mod_saslauth: Disable SASL ANONYMOUS unless explicitly enabled with sasl_anonymous = true
--- a/plugins/mod_saslauth.lua Sat Mar 07 19:57:28 2009 +0000
+++ b/plugins/mod_saslauth.lua Sat Mar 07 20:17:09 2009 +0000
@@ -17,6 +17,7 @@
local tostring = tostring;
local jid_split = require "util.jid".split
local md5 = require "util.hashes".md5;
+local config = require "core.configmanager";
local log = require "util.logger".init("mod_saslauth");
@@ -106,7 +107,9 @@
-- TODO: Provide PLAIN only if TLS is active, this is a SHOULD from the introduction of RFC 4616. This behavior could be overridden via configuration but will issuing a warning or so.
features:tag("mechanism"):text("PLAIN"):up();
features:tag("mechanism"):text("DIGEST-MD5"):up();
- features:tag("mechanism"):text("ANONYMOUS"):up();
+ if config.get(session.host or "*", "core", "sasl_anonymous") then
+ features:tag("mechanism"):text("ANONYMOUS"):up();
+ end
features:up();
else
features:tag("bind", bind_attr):tag("required"):up():up();