diff options
author | Waqas Hussain <waqas20@gmail.com> | 2010-07-31 13:49:22 +0500 |
---|---|---|
committer | Waqas Hussain <waqas20@gmail.com> | 2010-07-31 13:49:22 +0500 |
commit | f1fed4a75da40f8bd8c15f11664009bcbd21898a (patch) | |
tree | 5a5f7201e313e28519cebda5ae814069a805082d | |
parent | 9da343682eac98108a4bf64620164073556a5027 (diff) | |
download | prosody-f1fed4a75da40f8bd8c15f11664009bcbd21898a.tar.gz prosody-f1fed4a75da40f8bd8c15f11664009bcbd21898a.zip |
mod_saslauth: Move mandatory encryption enforcement to before sasl_handler:select().
-rw-r--r-- | plugins/mod_saslauth.lua | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index a02c1ec4..f77f51ca 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -119,13 +119,13 @@ local function sasl_handler(session, stanza) elseif stanza.attr.mechanism == "ANONYMOUS" then return session.send(build_reply("failure", "mechanism-too-weak")); end + if secure_auth_only and not session.secure then + return session.send(build_reply("failure", "encryption-required")); + end local valid_mechanism = session.sasl_handler:select(stanza.attr.mechanism); if not valid_mechanism then return session.send(build_reply("failure", "invalid-mechanism")); end - if secure_auth_only and not session.secure then - return session.send(build_reply("failure", "encryption-required")); - end elseif not session.sasl_handler then return; -- FIXME ignoring out of order stanzas because ejabberd does end |