2010-07-22 18:43:38 +02:00
|
|
|
%%%----------------------------------------------------------------------
|
|
|
|
%%% File : ejabberd_auth_storage.erl
|
|
|
|
%%% Author : Alexey Shchepin <alexey@process-one.net>, Stephan Maka
|
|
|
|
%%% Purpose : Authentification via gen_storage
|
2010-07-22 18:49:12 +02:00
|
|
|
%%% Created : 12 Dec 2004 by Alexey Shchepin <alexey@process-one.net>
|
2010-07-22 18:43:38 +02:00
|
|
|
%%%
|
|
|
|
%%%
|
2011-02-14 13:47:22 +01:00
|
|
|
%%% ejabberd, Copyright (C) 2002-2011 ProcessOne
|
2010-07-22 18:43:38 +02:00
|
|
|
%%%
|
|
|
|
%%% This program is free software; you can redistribute it and/or
|
|
|
|
%%% modify it under the terms of the GNU General Public License as
|
|
|
|
%%% published by the Free Software Foundation; either version 2 of the
|
|
|
|
%%% License, or (at your option) any later version.
|
|
|
|
%%%
|
|
|
|
%%% This program is distributed in the hope that it will be useful,
|
|
|
|
%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
%%% General Public License for more details.
|
|
|
|
%%%
|
|
|
|
%%% You should have received a copy of the GNU General Public License
|
|
|
|
%%% along with this program; if not, write to the Free Software
|
|
|
|
%%% Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
|
|
|
|
%%% 02111-1307 USA
|
|
|
|
%%%
|
|
|
|
%%%----------------------------------------------------------------------
|
|
|
|
|
2010-07-22 18:49:12 +02:00
|
|
|
%%% Database schema (version / storage / table)
|
|
|
|
%%%
|
|
|
|
%%% 2.1.x / mnesia / passwd
|
|
|
|
%%% us = {Username::string(), Host::string()}
|
|
|
|
%%% password = string()
|
|
|
|
%%%
|
|
|
|
%%% 2.1.x / odbc / users
|
|
|
|
%%% username = varchar250
|
|
|
|
%%% password = text
|
|
|
|
%%%
|
|
|
|
%%% 3.0.0-prealpha / mnesia / passwd
|
|
|
|
%%% Same as 2.1.x
|
|
|
|
%%%
|
|
|
|
%%% 3.0.0-prealpha / odbc / users
|
|
|
|
%%% Same as 2.1.x
|
|
|
|
%%%
|
|
|
|
%%% 3.0.0-alpha / mnesia / passwd
|
|
|
|
%%% user_host = {Username::string(), Host::string()}
|
|
|
|
%%% password = string()
|
|
|
|
%%%
|
2011-08-16 00:28:25 +02:00
|
|
|
%%% 3.0.0-beta / mnesia / passwd
|
|
|
|
%%% user_host = {Username::string(), Host::string()}
|
|
|
|
%%% password = string()
|
|
|
|
%%% storedkey = base64 binary()
|
|
|
|
%%% serverkey = base64 binary()
|
|
|
|
%%% iterationcount = integer()
|
|
|
|
%%% salt = base64 binary()
|
|
|
|
%%%
|
2010-07-22 18:49:12 +02:00
|
|
|
%%% 3.0.0-alpha / odbc / passwd
|
|
|
|
%%% user = varchar150
|
|
|
|
%%% host = varchar150
|
|
|
|
%%% password = text
|
2011-08-16 00:28:25 +02:00
|
|
|
%%%
|
|
|
|
%%% 3.0.0-beta / odbc / passwd
|
|
|
|
%%% user = varchar150
|
|
|
|
%%% host = varchar150
|
|
|
|
%%% password = base64 text
|
|
|
|
%%% storedkey = base64 text
|
|
|
|
%%% serverkey = base64 text
|
|
|
|
%%% iterationcount = integer
|
|
|
|
%%% salt = base64 text
|
2010-07-22 18:49:12 +02:00
|
|
|
|
2010-07-22 18:43:38 +02:00
|
|
|
-module(ejabberd_auth_storage).
|
|
|
|
-author('alexey@process-one.net').
|
|
|
|
|
|
|
|
%% External exports
|
|
|
|
-export([start/1,
|
2010-12-22 17:54:41 +01:00
|
|
|
stop/1,
|
2010-07-22 18:43:38 +02:00
|
|
|
set_password/3,
|
|
|
|
check_password/3,
|
|
|
|
check_password/5,
|
|
|
|
try_register/3,
|
|
|
|
dirty_get_registered_users/0,
|
|
|
|
get_vh_registered_users/1,
|
|
|
|
get_vh_registered_users/2,
|
|
|
|
get_vh_registered_users_number/1,
|
|
|
|
get_vh_registered_users_number/2,
|
|
|
|
get_password/2,
|
|
|
|
get_password_s/2,
|
|
|
|
is_user_exists/2,
|
|
|
|
remove_user/2,
|
|
|
|
remove_user/3,
|
2011-08-16 00:28:25 +02:00
|
|
|
store_type/0,
|
2010-07-22 18:43:38 +02:00
|
|
|
plain_password_required/0
|
|
|
|
]).
