Hi all, I've updated my patch to only change mod_sasl_ssdp. Please note: this contains a lot of duplicated code from mod_saslauth/ mod_sasl2. You'll have to update mod_sasl_ssdp every time you change that code in mod_saslauth/mod_sasl2!
-tmolitor Am Mittwoch, 20. November 2024, 05:12:20 CET schrieb Thilo Molitor: > Hi, > > here are 3 patches fixing this ssdp bug: https://issues.prosody.im/1845 > > -tmolitor -- You received this message because you are subscribed to the Google Groups "prosody-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/prosody-dev/4421246.QJadu78ljV%40laptop.
# HG changeset patch # User tmolitor <[email protected]> # Date 1732075631 -3600 # Wed Nov 20 05:07:11 2024 +0100 # Node ID 4cb1cad2badd724c4f830829ce84027c2ae8d197 # Parent 8da64ecdbcaa1501852f69257e04cc1633250489 mod_sasl_ssdp: Fix handling of disabled sasl mechanisms This fixes this bug: https://issues.prosody.im/1845 diff -r 8da64ecdbcaa -r 4cb1cad2badd mod_sasl_ssdp/mod_sasl_ssdp.lua --- a/mod_sasl_ssdp/mod_sasl_ssdp.lua Wed Nov 20 05:05:30 2024 +0100 +++ b/mod_sasl_ssdp/mod_sasl_ssdp.lua Wed Nov 20 05:07:11 2024 +0100 @@ -1,8 +1,16 @@ local array = require "util.array"; +local set = require "util.set"; local hashes = require "util.hashes"; local it = require "util.iterators"; local base64_enc = require "util.encodings".base64.encode; +-- *** The following code is copy-pasted from mod_saslauth/mod_sasl2, like requested by Zash *** +-- *** Please update, if you modify mod_saslauth or mod_sasl2! *** +local allow_unencrypted_plain_auth = module:get_option_boolean("allow_unencrypted_plain_auth", false) +local insecure_mechanisms = module:get_option_set("insecure_sasl_mechanisms", allow_unencrypted_plain_auth and {} or {"PLAIN", "LOGIN"}); +local disabled_mechanisms = module:get_option_set("disable_sasl_mechanisms", { "DIGEST-MD5" }); +-- *** End of copy-pasted code *** + local hash_functions = { ["SCRAM-SHA-1"] = hashes.sha1; ["SCRAM-SHA-1-PLUS"] = hashes.sha1; @@ -17,7 +25,24 @@ module:log("debug", "Not enabling SSDP for unsupported mechanism: %s", sasl_handler.selected); return; end - local mechanism_list = array.collect(it.keys(sasl_handler:mechanisms())):sort(); + + -- *** The following code is copy-pasted from mod_saslauth/mod_sasl2, like requested by Zash *** + -- *** Please update, if you modify mod_saslauth or mod_sasl2! *** + local usable_mechanisms = set.new(); + local available_mechanisms = sasl_handler:mechanisms() + for mechanism in pairs(available_mechanisms) do + if disabled_mechanisms:contains(mechanism) then + module:log("debug", "Not offering disabled mechanism %s", mechanism); + elseif not event.session.secure and insecure_mechanisms:contains(mechanism) then + module:log("debug", "Not offering mechanism %s on insecure connection", mechanism); + else + module:log("debug", "Offering mechanism %s", mechanism); + usable_mechanisms:add(mechanism); + end + end + -- *** End of copy-pasted code *** + + local mechanism_list = array.collect(usable_mechanisms):sort(); local cb = sasl_handler.profile.cb; local cb_list = cb and array.collect(it.keys(cb)):sort(); local ssdp_string;
