Do not offer other SASL mechanisms than EXTERNAL to remote servers. JM-794

git-svn-id: http://svn.igniterealtime.org/svn/repos/wildfire/trunk@4769 b35dd754-fafc-0310-a699-88a17e54d16e

Do not offer other SASL mechanisms than EXTERNAL to remote servers. JM-794
git-svn-id: http://svn.igniterealtime.org/svn/repos/wildfire/trunk@4769 b35dd754-fafc-0310-a699-88a17e54d16e
50ef6008 · Gaston Dombiak · gato · ad6a4e8e · 50ef6008
Commit 50ef6008 authored Aug 02, 2006 by Gaston Dombiak Committed by gato Aug 02, 2006
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 2 deletions

SASLAuthentication.java ...ava/org/jivesoftware/wildfire/net/SASLAuthentication.java +5 -2

No files found.
--- a/src/java/org/jivesoftware/wildfire/net/SASLAuthentication.java
+++ b/src/java/org/jivesoftware/wildfire/net/SASLAuthentication.java
@@ -116,9 +116,12 @@ public class SASLAuthentication {
        }
        StringBuilder sb = new StringBuilder(195);
        sb.append("<mechanisms xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\">");
-        if (session.getConnection().isSecure() && session instanceof IncomingServerSession) {
+        if (session instanceof IncomingServerSession) {
            // Server connections dont follow the same rules as clients
-            sb.append("<mechanism>EXTERNAL</mechanism>");
+            if (session.getConnection().isSecure()) {
+                // Offer SASL EXTERNAL only if TLS has already been negotiated
+                sb.append("<mechanism>EXTERNAL</mechanism>");
+            }
        }
        else {
            for (String mech : getSupportedMechanisms()) {