Mercurial Mercurial > prosody > prosody / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Provide SASL PLAIN mechanism only if TLS is active.
authorTobias Markmann <tm@ayena.de>
Wed, 18 Nov 2009 23:26:35 +0100
changeset 2204 de3edab7551d
parent 2203 812130099ab2
child 2205 e091b308732f
Provide SASL PLAIN mechanism only if TLS is active.
plugins/mod_saslauth.lua file | annotate | diff | comparison | revisions 
--- a/plugins/mod_saslauth.lua	Wed Nov 18 23:25:27 2009 +0100
+++ b/plugins/mod_saslauth.lua	Wed Nov 18 23:26:35 2009 +0100
@@ -141,9 +141,11 @@
 					session.sasl_handler = new_sasl(session.host, anonymous_authentication_profile);
 				else
 					session.sasl_handler = new_sasl(session.host, default_authentication_profile);
+					if not session.secure then 
+						session.sasl_handler:forbidden({"PLAIN"});
+					end
 				end
 				features:tag("mechanisms", mechanisms_attr);
-				-- TODO: Provide PLAIN only if TLS is active, this is a SHOULD from the introduction of RFC 4616. This behavior could be overridden via configuration but will issuing a warning or so.
 				for k, v in pairs(session.sasl_handler:mechanisms()) do
 					features:tag("mechanism"):text(v):up();
 				end
prosody