From f1fed4a75da40f8bd8c15f11664009bcbd21898a Mon Sep 17 00:00:00 2001
From: Waqas Hussain <waqas20@gmail.com>
Date: Sat, 31 Jul 2010 13:49:22 +0500
Subject: mod_saslauth: Move mandatory encryption enforcement to before
 sasl_handler:select().

---
 plugins/mod_saslauth.lua | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua
index a02c1ec4..f77f51ca 100644
--- a/plugins/mod_saslauth.lua
+++ b/plugins/mod_saslauth.lua
@@ -119,13 +119,13 @@ local function sasl_handler(session, stanza)
 		elseif stanza.attr.mechanism == "ANONYMOUS" then
 			return session.send(build_reply("failure", "mechanism-too-weak"));
 		end
+		if secure_auth_only and not session.secure then
+			return session.send(build_reply("failure", "encryption-required"));
+		end
 		local valid_mechanism = session.sasl_handler:select(stanza.attr.mechanism);
 		if not valid_mechanism then
 			return session.send(build_reply("failure", "invalid-mechanism"));
 		end
-		if secure_auth_only and not session.secure then
-			return session.send(build_reply("failure", "encryption-required"));
-		end
 	elseif not session.sasl_handler then
 		return; -- FIXME ignoring out of order stanzas because ejabberd does
 	end
-- 
cgit v1.2.3