aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWaqas Hussain <waqas20@gmail.com>2010-07-31 13:55:46 +0500
committerWaqas Hussain <waqas20@gmail.com>2010-07-31 13:55:46 +0500
commit0479f87585099747b3c14fd5a0e91889868790d0 (patch)
treef4752bf9e1ed0a6639eb223f64c62c53baa42e24
parentf1fed4a75da40f8bd8c15f11664009bcbd21898a (diff)
downloadprosody-0479f87585099747b3c14fd5a0e91889868790d0.tar.gz
prosody-0479f87585099747b3c14fd5a0e91889868790d0.zip
mod_saslauth: Check for unencrypted PLAIN auth in mod_saslauth instead of the SASL handler (makes it work for Cyrus SASL).
-rw-r--r--plugins/mod_saslauth.lua12
1 files changed, 6 insertions, 6 deletions
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua
index f77f51ca..fac58db6 100644
--- a/plugins/mod_saslauth.lua
+++ b/plugins/mod_saslauth.lua
@@ -22,6 +22,7 @@ local tostring = tostring;
local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption");
local sasl_backend = module:get_option("sasl_backend") or "builtin";
local anonymous_login = module:get_option("anonymous_login");
+local allow_unencrypted_plain_auth = module:get_option("allow_unencrypted_plain_auth")
-- Cyrus config options
local require_provisioning = module:get_option("cyrus_require_provisioning") or false;
@@ -119,7 +120,7 @@ local function sasl_handler(session, stanza)
elseif stanza.attr.mechanism == "ANONYMOUS" then
return session.send(build_reply("failure", "mechanism-too-weak"));
end
- if secure_auth_only and not session.secure then
+ if not session.secure and (secure_auth_only or (mechanism == "PLAIN" and not allow_unencrypted_plain_auth)) then
return session.send(build_reply("failure", "encryption-required"));
end
local valid_mechanism = session.sasl_handler:select(stanza.attr.mechanism);
@@ -163,13 +164,12 @@ module:hook("stream-features", function(event)
origin.sasl_handler = new_sasl(module.host, anonymous_authentication_profile);
else
origin.sasl_handler = usermanager_get_sasl_handler(module.host);
- if not (module:get_option("allow_unencrypted_plain_auth")) and not origin.secure then
- origin.sasl_handler:forbidden({"PLAIN"});
- end
end
features:tag("mechanisms", mechanisms_attr);
- for k in pairs(origin.sasl_handler:mechanisms()) do
- features:tag("mechanism"):text(k):up();
+ for mechanism in pairs(origin.sasl_handler:mechanisms()) do
+ if mechanism ~= "PLAIN" or origin.secure or allow_unencrypted_plain_auth then
+ features:tag("mechanism"):text(mechanism):up();
+ end
end
features:up();
else