Software /
code /
prosody
Changeset
3417:53e854b52110
mod_saslauth: Check for unencrypted PLAIN auth in mod_saslauth instead of the SASL handler (makes it work for Cyrus SASL).
author | Waqas Hussain <waqas20@gmail.com> |
---|---|
date | Sat, 31 Jul 2010 13:55:46 +0500 |
parents | 3416:c505a8cc8922 |
children | 3418:e75af8e6af54 |
files | plugins/mod_saslauth.lua |
diffstat | 1 files changed, 6 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/plugins/mod_saslauth.lua Sat Jul 31 13:49:22 2010 +0500 +++ b/plugins/mod_saslauth.lua Sat Jul 31 13:55:46 2010 +0500 @@ -22,6 +22,7 @@ local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); local sasl_backend = module:get_option("sasl_backend") or "builtin"; local anonymous_login = module:get_option("anonymous_login"); +local allow_unencrypted_plain_auth = module:get_option("allow_unencrypted_plain_auth") -- Cyrus config options local require_provisioning = module:get_option("cyrus_require_provisioning") or false; @@ -119,7 +120,7 @@ elseif stanza.attr.mechanism == "ANONYMOUS" then return session.send(build_reply("failure", "mechanism-too-weak")); end - if secure_auth_only and not session.secure then + if not session.secure and (secure_auth_only or (mechanism == "PLAIN" and not allow_unencrypted_plain_auth)) then return session.send(build_reply("failure", "encryption-required")); end local valid_mechanism = session.sasl_handler:select(stanza.attr.mechanism); @@ -163,13 +164,12 @@ origin.sasl_handler = new_sasl(module.host, anonymous_authentication_profile); else origin.sasl_handler = usermanager_get_sasl_handler(module.host); - if not (module:get_option("allow_unencrypted_plain_auth")) and not origin.secure then - origin.sasl_handler:forbidden({"PLAIN"}); - end end features:tag("mechanisms", mechanisms_attr); - for k in pairs(origin.sasl_handler:mechanisms()) do - features:tag("mechanism"):text(k):up(); + for mechanism in pairs(origin.sasl_handler:mechanisms()) do + if mechanism ~= "PLAIN" or origin.secure or allow_unencrypted_plain_auth then + features:tag("mechanism"):text(mechanism):up(); + end end features:up(); else