prosody

Commit Graph

Author	SHA1	Message	Date
Matthew Wild	067a0ad4d8	usermanager, mod_saslauth: Default to internal_hashed if no auth module specified The default config was updated in this way long ago, but if no option was present in the config, Prosody would load internal_plain. This change can result in changes (for the better) for people using very old configuration files lacking an 'authentication' setting.	4 years ago
Kim Alvefur	73d1bb1218	various: Require encryption by default for real These options have been specified (and enabled) in the default config file for a long time. However if unspecified in the config, they were not enabled. Now they are. This may result in a change of behaviour for people using very old config files that lack the require_encryption options. But that's what we want.	4 years ago
Kim Alvefur	f1550b900d	mod_saslauth: Use a defined SASL error	5 years ago
Kim Alvefur	139cafdbaf	mod_saslauth: Improve code style This many returns deserve their own line. `session["sasl_handler"]` style isn't used anywhere else.	5 years ago
tmolitor	a7cc31c6bb	mod_saslauth: Don't throw errors in async code when connections are gone Fixes #1515	5 years ago
Kim Alvefur	15b64ea4ff	mod_saslauth: Only advertise channel binding if a finished message is available In some cases this method returns nothing, unclear why.	5 years ago
Kim Alvefur	b62216fab3	mod_saslauth: Disable 'tls-unique' channel binding with TLS 1.3 (closes #1542 ) The 'tls-unique' channel binding is undefined in TLS 1.3 according to a single sentence in parenthesis in Apendix C of RFC 8446 This may trigger downgrade protection in clients that were expecting channel binding to be available.	5 years ago
Jonas Schäfer	f18e33228d	s2s et al.: Add counters for connection state transitions	5 years ago
Matthew Wild	cfa4181982	mod_saslauth: Pass through any auth scope from the SASL handler to sessionmanager.make_authenticated()	6 years ago
Kim Alvefur	9589da30b6	mod_saslauth: Set a nicer bounce error explaining SASL EXTERNAL failures Better than the previous string concatenation of SASL failure condition and optional text sent by the remote server. Would be nice to have a text per condition, other than the probably most common 'not-authorized'.	6 years ago
Kim Alvefur	0de6ce740e	mod_saslauth: Collect SASL EXTERNAL failures into an util.error object Will be easier than that concatenated string to extract info out of for use elsewhere.	6 years ago
Kim Alvefur	4053cdb848	mod_saslauth: Advertise correct set of mechanisms Mistakenly iterates over the set of all supported mechanisms instead of the one without insecure mechanisms if the connection is insecure. Not a problem if c2s_require_encryption is true Introduced in 56a0f68b7797	6 years ago
Kim Alvefur	4d28443876	mod_saslauth: Demote "no SASL mechanisms" error back to warning This gets printed before TLS if c2s_require_encryption = false, in which case it is just annoying.	6 years ago
Kim Alvefur	57a86c0b0c	mod_saslauth: Improve logging of why no SASL mechanisms were offered	6 years ago
Kim Alvefur	668089d57c	mod_saslauth: Use the power of Set Theory to mange sets of SASL mechanisms This makes sets of excluded mechanisms easily available for use later.	6 years ago
Kim Alvefur	a375a34332	mod_saslauth: Log (debug) messages about channel binding	6 years ago
Kim Alvefur	8eb15f32e1	mod_saslauth: Remove useless debug log line Fairly useless to only log half of SASL messages. Use mod_stanza_debug instead to get the full exchange.	6 years ago
Kim Alvefur	bf566284b1	mod_saslauth: Remove commented-out debug log line	6 years ago
Kim Alvefur	f65c017ee1	Fix various spelling mistakes [codespell]	7 years ago
