prosody
08bde6a6fd56
plugins/mod_saslauth.lua
Software / code / prosody
Comparison
plugins/mod_saslauth.lua @ 7897:08bde6a6fd56
mod_saslauth: Improve logging as to why when SASL is not offered
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 15 Feb 2017 23:00:03 +0100 |
| parent | 7896:1a2674123c1c |
| child | 7899:2b3d0ab67f7d |
comparison
equal
deleted
inserted
replaced
| 7896:1a2674123c1c | 7897:08bde6a6fd56 |
|---|---|
| 224 module:hook("stream-features", function(event) | 224 module:hook("stream-features", function(event) |
| 225 local origin, features = event.origin, event.features; | 225 local origin, features = event.origin, event.features; |
| 226 local log = origin.log or log; | 226 local log = origin.log or log; |
| 227 if not origin.username then | 227 if not origin.username then |
| 228 if secure_auth_only and not origin.secure then | 228 if secure_auth_only and not origin.secure then |
| 229 log("debug", "Not offering authentication on insecure connection"); | |
| 229 return; | 230 return; |
| 230 end | 231 end |
| 231 local sasl_handler = usermanager_get_sasl_handler(module.host, origin) | 232 local sasl_handler = usermanager_get_sasl_handler(module.host, origin) |
| 232 origin.sasl_handler = sasl_handler; | 233 origin.sasl_handler = sasl_handler; |
| 233 if origin.encrypted then | 234 if origin.encrypted then |
| 242 ["tls-unique"] = socket; | 243 ["tls-unique"] = socket; |
| 243 }; | 244 }; |
| 244 end | 245 end |
| 245 end | 246 end |
| 246 local mechanisms = st.stanza("mechanisms", mechanisms_attr); | 247 local mechanisms = st.stanza("mechanisms", mechanisms_attr); |
| 247 for mechanism in pairs(sasl_handler:mechanisms()) do | 248 local sasl_mechanisms = sasl_handler:mechanisms() |
| 248 if (not disabled_mechanisms:contains(mechanism)) and (origin.secure or not insecure_mechanisms:contains(mechanism)) then | 249 for mechanism in pairs(sasl_mechanisms) do |
| 250 if disabled_mechanisms:contains(mechanism) then | |
| 251 log("debug", "Not offering disabled mechanism %s", mechanism); | |
| 252 elseif not origin.secure and insecure_mechanisms:contains(mechanism) then | |
| 253 log("debug", "Not offering mechanism %s on insecure connection", mechanism); | |
| 254 else | |
| 249 mechanisms:tag("mechanism"):text(mechanism):up(); | 255 mechanisms:tag("mechanism"):text(mechanism):up(); |
| 250 end | 256 end |
| 251 end | 257 end |
| 252 if mechanisms[1] then | 258 if mechanisms[1] then |
| 253 features:add_child(mechanisms); | 259 features:add_child(mechanisms); |
| 260 elseif not next(sasl_mechanisms) then | |
| 261 log("warn", "No available SASL mechanisms, verify that the configured authentication module is working"); | |
| 254 else | 262 else |
| 255 log("warn", "No SASL mechanisms to offer"); | 263 log("warn", "All available authentication mechanisms are either disabled or not suitable for an insecure connection"); |
| 256 end | 264 end |
| 257 else | 265 else |
| 258 features:tag("bind", bind_attr):tag("required"):up():up(); | 266 features:tag("bind", bind_attr):tag("required"):up():up(); |
| 259 features:tag("session", xmpp_session_attr):tag("optional"):up():up(); | 267 features:tag("session", xmpp_session_attr):tag("optional"):up():up(); |
| 260 end | 268 end |
