aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2012-07-24 10:56:47 +0100
committerMatthew Wild <mwild1@gmail.com>2012-07-24 10:56:47 +0100
commit735e98a6299ff4d5bb4792694162f2757d391610 (patch)
tree4c8785c3d1a2bee2caa5bbcf7e4ecdf76580b078
parent3cb0187ad03c1d6414254bcce1f4d66a01b6bb5c (diff)
downloadprosody-735e98a6299ff4d5bb4792694162f2757d391610.tar.gz
prosody-735e98a6299ff4d5bb4792694162f2757d391610.zip
mod_auth_cyrus, util.sasl_cyrus: Add new option 'cyrus_server_fqdn' to override the hostname passed to Cyrus (and used in e.g. GSSAPI/Kerberos) - fixes #295
-rw-r--r--plugins/mod_auth_cyrus.lua4
-rw-r--r--util/sasl_cyrus.lua8
2 files changed, 9 insertions, 3 deletions
diff --git a/plugins/mod_auth_cyrus.lua b/plugins/mod_auth_cyrus.lua
index 447fae51..e4493f04 100644
--- a/plugins/mod_auth_cyrus.lua
+++ b/plugins/mod_auth_cyrus.lua
@@ -14,6 +14,7 @@ local cyrus_service_realm = module:get_option("cyrus_service_realm");
local cyrus_service_name = module:get_option("cyrus_service_name");
local cyrus_application_name = module:get_option("cyrus_application_name");
local require_provisioning = module:get_option("cyrus_require_provisioning") or false;
+local host_fqdn = module:get_option("cyrus_server_fqdn");
prosody.unlock_globals(); --FIXME: Figure out why this is needed and
-- why cyrussasl isn't caught by the sandbox
@@ -23,7 +24,8 @@ local new_sasl = function(realm)
return cyrus_new(
cyrus_service_realm or realm,
cyrus_service_name or "xmpp",
- cyrus_application_name or "prosody"
+ cyrus_application_name or "prosody",
+ host_fqdn
);
end
diff --git a/util/sasl_cyrus.lua b/util/sasl_cyrus.lua
index 002118fd..19684587 100644
--- a/util/sasl_cyrus.lua
+++ b/util/sasl_cyrus.lua
@@ -78,11 +78,15 @@ local function init(service_name)
end
-- create a new SASL object which can be used to authenticate clients
-function new(realm, service_name, app_name)
+-- host_fqdn may be nil in which case gethostname() gives the value.
+-- For GSSAPI, this determines the hostname in the service ticket (after
+-- reverse DNS canonicalization, only if [libdefaults] rdns = true which
+-- is the default).
+function new(realm, service_name, app_name, host_fqdn)
init(app_name or service_name);
- local st, ret = pcall(cyrussasl.server_new, service_name, nil, realm, nil, nil)
+ local st, ret = pcall(cyrussasl.server_new, service_name, host_fqdn, realm, nil, nil)
if not st then
log("error", "Creating SASL server connection failed: %s", ret);
return nil;