Chapril
/
xmpp.chapril.org-ejabberd
mirror of https://github.com/processone/ejabberd.git
24
1
Fork 0
Code Releases Activity
xmpp.chapril.org-ejabberd/src/ejabberd_auth_external.erl

106 lines
3.5 KiB
Erlang
Raw Normal View History

* src/ejabberd_sm.erl: Added unset_presence_hook * src/mod_last.erl: Use unset_presence_hook instead of direct call * src/ejabberd_auth.erl: Splitted into ejabberd_auth_internal.erl, ejabberd_auth_ldap.erl, and ejabberd_auth_external.erl, * src/ejabberd_auth_internal.erl: Likewise * src/ejabberd_auth_ldap.erl: Likewise * src/ejabberd_auth_external.erl: Likewise SVN Revision: 290
2004-12-12 22:00:34 +01:00
%%%----------------------------------------------------------------------
%%% File : ejabberd_auth_external.erl
* Applied copyright update patch 1. SVN Revision: 1110
2007-12-24 12:41:41 +01:00
%%% Author : Alexey Shchepin <alexey@process-one.net>
Fix typos using codespell
2019-07-16 21:07:39 +02:00
%%% Purpose : Authentication via LDAP external script
* Applied copyright update patch 1. SVN Revision: 1110
2007-12-24 12:41:41 +01:00
%%% Created : 12 Dec 2004 by Alexey Shchepin <alexey@process-one.net>
%%%
%%%
Update copyright to 2020 (#3149)
2020-01-28 13:34:02 +01:00
%%% ejabberd, Copyright (C) 2002-2020 ProcessOne
* Applied copyright update patch 1. SVN Revision: 1110
2007-12-24 12:41:41 +01:00
%%%
%%% This program is free software; you can redistribute it and/or
%%% modify it under the terms of the GNU General Public License as
%%% published by the Free Software Foundation; either version 2 of the
%%% License, or (at your option) any later version.
%%%
%%% This program is distributed in the hope that it will be useful,
%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
%%% General Public License for more details.
* doc/guide.tex: Update copyright date 2008 to 2009 (EJAB-842) * doc/guide.html: Likewise * src/*/*.erl: Likewise * src/*/*.erl: Remove unneeded blankspaces in license text SVN Revision: 1804
2009-01-12 15:44:42 +01:00
%%%
Update FSF address
2014-02-22 11:27:40 +01:00
%%% You should have received a copy of the GNU General Public License along
%%% with this program; if not, write to the Free Software Foundation, Inc.,
%%% 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
* Applied copyright update patch 1. SVN Revision: 1110
2007-12-24 12:41:41 +01:00
%%%
* src/ejabberd_sm.erl: Added unset_presence_hook * src/mod_last.erl: Use unset_presence_hook instead of direct call * src/ejabberd_auth.erl: Splitted into ejabberd_auth_internal.erl, ejabberd_auth_ldap.erl, and ejabberd_auth_external.erl, * src/ejabberd_auth_internal.erl: Likewise * src/ejabberd_auth_ldap.erl: Likewise * src/ejabberd_auth_external.erl: Likewise SVN Revision: 290
2004-12-12 22:00:34 +01:00
%%%----------------------------------------------------------------------
-module(ejabberd_auth_external).
Accumulated patch to binarize and indent code
2013-03-14 10:33:02 +01:00
* Applied copyright update patch 1. SVN Revision: 1110
2007-12-24 12:41:41 +01:00
-author('alexey@process-one.net').
* src/ejabberd_sm.erl: Added unset_presence_hook * src/mod_last.erl: Use unset_presence_hook instead of direct call * src/ejabberd_auth.erl: Splitted into ejabberd_auth_internal.erl, ejabberd_auth_ldap.erl, and ejabberd_auth_external.erl, * src/ejabberd_auth_internal.erl: Likewise * src/ejabberd_auth_ldap.erl: Likewise * src/ejabberd_auth_external.erl: Likewise SVN Revision: 290
2004-12-12 22:00:34 +01:00
Accumulated patch to binarize and indent code
2013-03-14 10:33:02 +01:00
-behaviour(ejabberd_auth).
