Merge pull request igniterealtime#586 from guusdk/OF-477_GSSAPI-SASL

dwd · dwd · commit 3201bf15538c · 2016-05-19T11:52:24.000+01:00
OF-477: SASL requires FQHN (not XMPP domain name)
diff --git a/src/java/org/jivesoftware/openfire/net/SASLAuthentication.java b/src/java/org/jivesoftware/openfire/net/SASLAuthentication.java
@@ -261,12 +261,15 @@ public static Status handle(LocalSession session, Element doc)
                         throw new SaslFailureException( Failure.INVALID_MECHANISM, "The configuration of Openfire does not contain or allow the mechanism." );
                     }
 
+                    // OF-477: The SASL implementation requires the fully qualified host name (not the domain name!) of this server.
+                    final String fqhn = JiveGlobals.getProperty( "xmpp.fqdn", XMPPServer.getInstance().getServerInfo().getHostname() );
+
                     // Construct the configuration properties
                     final Map<String, Object> props = new HashMap<>();
                     props.put( LocalSession.class.getCanonicalName(), session );
                     props.put( Sasl.POLICY_NOANONYMOUS, Boolean.toString( !JiveGlobals.getBooleanProperty( "xmpp.auth.anonymous" ) ) );
 
-                    SaslServer saslServer = Sasl.createSaslServer( mechanismName, "xmpp", session.getServerName(), props, new XMPPCallbackHandler() );
+                    SaslServer saslServer = Sasl.createSaslServer( mechanismName, "xmpp", fqhn, props, new XMPPCallbackHandler() );
                     if ( saslServer == null )
                     {
                         throw new SaslFailureException( Failure.INVALID_MECHANISM, "There is no provider that can provide a SASL server for the desired mechanism and properties." );