|
|
|
|
|
|
|
|
-include("ejabberd.hrl").
|
|
|
|
|
2011-08-16 00:28:25 +02:00
|
|
|
-record(passwd, {user_host, password, storedkey, serverkey, salt, iterationcount}).
|
2010-07-22 18:49:12 +02:00
|
|
|
-record(reg_users_counter, {vhost, count}).
|
2010-07-22 18:43:38 +02:00
|
|
|
|
2011-08-16 00:28:25 +02:00
|
|
|
-define(SALT_LENGTH, 16).
|
|
|
|
|
2010-07-22 18:43:38 +02:00
|
|
|
%%%----------------------------------------------------------------------
|
|
|
|
%%% API
|
|
|
|
%%%----------------------------------------------------------------------
|
2010-07-22 18:49:12 +02:00
|
|
|
|
|
|
|
%% @spec (Host) -> ok
|
|
|
|
%% Host = string()
|
|
|
|
|
2010-07-22 18:43:38 +02:00
|
|
|
start(Host) ->
|
|
|
|
Backend =
|
|
|
|
case ejabberd_config:get_local_option({auth_storage, Host}) of
|
|
|
|
undefined -> mnesia;
|
|
|
|
B -> B
|
|
|
|
end,
|
2010-07-22 18:49:12 +02:00
|
|
|
HostB = list_to_binary(Host),
|
|
|
|
gen_storage:create_table(Backend, HostB, passwd,
|
2010-07-22 18:43:38 +02:00
|
|
|
[{odbc_host, Host},
|
|
|
|
{disc_copies, [node()]},
|
|
|
|
{attributes, record_info(fields, passwd)},
|
2011-08-16 00:28:25 +02:00
|
|
|
{types, [{user_host, {text, text}},
|
|
|
|
{storedkey, binary},
|
|
|
|
{serverkey, binary},
|
|
|
|
{salt, binary},
|
|
|
|
{iterationcount, int}]}
|
2010-07-22 18:43:38 +02:00
|
|
|
]),
|
2010-07-22 18:49:12 +02:00
|
|
|
update_table(Host, Backend),
|
2011-08-17 18:43:19 +02:00
|
|
|
maybe_scram_passwords(HostB),
|
2010-07-22 18:49:12 +02:00
|
|
|
mnesia:create_table(reg_users_counter,
|
|
|
|
[{ram_copies, [node()]},
|
|
|
|
{attributes, record_info(fields, reg_users_counter)}]),
|
|
|
|
update_reg_users_counter_table(Host),
|
2011-08-17 18:43:19 +02:00
|
|
|
maybe_alert_password_scrammed_without_option(HostB),
|
2010-07-22 18:43:38 +02:00
|
|
|
ok.
|
|
|
|
|
2010-12-22 17:54:41 +01:00
|
|
|
stop(_Host) ->
|
|
|
|
ok.
|
|
|
|
|
2010-07-22 18:49:12 +02:00
|
|
|
update_reg_users_counter_table(Server) ->
|
|
|
|
Set = get_vh_registered_users(Server),
|
|
|
|
Size = length(Set),
|
|
|
|
LServer = exmpp_jid:prep_domain(exmpp_jid:parse(Server)),
|
|
|
|
F = fun() ->
|
|
|
|
mnesia:write(#reg_users_counter{vhost = LServer,
|
|
|
|
count = Size})
|
|
|
|
end,
|
|
|
|
mnesia:sync_dirty(F).
|
|
|
|
|
|
|
|
%% @spec () -> bool()
|
|
|
|
|
2010-07-22 18:43:38 +02:00
|
|
|
plain_password_required() ->
|
2011-08-16 00:28:25 +02:00
|
|
|
case is_scrammed(?MYNAME) of
|
|
|
|
false -> false;
|
|
|
|
true -> true
|
|
|
|
end.
|
|
|
|
|
|
|
|
store_type() ->
|
|
|
|
case is_scrammed(?MYNAME) of
|
|
|
|
false -> plain; %% allows: PLAIN DIGEST-MD5 SCRAM
|
|
|
|
true -> scram %% allows: PLAIN SCRAM
|
|
|
|
end.
|
2010-07-22 18:43:38 +02:00
|
|
|
|
2010-07-22 18:49:12 +02:00
|
|
|
%% @spec (User, Server, Password) -> bool()
|
|
|
|
%% User = string()
|
|
|
|
%% Server = string()
|
|
|
|
%% Password = string()
|
|
|
|
|
2010-07-22 18:43:38 +02:00
|
|
|
check_password(User, Server, Password) ->
|
2010-07-22 18:49:12 +02:00
|
|
|
LUser = exmpp_stringprep:nodeprep(User),
|
|
|
|
LServer = exmpp_stringprep:nameprep(Server),
|
2010-07-22 18:43:38 +02:00
|
|
|
US = {LUser, LServer},
|
|
|
|
case catch gen_storage:dirty_read(LServer, {passwd, US}) of
|
2011-08-16 00:28:25 +02:00
|
|
|
[#passwd{password = ""} = Passwd] ->
|
|
|
|
is_password_scram_valid(Password, Passwd);
|
2010-07-22 18:43:38 +02:00
|
|
|
[#passwd{password = Password}] ->
|
|
|
|
Password /= "";
|
|
|
|
_ ->
|
|
|
|
false
|
|
|
|
end.
