||||
* | Merge 0.9->0.10 | Kim Alvefur | 2017-03-02 | 1 | -2/+13 |
|\ | |||||
| * | mod_saslauth: Log SASL failure reason | Kim Alvefur | 2017-03-02 | 1 | -2/+13 |
| | | |||||
* | | mod_saslauth: Ignore shadowing of logger [luacheck] | Kim Alvefur | 2017-02-15 | 1 | -1/+1 |
| | | |||||
* | | mod_saslauth: Improve logging as to why when SASL is not offered | Kim Alvefur | 2017-02-15 | 1 | -3/+11 |
| | | |||||
* | | mod_saslauth: Cache logger in local for less typing | Kim Alvefur | 2017-02-15 | 1 | -1/+2 |
| | | |||||
* | | core.sessionmanager, mod_saslauth: Introduce intermediate session type for ↵ | Kim Alvefur | 2016-12-13 | 1 | -1/+1 |
| | | | | | | | | authenticated but unbound sessions so that resource binding is not treated as a normal stanza | ||||
* | | mod_saslauth: Disable DIGEST-MD5 by default (closes #515) | Kim Alvefur | 2016-03-18 | 1 | -1/+1 |
| | | |||||
* | | mod_saslauth: Make it easier to support multiple channel binding methonds | Kim Alvefur | 2014-11-19 | 1 | -2/+4 |
| | | |||||
* | | mod_saslauth: Break out tls-unique channel binding callback so it is ↵ | Kim Alvefur | 2014-11-19 | 1 | -5/+10 |
| | | | | | | | | instantiated once | ||||
* | | mod_saslauth: Keep sasl_handler in a local variable | Kim Alvefur | 2014-11-19 | 1 | -5/+6 |
| | | |||||
* | | mod_saslauth: Better name for config option | Kim Alvefur | 2014-10-21 | 1 | -1/+1 |
| | | |||||
* | | mod_saslauth: Make it possible to disable certain mechanisms | Kim Alvefur | 2014-10-21 | 1 | -1/+5 |
| | | |||||
* | | mod_saslauth: Add LOGIN to mechanisms not allowed over unencrypted ↵ | Kim Alvefur | 2014-10-21 | 1 | -1/+1 |
| | | | | | | | | connections as it may be offered by 3rd party authentication plugins | ||||
* | | mod_saslauth: Use a configurable set of mechanisms to not allow over ↵ | Kim Alvefur | 2014-10-21 | 1 | -2/+3 |
| | | | | | | | | unencrypted connections | ||||
* | | mod_saslauth: Log warning if no SASL mechanisms were offered | Kim Alvefur | 2014-10-21 | 1 | -1/+5 |
| | | |||||
* | | mod_saslauth: Use type-specific config option getters | Kim Alvefur | 2014-10-21 | 1 | -2/+2 |
| | | |||||
* | | mod_legacyauth, mod_saslauth, mod_tls: Pass require_encryption as default ↵ | Kim Alvefur | 2014-10-21 | 1 | -1/+1 |
| | | | | | | | | option to s2s_require_encryption so the later overrides the former | ||||
* | | mod_saslauth: Fix encoding of missing vs empty SASL reply messages | Kim Alvefur | 2014-09-23 | 1 | -7/+7 |
| | | |||||
* | | mod_saslauth: Stricter SASL EXTERNAL handling more in line with XEP-0178 | Kim Alvefur | 2014-09-23 | 1 | -51/+30 |
| | | |||||
* | | mod_dialback, mod_saslauth: Remove broken fallback to dialback on SASL ↵ | Kim Alvefur | 2014-09-23 | 1 | -4/+2 |
| | | | | | | | | EXTERNAL failure |