Provide SASL PLAIN mechanism only if TLS is active.

author: Tobias Markmann <tm@ayena.de> 2009-11-18 23:26:35 +0100
committer: Tobias Markmann <tm@ayena.de> 2009-11-18 23:26:35 +0100
commit: 74de4e38040d61d111b875a65bcb705a7047ef77 (patch)
tree: eac90af54cbf6da8191118ece2a5a38a5a20c499 /plugins
parent: 406173262fb1ecc313db90d11134f2e5b50bd2d4 (diff)
download: prosody-74de4e38040d61d111b875a65bcb705a7047ef77.tar.gz
prosody-74de4e38040d61d111b875a65bcb705a7047ef77.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua
index 641b08f0..d595fd24 100644
--- a/plugins/mod_saslauth.lua
+++ b/plugins/mod_saslauth.lua
@@ -141,9 +141,11 @@ module:add_event_hook("stream-features",
 					session.sasl_handler = new_sasl(session.host, anonymous_authentication_profile);
 				else
 					session.sasl_handler = new_sasl(session.host, default_authentication_profile);
+					if not session.secure then 
+						session.sasl_handler:forbidden({"PLAIN"});
+					end
 				end
 				features:tag("mechanisms", mechanisms_attr);
-				-- TODO: Provide PLAIN only if TLS is active, this is a SHOULD from the introduction of RFC 4616. This behavior could be overridden via configuration but will issuing a warning or so.
 				for k, v in pairs(session.sasl_handler:mechanisms()) do
 					features:tag("mechanism"):text(v):up();
 				end
author	Tobias Markmann <tm@ayena.de>	2009-11-18 23:26:35 +0100
committer	Tobias Markmann <tm@ayena.de>	2009-11-18 23:26:35 +0100
commit	74de4e38040d61d111b875a65bcb705a7047ef77 (patch)
tree	eac90af54cbf6da8191118ece2a5a38a5a20c499 /plugins
parent	406173262fb1ecc313db90d11134f2e5b50bd2d4 (diff)
download	prosody-74de4e38040d61d111b875a65bcb705a7047ef77.tar.gz prosody-74de4e38040d61d111b875a65bcb705a7047ef77.zip