Changeset

887:eef21d7bbe04

mod_saslauth: Disable SASL ANONYMOUS unless explicitly enabled with sasl_anonymous = true
author Matthew Wild <mwild1@gmail.com>
date Sat, 07 Mar 2009 20:17:09 +0000 (2009-03-07)
parents 886:96de7f0a41cc
children 893:cec476fcc19f
files plugins/mod_saslauth.lua
diffstat 1 files changed, 4 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/plugins/mod_saslauth.lua	Sat Mar 07 19:57:28 2009 +0000
+++ b/plugins/mod_saslauth.lua	Sat Mar 07 20:17:09 2009 +0000
@@ -17,6 +17,7 @@
 local tostring = tostring;
 local jid_split = require "util.jid".split
 local md5 = require "util.hashes".md5;
+local config = require "core.configmanager";
 
 local log = require "util.logger".init("mod_saslauth");
 
@@ -106,7 +107,9 @@
 				-- TODO: Provide PLAIN only if TLS is active, this is a SHOULD from the introduction of RFC 4616. This behavior could be overridden via configuration but will issuing a warning or so.
 					features:tag("mechanism"):text("PLAIN"):up();
 					features:tag("mechanism"):text("DIGEST-MD5"):up();
-					features:tag("mechanism"):text("ANONYMOUS"):up();
+					if config.get(session.host or "*", "core", "sasl_anonymous") then
+						features:tag("mechanism"):text("ANONYMOUS"):up();
+					end
 				features:up();
 			else
 				features:tag("bind", bind_attr):tag("required"):up():up();