|
|
|
|
|
2010-07-22 18:49:12 +02:00
|
|
|
%% @spec (User, Server, Password, Digest, DigestGen) -> bool()
|
|
|
|
%% User = string()
|
|
|
|
%% Server = string()
|
|
|
|
%% Password = string()
|
|
|
|
%% Digest = string()
|
|
|
|
%% DigestGen = function()
|
|
|
|
|
|
|
|
check_password(User, Server, Password, Digest, DigestGen) ->
|
|
|
|
LUser = exmpp_stringprep:nodeprep(User),
|
|
|
|
LServer = exmpp_stringprep:nameprep(Server),
|
2010-07-22 18:43:38 +02:00
|
|
|
US = {LUser, LServer},
|
|
|
|
case catch gen_storage:dirty_read(LServer, {passwd, US}) of
|
2011-08-16 00:28:25 +02:00
|
|
|
[#passwd{password = ""} = Passwd] ->
|
2011-08-16 19:26:18 +02:00
|
|
|
Storedkey = base64:decode(Passwd#passwd.storedkey),
|
2011-08-16 00:28:25 +02:00
|
|
|
DigRes = if
|
|
|
|
Digest /= "" ->
|
2011-08-16 19:26:18 +02:00
|
|
|
Digest == DigestGen(Storedkey);
|
2011-08-16 00:28:25 +02:00
|
|
|
true ->
|
|
|
|
false
|
|
|
|
end,
|
|
|
|
if DigRes ->
|
|
|
|
true;
|
|
|
|
true ->
|
2011-08-16 19:26:18 +02:00
|
|
|
(Storedkey == Password) and (Password /= "")
|
2011-08-16 00:28:25 +02:00
|
|
|
end;
|
2010-07-22 18:43:38 +02:00
|
|
|
[#passwd{password = Passwd}] ->
|
|
|
|
DigRes = if
|
|
|
|
Digest /= "" ->
|
2010-07-22 18:49:12 +02:00
|
|
|
Digest == DigestGen(Passwd);
|
2010-07-22 18:43:38 +02:00
|
|
|
true ->
|
|
|
|
false
|
|
|
|
end,
|
|
|
|
if DigRes ->
|
|
|
|
true;
|
|
|
|
true ->
|
|
|
|
(Passwd == Password) and (Password /= "")
|
|
|
|
end;
|
|
|
|
_ ->
|
|
|
|
false
|
|
|
|
end.
|
|
|
|
|
2010-07-22 18:49:12 +02:00
|
|
|
%% @spec (User, Server, Password) -> ok | {error, invalid_jid}
|
|
|
|
%% User = string()
|
|
|
|
%% Server = string()
|
|
|
|
%% Password = string()
|
|
|
|
|
2010-07-22 18:43:38 +02:00
|
|
|
set_password(User, Server, Password) ->
|
2010-07-22 18:49:12 +02:00
|
|
|
LUser = (catch exmpp_stringprep:nodeprep(User)),
|
|
|
|
LServer = (catch exmpp_stringprep:nameprep(Server)),
|
|
|
|
case {LUser, LServer} of
|
|
|
|
{{stringprep, _, invalid_string, _}, _} ->
|
|
|
|
{error, invalid_jid};
|
|
|
|
{_, {stringprep, _, invalid_string, _}} ->
|
2010-07-22 18:43:38 +02:00
|
|
|
{error, invalid_jid};
|
2010-07-22 18:49:12 +02:00
|
|
|
US ->
|
2010-07-22 18:43:38 +02:00
|
|
|
%% TODO: why is this a transaction?
|
|
|
|
F = fun() ->
|
2011-08-16 00:28:25 +02:00
|
|
|
Passwd = case is_scrammed(LServer) and (Password /= "") of
|
|
|
|
true -> password_to_scram(Password, #passwd{user_host=US});
|
|
|
|
false -> #passwd{user_host = US, password = Password}
|
|
|
|
end,
|
|
|
|
gen_storage:write(LServer, Passwd)
|
2010-07-22 18:43:38 +02:00
|
|
|
end,
|
|
|
|
{atomic, ok} = gen_storage:transaction(LServer, passwd, F),
|
|
|
|
ok
|
|
|
|
end.