Improve robustness of external authentication backends Now all external ports are attached to supervising processes and requests are balanced in round-robin manner until the pool is exhausted. The commit also deprecates `extauth_instances` option and introduces `extauth_pool_size` option instead, with the default value of a number of logical processors (i.e. CPU cores). Fixes #2403
2018-05-07 18:27:18 +02:00
-export([start/1, stop/1, reload/1, set_password/3, check_password/4,
Rename is_user_exists -> user_exists
2017-05-11 14:49:06 +02:00
try_register/3, user_exists/2, remove_user/2,
Use new configuration validator
2019-06-14 11:33:26 +02:00
store_type/1, plain_password_required/1]).
* src/ejabberd_sm.erl: Added unset_presence_hook * src/mod_last.erl: Use unset_presence_hook instead of direct call * src/ejabberd_auth.erl: Splitted into ejabberd_auth_internal.erl, ejabberd_auth_ldap.erl, and ejabberd_auth_external.erl, * src/ejabberd_auth_internal.erl: Likewise * src/ejabberd_auth_ldap.erl: Likewise * src/ejabberd_auth_external.erl: Likewise SVN Revision: 290
2004-12-12 22:00:34 +01:00
Switch to rebar build tool Use dynamic Rebar configuration Make iconv dependency optional Disable transient_supervisors compile option Add hipe compilation support Only compile ibrowse and lhttpc when needed Make it possible to generate an OTP application release Add --enable-debug compile option Add --enable-all compiler option Add --enable-tools configure option Add --with-erlang configure option. Add --enable-erlang-version-check configure option. Add lager support Improve the test suite
2013-04-08 11:12:54 +02:00
-include("logger.hrl").
Optionally cache extauth users in mnesia (EJAB-641)
2010-05-10 16:42:54 +02:00
* src/ejabberd_sm.erl: Added unset_presence_hook * src/mod_last.erl: Use unset_presence_hook instead of direct call * src/ejabberd_auth.erl: Splitted into ejabberd_auth_internal.erl, ejabberd_auth_ldap.erl, and ejabberd_auth_external.erl, * src/ejabberd_auth_internal.erl: Likewise * src/ejabberd_auth_ldap.erl: Likewise * src/ejabberd_auth_external.erl: Likewise SVN Revision: 290
2004-12-12 22:00:34 +01:00
%%%----------------------------------------------------------------------
%%% API
%%%----------------------------------------------------------------------
* src/mod_register.erl: Bugfix * src/mod_vcard.erl: Bugfix * src/ejabberd_app.erl: Updated to allow different authentication methods for different virtual hosts * src/ejabberd_auth.erl: Likewise * src/ejabberd_auth_external.erl: Likewise * src/ejabberd_auth_internal.erl: Likewise * src/ejabberd_auth_ldap.erl: Likewise * src/ejabberd_auth_odbc.erl: Likewise * src/cyrsasl.erl: Likewise * src/cyrsasl_digest.erl: Likewise * src/cyrsasl_plain.erl: Likewise * src/ejabberd_c2s.erl: Likewise * src/ejabberd_config.erl: Likewise * src/extauth.erl: Likewise * src/mod_last_odbc.erl: Likewise * src/mod_offline_odbc.erl: Likewise * src/mod_roster_odbc.erl: Likewise * src/odbc/ejabberd_odbc.erl: Likewise * src/odbc/ejabberd_odbc_sup.erl: Likewise SVN Revision: 374
2005-07-13 05:24:13 +02:00
start(Host) ->
Improve robustness of external authentication backends Now all external ports are attached to supervising processes and requests are balanced in round-robin manner until the pool is exhausted. The commit also deprecates `extauth_instances` option and introduces `extauth_pool_size` option instead, with the default value of a number of logical processors (i.e. CPU cores). Fixes #2403
2018-05-07 18:27:18 +02:00
extauth:start(Host).
