- // Requesting this cap is allowed anytime
- if (adding)
- return true;
-
- // But removing it can only be done when unregistered
- return (user->registered != REG_ALL);
+ // Servers MUST NAK any sasl capability request if the authentication layer
+ // is unavailable.
+ return servertracker.IsOnline();
{
std::vector<std::string> params;
params.push_back(user->GetRealHost());
params.push_back(user->GetIPString());
{
std::vector<std::string> params;
params.push_back(user->GetRealHost());
params.push_back(user->GetIPString());
SendSASL(user, "*", 'H', params);
}
public:
SendSASL(user, "*", 'H', params);
}
public:
- SaslAuthenticator(LocalUser* user_, const std::string& method)
- : user(user_), state(SASL_INIT), state_announced(false)
+ SaslAuthenticator(LocalUser* user_, const std::string& method, UserCertificateAPI& sslapi)
+ : user(user_)
+ , state(SASL_INIT)
+ , state_announced(false)
CommandAuthenticate(Module* Creator, SimpleExtItem<SaslAuthenticator>& ext, Cap::Capability& Cap)
: SplitCommand(Creator, "AUTHENTICATE", 1)
, authExt(ext)
, cap(Cap)
CommandAuthenticate(Module* Creator, SimpleExtItem<SaslAuthenticator>& ext, Cap::Capability& Cap)
: SplitCommand(Creator, "AUTHENTICATE", 1)
, authExt(ext)
, cap(Cap)
- authExt.set(user, new SaslAuthenticator(user, parameters[0]));
+ authExt.set(user, new SaslAuthenticator(user, parameters[0], sslapi));