diff options
| -rw-r--r-- | plugins/mod_saslauth.lua | 5 | ||||
| -rw-r--r-- | util/sasl_cyrus.lua | 10 |
2 files changed, 13 insertions, 2 deletions
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index 0cae5833..1143549a 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -161,10 +161,11 @@ module:hook("stream-features", function(event) if secure_auth_only and not origin.secure then return; end + local realm = module:get_option("sasl_realm") or origin.host; if module:get_option("anonymous_login") then - origin.sasl_handler = new_sasl(origin.host, anonymous_authentication_profile); + origin.sasl_handler = new_sasl(realm, anonymous_authentication_profile); else - origin.sasl_handler = new_sasl(origin.host, default_authentication_profile); + origin.sasl_handler = new_sasl(realm, default_authentication_profile); if not (module:get_option("allow_unencrypted_plain_auth")) and not origin.secure then origin.sasl_handler:forbidden({"PLAIN"}); end diff --git a/util/sasl_cyrus.lua b/util/sasl_cyrus.lua index 132da533..d011e08b 100644 --- a/util/sasl_cyrus.lua +++ b/util/sasl_cyrus.lua @@ -53,6 +53,16 @@ function new(realm, service_name) sasl_i.realm = realm; sasl_i.service_name = service_name; sasl_i.cyrus = cyrussasl.server_new(service_name, nil, realm, nil, nil) + + if cyrussasl.set_canon_cb then + local c14n_cb = function (user) + local node = s_match(user, "^([^@]+)"); + log("debug", "Canonicalizing username %s to %s", user, node) + return node + end + cyrussasl.set_canon_cb(sasl_i.cyrus, c14n_cb); + end + if sasl_i.cyrus == 0 then log("error", "got NULL return value from server_new") return nil; |