|
|
|
|
|
2010-07-22 18:49:12 +02:00
|
|
|
%% @spec (User, Server, Password) -> {atomic, ok} | {atomic, exists} | {error, invalid_jid} | {aborted, Reason}
|
|
|
|
%% User = string()
|
|
|
|
%% Server = string()
|
|
|
|
%% Password = string()
|
|
|
|
|
2010-07-22 18:43:38 +02:00
|
|
|
try_register(User, Server, Password) ->
|
2010-07-22 18:49:12 +02:00
|
|
|
LUser = (catch exmpp_stringprep:nodeprep(User)),
|
|
|
|
LServer = (catch exmpp_stringprep:nameprep(Server)),
|
|
|
|
case {LUser, LServer} of
|
|
|
|
{{stringprep, _, invalid_string, _}, _} ->
|
|
|
|
{error, invalid_jid};
|
|
|
|
{_, {stringprep, _, invalid_string, _}} ->
|
2010-07-22 18:43:38 +02:00
|
|
|
{error, invalid_jid};
|
2010-07-22 18:49:12 +02:00
|
|
|
US ->
|
2010-07-22 18:43:38 +02:00
|
|
|
F = fun() ->
|
|
|
|
case gen_storage:read(LServer, {passwd, US}) of
|
|
|
|
[] ->
|
2011-08-16 00:28:25 +02:00
|
|
|
Passwd = case is_scrammed(LServer) and (Password /= "") of
|
|
|
|
true -> password_to_scram(Password, #passwd{user_host=US});
|
|
|
|
false -> #passwd{user_host = US, password = Password}
|
|
|
|
end,
|
|
|
|
gen_storage:write(LServer, Passwd),
|
2010-07-22 18:49:12 +02:00
|
|
|
mnesia:dirty_update_counter(
|
|
|
|
reg_users_counter,
|
|
|
|
exmpp_jid:prep_domain(exmpp_jid:parse(Server)), 1),
|
2010-07-22 18:43:38 +02:00
|
|
|
ok;
|
|
|
|
[_E] ->
|
|
|
|
exists
|
|
|
|
end
|
|
|
|
end,
|
2010-07-22 18:49:12 +02:00
|
|
|
%% TODO: transaction return value?
|
2010-07-22 18:43:38 +02:00
|
|
|
gen_storage:transaction(LServer, passwd, F)
|
|
|
|
end.
|
|
|
|
|
2010-07-22 18:49:12 +02:00
|
|
|
%% @spec () -> [{LUser, LServer}]
|
|
|
|
%% LUser = string()
|
|
|
|
%% LServer = string()
|
|
|
|
%% @doc Get all registered users in Mnesia.
|
|
|
|
|
2010-07-22 18:43:38 +02:00
|
|
|
dirty_get_registered_users() ->
|
2011-07-07 23:03:39 +02:00
|
|
|
lists:foldl(
|
|
|
|
fun(HostB, Res) ->
|
|
|
|
get_vh_registered_users(binary_to_list(HostB)) ++ Res
|
|
|
|
end,
|
|
|
|
[],
|
|
|
|
gen_storage:all_table_hosts(passwd)).
|
2010-07-22 18:43:38 +02:00
|
|
|
|
2010-07-22 18:49:12 +02:00
|
|
|
%% @spec (Server) -> [{LUser, LServer}]
|
|
|
|
%% Server = string()
|
|
|
|
%% LUser = string()
|
|
|
|
%% LServer = string()
|
|
|
|
|
2010-07-22 18:43:38 +02:00
|
|
|
get_vh_registered_users(Server) ->
|
2010-07-22 18:49:12 +02:00
|
|
|
LServer = exmpp_stringprep:nameprep(Server),
|
|
|
|
lists:map(fun(#passwd{user_host = US}) ->
|
2010-07-22 18:43:38 +02:00
|
|
|
US
|
|
|
|
end,
|
|
|
|
gen_storage:dirty_select(LServer, passwd,
|
2010-07-22 18:49:12 +02:00
|
|
|
[{'=', user_host, {'_', LServer}}])).
|
|
|
|
|
|
|
|
%% @spec (Server, Opts) -> [{LUser, LServer}]
|
|
|
|
%% Server = string()
|
|
|
|
%% Opts = [{Opt, Val}]
|
|
|
|
%% Opt = atom()
|
|
|
|
%% Val = term()
|
|
|
|
%% LUser = string()
|
|
|
|
%% LServer = string()
|
|
|
|
%% @doc Return the registered users for the specified host.
