mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-04 21:57:45 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions
12517 commits 12 branches 101 tags 40 MiB
Commit graph

211 commits

Author SHA1 Message Date
Matthew Wild
067a0ad4d8 usermanager, mod_saslauth: Default to internal_hashed if no auth module specified 
The default config was updated in this way long ago, but if no option was
present in the config, Prosody would load internal_plain.

This change can result in changes (for the better) for people using very old
configuration files lacking an 'authentication' setting.
 2022-02-10 19:54:14 +00:00
Kim Alvefur
73d1bb1218 various: Require encryption by default for real 
These options have been specified (and enabled) in the default config file for
a long time. However if unspecified in the config, they were not enabled. Now
they are.

This may result in a change of behaviour for people using very old config
files that lack the require_encryption options. But that's what we want.
 2021-12-25 16:23:40 +01:00
Jonas Schäfer
f18e33228d s2s et al.: Add counters for connection state transitions 2021-04-21 17:11:58 +02:00
Kim Alvefur
7c5659808a Merge 0.11->trunk 2021-04-10 16:45:44 +02:00
Kim Alvefur
f1550b900d mod_saslauth: Use a defined SASL error 2021-03-18 16:16:54 +01:00
Kim Alvefur
139cafdbaf mod_saslauth: Improve code style 
This many returns deserve their own line.

`session["sasl_handler"]` style isn't used anywhere else.
 2021-03-18 16:17:45 +01:00
tmolitor
a7cc31c6bb mod_saslauth: Don't throw errors in async code when connections are gone 
Fixes #1515
 2021-03-18 14:30:47 +01:00
Kim Alvefur
15b64ea4ff mod_saslauth: Only advertise channel binding if a finished message is available 
In some cases this method returns nothing, unclear why.
 2020-11-23 21:52:46 +01:00
Kim Alvefur
b62216fab3 mod_saslauth: Disable 'tls-unique' channel binding with TLS 1.3 (closes #1542) 
The 'tls-unique' channel binding is undefined in TLS 1.3 according to a
single sentence in parenthesis in Apendix C of RFC 8446

This may trigger downgrade protection in clients that were expecting
channel binding to be available.
 2020-11-23 21:42:52 +01:00
Kim Alvefur
b7a02665ea Merge 0.11->trunk 2020-11-23 21:56:26 +01:00
Matthew Wild
cfa4181982 mod_saslauth: Pass through any auth scope from the SASL handler to sessionmanager.make_authenticated() 2020-02-05 17:56:44 +00:00
Kim Alvefur
9589da30b6 mod_saslauth: Set a nicer bounce error explaining SASL EXTERNAL failures 
Better than the previous string concatenation of SASL failure condition
and optional text sent by the remote server.

Would be nice to have a text per condition, other than the probably most
common 'not-authorized'.
 2019-12-07 22:55:51 +01:00
Kim Alvefur
0de6ce740e mod_saslauth: Collect SASL EXTERNAL failures into an util.error object 
Will be easier than that concatenated string to extract info out of for
use elsewhere.
 2019-12-07 22:51:43 +01:00
Kim Alvefur
4053cdb848 mod_saslauth: Advertise correct set of mechanisms 
Mistakenly iterates over the set of all supported mechanisms instead of
the one without insecure mechanisms if the connection is insecure.

Not a problem if c2s_require_encryption is true

Introduced in 56a0f68b7797
 2019-12-02 16:00:16 +01:00
Kim Alvefur
4d28443876 mod_saslauth: Demote "no SASL mechanisms" error back to warning 
This gets printed before TLS if c2s_require_encryption = false,
in which case it is just annoying.
 2019-10-15 23:38:29 +02:00
Kim Alvefur
57a86c0b0c mod_saslauth: Improve logging of why no SASL mechanisms were offered 2019-10-15 22:05:51 +02:00
Kim Alvefur
668089d57c mod_saslauth: Use the power of Set Theory to mange sets of SASL mechanisms 
This makes sets of excluded mechanisms easily available for use later.
 2019-10-15 21:58:10 +02:00
Kim Alvefur
a375a34332 mod_saslauth: Log (debug) messages about channel binding 2019-10-15 21:37:19 +02:00
Kim Alvefur
8eb15f32e1 mod_saslauth: Remove useless debug log line 
Fairly useless to only log half of SASL messages.

