comparison mod_sasl2/mod_sasl2.lua @ 6524:aaf92bf929e5

mod_sasl2: Advertise stream limits after auth
author Matthew Wild <mwild1@gmail.com>
date Thu, 30 Apr 2026 10:53:14 +0100
parents 045abdc53ba4
children
comparison
equal deleted inserted replaced
6523:c9836434a9d5 6524:aaf92bf929e5
20 20
21 local secure_auth_only = module:get_option_boolean("c2s_require_encryption", module:get_option_boolean("require_encryption", true)); 21 local secure_auth_only = module:get_option_boolean("c2s_require_encryption", module:get_option_boolean("require_encryption", true));
22 local allow_unencrypted_plain_auth = module:get_option_boolean("allow_unencrypted_plain_auth", false) 22 local allow_unencrypted_plain_auth = module:get_option_boolean("allow_unencrypted_plain_auth", false)
23 local insecure_mechanisms = module:get_option_set("insecure_sasl_mechanisms", allow_unencrypted_plain_auth and {} or {"PLAIN", "LOGIN"}); 23 local insecure_mechanisms = module:get_option_set("insecure_sasl_mechanisms", allow_unencrypted_plain_auth and {} or {"PLAIN", "LOGIN"});
24 local disabled_mechanisms = module:get_option_set("disable_sasl_mechanisms", { "DIGEST-MD5" }); 24 local disabled_mechanisms = module:get_option_set("disable_sasl_mechanisms", { "DIGEST-MD5" });
25
26 local advertised_idle_timeout = 14*60; -- default in all net.server implementations
27 local network_settings = module:get_option("network_settings");
28 if type(network_settings) == "table" and type(network_settings.read_timeout) == "number" then
29 advertised_idle_timeout = network_settings.read_timeout;
30 end
25 31
26 local host = module.host; 32 local host = module.host;
27 33
28 local function tls_unique(self) 34 local function tls_unique(self)
29 return self.userdata["tls-unique"]:ssl_peerfinished(); 35 return self.userdata["tls-unique"]:ssl_peerfinished();
173 module:hook("sasl2/c2s/success", function (event) 179 module:hook("sasl2/c2s/success", function (event)
174 module:fire_event("authentication-success", event); 180 module:fire_event("authentication-success", event);
175 local session = event.session; 181 local session = event.session;
176 local features = st.stanza("stream:features"); 182 local features = st.stanza("stream:features");
177 module:fire_event("stream-features", { origin = session, features = features }); 183 module:fire_event("stream-features", { origin = session, features = features });
184 if session.stanza_size_limit or advertised_idle_timeout then
185 features:reset();
186 local limits = features:tag("limits", { xmlns = "urn:xmpp:stream-limits:0" });
187 if session.stanza_size_limit then
188 limits:text_tag("max-bytes", string.format("%d", session.stanza_size_limit));
189 end
190 if advertised_idle_timeout then
191 limits:text_tag("idle-seconds", string.format("%d", advertised_idle_timeout));
192 end
193 limits:reset();
194 end
178 session.send(features); 195 session.send(features);
179 end, -1500); 196 end, -1500);
180 197
181 -- The gap here is to allow modules to do stuff to the stream after the stanza 198 -- The gap here is to allow modules to do stuff to the stream after the stanza
182 -- is sent, but before we proceed with anything else. This is expected to be 199 -- is sent, but before we proceed with anything else. This is expected to be