Optionally cache extauth users in mnesia (EJAB-641)
2010-05-10 16:42:54 +02:00
Start/stop auth modules when host is added/deleted
2017-02-23 14:19:22 +01:00
stop(Host) ->
Use cache for authentication backends The commit introduces the following API incompatibilities: In ejabberd_auth.erl: * dirty_get_registered_users/0 is renamed to get_users/0 * get_vh_registered_users/1 is renamed to get_users/1 * get_vh_registered_users/2 is renamed to get_users/2 * get_vh_registered_users_number/1 is renamed to count_users/1 * get_vh_registered_users_number/2 is renamed to count_users/2 In ejabberd_auth callbacks * plain_password_required/0 is replaced by plain_password_required/1 where the argument is a virtual host * store_type/0 is replaced by store_type/1 where the argument is a virtual host * set_password/3 is now an optional callback * remove_user/3 callback is no longer needed * remove_user/2 now should return `ok | {error, atom()}` * is_user_exists/2 now must only be implemented for backends with `external` store type * check_password/6 is no longer needed * check_password/4 now must only be implemented for backends with `external` store type * try_register/3 is now an optional callback and should return `ok | {error, atom()}` * dirty_get_registered_users/0 is no longer needed * get_vh_registered_users/1 is no longer needed * get_vh_registered_users/2 is renamed to get_users/2 * get_vh_registered_users_number/1 is no longer needed * get_vh_registered_users_number/2 is renamed to count_users/2 * get_password_s/2 is no longer needed * get_password/2 now must only be implemented for backends with `plain` or `scram` store type Additionally, the commit introduces two new callbacks: * use_cache/1 where the argument is a virtual host * cache_nodes/1 where the argument is a virtual host New options are also introduced: `auth_use_cache`, `auth_cache_missed`, `auth_cache_life_time` and `auth_cache_size`.
2017-05-11 13:37:21 +02:00
extauth:stop(Host).
Start/stop auth modules when host is added/deleted
2017-02-23 14:19:22 +01:00
Improve robustness of external authentication backends Now all external ports are attached to supervising processes and requests are balanced in round-robin manner until the pool is exhausted. The commit also deprecates `extauth_instances` option and introduces `extauth_pool_size` option instead, with the default value of a number of logical processors (i.e. CPU cores). Fixes #2403
2018-05-07 18:27:18 +02:00
reload(Host) ->
extauth:reload(Host).
Use cache for authentication backends The commit introduces the following API incompatibilities: In ejabberd_auth.erl: * dirty_get_registered_users/0 is renamed to get_users/0 * get_vh_registered_users/1 is renamed to get_users/1 * get_vh_registered_users/2 is renamed to get_users/2 * get_vh_registered_users_number/1 is renamed to count_users/1 * get_vh_registered_users_number/2 is renamed to count_users/2 In ejabberd_auth callbacks * plain_password_required/0 is replaced by plain_password_required/1 where the argument is a virtual host * store_type/0 is replaced by store_type/1 where the argument is a virtual host * set_password/3 is now an optional callback * remove_user/3 callback is no longer needed * remove_user/2 now should return `ok | {error, atom()}` * is_user_exists/2 now must only be implemented for backends with `external` store type * check_password/6 is no longer needed * check_password/4 now must only be implemented for backends with `external` store type * try_register/3 is now an optional callback and should return `ok | {error, atom()}` * dirty_get_registered_users/0 is no longer needed * get_vh_registered_users/1 is no longer needed * get_vh_registered_users/2 is renamed to get_users/2 * get_vh_registered_users_number/1 is no longer needed * get_vh_registered_users_number/2 is renamed to count_users/2 * get_password_s/2 is no longer needed * get_password/2 now must only be implemented for backends with `plain` or `scram` store type Additionally, the commit introduces two new callbacks: * use_cache/1 where the argument is a virtual host * cache_nodes/1 where the argument is a virtual host New options are also introduced: `auth_use_cache`, `auth_cache_missed`, `auth_cache_life_time` and `auth_cache_size`.
2017-05-11 13:37:21 +02:00
plain_password_required(_) -> true.
