From 178fbe509c7e99cbe1283fffd8304fefacbc9abf Mon Sep 17 00:00:00 2001 From: Waqas Hussain Date: Mon, 30 Mar 2009 03:51:37 +0500 Subject: Fixed: mod_saslauth: "anonymous_login" currently makes SASL ANONYMOUS an exclusive mechanism. Corrected advertised mechanisms and error replies. --- plugins/mod_saslauth.lua | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'plugins/mod_saslauth.lua') diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index 32047719..3018b825 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -72,7 +72,15 @@ end local function sasl_handler(session, stanza) if stanza.name == "auth" then -- FIXME ignoring duplicates because ejabberd does + if config.get(session.host or "*", "core", "anonymous_login") and stanza.attr.mechanism ~= "ANONYMOUS" then + return session.send(build_reply("failure", "invalid-mechanism")); + elseif mechanism == "ANONYMOUS" then + return session.send(build_reply("failure", "mechanism-too-weak")); + end session.sasl_handler = new_sasl(stanza.attr.mechanism, session.host, password_callback); + if not session.sasl_handler then + return session.send(build_reply("failure", "invalid-mechanism")); + end elseif not session.sasl_handler then return; -- FIXME ignoring out of order stanzas because ejabberd does end @@ -105,10 +113,11 @@ module:add_event_hook("stream-features", if not session.username then features:tag("mechanisms", mechanisms_attr); -- TODO: Provide PLAIN only if TLS is active, this is a SHOULD from the introduction of RFC 4616. This behavior could be overridden via configuration but will issuing a warning or so. - features:tag("mechanism"):text("PLAIN"):up(); - features:tag("mechanism"):text("DIGEST-MD5"):up(); if config.get(session.host or "*", "core", "anonymous_login") then features:tag("mechanism"):text("ANONYMOUS"):up(); + else + features:tag("mechanism"):text("DIGEST-MD5"):up(); + features:tag("mechanism"):text("PLAIN"):up(); end features:up(); else -- cgit v1.2.3