prosody-modules
c42419d73737%3A9db1529c06c2

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

Changeset

6138:9db1529c06c2

Merge upstream
author tmolitor <thilo@eightysoft.de>
date Sun, 05 Jan 2025 17:50:02 +0100
parents 6137:4cb1cad2badd (diff) 6135:c42419d73737 (current diff)
children 6139:ce755c661036
files
diffstat 2 files changed, 28 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/mod_sasl2/mod_sasl2.lua	Sat Jan 04 22:50:49 2025 +0000
+++ b/mod_sasl2/mod_sasl2.lua	Sun Jan 05 17:50:02 2025 +0100
@@ -86,6 +86,7 @@
 
 	local mechanisms = st.stanza("authentication", { xmlns = xmlns_sasl2 });
 
+	origin.usable_mechanisms = set.new();
 	local available_mechanisms = sasl_handler:mechanisms()
 	for mechanism in pairs(available_mechanisms) do
 		if disabled_mechanisms:contains(mechanism) then
@@ -95,6 +96,7 @@
 		else
 			log("debug", "Offering mechanism %s", mechanism);
 			mechanisms:text_tag("mechanism", mechanism);
+			origin.usable_mechanisms:add(mechanism);
 		end
 	end
 
--- a/mod_sasl_ssdp/mod_sasl_ssdp.lua	Sat Jan 04 22:50:49 2025 +0000
+++ b/mod_sasl_ssdp/mod_sasl_ssdp.lua	Sun Jan 05 17:50:02 2025 +0100
@@ -1,8 +1,16 @@
 local array = require "util.array";
+local set = require "util.set";
 local hashes = require "util.hashes";
 local it = require "util.iterators";
 local base64_enc = require "util.encodings".base64.encode;
 
+-- *** The following code is copy-pasted from mod_saslauth/mod_sasl2, like requested by Zash ***
+-- *** Please update, if you modify mod_saslauth or mod_sasl2! ***
+local allow_unencrypted_plain_auth = module:get_option_boolean("allow_unencrypted_plain_auth", false)
+local insecure_mechanisms = module:get_option_set("insecure_sasl_mechanisms", allow_unencrypted_plain_auth and {} or {"PLAIN", "LOGIN"});
+local disabled_mechanisms = module:get_option_set("disable_sasl_mechanisms", { "DIGEST-MD5" });
+-- *** End of copy-pasted code ***
+
 local hash_functions = {
 	["SCRAM-SHA-1"] = hashes.sha1;
 	["SCRAM-SHA-1-PLUS"] = hashes.sha1;
@@ -17,7 +25,24 @@
 		module:log("debug", "Not enabling SSDP for unsupported mechanism: %s", sasl_handler.selected);
 		return;
 	end
-	local mechanism_list = array.collect(it.keys(sasl_handler:mechanisms())):sort();
+
+	-- *** The following code is copy-pasted from mod_saslauth/mod_sasl2, like requested by Zash ***
+	-- *** Please update, if you modify mod_saslauth or mod_sasl2! ***
+	local usable_mechanisms = set.new();
+	local available_mechanisms = sasl_handler:mechanisms()
+	for mechanism in pairs(available_mechanisms) do
+		if disabled_mechanisms:contains(mechanism) then
+			module:log("debug", "Not offering disabled mechanism %s", mechanism);
+		elseif not event.session.secure and insecure_mechanisms:contains(mechanism) then
+			module:log("debug", "Not offering mechanism %s on insecure connection", mechanism);
+		else
+			module:log("debug", "Offering mechanism %s", mechanism);
+			usable_mechanisms:add(mechanism);
+		end
+	end
+	-- *** End of copy-pasted code ***
+
+	local mechanism_list = array.collect(usable_mechanisms):sort();
 	local cb = sasl_handler.profile.cb;
 	local cb_list = cb and array.collect(it.keys(cb)):sort();
 	local ssdp_string;