diff options
author | Matthew Wild <mwild1@gmail.com> | 2012-07-24 10:56:47 +0100 |
---|---|---|
committer | Matthew Wild <mwild1@gmail.com> | 2012-07-24 10:56:47 +0100 |
commit | 735e98a6299ff4d5bb4792694162f2757d391610 (patch) | |
tree | 4c8785c3d1a2bee2caa5bbcf7e4ecdf76580b078 | |
parent | 3cb0187ad03c1d6414254bcce1f4d66a01b6bb5c (diff) | |
download | prosody-735e98a6299ff4d5bb4792694162f2757d391610.tar.gz prosody-735e98a6299ff4d5bb4792694162f2757d391610.zip |
mod_auth_cyrus, util.sasl_cyrus: Add new option 'cyrus_server_fqdn' to override the hostname passed to Cyrus (and used in e.g. GSSAPI/Kerberos) - fixes #295
-rw-r--r-- | plugins/mod_auth_cyrus.lua | 4 | ||||
-rw-r--r-- | util/sasl_cyrus.lua | 8 |
2 files changed, 9 insertions, 3 deletions
diff --git a/plugins/mod_auth_cyrus.lua b/plugins/mod_auth_cyrus.lua index 447fae51..e4493f04 100644 --- a/plugins/mod_auth_cyrus.lua +++ b/plugins/mod_auth_cyrus.lua @@ -14,6 +14,7 @@ local cyrus_service_realm = module:get_option("cyrus_service_realm"); local cyrus_service_name = module:get_option("cyrus_service_name"); local cyrus_application_name = module:get_option("cyrus_application_name"); local require_provisioning = module:get_option("cyrus_require_provisioning") or false; +local host_fqdn = module:get_option("cyrus_server_fqdn"); prosody.unlock_globals(); --FIXME: Figure out why this is needed and -- why cyrussasl isn't caught by the sandbox @@ -23,7 +24,8 @@ local new_sasl = function(realm) return cyrus_new( cyrus_service_realm or realm, cyrus_service_name or "xmpp", - cyrus_application_name or "prosody" + cyrus_application_name or "prosody", + host_fqdn ); end diff --git a/util/sasl_cyrus.lua b/util/sasl_cyrus.lua index 002118fd..19684587 100644 --- a/util/sasl_cyrus.lua +++ b/util/sasl_cyrus.lua @@ -78,11 +78,15 @@ local function init(service_name) end -- create a new SASL object which can be used to authenticate clients -function new(realm, service_name, app_name) +-- host_fqdn may be nil in which case gethostname() gives the value. +-- For GSSAPI, this determines the hostname in the service ticket (after +-- reverse DNS canonicalization, only if [libdefaults] rdns = true which +-- is the default). +function new(realm, service_name, app_name, host_fqdn) init(app_name or service_name); - local st, ret = pcall(cyrussasl.server_new, service_name, nil, realm, nil, nil) + local st, ret = pcall(cyrussasl.server_new, service_name, host_fqdn, realm, nil, nil) if not st then log("error", "Creating SASL server connection failed: %s", ret); return nil; |