18 local t_concat, t_insert = table.concat, table.insert; |
18 local t_concat, t_insert = table.concat, table.insert; |
19 local tostring = tostring; |
19 local tostring = tostring; |
20 local jid_split = require "util.jid".split |
20 local jid_split = require "util.jid".split |
21 local md5 = require "util.hashes".md5; |
21 local md5 = require "util.hashes".md5; |
22 local config = require "core.configmanager"; |
22 local config = require "core.configmanager"; |
|
23 |
|
24 local secure_auth_only = config.get(module:get_host(), "core", "require_encryption"); |
23 |
25 |
24 local log = module._log; |
26 local log = module._log; |
25 |
27 |
26 local xmlns_sasl ='urn:ietf:params:xml:ns:xmpp-sasl'; |
28 local xmlns_sasl ='urn:ietf:params:xml:ns:xmpp-sasl'; |
27 local xmlns_bind ='urn:ietf:params:xml:ns:xmpp-bind'; |
29 local xmlns_bind ='urn:ietf:params:xml:ns:xmpp-bind'; |
117 local mechanisms_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-sasl' }; |
119 local mechanisms_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-sasl' }; |
118 local bind_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-bind' }; |
120 local bind_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-bind' }; |
119 local xmpp_session_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-session' }; |
121 local xmpp_session_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-session' }; |
120 module:add_event_hook("stream-features", |
122 module:add_event_hook("stream-features", |
121 function (session, features) |
123 function (session, features) |
122 if not session.username then |
124 if not session.username and ((not secure_auth_only) or session.secure) then |
123 features:tag("mechanisms", mechanisms_attr); |
125 features:tag("mechanisms", mechanisms_attr); |
124 -- TODO: Provide PLAIN only if TLS is active, this is a SHOULD from the introduction of RFC 4616. This behavior could be overridden via configuration but will issuing a warning or so. |
126 -- TODO: Provide PLAIN only if TLS is active, this is a SHOULD from the introduction of RFC 4616. This behavior could be overridden via configuration but will issuing a warning or so. |
125 if config.get(session.host or "*", "core", "anonymous_login") then |
127 if config.get(session.host or "*", "core", "anonymous_login") then |
126 features:tag("mechanism"):text("ANONYMOUS"):up(); |
128 features:tag("mechanism"):text("ANONYMOUS"):up(); |
127 else |
129 else |