New option: disable_sasl_mechanisms

The new "disable_sasl_mechanisms" option allows for restricting the list of SASL mechanisms offered to the client. Closes #339.
author: Holger Weiss <holger@zedat.fu-berlin.de> 2014-11-10 01:10:04 +0100
committer: Holger Weiss <holger@zedat.fu-berlin.de> 2014-11-10 01:10:04 +0100
commit: ee0ecd241926b9720c42954f1e978fd54f771a59 (patch)
tree: c0b8708e7465aeafe4cdf6f9f2af389fd3425a29 /src
parent: Add xref test to travis. (diff)
1 files changed, 25 insertions, 3 deletions
diff --git a/src/cyrsasl.erl b/src/cyrsasl.erl
index f404a7afb..db2160ca9 100644
--- a/src/cyrsasl.erl
+++ b/src/cyrsasl.erl
@@ -93,9 +93,15 @@ start() ->
 ).
 
 register_mechanism(Mechanism, Module, PasswordType) ->
-    ets:insert(sasl_mechanism,
-	       #sasl_mechanism{mechanism = Mechanism, module = Module,
-			       password_type = PasswordType}).
+    case is_disabled(Mechanism) of
+      false ->
+	  ets:insert(sasl_mechanism,
+		     #sasl_mechanism{mechanism = Mechanism, module = Module,
+				     password_type = PasswordType});
+      true ->
+	  ?DEBUG("SASL mechanism ~p is disabled", [Mechanism]),
+	  true
+    end.
 
 %%% TODO: use callbacks
 %%-include("ejabberd.hrl").
@@ -215,3 +221,19 @@ filter_anonymous(Host, Mechs) ->
       true  -> Mechs;
       false -> Mechs -- [<<"ANONYMOUS">>]
     end.
+
+-spec(is_disabled/1 ::
+(
+  Mechanism :: mechanism())
+    -> boolean()
+).
+
+is_disabled(Mechanism) ->
+    Disabled = ejabberd_config:get_option(
+		 disable_sasl_mechanisms,
+		 fun(V) when is_list(V) ->
+			 lists:map(fun(M) -> str:to_upper(M) end, V);
+		    (V) ->
+			 [str:to_upper(V)]
+		 end, []),
+    lists:member(Mechanism, Disabled).
author	Holger Weiss <holger@zedat.fu-berlin.de>	2014-11-10 01:10:04 +0100
committer	Holger Weiss <holger@zedat.fu-berlin.de>	2014-11-10 01:10:04 +0100
commit	ee0ecd241926b9720c42954f1e978fd54f771a59 (patch)
tree	c0b8708e7465aeafe4cdf6f9f2af389fd3425a29 /src
parent	Add xref test to travis. (diff)