mod_legacyauth: Disallow on unencrypted connections by default, heed allow_unencrypte...

author Matthew Wild <mwild1@gmail.com>

Wed, 20 Apr 2011 17:19:28 +0000 (18:19 +0100)

committer Matthew Wild <mwild1@gmail.com>

Wed, 20 Apr 2011 17:19:28 +0000 (18:19 +0100)
author Matthew Wild <mwild1@gmail.com>
Wed, 20 Apr 2011 17:19:28 +0000 (18:19 +0100)
committer Matthew Wild <mwild1@gmail.com>
Wed, 20 Apr 2011 17:19:28 +0000 (18:19 +0100)
diff --git a/plugins/mod_legacyauth.lua b/plugins/mod_legacyauth.lua

index 47a8c0abb007edc8dc74f64702172b4583e8e502..a47f0223d546f4b2a533dc56a4feb94343e27184 100644 (file)
--- a/plugins/mod_legacyauth.lua
+++ b/plugins/mod_legacyauth.lua
@@ -11,7 +11,9 @@
  local st = require "util.stanza";
  local t_concat = table.concat;
  
-local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption");
+local secure_auth_only = module:get_option("c2s_require_encryption")
+       or module:get_option("require_encryption")
+       or not(module:get_option("allow_unencrypted_plain_auth"));
  
  local sessionmanager = require "core.sessionmanager";
  local usermanager = require "core.usermanager";
author	Matthew Wild <mwild1@gmail.com>
	Wed, 20 Apr 2011 17:19:28 +0000 (18:19 +0100)
committer	Matthew Wild <mwild1@gmail.com>
	Wed, 20 Apr 2011 17:19:28 +0000 (18:19 +0100)