# HG changeset patch
# User Waqas Hussain <waqas20@gmail.com>
# Date 1228688617 -18000
# Node ID a977227aa9e6f1bfc0f2949e7dead605dde1b60d
# Parent  6cb908ef01c8dbb3578d0da12f1ea5f0bb821768
Return error when the given realm value does not match the sent realm value. Prevents impersonation of an account on one virtual host, but a user with the same username on another host.

diff -r 6cb908ef01c8 -r a977227aa9e6 util/sasl.lua
--- a/util/sasl.lua	Mon Dec 08 03:19:11 2008 +0500
+++ b/util/sasl.lua	Mon Dec 08 03:23:37 2008 +0500
@@ -176,7 +176,11 @@
 			if not response["cnonce"] then return "failure", "malformed-request", "Missing entry for cnonce in SASL message." end
 			if not response["qop"] then response["qop"] = "auth" end
 			
-			if response["realm"] == nil then response["realm"] = "" end
+			if response["realm"] == nil then
+				response["realm"] = ""
+			elseif response["realm"] ~= self.realm then
+				return "failure", "not-authorized", "Incorrect realm value";
+			end
 			local decoder;
 			
 			if response["charset"] == nil then