1 files changed, 22 insertions, 11 deletions

diff --git a/src/cyrsasl.erl b/src/cyrsasl.erl
index 94df55fe0..fcfc2456a 100644
--- a/src/cyrsasl.erl
+++ b/src/cyrsasl.erl
@@ -43,7 +43,7 @@
 %%     Require_Plain = bool().
 %% Registry entry of a supported SASL mechanism.
 
--record(sasl_mechanism, {mechanism, module, require_plain_password}).
+-record(sasl_mechanism, {mechanism, module, password_type}).
 
 %% @type saslstate() = {sasl_state, Service, Myname, Realm, GetPassword, CheckPassword, CheckPasswordDigest, Mech_Mod, Mech_State}
 %%     Service = string()
@@ -76,6 +76,7 @@ start() ->
 			     {keypos, #sasl_mechanism.mechanism}]),
     cyrsasl_plain:start([]),
     cyrsasl_digest:start([]),
+    cyrsasl_scram:start([]),
     cyrsasl_anonymous:start([]),
     maybe_try_start_gssapi(),
     ok.
@@ -101,11 +102,11 @@ try_start_gssapi() ->
 %%     Module = atom()
 %%     Require_Plain = bool()
 
-register_mechanism(Mechanism, Module, RequirePlainPassword) ->
+register_mechanism(Mechanism, Module, PasswordType) ->
     ets:insert(sasl_mechanism,
 	       #sasl_mechanism{mechanism = Mechanism,
 			       module = Module,
-			       require_plain_password = RequirePlainPassword}).
+			       password_type = PasswordType}).
 
 % TODO use callbacks
 %-include("ejabberd.hrl").
@@ -153,17 +154,20 @@ check_credentials(_State, Props) ->
 %%     Mechanism = string()
 
 listmech(Host) ->
-    RequirePlainPassword = ejabberd_auth:plain_password_required(Host),
-
     Mechs = ets:select(sasl_mechanism,
 		       [{#sasl_mechanism{mechanism = '$1',
-					 require_plain_password = '$2',
+					 password_type = '$2',
 					 _ = '_'},
-			 if
-			     RequirePlainPassword ->
-				 [{'==', '$2', false}];
-			     true ->
-				 []
+			 case catch ejabberd_auth:store_type(Host) of
+			 external ->
+			      [{'==', '$2', plain}];
+			 scram ->
+			      [{'/=', '$2', digest}];
+			 {'EXIT',{undef,[{Module,store_type,[]} | _]}} ->
+			      ?WARNING_MSG("~p doesn't implement the function store_type/0", [Module]),
+			      [];
+			 _Else ->
+			      []
 			 end,
 			 ['$1']}]),
     filter_anonymous(Host, Mechs).
@@ -252,6 +256,13 @@ server_step(State, ClientIn) ->
 		{error, Error} ->
 		    {error, Error}
 	    end;
+	{ok, Props, ServerOut} ->
+	    case check_credentials(State, Props) of
+		ok ->
+		    {ok, Props, ServerOut};
+		{error, Error} ->
+		    {error, Error}
+	    end;
 	{continue, ServerOut, NewMechState} ->
 	    {continue, ServerOut,
 	     State#sasl_state{mech_state = NewMechState}};