Software / code / prosody-modules
Changeset
6137:4cb1cad2badd
mod_sasl_ssdp: Fix handling of disabled sasl mechanisms
This fixes this bug: https://issues.prosody.im/1845
| author | tmolitor <thilo@eightysoft.de> |
|---|---|
| date | Wed, 20 Nov 2024 05:07:11 +0100 |
| parents | 6136:8da64ecdbcaa |
| children | 6138:9db1529c06c2 |
| files | mod_sasl_ssdp/mod_sasl_ssdp.lua |
| diffstat | 1 files changed, 26 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_sasl_ssdp/mod_sasl_ssdp.lua Wed Nov 20 05:05:30 2024 +0100 +++ b/mod_sasl_ssdp/mod_sasl_ssdp.lua Wed Nov 20 05:07:11 2024 +0100 @@ -1,8 +1,16 @@ local array = require "util.array"; +local set = require "util.set"; local hashes = require "util.hashes"; local it = require "util.iterators"; local base64_enc = require "util.encodings".base64.encode; +-- *** The following code is copy-pasted from mod_saslauth/mod_sasl2, like requested by Zash *** +-- *** Please update, if you modify mod_saslauth or mod_sasl2! *** +local allow_unencrypted_plain_auth = module:get_option_boolean("allow_unencrypted_plain_auth", false) +local insecure_mechanisms = module:get_option_set("insecure_sasl_mechanisms", allow_unencrypted_plain_auth and {} or {"PLAIN", "LOGIN"}); +local disabled_mechanisms = module:get_option_set("disable_sasl_mechanisms", { "DIGEST-MD5" }); +-- *** End of copy-pasted code *** + local hash_functions = { ["SCRAM-SHA-1"] = hashes.sha1; ["SCRAM-SHA-1-PLUS"] = hashes.sha1; @@ -17,7 +25,24 @@ module:log("debug", "Not enabling SSDP for unsupported mechanism: %s", sasl_handler.selected); return; end - local mechanism_list = array.collect(it.keys(sasl_handler:mechanisms())):sort(); + + -- *** The following code is copy-pasted from mod_saslauth/mod_sasl2, like requested by Zash *** + -- *** Please update, if you modify mod_saslauth or mod_sasl2! *** + local usable_mechanisms = set.new(); + local available_mechanisms = sasl_handler:mechanisms() + for mechanism in pairs(available_mechanisms) do + if disabled_mechanisms:contains(mechanism) then + module:log("debug", "Not offering disabled mechanism %s", mechanism); + elseif not event.session.secure and insecure_mechanisms:contains(mechanism) then + module:log("debug", "Not offering mechanism %s on insecure connection", mechanism); + else + module:log("debug", "Offering mechanism %s", mechanism); + usable_mechanisms:add(mechanism); + end + end + -- *** End of copy-pasted code *** + + local mechanism_list = array.collect(usable_mechanisms):sort(); local cb = sasl_handler.profile.cb; local cb_list = cb and array.collect(it.keys(cb)):sort(); local ssdp_string;
