# HG changeset patch
# User Matthew Wild <mwild1@gmail.com>
# Date 1236457029 0
# Node ID eef21d7bbe0422adba5f338914d3525c95f8ca2d
# Parent  96de7f0a41cc65db24fd90e909292038377e1078
mod_saslauth: Disable SASL ANONYMOUS unless explicitly enabled with sasl_anonymous = true

diff -r 96de7f0a41cc -r eef21d7bbe04 plugins/mod_saslauth.lua
--- a/plugins/mod_saslauth.lua	Sat Mar 07 19:57:28 2009 +0000
+++ b/plugins/mod_saslauth.lua	Sat Mar 07 20:17:09 2009 +0000
@@ -17,6 +17,7 @@
 local tostring = tostring;
 local jid_split = require "util.jid".split
 local md5 = require "util.hashes".md5;
+local config = require "core.configmanager";
 
 local log = require "util.logger".init("mod_saslauth");
 
@@ -106,7 +107,9 @@
 				-- TODO: Provide PLAIN only if TLS is active, this is a SHOULD from the introduction of RFC 4616. This behavior could be overridden via configuration but will issuing a warning or so.
 					features:tag("mechanism"):text("PLAIN"):up();
 					features:tag("mechanism"):text("DIGEST-MD5"):up();
-					features:tag("mechanism"):text("ANONYMOUS"):up();
+					if config.get(session.host or "*", "core", "sasl_anonymous") then
+						features:tag("mechanism"):text("ANONYMOUS"):up();
+					end
 				features:up();
 			else
 				features:tag("bind", bind_attr):tag("required"):up():up();