Mercurial > prosody-modules
comparison mod_sasl2/mod_sasl2.lua @ 6524:aaf92bf929e5
mod_sasl2: Advertise stream limits after auth
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Thu, 30 Apr 2026 10:53:14 +0100 |
| parents | 045abdc53ba4 |
| children |
comparison
equal
deleted
inserted
replaced
| 6523:c9836434a9d5 | 6524:aaf92bf929e5 |
|---|---|
| 20 | 20 |
| 21 local secure_auth_only = module:get_option_boolean("c2s_require_encryption", module:get_option_boolean("require_encryption", true)); | 21 local secure_auth_only = module:get_option_boolean("c2s_require_encryption", module:get_option_boolean("require_encryption", true)); |
| 22 local allow_unencrypted_plain_auth = module:get_option_boolean("allow_unencrypted_plain_auth", false) | 22 local allow_unencrypted_plain_auth = module:get_option_boolean("allow_unencrypted_plain_auth", false) |
| 23 local insecure_mechanisms = module:get_option_set("insecure_sasl_mechanisms", allow_unencrypted_plain_auth and {} or {"PLAIN", "LOGIN"}); | 23 local insecure_mechanisms = module:get_option_set("insecure_sasl_mechanisms", allow_unencrypted_plain_auth and {} or {"PLAIN", "LOGIN"}); |
| 24 local disabled_mechanisms = module:get_option_set("disable_sasl_mechanisms", { "DIGEST-MD5" }); | 24 local disabled_mechanisms = module:get_option_set("disable_sasl_mechanisms", { "DIGEST-MD5" }); |
| 25 | |
| 26 local advertised_idle_timeout = 14*60; -- default in all net.server implementations | |
| 27 local network_settings = module:get_option("network_settings"); | |
| 28 if type(network_settings) == "table" and type(network_settings.read_timeout) == "number" then | |
| 29 advertised_idle_timeout = network_settings.read_timeout; | |
| 30 end | |
| 25 | 31 |
| 26 local host = module.host; | 32 local host = module.host; |
| 27 | 33 |
| 28 local function tls_unique(self) | 34 local function tls_unique(self) |
| 29 return self.userdata["tls-unique"]:ssl_peerfinished(); | 35 return self.userdata["tls-unique"]:ssl_peerfinished(); |
| 173 module:hook("sasl2/c2s/success", function (event) | 179 module:hook("sasl2/c2s/success", function (event) |
| 174 module:fire_event("authentication-success", event); | 180 module:fire_event("authentication-success", event); |
| 175 local session = event.session; | 181 local session = event.session; |
| 176 local features = st.stanza("stream:features"); | 182 local features = st.stanza("stream:features"); |
| 177 module:fire_event("stream-features", { origin = session, features = features }); | 183 module:fire_event("stream-features", { origin = session, features = features }); |
| 184 if session.stanza_size_limit or advertised_idle_timeout then | |
| 185 features:reset(); | |
| 186 local limits = features:tag("limits", { xmlns = "urn:xmpp:stream-limits:0" }); | |
| 187 if session.stanza_size_limit then | |
| 188 limits:text_tag("max-bytes", string.format("%d", session.stanza_size_limit)); | |
| 189 end | |
| 190 if advertised_idle_timeout then | |
| 191 limits:text_tag("idle-seconds", string.format("%d", advertised_idle_timeout)); | |
| 192 end | |
| 193 limits:reset(); | |
| 194 end | |
| 178 session.send(features); | 195 session.send(features); |
| 179 end, -1500); | 196 end, -1500); |
| 180 | 197 |
| 181 -- The gap here is to allow modules to do stuff to the stream after the stanza | 198 -- The gap here is to allow modules to do stuff to the stream after the stanza |
| 182 -- is sent, but before we proceed with anything else. This is expected to be | 199 -- is sent, but before we proceed with anything else. This is expected to be |
