mirror of
https://github.com/processone/ejabberd.git
synced 2024-12-20 17:27:00 +01:00
Merge pull request #325 from weiss/auth-after-tls
Don't advertise authentication mechanisms too early
This commit is contained in:
commit
8cf43cf750
@ -383,6 +383,9 @@ wait_for_stream({xmlstreamstart, _Name, Attrs}, StateData) ->
|
|||||||
send_header(StateData, Server, <<"1.0">>, DefaultLang),
|
send_header(StateData, Server, <<"1.0">>, DefaultLang),
|
||||||
case StateData#state.authenticated of
|
case StateData#state.authenticated of
|
||||||
false ->
|
false ->
|
||||||
|
TLS = StateData#state.tls,
|
||||||
|
TLSEnabled = StateData#state.tls_enabled,
|
||||||
|
TLSRequired = StateData#state.tls_required,
|
||||||
SASLState =
|
SASLState =
|
||||||
cyrsasl:server_new(
|
cyrsasl:server_new(
|
||||||
<<"jabber">>, Server, <<"">>, [],
|
<<"jabber">>, Server, <<"">>, [],
|
||||||
@ -398,12 +401,21 @@ wait_for_stream({xmlstreamstart, _Name, Attrs}, StateData) ->
|
|||||||
ejabberd_auth:check_password_with_authmodule(
|
ejabberd_auth:check_password_with_authmodule(
|
||||||
U, Server, P, D, DG)
|
U, Server, P, D, DG)
|
||||||
end),
|
end),
|
||||||
Mechs = lists:map(fun (S) ->
|
Mechs =
|
||||||
|
case TLSEnabled or not TLSRequired of
|
||||||
|
true ->
|
||||||
|
Ms = lists:map(fun (S) ->
|
||||||
#xmlel{name = <<"mechanism">>,
|
#xmlel{name = <<"mechanism">>,
|
||||||
attrs = [],
|
attrs = [],
|
||||||
children = [{xmlcdata, S}]}
|
children = [{xmlcdata, S}]}
|
||||||
end,
|
end,
|
||||||
cyrsasl:listmech(Server)),
|
cyrsasl:listmech(Server)),
|
||||||
|
[#xmlel{name = <<"mechanisms">>,
|
||||||
|
attrs = [{<<"xmlns">>, ?NS_SASL}],
|
||||||
|
children = Ms}];
|
||||||
|
false ->
|
||||||
|
[]
|
||||||
|
end,
|
||||||
SockMod =
|
SockMod =
|
||||||
(StateData#state.sockmod):get_sockmod(
|
(StateData#state.sockmod):get_sockmod(
|
||||||
StateData#state.socket),
|
StateData#state.socket),
|
||||||
@ -421,9 +433,6 @@ wait_for_stream({xmlstreamstart, _Name, Attrs}, StateData) ->
|
|||||||
_ ->
|
_ ->
|
||||||
[]
|
[]
|
||||||
end,
|
end,
|
||||||
TLS = StateData#state.tls,
|
|
||||||
TLSEnabled = StateData#state.tls_enabled,
|
|
||||||
TLSRequired = StateData#state.tls_required,
|
|
||||||
TLSFeature =
|
TLSFeature =
|
||||||
case (TLS == true) andalso
|
case (TLS == true) andalso
|
||||||
(TLSEnabled == false) andalso
|
(TLSEnabled == false) andalso
|
||||||
@ -448,10 +457,7 @@ wait_for_stream({xmlstreamstart, _Name, Attrs}, StateData) ->
|
|||||||
#xmlel{name = <<"stream:features">>,
|
#xmlel{name = <<"stream:features">>,
|
||||||
attrs = [],
|
attrs = [],
|
||||||
children =
|
children =
|
||||||
TLSFeature ++ CompressFeature ++
|
TLSFeature ++ CompressFeature ++ Mechs
|
||||||
[#xmlel{name = <<"mechanisms">>,
|
|
||||||
attrs = [{<<"xmlns">>, ?NS_SASL}],
|
|
||||||
children = Mechs}]
|
|
||||||
++
|
++
|
||||||
ejabberd_hooks:run_fold(c2s_stream_features,
|
ejabberd_hooks:run_fold(c2s_stream_features,
|
||||||
Server, [], [Server])}),
|
Server, [], [Server])}),
|
||||||
|
Loading…
Reference in New Issue
Block a user