Software /
code /
prosody
Changeset
10338:56a0f68b7797
mod_saslauth: Use the power of Set Theory to mange sets of SASL mechanisms
This makes sets of excluded mechanisms easily available for use later.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Tue, 15 Oct 2019 21:58:10 +0200 (2019-10-15) |
parents | 10337:39111f0e83d0 |
children | 10339:8b06d2d51e04 |
files | plugins/mod_saslauth.lua |
diffstat | 1 files changed, 24 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/plugins/mod_saslauth.lua Tue Oct 15 21:37:19 2019 +0200 +++ b/plugins/mod_saslauth.lua Tue Oct 15 21:58:10 2019 +0200 @@ -12,6 +12,7 @@ local sm_bind_resource = require "core.sessionmanager".bind_resource; local sm_make_authenticated = require "core.sessionmanager".make_authenticated; local base64 = require "util.encodings".base64; +local set = require "util.set"; local usermanager_get_sasl_handler = require "core.usermanager".get_sasl_handler; @@ -264,15 +265,32 @@ end local mechanisms = st.stanza("mechanisms", mechanisms_attr); local sasl_mechanisms = sasl_handler:mechanisms() + local available_mechanisms = set.new(); for mechanism in pairs(sasl_mechanisms) do - if disabled_mechanisms:contains(mechanism) then - log("debug", "Not offering disabled mechanism %s", mechanism); - elseif not origin.secure and insecure_mechanisms:contains(mechanism) then - log("debug", "Not offering mechanism %s on insecure connection", mechanism); - else - log("debug", "Offering mechanism %s", mechanism); + available_mechanisms:add(mechanism); + end + log("debug", "SASL mechanisms supported by handler: %s", available_mechanisms); + + local usable_mechanisms = available_mechanisms - disabled_mechanisms; + + local available_disabled = set.intersection(available_mechanisms, disabled_mechanisms); + if not available_disabled:empty() then + log("debug", "Not offering disabled mechanisms: %s", available_disabled); + end + + local available_insecure = set.intersection(available_mechanisms, insecure_mechanisms); + if not origin.secure and not available_insecure:empty() then + log("debug", "Session is not secure, not offering insecure mechanisms: %s", available_insecure); + usable_mechanisms = usable_mechanisms - insecure_mechanisms; + end + + if not usable_mechanisms:empty() then + log("debug", "Offering usable mechanisms: %s", usable_mechanisms); + for mechanism in available_mechanisms do mechanisms:tag("mechanism"):text(mechanism):up(); end + features:add_child(mechanisms); + return; end if mechanisms[1] then features:add_child(mechanisms);