From 74de4e38040d61d111b875a65bcb705a7047ef77 Mon Sep 17 00:00:00 2001 From: Tobias Markmann Date: Wed, 18 Nov 2009 23:26:35 +0100 Subject: Provide SASL PLAIN mechanism only if TLS is active. --- plugins/mod_saslauth.lua | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index 641b08f0..d595fd24 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -141,9 +141,11 @@ module:add_event_hook("stream-features", session.sasl_handler = new_sasl(session.host, anonymous_authentication_profile); else session.sasl_handler = new_sasl(session.host, default_authentication_profile); + if not session.secure then + session.sasl_handler:forbidden({"PLAIN"}); + end end features:tag("mechanisms", mechanisms_attr); - -- TODO: Provide PLAIN only if TLS is active, this is a SHOULD from the introduction of RFC 4616. This behavior could be overridden via configuration but will issuing a warning or so. for k, v in pairs(session.sasl_handler:mechanisms()) do features:tag("mechanism"):text(v):up(); end -- cgit v1.2.3