prosody-modules
9d57aa79c5d9
mod_sasl2/mod_sasl2.lua
Software / code / prosody-modules
Comparison
mod_sasl2/mod_sasl2.lua @ 4792:9d57aa79c5d9
mod_sasl2: Remove channel binding
Does not take into account that 'tls-unique' is "undefined" when using
TLS 1.3
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 28 Nov 2021 19:42:00 +0100 |
| parent | 3905:5ae2e865eea0 |
| child | 4796:9c7635911c56 |
comparison
equal
deleted
inserted
replaced
| 4791:b86282953663 | 4792:9d57aa79c5d9 |
|---|---|
| 21 local insecure_mechanisms = module:get_option_set("insecure_sasl_mechanisms", allow_unencrypted_plain_auth and {} or {"PLAIN", "LOGIN"}); | 21 local insecure_mechanisms = module:get_option_set("insecure_sasl_mechanisms", allow_unencrypted_plain_auth and {} or {"PLAIN", "LOGIN"}); |
| 22 local disabled_mechanisms = module:get_option_set("disable_sasl_mechanisms", { "DIGEST-MD5" }); | 22 local disabled_mechanisms = module:get_option_set("disable_sasl_mechanisms", { "DIGEST-MD5" }); |
| 23 | 23 |
| 24 local host = module.host; | 24 local host = module.host; |
| 25 | 25 |
| 26 local function tls_unique(self) | |
| 27 return self.userdata["tls-unique"]:getpeerfinished(); | |
| 28 end | |
| 29 | |
| 30 module:hook("stream-features", function(event) | 26 module:hook("stream-features", function(event) |
| 31 local origin, features = event.origin, event.features; | 27 local origin, features = event.origin, event.features; |
| 32 local log = origin.log or module._log; | 28 local log = origin.log or module._log; |
| 33 | 29 |
| 34 if origin.type ~= "c2s_unauthed" then | 30 if origin.type ~= "c2s_unauthed" then |
| 38 | 34 |
| 39 local sasl_handler = usermanager_get_sasl_handler(host, origin) | 35 local sasl_handler = usermanager_get_sasl_handler(host, origin) |
| 40 origin.sasl_handler = sasl_handler; | 36 origin.sasl_handler = sasl_handler; |
| 41 | 37 |
| 42 if sasl_handler.add_cb_handler then | 38 if sasl_handler.add_cb_handler then |
| 43 local socket = origin.conn:socket(); | 39 -- FIXME bring back channel binding |
| 44 if socket.getpeerfinished then | |
| 45 sasl_handler:add_cb_handler("tls-unique", tls_unique); | |
| 46 end | |
| 47 sasl_handler["userdata"] = { | |
| 48 ["tls-unique"] = socket; | |
| 49 }; | |
| 50 end | 40 end |
| 51 | 41 |
| 52 local mechanisms = st.stanza("mechanisms", { xmlns = xmlns_sasl2 }); | 42 local mechanisms = st.stanza("mechanisms", { xmlns = xmlns_sasl2 }); |
| 53 | 43 |
| 54 local available_mechanisms = sasl_handler:mechanisms() | 44 local available_mechanisms = sasl_handler:mechanisms() |
