From 57a86c0b0c206495acf6a36fc22f2506ea438f3f Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 15 Oct 2019 22:05:51 +0200 Subject: mod_saslauth: Improve logging of why no SASL mechanisms were offered --- plugins/mod_saslauth.lua | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) (limited to 'plugins/mod_saslauth.lua') diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index 3d3620cf..be57e8d8 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -292,14 +292,26 @@ module:hook("stream-features", function(event) features:add_child(mechanisms); return; end - if mechanisms[1] then - features:add_child(mechanisms); - elseif not next(sasl_mechanisms) then - local authmod = module:get_option_string("authentication", "internal_plain"); + + local authmod = module:get_option_string("authentication", "internal_plain"); + if available_mechanisms:empty() then log("error", "No available SASL mechanisms, verify that the configured authentication module '%s' is loaded and configured correctly", authmod); - else - log("warn", "All available authentication mechanisms are either disabled or not suitable for an insecure connection"); + return; + end + + if not origin.secure and not available_insecure:empty() then + if not available_disabled:empty() then + log("error", "All SASL mechanisms provided by authentication module '%s' are forbidden on insecure connections (%s) or disabled (%s)", + authmod, available_insecure, available_disabled); + else + log("error", "All SASL mechanisms provided by authentication module '%s' are forbidden on insecure connections (%s)", + authmod, available_insecure); + end + elseif not available_disabled:empty() then + log("error", "All SASL mechanisms provided by authentication module '%s' are disabled (%s)", + authmod, available_disabled); end + else features:tag("bind", bind_attr):tag("required"):up():up(); features:tag("session", xmpp_session_attr):tag("optional"):up():up(); -- cgit v1.2.3