25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-12-20 17:27:00 +01:00

Merge pull request #325 from weiss/auth-after-tls

Don't advertise authentication mechanisms too early
This commit is contained in:
Evgeny Khramtsov 2014-10-23 14:56:15 +04:00
commit 8cf43cf750

View File

@ -383,6 +383,9 @@ wait_for_stream({xmlstreamstart, _Name, Attrs}, StateData) ->
send_header(StateData, Server, <<"1.0">>, DefaultLang), send_header(StateData, Server, <<"1.0">>, DefaultLang),
case StateData#state.authenticated of case StateData#state.authenticated of
false -> false ->
TLS = StateData#state.tls,
TLSEnabled = StateData#state.tls_enabled,
TLSRequired = StateData#state.tls_required,
SASLState = SASLState =
cyrsasl:server_new( cyrsasl:server_new(
<<"jabber">>, Server, <<"">>, [], <<"jabber">>, Server, <<"">>, [],
@ -398,12 +401,21 @@ wait_for_stream({xmlstreamstart, _Name, Attrs}, StateData) ->
ejabberd_auth:check_password_with_authmodule( ejabberd_auth:check_password_with_authmodule(
U, Server, P, D, DG) U, Server, P, D, DG)
end), end),
Mechs = lists:map(fun (S) -> Mechs =
case TLSEnabled or not TLSRequired of
true ->
Ms = lists:map(fun (S) ->
#xmlel{name = <<"mechanism">>, #xmlel{name = <<"mechanism">>,
attrs = [], attrs = [],
children = [{xmlcdata, S}]} children = [{xmlcdata, S}]}
end, end,
cyrsasl:listmech(Server)), cyrsasl:listmech(Server)),
[#xmlel{name = <<"mechanisms">>,
attrs = [{<<"xmlns">>, ?NS_SASL}],
children = Ms}];
false ->
[]
end,
SockMod = SockMod =
(StateData#state.sockmod):get_sockmod( (StateData#state.sockmod):get_sockmod(
StateData#state.socket), StateData#state.socket),
@ -421,9 +433,6 @@ wait_for_stream({xmlstreamstart, _Name, Attrs}, StateData) ->
_ -> _ ->
[] []
end, end,
TLS = StateData#state.tls,
TLSEnabled = StateData#state.tls_enabled,
TLSRequired = StateData#state.tls_required,
TLSFeature = TLSFeature =
case (TLS == true) andalso case (TLS == true) andalso
(TLSEnabled == false) andalso (TLSEnabled == false) andalso
@ -448,10 +457,7 @@ wait_for_stream({xmlstreamstart, _Name, Attrs}, StateData) ->
#xmlel{name = <<"stream:features">>, #xmlel{name = <<"stream:features">>,
attrs = [], attrs = [],
children = children =
TLSFeature ++ CompressFeature ++ TLSFeature ++ CompressFeature ++ Mechs
[#xmlel{name = <<"mechanisms">>,
attrs = [{<<"xmlns">>, ?NS_SASL}],
children = Mechs}]
++ ++
ejabberd_hooks:run_fold(c2s_stream_features, ejabberd_hooks:run_fold(c2s_stream_features,
Server, [], [Server])}), Server, [], [Server])}),