* src/ejabberd_sm.erl: Added unset_presence_hook * src/mod_last.erl: Use unset_presence_hook instead of direct call * src/ejabberd_auth.erl: Splitted into ejabberd_auth_internal.erl, ejabberd_auth_ldap.erl, and ejabberd_auth_external.erl, * src/ejabberd_auth_internal.erl: Likewise * src/ejabberd_auth_ldap.erl: Likewise * src/ejabberd_auth_external.erl: Likewise SVN Revision: 290
2004-12-12 22:00:34 +01:00
Use cache for authentication backends The commit introduces the following API incompatibilities: In ejabberd_auth.erl: * dirty_get_registered_users/0 is renamed to get_users/0 * get_vh_registered_users/1 is renamed to get_users/1 * get_vh_registered_users/2 is renamed to get_users/2 * get_vh_registered_users_number/1 is renamed to count_users/1 * get_vh_registered_users_number/2 is renamed to count_users/2 In ejabberd_auth callbacks * plain_password_required/0 is replaced by plain_password_required/1 where the argument is a virtual host * store_type/0 is replaced by store_type/1 where the argument is a virtual host * set_password/3 is now an optional callback * remove_user/3 callback is no longer needed * remove_user/2 now should return `ok | {error, atom()}` * is_user_exists/2 now must only be implemented for backends with `external` store type * check_password/6 is no longer needed * check_password/4 now must only be implemented for backends with `external` store type * try_register/3 is now an optional callback and should return `ok | {error, atom()}` * dirty_get_registered_users/0 is no longer needed * get_vh_registered_users/1 is no longer needed * get_vh_registered_users/2 is renamed to get_users/2 * get_vh_registered_users_number/1 is no longer needed * get_vh_registered_users_number/2 is renamed to count_users/2 * get_password_s/2 is no longer needed * get_password/2 now must only be implemented for backends with `plain` or `scram` store type Additionally, the commit introduces two new callbacks: * use_cache/1 where the argument is a virtual host * cache_nodes/1 where the argument is a virtual host New options are also introduced: `auth_use_cache`, `auth_cache_missed`, `auth_cache_life_time` and `auth_cache_size`.
2017-05-11 13:37:21 +02:00
store_type(_) -> external.
Preliminary patch for SASL SCRAM-SHA-1 (thanks to Stephen Röttger)(EJAB-1196)
2011-08-16 00:25:03 +02:00
Use SASL PLAIN authzid as client identity if auth module permits it This allows the authentication modules to perform SASL proxy authentication. It puts the onus on them to authorize the authcid to masquerade as the authzid. Doesn't currently implement such functionality in existing auth modules, since they cannot currently codify a relationship between the two identities. Does not permit the authzid to use a domain differently from the one of the connection. Note: digest might not work, but I have no interest in it, being deprecated.
2015-04-09 03:21:09 +02:00
check_password(User, AuthzId, Server, Password) ->
if AuthzId /= <<>> andalso AuthzId /= User ->
Use new ets_cache API in ejabberd_auth
2019-06-30 16:15:43 +02:00
{nocache, false};
ejabberd_auth*: Fix indentation
2016-05-24 00:40:25 +02:00
true ->
Use cache for authentication backends The commit introduces the following API incompatibilities: In ejabberd_auth.erl: * dirty_get_registered_users/0 is renamed to get_users/0 * get_vh_registered_users/1 is renamed to get_users/1 * get_vh_registered_users/2 is renamed to get_users/2 * get_vh_registered_users_number/1 is renamed to count_users/1 * get_vh_registered_users_number/2 is renamed to count_users/2 In ejabberd_auth callbacks * plain_password_required/0 is replaced by plain_password_required/1 where the argument is a virtual host * store_type/0 is replaced by store_type/1 where the argument is a virtual host * set_password/3 is now an optional callback * remove_user/3 callback is no longer needed * remove_user/2 now should return `ok | {error, atom()}` * is_user_exists/2 now must only be implemented for backends with `external` store type * check_password/6 is no longer needed * check_password/4 now must only be implemented for backends with `external` store type * try_register/3 is now an optional callback and should return `ok | {error, atom()}` * dirty_get_registered_users/0 is no longer needed * get_vh_registered_users/1 is no longer needed * get_vh_registered_users/2 is renamed to get_users/2 * get_vh_registered_users_number/1 is no longer needed * get_vh_registered_users_number/2 is renamed to count_users/2 * get_password_s/2 is no longer needed * get_password/2 now must only be implemented for backends with `plain` or `scram` store type Additionally, the commit introduces two new callbacks: * use_cache/1 where the argument is a virtual host * cache_nodes/1 where the argument is a virtual host New options are also introduced: `auth_use_cache`, `auth_cache_missed`, `auth_cache_life_time` and `auth_cache_size`.
2017-05-11 13:37:21 +02:00
check_password_extauth(User, AuthzId, Server, Password)
Optionally cache extauth users in mnesia (EJAB-641)
2010-05-10 16:42:54 +02:00
end.
