aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/mod_saslauth.lua
Commit message (Collapse)AuthorAgeFilesLines
* Merge 0.11->trunkKim Alvefur2020-11-231-1/+4
|\
| * mod_saslauth: Only advertise channel binding if a finished message is availableKim Alvefur2020-11-231-1/+1
| | | | | | | | In some cases this method returns nothing, unclear why.
| * mod_saslauth: Disable 'tls-unique' channel binding with TLS 1.3 (closes #1542)Kim Alvefur2020-11-231-1/+4
| | | | | | | | | | | | | | | | The 'tls-unique' channel binding is undefined in TLS 1.3 according to a single sentence in parenthesis in Apendix C of RFC 8446 This may trigger downgrade protection in clients that were expecting channel binding to be available.
* | mod_saslauth: Pass through any auth scope from the SASL handler to ↵Matthew Wild2020-02-051-1/+1
| | | | | | | | sessionmanager.make_authenticated()
* | mod_saslauth: Set a nicer bounce error explaining SASL EXTERNAL failuresKim Alvefur2019-12-071-1/+4
| | | | | | | | | | | | | | | | Better than the previous string concatenation of SASL failure condition and optional text sent by the remote server. Would be nice to have a text per condition, other than the probably most common 'not-authorized'.
* | mod_saslauth: Collect SASL EXTERNAL failures into an util.error objectKim Alvefur2019-12-071-5/+12
| | | | | | | | | | Will be easier than that concatenated string to extract info out of for use elsewhere.
* | mod_saslauth: Advertise correct set of mechanismsKim Alvefur2019-12-021-1/+1
| | | | | | | | | | | | | | | | | | Mistakenly iterates over the set of all supported mechanisms instead of the one without insecure mechanisms if the connection is insecure. Not a problem if c2s_require_encryption is true Introduced in 56a0f68b7797
* | mod_saslauth: Demote "no SASL mechanisms" error back to warningKim Alvefur2019-10-151-4/+4
| | | | | | | | | | This gets printed before TLS if c2s_require_encryption = false, in which case it is just annoying.
* | mod_saslauth: Improve logging of why no SASL mechanisms were offeredKim Alvefur2019-10-151-6/+18
| |
* | mod_saslauth: Use the power of Set Theory to mange sets of SASL mechanismsKim Alvefur2019-10-151-6/+24
| | | | | | | | This makes sets of excluded mechanisms easily available for use later.
* | mod_saslauth: Log (debug) messages about channel bindingKim Alvefur2019-10-151-0/+5
| |
* | mod_saslauth: Remove useless debug log lineKim Alvefur2019-10-131-1/+0
| | | | | | | | | | | | Fairly useless to only log half of SASL messages. Use mod_stanza_debug instead to get the full exchange.
* | mod_saslauth: Remove commented-out debug log lineKim Alvefur2019-10-131-1/+0
| |
* | plugins: Remove tostring call from loggingKim Alvefur2019-07-301-2/+1
| | | | | | | | | | | | Taken care of by loggingmanager now Mass-rewrite using lua pattern like `tostring%b()`
* | Fix various spelling mistakes [codespell]Kim Alvefur2019-05-031-1/+1
| |
* | mod_saslauth: Improve log message when no SASL mechanisms offered (thanks hexa)Kim Alvefur2018-11-241-1/+2
|/
* mod_saslauth: Ignore unused argument [luacheck]Kim Alvefur2018-02-041-1/+1
|
* mod_saslauth: Use renamed API for hooking non-stanzasKim Alvefur2018-02-041-1/+1
|
* mod_saslauth: Pass SASL EXTERNAL failure reason on to be used in error bouncesKim Alvefur2018-02-041-1/+2
|
* mod_saslauth: Close connection if no fallback kicks in on SASL EXTERNAL failureKim Alvefur2018-02-041-1/+3
