diff options
author | Badlop <badlop@process-one.net> | 2010-07-30 01:14:03 +0400 |
---|---|---|
committer | Badlop <badlop@process-one.net> | 2010-07-30 01:14:03 +0400 |
commit | 59a19ca87a496cb6e1c20fb129c72de9d636567d (patch) | |
tree | b6e0ecc1e2dfd4d803618c2c8805670edfcf54db /src/ejabberd_c2s.erl | |
parent | e653598cd087eb010e79a66cd0e71f5a5f3c8cb0 (diff) |
Don't offer SASL auth before doing TLS if TLS is required (thanks to Etan Reisner)
Originally reported in
http://yo.jabber.ru/bugzilla/show_bug.cgi?id=251
Implements:
http://tools.ietf.org/html/rfc3920#section-6.2
If Use of TLS (Section 5) needs to be
established before a particular authentication mechanism may be used, the
receiving entity MUST NOT provide that mechanism in the list of available SASL
authentication mechanisms prior to TLS negotiation.
Diffstat (limited to 'src/ejabberd_c2s.erl')
-rw-r--r-- | src/ejabberd_c2s.erl | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/src/ejabberd_c2s.erl b/src/ejabberd_c2s.erl index 065a58ebb..2ee4e0a22 100644 --- a/src/ejabberd_c2s.erl +++ b/src/ejabberd_c2s.erl @@ -348,11 +348,27 @@ wait_for_stream({xmlstreamstart, #xmlel{ns = NS} = Opening}, StateData) -> U, Server, P, D, DG) end, StateData#state.socket), - Mechs = [exmpp_server_sasl:feature( + MechsPrepared = [exmpp_server_sasl:feature( cyrsasl:listmech(Server))], SockMod = (StateData#state.sockmod):get_sockmod( StateData#state.socket), + TLSRequired = StateData#state.tls_required, + Mechs = + case TLSRequired of + true -> + case (SockMod == gen_tcp) of + true -> + []; + false -> + MechsPrepared + end; + false -> + MechsPrepared + end, + SockMod = + (StateData#state.sockmod):get_sockmod( + StateData#state.socket), Zlib = StateData#state.zlib, CompressFeature = case Zlib andalso |