Kim Alvefur	40b1e3e0ed	plugins: Remove tostring call from logging Taken care of by loggingmanager now Mass-rewrite using lua pattern like `tostring%b()`	7 years ago
Kim Alvefur	e8872af8a0	mod_saslauth: Use correct varible name (thanks Roi)	9 years ago
Kim Alvefur	c1157eb0ae	mod_saslauth: Ignore unused argument [luacheck]	8 years ago
Kim Alvefur	e1542aa2ee	mod_saslauth: Use renamed API for hooking non-stanzas	8 years ago
Kim Alvefur	e925f5a34a	mod_saslauth: Pass SASL EXTERNAL failure reason on to be used in error bounces	8 years ago
Kim Alvefur	477f77e250	mod_saslauth: Close connection if no fallback kicks in on SASL EXTERNAL failure	8 years ago
Kim Alvefur	5a07b39c7f	Backed out changeset 89c42aff8510: The problem in ejabberd has reportedly been resolved and this change causes more problems than it solves (fixes #1006 )	8 years ago
Kim Alvefur	2d4c94e612	mod_saslauth: Log which mechanisms are offered	8 years ago
Kim Alvefur	3e4952567c	mod_saslauth: Remove unused argument [luacheck]	9 years ago
Kim Alvefur	66618bf09c	mod_saslauth: Fix typoed variable name [luacheck]	9 years ago
Kim Alvefur	7e3a83a35b	mod_saslauth: Switch to hook_tag from hook_stanza which was renamed in 2087d42f1e77	9 years ago
Kim Alvefur	d471c7b124	mod_saslauth: Log SASL failure reason	9 years ago
Kim Alvefur	7a2ed1a9ed	mod_saslauth: Ignore shadowing of logger [luacheck]	9 years ago
Kim Alvefur	bb3a3dfe97	mod_saslauth: Improve logging as to why when SASL is not offered	9 years ago
Kim Alvefur	39639a7c38	mod_saslauth: Cache logger in local for less typing	9 years ago
Kim Alvefur	e701756ba9	core.sessionmanager, mod_saslauth: Introduce intermediate session type for authenticated but unbound sessions so that resource binding is not treated as a normal stanza	9 years ago
Kim Alvefur	94c745e8e8	mod_saslauth: Disable DIGEST-MD5 by default (closes #515 )	10 years ago
Kim Alvefur	8e786f387d	mod_saslauth: Make it easier to support multiple channel binding methonds	11 years ago
Kim Alvefur	2ab66e784a	mod_saslauth: Break out tls-unique channel binding callback so it is instantiated once	11 years ago
Kim Alvefur	b47d9adc40	mod_saslauth: Keep sasl_handler in a local variable	11 years ago
Kim Alvefur	9722fc8c01	mod_saslauth: Better name for config option	11 years ago
Kim Alvefur	1386a2c85d	mod_saslauth: Make it possible to disable certain mechanisms	11 years ago
Kim Alvefur	83b74ac626	mod_saslauth: Add LOGIN to mechanisms not allowed over unencrypted connections as it may be offered by 3rd party authentication plugins	11 years ago
Kim Alvefur	73979a83fd	mod_saslauth: Use a configurable set of mechanisms to not allow over unencrypted connections	11 years ago
Kim Alvefur	371d996a7d	mod_saslauth: Log warning if no SASL mechanisms were offered	11 years ago
Kim Alvefur	bf13e6d88e	mod_saslauth: Use type-specific config option getters	11 years ago
Kim Alvefur	ac43c71ec2	mod_legacyauth, mod_saslauth, mod_tls: Pass require_encryption as default option to s2s_require_encryption so the later overrides the former	11 years ago
Kim Alvefur	6aec6e8425	mod_saslauth: Fix encoding of missing vs empty SASL reply messages	11 years ago
Kim Alvefur	092f833cfc	mod_saslauth: Stricter SASL EXTERNAL handling more in line with XEP-0178	11 years ago
Kim Alvefur	d33c824d1f	mod_dialback, mod_saslauth: Remove broken fallback to dialback on SASL EXTERNAL failure	11 years ago
Kim Alvefur	8003a40b0a	mod_lastactivity, mod_legacyauth, mod_presence, mod_saslauth, mod_tls: Use the newer stanza:get_child APIs and optimize away some table lookups	12 years ago

1 2 3 4 5

211 Commits (a4556fc67aa2036bc0f7d95d5f61ba7e95412304)