|
* Backed out changeset 89c42aff8510: The problem in ejabberd has reportedly ↵Kim Alvefur2018-02-041-2/+4
| | | | been resolved and this change causes more problems than it solves (fixes #1006)
* mod_saslauth: Log which mechanisms are offeredKim Alvefur2017-12-211-0/+1
|
* mod_saslauth: Remove unused argument [luacheck]Kim Alvefur2017-04-011-1/+1
|
* mod_saslauth: Fix typoed variable name [luacheck]Kim Alvefur2017-03-061-1/+1
|
* mod_saslauth: Switch to hook_tag from hook_stanza which was renamed in ↵Kim Alvefur2017-03-061-3/+3
| | | | 2087d42f1e77
* Merge 0.9->0.10Kim Alvefur2017-03-021-2/+13
|\
| * mod_saslauth: Log SASL failure reasonKim Alvefur2017-03-021-2/+13
| |
* | mod_saslauth: Ignore shadowing of logger [luacheck]Kim Alvefur2017-02-151-1/+1
| |
* | mod_saslauth: Improve logging as to why when SASL is not offeredKim Alvefur2017-02-151-3/+11
| |
* | mod_saslauth: Cache logger in local for less typingKim Alvefur2017-02-151-1/+2
| |
* | core.sessionmanager, mod_saslauth: Introduce intermediate session type for ↵Kim Alvefur2016-12-131-1/+1
| | | | | | | | authenticated but unbound sessions so that resource binding is not treated as a normal stanza
* | mod_saslauth: Disable DIGEST-MD5 by default (closes #515)Kim Alvefur2016-03-181-1/+1
| |
* | mod_saslauth: Make it easier to support multiple channel binding methondsKim Alvefur2014-11-191-2/+4
| |
* | mod_saslauth: Break out tls-unique channel binding callback so it is ↵Kim Alvefur2014-11-191-5/+10
| | | | | | | | instantiated once
* | mod_saslauth: Keep sasl_handler in a local variableKim Alvefur2014-11-191-5/+6
| |
* | mod_saslauth: Better name for config optionKim Alvefur2014-10-211-1/+1
| |
* | mod_saslauth: Make it possible to disable certain mechanismsKim Alvefur2014-10-211-1/+5
| |
* | mod_saslauth: Add LOGIN to mechanisms not allowed over unencrypted ↵Kim Alvefur2014-10-211-1/+1
| | | | | | | | connections as it may be offered by 3rd party authentication plugins
* | mod_saslauth: Use a configurable set of mechanisms to not allow over ↵Kim Alvefur2014-10-211-2/+3
| | | | | | | | unencrypted connections
* | mod_saslauth: Log warning if no SASL mechanisms were offeredKim Alvefur2014-10-211-1/+5
| |
* | mod_saslauth: Use type-specific config option gettersKim Alvefur2014-10-211-2/+2
| |
* | mod_legacyauth, mod_saslauth, mod_tls: Pass require_encryption as default ↵Kim Alvefur2014-10-211-1/+1
| | | | | | | | option to s2s_require_encryption so the later overrides the former
* | mod_saslauth: Fix encoding of missing vs empty SASL reply messagesKim Alvefur2014-09-231-7/+7
| |
* | mod_saslauth: Stricter SASL EXTERNAL handling more in line with XEP-0178Kim Alvefur2014-09-231-51/+30
| |
* | mod_dialback, mod_saslauth: Remove broken fallback to dialback on SASL ↵Kim Alvefur2014-09-231-4/+2
| | | | | | | | EXTERNAL failure
* | mod_lastactivity, mod_legacyauth, mod_presence, mod_saslauth, mod_tls: Use ↵Kim Alvefur2014-07-041-1/+1
| | | | | | | | the newer stanza:get_child APIs and optimize away some table lookups
* | Merge 0.9->0.10Kim Alvefur2014-03-251-1/+1
|\|
| * mod_saslauth: Only do c2s SASL on normal VirtualHostsKim Alvefur2014-03-221-1/+1
| |
* | mod_saslauth: Make sure sasl handler has add_cb_handler (fixes #392)Kim Alvefur2014-02-121-1/+1
| |
* | mod_saslauth: Collect data for channel binding only if we know for sure that ↵Kim Alvefur2013-10-071-1/+1
| | | | | | | | the stream is encrypted