* src/ejabberd_sm.erl: Added unset_presence_hook * src/mod_last.erl: Use unset_presence_hook instead of direct call * src/ejabberd_auth.erl: Splitted into ejabberd_auth_internal.erl, ejabberd_auth_ldap.erl, and ejabberd_auth_external.erl, * src/ejabberd_auth_internal.erl: Likewise * src/ejabberd_auth_ldap.erl: Likewise * src/ejabberd_auth_external.erl: Likewise SVN Revision: 290
2004-12-12 22:00:34 +01:00
* src/mod_register.erl: Bugfix * src/mod_vcard.erl: Bugfix * src/ejabberd_app.erl: Updated to allow different authentication methods for different virtual hosts * src/ejabberd_auth.erl: Likewise * src/ejabberd_auth_external.erl: Likewise * src/ejabberd_auth_internal.erl: Likewise * src/ejabberd_auth_ldap.erl: Likewise * src/ejabberd_auth_odbc.erl: Likewise * src/cyrsasl.erl: Likewise * src/cyrsasl_digest.erl: Likewise * src/cyrsasl_plain.erl: Likewise * src/ejabberd_c2s.erl: Likewise * src/ejabberd_config.erl: Likewise * src/extauth.erl: Likewise * src/mod_last_odbc.erl: Likewise * src/mod_offline_odbc.erl: Likewise * src/mod_roster_odbc.erl: Likewise * src/odbc/ejabberd_odbc.erl: Likewise * src/odbc/ejabberd_odbc_sup.erl: Likewise SVN Revision: 374
2005-07-13 05:24:13 +02:00
set_password(User, Server, Password) ->
* src/mod_register.erl: Change password using mod_register always returns success regardless of real result (EJAB-723) * src/ejabberd_auth.erl: Likewise * src/ejabberd_auth_external.erl: Likewise * src/ejabberd_auth_internal.erl: Likewise * src/ejabberd_auth_odbc.erl: Likewise SVN Revision: 1530
2008-08-18 20:21:10 +02:00
case extauth:set_password(User, Server, Password) of
Use new ets_cache API in ejabberd_auth
2019-06-30 16:15:43 +02:00
Res when is_boolean(Res) -> {cache, {ok, Password}};
Get rid of ?FUNCTION_NAME macro (it's OTP19+ feature)
2018-05-08 11:06:58 +02:00
{error, Reason} -> failure(User, Server, set_password, Reason)
* src/mod_register.erl: Change password using mod_register always returns success regardless of real result (EJAB-723) * src/ejabberd_auth.erl: Likewise * src/ejabberd_auth_external.erl: Likewise * src/ejabberd_auth_internal.erl: Likewise * src/ejabberd_auth_odbc.erl: Likewise SVN Revision: 1530
2008-08-18 20:21:10 +02:00
end.
* src/ejabberd_sm.erl: Added unset_presence_hook * src/mod_last.erl: Use unset_presence_hook instead of direct call * src/ejabberd_auth.erl: Splitted into ejabberd_auth_internal.erl, ejabberd_auth_ldap.erl, and ejabberd_auth_external.erl, * src/ejabberd_auth_internal.erl: Likewise * src/ejabberd_auth_ldap.erl: Likewise * src/ejabberd_auth_external.erl: Likewise SVN Revision: 290
2004-12-12 22:00:34 +01:00
Optionally cache extauth users in mnesia (EJAB-641)
2010-05-10 16:42:54 +02:00
try_register(User, Server, Password) ->
Improve robustness of external authentication backends Now all external ports are attached to supervising processes and requests are balanced in round-robin manner until the pool is exhausted. The commit also deprecates `extauth_instances` option and introduces `extauth_pool_size` option instead, with the default value of a number of logical processors (i.e. CPU cores). Fixes #2403
2018-05-07 18:27:18 +02:00
case extauth:try_register(User, Server, Password) of
Use new ets_cache API in ejabberd_auth
2019-06-30 16:15:43 +02:00
true -> {cache, {ok, Password}};
false -> {cache, {error, not_allowed}};
Get rid of ?FUNCTION_NAME macro (it's OTP19+ feature)
2018-05-08 11:06:58 +02:00
{error, Reason} -> failure(User, Server, try_register, Reason)
Improve robustness of external authentication backends Now all external ports are attached to supervising processes and requests are balanced in round-robin manner until the pool is exhausted. The commit also deprecates `extauth_instances` option and introduces `extauth_pool_size` option instead, with the default value of a number of logical processors (i.e. CPU cores). Fixes #2403
2018-05-07 18:27:18 +02:00
end.
