25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-11-22 16:20:52 +01:00

Don't offer SASL auth before doing TLS if TLS is required (thanks to Etan Reisner)

Originally reported in
http://yo.jabber.ru/bugzilla/show_bug.cgi?id=251

Implements:
http://tools.ietf.org/html/rfc3920#section-6.2
If Use of TLS (Section 5) needs to be
established before a particular authentication mechanism may be used, the
receiving entity MUST NOT provide that mechanism in the list of available SASL
authentication mechanisms prior to TLS negotiation.
This commit is contained in:
Badlop 2010-07-29 23:14:03 +02:00
parent e653598cd0
commit 59a19ca87a

View File

@ -348,11 +348,27 @@ wait_for_stream({xmlstreamstart, #xmlel{ns = NS} = Opening}, StateData) ->
U, Server, P, D, DG)
end,
StateData#state.socket),
Mechs = [exmpp_server_sasl:feature(
MechsPrepared = [exmpp_server_sasl:feature(
cyrsasl:listmech(Server))],
SockMod =
(StateData#state.sockmod):get_sockmod(
StateData#state.socket),
TLSRequired = StateData#state.tls_required,
Mechs =
case TLSRequired of
true ->
case (SockMod == gen_tcp) of
true ->
[];
false ->
MechsPrepared
end;
false ->
MechsPrepared
end,
SockMod =
(StateData#state.sockmod):get_sockmod(
StateData#state.socket),
Zlib = StateData#state.zlib,
CompressFeature =
case Zlib andalso