mod_auth_cyrus, util.sasl_cyrus: Add new option 'cyrus_server_fqdn' to override the hostname passed to Cyrus (and used in e.g. GSSAPI/Kerberos) - fixes #295
--- a/plugins/mod_auth_cyrus.lua Tue Jul 24 10:44:37 2012 +0100
+++ b/plugins/mod_auth_cyrus.lua Tue Jul 24 10:56:47 2012 +0100
@@ -14,6 +14,7 @@
local cyrus_service_name = module:get_option("cyrus_service_name");
local cyrus_application_name = module:get_option("cyrus_application_name");
local require_provisioning = module:get_option("cyrus_require_provisioning") or false;
+local host_fqdn = module:get_option("cyrus_server_fqdn");
prosody.unlock_globals(); --FIXME: Figure out why this is needed and
-- why cyrussasl isn't caught by the sandbox
@@ -23,7 +24,8 @@
return cyrus_new(
cyrus_service_realm or realm,
cyrus_service_name or "xmpp",
- cyrus_application_name or "prosody"
+ cyrus_application_name or "prosody",
+ host_fqdn
);
end
--- a/util/sasl_cyrus.lua Tue Jul 24 10:44:37 2012 +0100
+++ b/util/sasl_cyrus.lua Tue Jul 24 10:56:47 2012 +0100
@@ -78,11 +78,15 @@
end
-- create a new SASL object which can be used to authenticate clients
-function new(realm, service_name, app_name)
+-- host_fqdn may be nil in which case gethostname() gives the value.
+-- For GSSAPI, this determines the hostname in the service ticket (after
+-- reverse DNS canonicalization, only if [libdefaults] rdns = true which
+-- is the default).
+function new(realm, service_name, app_name, host_fqdn)
init(app_name or service_name);
- local st, ret = pcall(cyrussasl.server_new, service_name, nil, realm, nil, nil)
+ local st, ret = pcall(cyrussasl.server_new, service_name, host_fqdn, realm, nil, nil)
if not st then
log("error", "Creating SASL server connection failed: %s", ret);
return nil;