Use mod_stanza_debug instead to get the full exchange.
 2019-10-13 00:33:35 +02:00
Kim Alvefur
bf566284b1 mod_saslauth: Remove commented-out debug log line 2019-10-13 00:32:58 +02:00
Kim Alvefur
40b1e3e0ed plugins: Remove tostring call from logging 
Taken care of by loggingmanager now

Mass-rewrite using lua pattern like `tostring%b()`
 2019-07-30 02:29:36 +02:00
Kim Alvefur
c1157eb0ae mod_saslauth: Ignore unused argument [luacheck] 2018-02-04 01:05:06 +01:00
Kim Alvefur
e1542aa2ee mod_saslauth: Use renamed API for hooking non-stanzas 2018-02-04 01:03:44 +01:00
Kim Alvefur
e925f5a34a mod_saslauth: Pass SASL EXTERNAL failure reason on to be used in error bounces 2018-02-04 01:01:50 +01:00
Kim Alvefur
477f77e250 mod_saslauth: Close connection if no fallback kicks in on SASL EXTERNAL failure 2018-02-04 00:58:38 +01:00
Kim Alvefur
5a07b39c7f Backed out changeset 89c42aff8510: The problem in ejabberd has reportedly been resolved and this change causes more problems than it solves (fixes #1006) 2018-02-04 01:13:27 +01:00
Kim Alvefur
2d4c94e612 mod_saslauth: Log which mechanisms are offered 2017-12-21 10:15:47 +01:00
Kim Alvefur
3e4952567c mod_saslauth: Remove unused argument [luacheck] 2017-04-01 22:34:15 +02:00
Kim Alvefur
66618bf09c mod_saslauth: Fix typoed variable name [luacheck] 2017-03-06 16:05:24 +01:00
Kim Alvefur
7e3a83a35b mod_saslauth: Switch to hook_tag from hook_stanza which was renamed in 2087d42f1e77 2017-03-06 15:56:12 +01:00
Kim Alvefur
962ba79613 Merge 0.9->0.10 2017-03-02 15:21:07 +01:00
Kim Alvefur
d471c7b124 mod_saslauth: Log SASL failure reason 2017-03-02 15:17:32 +01:00
Kim Alvefur
7a2ed1a9ed mod_saslauth: Ignore shadowing of logger [luacheck] 2017-02-15 23:04:44 +01:00
Kim Alvefur
bb3a3dfe97 mod_saslauth: Improve logging as to why when SASL is not offered 2017-02-15 23:00:03 +01:00
Kim Alvefur
39639a7c38 mod_saslauth: Cache logger in local for less typing 2017-02-15 22:59:19 +01:00
Kim Alvefur
f65c017ee1 Fix various spelling mistakes [codespell] 2019-05-03 20:54:24 +02:00
Kim Alvefur
e701756ba9 core.sessionmanager, mod_saslauth: Introduce intermediate session type for authenticated but unbound sessions so that resource binding is not treated as a normal stanza 2016-12-13 18:15:17 +01:00
Kim Alvefur
94c745e8e8 mod_saslauth: Disable DIGEST-MD5 by default (closes #515) 2016-03-18 11:51:58 +01:00
Kim Alvefur
8e786f387d mod_saslauth: Make it easier to support multiple channel binding methonds 2014-11-19 14:45:20 +01:00
Kim Alvefur
2ab66e784a mod_saslauth: Break out tls-unique channel binding callback so it is instantiated once 2014-11-19 14:44:41 +01:00
Kim Alvefur
b47d9adc40 mod_saslauth: Keep sasl_handler in a local variable 2014-11-19 14:37:45 +01:00
Kim Alvefur
9722fc8c01 mod_saslauth: Better name for config option 2014-10-21 16:41:28 +02:00
Kim Alvefur
1386a2c85d mod_saslauth: Make it possible to disable certain mechanisms 2014-10-21 14:38:40 +02:00
Kim Alvefur
83b74ac626 mod_saslauth: Add LOGIN to mechanisms not allowed over unencrypted connections as it may be offered by 3rd party authentication plugins 2014-10-21 14:37:05 +02:00
Kim Alvefur
73979a83fd mod_saslauth: Use a configurable set of mechanisms to not allow over unencrypted connections 2014-10-21 14:35:32 +02:00
Kim Alvefur
371d996a7d mod_saslauth: Log warning if no SASL mechanisms were offered 2014-10-21 12:57:56 +02:00
Kim Alvefur
bf13e6d88e mod_saslauth: Use type-specific config option getters 2014-10-21 12:56:19 +02:00
Kim Alvefur
ac43c71ec2 mod_legacyauth, mod_saslauth, mod_tls: Pass require_encryption as default option to s2s_require_encryption so the later overrides the former 2014-10-21 12:49:03 +02:00
Kim Alvefur
6aec6e8425 mod_saslauth: Fix encoding of missing vs empty SASL reply messages 2014-09-23 19:46:29 +02:00
Kim Alvefur
092f833cfc mod_saslauth: Stricter SASL EXTERNAL handling more in line with XEP-0178 2014-09-23 19:29:14 +02:00