2 files changed, 4 insertions, 3 deletions

diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua
index 7cb93c46..52ef68c7 100644
--- a/plugins/mod_saslauth.lua
+++ b/plugins/mod_saslauth.lua
@@ -64,14 +64,14 @@ local function handle_status(session, status)
 	end
 end
 
-local function password_callback(node, host, mechanism)
+local function password_callback(node, host, mechanism, raw_host)
 	local password = (datamanager.load(node, host, "accounts") or {}).password; -- FIXME handle hashed passwords
 	local func = function(x) return x; end;
 	if password then
 		if mechanism == "PLAIN" then
 			return func, password;
 		elseif mechanism == "DIGEST-MD5" then
-			return func, md5(node..":"..host..":"..password);
+			return func, md5(node..":"..raw_host..":"..password);
 		end
 	end
 	return func, nil;
diff --git a/util/sasl.lua b/util/sasl.lua
index 7983a3c2..ab8b814b 100644
--- a/util/sasl.lua
+++ b/util/sasl.lua
@@ -144,6 +144,7 @@ local function new_digest_md5(realm, password_handler)
 			if not response["qop"] then response["qop"] = "auth" end
 			
 			if response["realm"] == nil then response["realm"] = "" end
+			local raw_realm = response["realm"];
 			
 			if response["charset"] == nil then
 				response["username"] = latin1toutf8(response["username"])
@@ -163,7 +164,7 @@ local function new_digest_md5(realm, password_handler)
 			
 			--TODO maybe realm support
 			self.username = response["username"]
-			local password_encoding, Y = self.password_handler(response["username"], response["realm"], "DIGEST-MD5")
+			local password_encoding, Y = self.password_handler(response["username"], response["realm"], "DIGEST-MD5", raw_realm)
 			if Y == nil then return "failure", "not-authorized"
 			elseif Y == false then return "failure", "account-disabled" end