Diff

plugins/mod_saslauth.lua @ 10339:8b06d2d51e04

mod_saslauth: Improve logging of why no SASL mechanisms were offered
author Kim Alvefur <zash@zash.se>
date Tue, 15 Oct 2019 22:05:51 +0200
parent 10338:56a0f68b7797
child 10340:5c6912289ce3
line wrap: on
line diff
--- a/plugins/mod_saslauth.lua	Tue Oct 15 21:58:10 2019 +0200
+++ b/plugins/mod_saslauth.lua	Tue Oct 15 22:05:51 2019 +0200
@@ -292,14 +292,26 @@
 			features:add_child(mechanisms);
 			return;
 		end
-		if mechanisms[1] then
-			features:add_child(mechanisms);
-		elseif not next(sasl_mechanisms) then
-			local authmod = module:get_option_string("authentication", "internal_plain");
+
+		local authmod = module:get_option_string("authentication", "internal_plain");
+		if available_mechanisms:empty() then
 			log("error", "No available SASL mechanisms, verify that the configured authentication module '%s' is loaded and configured correctly", authmod);
-		else
-			log("warn", "All available authentication mechanisms are either disabled or not suitable for an insecure connection");
+			return;
 		end
+
+		if not origin.secure and not available_insecure:empty() then
+			if not available_disabled:empty() then
+				log("error", "All SASL mechanisms provided by authentication module '%s' are forbidden on insecure connections (%s) or disabled (%s)",
+					authmod, available_insecure, available_disabled);
+			else
+				log("error", "All SASL mechanisms provided by authentication module '%s' are forbidden on insecure connections (%s)",
+					authmod, available_insecure);
+			end
+		elseif not available_disabled:empty() then
+			log("error", "All SASL mechanisms provided by authentication module '%s' are disabled (%s)",
+				authmod, available_disabled);
+		end
+
 	else
 		features:tag("bind", bind_attr):tag("required"):up():up();
 		features:tag("session", xmpp_session_attr):tag("optional"):up():up();