xmpp_stream_in: Announce SASL2 over non-TLS

weiss · weiss · commit c7c0e90aa5b2 · 2024-10-01T13:54:12.000+02:00
Don't forget to announce the SASL2 feature over non-TLS connections if
the 'allow_unencrypted_sasl2' option is enabled.
diff --git a/src/xmpp_stream_in.erl b/src/xmpp_stream_in.erl
@@ -1266,17 +1266,26 @@ send_features(#{stream_version := {1,0},
     TLSAvailable = is_starttls_available(State),
     TLSRequired = is_starttls_required(State),
     Sasl2 = maps:is_key(sasl2_stream_from, State),
+    AllowUnencryptedSasl2 = allow_unencrypted_sasl2(State),
     if
 	(not Encrypted) andalso TLSRequired ->
 	    send_pkt(State, #stream_features{sub_els = get_tls_feature(State)});
 	true ->
 	    {Features, State2} =
-	    case {Encrypted, Sasl2, TLSAvailable} of
-		{true, true, _} -> {get_sasl2_feature(State), init_channel_bindings(State)};
-		{false, true, false} -> {[], disable_sasl2(State)};
-		{false, _, true} -> {get_tls_feature(State), State};
-		{true, _, _} -> {[], init_channel_bindings(State)};
-		_ -> {[], State}
+	    case {Encrypted, Sasl2, AllowUnencryptedSasl2, TLSAvailable} of
+		{false, true, true, true} ->
+		    {get_tls_feature(State) ++ get_sasl2_feature(State),
+		     init_channel_bindings(State)};
+		{_, true, _, _} when Encrypted; AllowUnencryptedSasl2 ->
+		    {get_sasl2_feature(State), init_channel_bindings(State)};
+		{false, true, false, false} ->
+		    {[], disable_sasl2(State)};
+		{false, _, _, true} ->
+		    {get_tls_feature(State), State};
+		{true, _, _, _} ->
+		    {[], init_channel_bindings(State)};
+		_ ->
+		    {[], State}
 	    end,
 	    Features2 =
 		get_sasl_feature(State2) ++
