# HG changeset patch
# User Tobias Markmann <tm@ayena.de>
# Date 1258583195 -3600
# Node ID de3edab7551d7d518f3fca780471b5b8e6be84bd
# Parent  812130099ab2afbb72aac9dbdcdb1d3e28c18abc
Provide SASL PLAIN mechanism only if TLS is active.

diff -r 812130099ab2 -r de3edab7551d plugins/mod_saslauth.lua
--- a/plugins/mod_saslauth.lua	Wed Nov 18 23:25:27 2009 +0100
+++ b/plugins/mod_saslauth.lua	Wed Nov 18 23:26:35 2009 +0100
@@ -141,9 +141,11 @@
 					session.sasl_handler = new_sasl(session.host, anonymous_authentication_profile);
 				else
 					session.sasl_handler = new_sasl(session.host, default_authentication_profile);
+					if not session.secure then 
+						session.sasl_handler:forbidden({"PLAIN"});
+					end
 				end
 				features:tag("mechanisms", mechanisms_attr);
-				-- TODO: Provide PLAIN only if TLS is active, this is a SHOULD from the introduction of RFC 4616. This behavior could be overridden via configuration but will issuing a warning or so.
 				for k, v in pairs(session.sasl_handler:mechanisms()) do
 					features:tag("mechanism"):text(v):up();
 				end