Diff

--- a/plugins/mod_saslauth.lua	Thu Nov 20 09:02:23 2014 +0000
+++ b/plugins/mod_saslauth.lua	Thu Nov 20 15:01:47 2014 +0100
@@ -214,6 +214,10 @@
 	return true;
 end);
 
+local function tls_unique(self)
+	return self.userdata["tls-unique"]:getpeerfinished();
+end
+
 local mechanisms_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-sasl' };
 local bind_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-bind' };
 local xmpp_session_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-session' };
@@ -223,19 +227,23 @@
 		if secure_auth_only and not origin.secure then
 			return;
 		end
-		origin.sasl_handler = usermanager_get_sasl_handler(module.host, origin);
+		local sasl_handler = usermanager_get_sasl_handler(module.host, origin)
+		origin.sasl_handler = sasl_handler;
 		if origin.encrypted then
 			-- check wether LuaSec has the nifty binding to the function needed for tls-unique
 			-- FIXME: would be nice to have this check only once and not for every socket
-			if origin.conn:socket().getpeerfinished and origin.sasl_handler.add_cb_handler then
-				origin.sasl_handler:add_cb_handler("tls-unique", function(self)
-					return self.userdata:getpeerfinished();
-				end);
-				origin.sasl_handler["userdata"] = origin.conn:socket();
+			if sasl_handler.add_cb_handler then
+				local socket = origin.conn:socket();
+				if socket.getpeerfinished then
+					sasl_handler:add_cb_handler("tls-unique", tls_unique);
+				end
+				sasl_handler["userdata"] = {
+					["tls-unique"] = socket;
+				};
 			end
 		end
 		local mechanisms = st.stanza("mechanisms", mechanisms_attr);
-		for mechanism in pairs(origin.sasl_handler:mechanisms()) do
+		for mechanism in pairs(sasl_handler:mechanisms()) do
 			if (not disabled_mechanisms:contains(mechanism)) and (origin.secure or not insecure_mechanisms:contains(mechanism)) then
 				mechanisms:tag("mechanism"):text(mechanism):up();
 			end