|
|
|
|
%%
|
|
|
|
%% `Opts' can be one of the following:
|
|
|
|
%% <ul>
|
|
|
|
%% <li>`[{from, integer()}, {to, integer()}]'</li>
|
|
|
|
%% <li>`[{limit, integer()}, {offset, integer()}]'</li>
|
|
|
|
%% <li>`[{prefix, string()}]'</li>
|
|
|
|
%% <li>`[{prefix, string()}, {from, integer()}, {to, integer()}]'</li>
|
|
|
|
%% <li>`[{prefix, string()}, {limit, integer()}, {offset, integer()}]'</li>
|
|
|
|
%% </ul>
|
2010-07-22 18:43:38 +02:00
|
|
|
|
2010-07-22 18:49:12 +02:00
|
|
|
get_vh_registered_users(Server, [{from, Start}, {to, End}])
|
|
|
|
when is_integer(Start) and is_integer(End) ->
|
2010-07-22 18:43:38 +02:00
|
|
|
get_vh_registered_users(Server, [{limit, End-Start+1}, {offset, Start}]);
|
|
|
|
|
2010-07-22 18:49:12 +02:00
|
|
|
get_vh_registered_users(Server, [{limit, Limit}, {offset, Offset}])
|
|
|
|
when is_integer(Limit) and is_integer(Offset) ->
|
2010-07-22 18:43:38 +02:00
|
|
|
case get_vh_registered_users(Server) of
|
2010-07-22 18:49:12 +02:00
|
|
|
[] ->
|
|
|
|
[];
|
|
|
|
Users ->
|
|
|
|
Set = lists:keysort(1, Users),
|
|
|
|
L = length(Set),
|
|
|
|
Start = if Offset < 1 -> 1;
|
|
|
|
Offset > L -> L;
|
|
|
|
true -> Offset
|
|
|
|
end,
|
|
|
|
lists:sublist(Set, Start, Limit)
|
2010-07-22 18:43:38 +02:00
|
|
|
end;
|
|
|
|
|
2010-07-22 18:49:12 +02:00
|
|
|
get_vh_registered_users(Server, [{prefix, Prefix}])
|
|
|
|
when is_list(Prefix) ->
|
2010-07-22 18:43:38 +02:00
|
|
|
Set = [{U,S} || {U, S} <- get_vh_registered_users(Server), lists:prefix(Prefix, U)],
|
|
|
|
lists:keysort(1, Set);
|
|
|
|
|
2010-07-22 18:49:12 +02:00
|
|
|
get_vh_registered_users(Server, [{prefix, Prefix}, {from, Start}, {to, End}])
|
|
|
|
when is_list(Prefix) and is_integer(Start) and is_integer(End) ->
|
2010-07-22 18:43:38 +02:00
|
|
|
get_vh_registered_users(Server, [{prefix, Prefix}, {limit, End-Start+1}, {offset, Start}]);
|
|
|
|
|
2010-07-22 18:49:12 +02:00
|
|
|
get_vh_registered_users(Server, [{prefix, Prefix}, {limit, Limit}, {offset, Offset}])
|
|
|
|
when is_list(Prefix) and is_integer(Limit) and is_integer(Offset) ->
|
2010-07-22 18:43:38 +02:00
|
|
|
case [{U,S} || {U, S} <- get_vh_registered_users(Server), lists:prefix(Prefix, U)] of
|
2010-07-22 18:49:12 +02:00
|
|
|
[] ->
|
|
|
|
[];
|
|
|
|
Users ->
|
|
|
|
Set = lists:keysort(1, Users),
|
|
|
|
L = length(Set),
|
|
|
|
Start = if Offset < 1 -> 1;
|
|
|
|
Offset > L -> L;
|
|
|
|
true -> Offset
|
|
|
|
end,
|
|
|
|
lists:sublist(Set, Start, Limit)
|
2010-07-22 18:43:38 +02:00
|
|
|
end;
|
|
|
|
|
|
|
|
get_vh_registered_users(Server, _) ->
|
|
|
|
get_vh_registered_users(Server).
|
|
|
|
|
2010-07-22 18:49:12 +02:00
|
|
|
%% @spec (Server) -> Users_Number
|
|
|
|
%% Server = string()
|
|
|
|
%% Users_Number = integer()
|
|
|
|
|
2010-07-22 18:43:38 +02:00
|
|
|
get_vh_registered_users_number(Server) ->
|
2010-07-22 18:49:12 +02:00
|
|
|
LServer = exmpp_jid:prep_domain(exmpp_jid:parse(Server)),
|
|
|
|
Query = mnesia:dirty_select(
|
|
|
|
reg_users_counter,
|
|
|
|
[{#reg_users_counter{vhost = LServer, count = '$1'},
|
|
|
|
[],
|
|
|
|
['$1']}]),
|
|
|
|
case Query of
|
|
|
|
[Count] ->
|
|
|
|
Count;
|
|
|
|
_ -> 0
|
|
|
|
end.
|
|
|
|
|
|
|
|
%% @spec (Server, [{prefix, Prefix}]) -> Users_Number
|
|
|
|
%% Server = string()
|
|
|
|
%% Prefix = string()
|
|
|
|
%% Users_Number = integer()
|
2010-07-22 18:43:38 +02:00
|
|
|
|
|
|
|
get_vh_registered_users_number(Server, [{prefix, Prefix}]) when is_list(Prefix) ->
|
|
|
|
Set = [{U, S} || {U, S} <- get_vh_registered_users(Server), lists:prefix(Prefix, U)],
|
|
|
|
length(Set);
|
2010-07-22 18:49:12 +02:00
|
|
|
|
2010-07-22 18:43:38 +02:00
|
|
|
get_vh_registered_users_number(Server, _) ->
|
|
|
|
get_vh_registered_users_number(Server).
