From 90fa7296e47fa3439f9842b6904c35dba48364e7 Mon Sep 17 00:00:00 2001
From: Matthew Wild <mwild1@gmail.com>
Date: Sat, 7 Mar 2009 20:17:09 +0000
Subject: mod_saslauth: Disable SASL ANONYMOUS unless explicitly enabled with
 sasl_anonymous = true

---
 plugins/mod_saslauth.lua | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'plugins')

diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua
index ed19a150..4804607b 100644
--- a/plugins/mod_saslauth.lua
+++ b/plugins/mod_saslauth.lua
@@ -17,6 +17,7 @@ local t_concat, t_insert = table.concat, table.insert;
 local tostring = tostring;
 local jid_split = require "util.jid".split
 local md5 = require "util.hashes".md5;
+local config = require "core.configmanager";
 
 local log = require "util.logger".init("mod_saslauth");
 
@@ -106,7 +107,9 @@ module:add_event_hook("stream-features",
 				-- TODO: Provide PLAIN only if TLS is active, this is a SHOULD from the introduction of RFC 4616. This behavior could be overridden via configuration but will issuing a warning or so.
 					features:tag("mechanism"):text("PLAIN"):up();
 					features:tag("mechanism"):text("DIGEST-MD5"):up();
-					features:tag("mechanism"):text("ANONYMOUS"):up();
+					if config.get(session.host or "*", "core", "sasl_anonymous") then
+						features:tag("mechanism"):text("ANONYMOUS"):up();
+					end
 				features:up();
 			else
 				features:tag("bind", bind_attr):tag("required"):up():up();
-- 
cgit v1.2.3