prosody
de3edab7551d
plugins/mod_saslauth.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

plugins/mod_saslauth.lua @ 2204:de3edab7551d

Provide SASL PLAIN mechanism only if TLS is active.
author Tobias Markmann <tm@ayena.de>
date Wed, 18 Nov 2009 23:26:35 +0100
parent 2193:8fbbdb11a520
child 2207:7ef74b2be8f8
comparison
equal deleted inserted replaced
2203:812130099ab2 2204:de3edab7551d
139 end 139 end
140 if config.get(session.host or "*", "core", "anonymous_login") then 140 if config.get(session.host or "*", "core", "anonymous_login") then
141 session.sasl_handler = new_sasl(session.host, anonymous_authentication_profile); 141 session.sasl_handler = new_sasl(session.host, anonymous_authentication_profile);
142 else 142 else
143 session.sasl_handler = new_sasl(session.host, default_authentication_profile); 143 session.sasl_handler = new_sasl(session.host, default_authentication_profile);
144 if not session.secure then
145 session.sasl_handler:forbidden({"PLAIN"});
146 end
144 end 147 end
145 features:tag("mechanisms", mechanisms_attr); 148 features:tag("mechanisms", mechanisms_attr);
146 -- TODO: Provide PLAIN only if TLS is active, this is a SHOULD from the introduction of RFC 4616. This behavior could be overridden via configuration but will issuing a warning or so.
147 for k, v in pairs(session.sasl_handler:mechanisms()) do 149 for k, v in pairs(session.sasl_handler:mechanisms()) do
148 features:tag("mechanism"):text(v):up(); 150 features:tag("mechanism"):text(v):up();
149 end 151 end
150 features:up(); 152 features:up();
151 else 153 else