|
|
|
|
|
2010-07-22 18:49:12 +02:00
|
|
|
%% @spec (User, Server) -> Password | false
|
|
|
|
%% User = string()
|
|
|
|
%% Server = string()
|
|
|
|
%% Password = string()
|
|
|
|
|
2010-07-22 18:43:38 +02:00
|
|
|
get_password(User, Server) ->
|
2010-07-22 18:49:12 +02:00
|
|
|
try
|
|
|
|
LUser = exmpp_stringprep:nodeprep(User),
|
|
|
|
LServer = exmpp_stringprep:nameprep(Server),
|
|
|
|
US = {LUser, LServer},
|
|
|
|
case catch gen_storage:dirty_read(LServer, passwd, US) of
|
2011-08-16 00:28:25 +02:00
|
|
|
[#passwd{password = ""} = Passwd] ->
|
|
|
|
{base64:decode(Passwd#passwd.storedkey),
|
|
|
|
base64:decode(Passwd#passwd.serverkey),
|
|
|
|
base64:decode(Passwd#passwd.salt),
|
|
|
|
Passwd#passwd.iterationcount};
|
|
|
|
[#passwd{password = Password}] ->
|
2010-07-22 18:49:12 +02:00
|
|
|
Password;
|
2011-08-16 00:28:25 +02:00
|
|
|
_ ->
|
2010-07-22 18:49:12 +02:00
|
|
|
false
|
|
|
|
end
|
|
|
|
catch
|
2010-07-22 18:43:38 +02:00
|
|
|
_ ->
|
|
|
|
false
|
|
|
|
end.
|
|
|
|
|
2010-07-22 18:49:12 +02:00
|
|
|
%% @spec (User, Server) -> Password | nil()
|
|
|
|
%% User = string()
|
|
|
|
%% Server = string()
|
|
|
|
%% Password = string()
|
|
|
|
|
2010-07-22 18:43:38 +02:00
|
|
|
get_password_s(User, Server) ->
|
2010-07-22 18:49:12 +02:00
|
|
|
try
|
|
|
|
LUser = exmpp_stringprep:nodeprep(User),
|
|
|
|
LServer = exmpp_stringprep:nameprep(Server),
|
|
|
|
US = {LUser, LServer},
|
|
|
|
case catch gen_storage:dirty_read(LServer, passwd, US) of
|
2011-08-16 00:28:25 +02:00
|
|
|
[#passwd{password = Password}] ->
|
|
|
|
Password;
|
2010-07-22 18:49:12 +02:00
|
|
|
_ ->
|
|
|
|
[]
|
|
|
|
end
|
|
|
|
catch
|
2010-07-22 18:43:38 +02:00
|
|
|
_ ->
|
|
|
|
[]
|
|
|
|
end.
|
|
|
|
|
2010-07-22 18:49:12 +02:00
|
|
|
%% @spec (User, Server) -> true | false | {error, Error}
|
|
|
|
%% User = string()
|
|
|
|
%% Server = string()
|
|
|
|
|
2010-07-22 18:43:38 +02:00
|
|
|
is_user_exists(User, Server) ->
|
2010-07-22 18:49:12 +02:00
|
|
|
try
|
|
|
|
LUser = exmpp_stringprep:nodeprep(User),
|
|
|
|
LServer = exmpp_stringprep:nameprep(Server),
|
|
|
|
US = {LUser, LServer},
|
|
|
|
case catch gen_storage:dirty_read(LServer, {passwd, US}) of
|
|
|
|
[] ->
|
|
|
|
false;
|
|
|
|
[_] ->
|
|
|
|
true;
|
|
|
|
Other ->
|
|
|
|
{error, Other}
|
|
|
|
end
|
|
|
|
catch
|
2010-07-22 18:43:38 +02:00
|
|
|
_ ->
|
|
|
|
false
|
|
|
|
end.
|
|
|
|
|
2010-07-22 18:49:12 +02:00
|
|
|
%% @spec (User, Server) -> ok
|
|
|
|
%% User = string()
|
|
|
|
%% Server = string()
|
|
|
|
%% @doc Remove user.
|
|
|
|
%% Note: it returns ok even if there was some problem removing the user.
|
|
|
|
|
2010-07-22 18:43:38 +02:00
|
|
|
remove_user(User, Server) ->
|
2010-07-22 18:49:12 +02:00
|
|
|
try
|
|
|
|
LUser = exmpp_stringprep:nodeprep(User),
|
|
|
|
LServer = exmpp_stringprep:nameprep(Server),
|
|
|
|
US = {LUser, LServer},
|
|
|
|
F = fun() ->
|
|
|
|
gen_storage:delete(LServer, {passwd, US}),
|
|
|
|
mnesia:dirty_update_counter(reg_users_counter,
|
|
|
|
exmpp_jid:prep_domain(exmpp_jid:parse(Server)), -1)
|
|
|
|
end,
|
|
|
|
gen_storage:transaction(LServer, passwd, F),
|
|
|
|
ok
|
|
|
|
catch
|
|
|
|
_ ->
|
|
|
|
ok
|
|
|
|
end.
|
|
|
|
|
|
|
|
%% @spec (User, Server, Password) -> ok | not_exists | not_allowed | bad_request
|
|
|
|
%% User = string()
|
|
|
|
%% Server = string()
|
|
|
|
%% Password = string()
|
|
|
|
%% @doc Remove user if the provided password is correct.
|
2010-07-22 18:43:38 +02:00
|
|
|
|
|
|
|
remove_user(User, Server, Password) ->
|
2010-07-22 18:49:12 +02:00
|
|
|
try
|
|
|
|
LUser = exmpp_stringprep:nodeprep(User),
|
|
|
|
LServer = exmpp_stringprep:nameprep(Server),
|
|
|
|
US = {LUser, LServer},
|
|
|
|
F = fun() ->
|
|
|
|
case gen_storage:read(LServer, {passwd, US}) of
|
2011-08-16 00:28:25 +02:00
|
|
|
[#passwd{password = ""} = Passwd] ->
|
|
|
|
case is_password_scram_valid(Password, Passwd) of
|
|
|
|
true ->
|
|
|
|
gen_storage:delete(LServer, {passwd, US}),
|
|
|
|
mnesia:dirty_update_counter(reg_users_counter,
|
|
|
|
LServer, -1),
|
|
|
|
ok;
|
|
|
|
false ->
|
|
|
|
not_allowed
|
|
|
|
end;
|
2010-07-22 18:49:12 +02:00
|
|
|
[#passwd{password = Password}] ->
|
|
|
|
gen_storage:delete(LServer, {passwd, US}),
|
|
|
|
mnesia:dirty_update_counter(reg_users_counter,
|
|
|
|
exmpp_jid:prep_domain(exmpp_jid:parse(Server)), -1),
|
|
|
|
ok;
|
|
|
|
_ ->
|
|
|
|
not_exists
|
|
|
|
end
|
|
|
|
end,
|
|
|
|
case gen_storage:transaction(LServer, passwd, F) of
|
|
|
|
{atomic, ok} ->
|
|
|
|
ok;
|
|
|
|
{atomic, Res} ->
|
2010-08-13 17:01:08 +02:00
|
|
|
Res
|
2010-07-22 18:49:12 +02:00
|
|
|
end
|
|
|
|
catch
|
2010-07-22 18:43:38 +02:00
|
|
|
_ ->
|
|
|
|
bad_request
|
|
|
|
end.
|
|
|
|
|
2011-08-16 00:28:25 +02:00
|
|
|
%%%
|
|
|
|
%%% SCRAM
|
|
|
|
%%%
|
|
|
|
|
|
|
|
%% The passwords are stored scrammed in the table either if the option says so,
|
|
|
|
%% or if at least the first password is empty.
|
|
|
|
is_scrammed(Host) ->
|
|
|
|
case action_password_format(Host) of
|
|
|
|
scram -> true;
|
|
|
|
must_scram -> true;
|
|
|
|
plain -> false;
|
|
|
|
forced_scram -> true
|
|
|
|
end.
|
|
|
|
|
2011-08-17 18:43:19 +02:00
|
|
|
action_password_format(HostB) ->
|
2011-08-16 00:28:25 +02:00
|
|
|
OptionScram = is_option_scram(),
|
2011-08-17 18:43:19 +02:00
|
|
|
case {OptionScram, get_format_first_element(HostB)} of
|
2011-08-16 00:28:25 +02:00
|
|
|
{true, scram} -> scram;
|
|
|
|
{true, any} -> scram;
|
|
|
|
{true, plain} -> must_scram;
|
|
|
|
{false, plain} -> plain;
|
|
|
|
{false, any} -> plain;
|
|
|
|
{false, scram} -> forced_scram
|
|
|
|
end.
|
|
|
|
|
2011-08-17 18:43:19 +02:00
|
|
|
get_format_first_element(HostB) ->
|
|
|
|
case gen_storage:dirty_select(HostB, passwd, []) of
|
2011-08-16 00:28:25 +02:00
|
|
|
[] -> any;
|
|
|
|
[#passwd{password = ""} | _] -> scram;
|
|
|
|
[#passwd{} | _] -> plain
|
|
|
|
end.
|
|
|
|
|
|
|
|
is_option_scram() ->
|
|
|
|
scram == ejabberd_config:get_local_option({auth_password_format, ?MYNAME}).
|
|
|
|
|
|
|
|
maybe_alert_password_scrammed_without_option(Host) ->
|
|
|
|
case is_scrammed(Host) andalso not is_option_scram() of
|
|
|
|
true ->
|
|
|
|
?ERROR_MSG("Some passwords were stored in the database as SCRAM, "
|
|
|
|
"but 'auth_password_format' is not configured 'scram'. "
|
|
|
|
"The option will now be considered to be 'scram'.", []);
|
|
|
|
false ->
|
|
|
|
ok
|
|
|
|
end.
|
|
|
|
|
|
|
|
maybe_scram_passwords(Host) ->
|
|
|
|
case action_password_format(Host) of
|
|
|
|
must_scram -> scram_passwords(Host);
|
|
|
|
_ -> ok
|
|
|
|
end.
|
|
|
|
|
|
|
|
scram_passwords(Host) ->
|
|
|
|
Backend =
|
|
|
|
case ejabberd_config:get_local_option({auth_storage, Host}) of
|
|
|
|
undefined -> mnesia;
|
|
|
|
B -> B
|
|
|
|
end,
|
|
|
|
scram_passwords(Host, Backend).
|
|
|
|
scram_passwords(Host, mnesia) ->
|
2011-08-16 19:26:18 +02:00
|
|
|
?INFO_MSG("Converting the passwords stored in mnesia for host ~p into SCRAM bits", [Host]),
|
2011-08-16 00:28:25 +02:00
|
|
|
gen_storage_migration:migrate_mnesia(
|
|
|
|
Host, passwd,
|
2011-08-16 19:26:18 +02:00
|
|
|
[{passwd, [user_host, password, storedkey, serverkey, salt, iterationcount],
|
2011-08-16 00:28:25 +02:00
|
|
|
fun(#passwd{password = Password} = Passwd) ->
|
|
|
|
password_to_scram(Password, Passwd)
|
|
|
|
end}]);
|
|
|
|
scram_passwords(Host, odbc) ->
|
|
|
|
?INFO_MSG("Converting the passwords stored in odbc for host ~p into SCRAM bits", [Host]),
|
|
|
|
gen_storage_migration:migrate_odbc(
|
|
|
|
Host, [passwd],
|
2011-08-16 19:26:18 +02:00
|
|
|
[{"passwd", ["user", "host", "password", "storedkey", "serverkey", "salt", "iterationcount"],
|
2011-08-16 00:28:25 +02:00
|
|
|
fun(_, User, Host2, Password, _Storedkey, _Serverkey, _Iterationcount, _Salt) ->
|
|
|
|
password_to_scram(Password, #passwd{user_host = {User, Host2}})
|
|
|
|
end}]).
|
|
|
|
|
|
|
|
password_to_scram(Password, Passwd) ->
|
|
|
|
password_to_scram(Password, Passwd, ?SCRAM_DEFAULT_ITERATION_COUNT).
|
|
|
|
|
|
|
|
password_to_scram(Password, Passwd, IterationCount) ->
|
|
|
|
Salt = crypto:rand_bytes(?SALT_LENGTH),
|
|
|
|
SaltedPassword = scram:salted_password(Password, Salt, IterationCount),
|
|
|
|
StoredKey = scram:stored_key(scram:client_key(SaltedPassword)),
|
|
|
|
ServerKey = scram:server_key(SaltedPassword),
|
|
|
|
Passwd#passwd{password = "",
|
|
|
|
storedkey = base64:encode(StoredKey),
|
|
|
|
salt = base64:encode(Salt),
|
|
|
|
iterationcount = IterationCount,
|
|
|
|
serverkey = base64:encode(ServerKey)}.
|
|
|
|
|
|
|
|
is_password_scram_valid(Password, Passwd) ->
|
|
|
|
IterationCount = Passwd#passwd.iterationcount,
|
|
|
|
Salt = base64:decode(Passwd#passwd.salt),
|
|
|
|
SaltedPassword = scram:salted_password(Password, Salt, IterationCount),
|
|
|
|
StoredKey = scram:stored_key(scram:client_key(SaltedPassword)),
|
|
|
|
(base64:decode(Passwd#passwd.storedkey) == StoredKey).
|
|
|
|
|
|
|
|
|
2010-07-22 18:49:12 +02:00
|
|
|
update_table(Host, mnesia) ->
|
2010-07-22 18:43:38 +02:00
|
|
|
gen_storage_migration:migrate_mnesia(
|
|
|
|
Host, passwd,
|
2010-07-22 18:49:12 +02:00
|
|
|
[{passwd, [us, password],
|
|
|
|
fun({passwd, {User, _Host}, Password}) ->
|
2011-08-16 00:28:25 +02:00
|
|
|
case is_list(Password) of
|
|
|
|
true ->
|
|
|
|
#passwd{user_host = {User, Host},
|
|
|
|
password = Password};
|
|
|
|
false ->
|
|
|
|
#passwd{user_host = {User, Host},
|
|
|
|
password = "",
|
|
|
|
storedkey = Password#scram.storedkey,
|
|
|
|
serverkey = Password#scram.serverkey,
|
|
|
|
salt = Password#scram.salt,
|
|
|
|
iterationcount = Password#scram.iterationcount}
|
|
|
|
end
|
2010-07-22 18:49:12 +02:00
|
|
|
end}]);
|
|
|
|
update_table(Host, odbc) ->
|
2010-07-22 18:43:38 +02:00
|
|
|
gen_storage_migration:migrate_odbc(
|
|
|
|
Host, [passwd],
|
|
|
|
[{"users", ["username", "password"],
|
|
|
|
fun(_, User, Password) ->
|
2010-07-22 18:49:12 +02:00
|
|
|
#passwd{user_host = {User, Host},
|
2010-07-22 18:43:38 +02:00
|
|
|
password = Password}
|
|
|
|
end}]).
|