* src/ejabberd_sm.erl: Added unset_presence_hook * src/mod_last.erl: Use unset_presence_hook instead of direct call * src/ejabberd_auth.erl: Splitted into ejabberd_auth_internal.erl, ejabberd_auth_ldap.erl, and ejabberd_auth_external.erl, * src/ejabberd_auth_internal.erl: Likewise * src/ejabberd_auth_ldap.erl: Likewise * src/ejabberd_auth_external.erl: Likewise SVN Revision: 290
2004-12-12 22:00:34 +01:00
Rename is_user_exists -> user_exists
2017-05-11 14:49:06 +02:00
user_exists(User, Server) ->
Improve robustness of external authentication backends Now all external ports are attached to supervising processes and requests are balanced in round-robin manner until the pool is exhausted. The commit also deprecates `extauth_instances` option and introduces `extauth_pool_size` option instead, with the default value of a number of logical processors (i.e. CPU cores). Fixes #2403
2018-05-07 18:27:18 +02:00
case extauth:user_exists(User, Server) of
Use new ets_cache API in ejabberd_auth
2019-06-30 16:15:43 +02:00
Res when is_boolean(Res) -> {cache, Res};
Get rid of ?FUNCTION_NAME macro (it's OTP19+ feature)
2018-05-08 11:06:58 +02:00
{error, Reason} -> failure(User, Server, user_exists, Reason)
* src/ejabberd_auth.erl: If anonymous auth is enabled, when checking if the account already exists in other auth methods, take into account if the auth method failed (EJAB-882) * src/ejabberd_auth_anonymous.erl: Likewise * src/ejabberd_auth_external.erl: Likewise * src/ejabberd_auth_internal.erl: Likewise * src/ejabberd_auth_ldap.erl: Likewise * src/ejabberd_auth_odbc.erl: Likewise * src/ejabberd_auth_pam.erl: Likewise SVN Revision: 1966
2009-03-04 19:34:02 +01:00
end.
* src/ejabberd_sm.erl: Added unset_presence_hook * src/mod_last.erl: Use unset_presence_hook instead of direct call * src/ejabberd_auth.erl: Splitted into ejabberd_auth_internal.erl, ejabberd_auth_ldap.erl, and ejabberd_auth_external.erl, * src/ejabberd_auth_internal.erl: Likewise * src/ejabberd_auth_ldap.erl: Likewise * src/ejabberd_auth_external.erl: Likewise SVN Revision: 290
2004-12-12 22:00:34 +01:00
Optionally cache extauth users in mnesia (EJAB-641)
2010-05-10 16:42:54 +02:00
remove_user(User, Server) ->
case extauth:remove_user(User, Server) of
Use cache for authentication backends The commit introduces the following API incompatibilities: In ejabberd_auth.erl: * dirty_get_registered_users/0 is renamed to get_users/0 * get_vh_registered_users/1 is renamed to get_users/1 * get_vh_registered_users/2 is renamed to get_users/2 * get_vh_registered_users_number/1 is renamed to count_users/1 * get_vh_registered_users_number/2 is renamed to count_users/2 In ejabberd_auth callbacks * plain_password_required/0 is replaced by plain_password_required/1 where the argument is a virtual host * store_type/0 is replaced by store_type/1 where the argument is a virtual host * set_password/3 is now an optional callback * remove_user/3 callback is no longer needed * remove_user/2 now should return `ok | {error, atom()}` * is_user_exists/2 now must only be implemented for backends with `external` store type * check_password/6 is no longer needed * check_password/4 now must only be implemented for backends with `external` store type * try_register/3 is now an optional callback and should return `ok | {error, atom()}` * dirty_get_registered_users/0 is no longer needed * get_vh_registered_users/1 is no longer needed * get_vh_registered_users/2 is renamed to get_users/2 * get_vh_registered_users_number/1 is no longer needed * get_vh_registered_users_number/2 is renamed to count_users/2 * get_password_s/2 is no longer needed * get_password/2 now must only be implemented for backends with `plain` or `scram` store type Additionally, the commit introduces two new callbacks: * use_cache/1 where the argument is a virtual host * cache_nodes/1 where the argument is a virtual host New options are also introduced: `auth_use_cache`, `auth_cache_missed`, `auth_cache_life_time` and `auth_cache_size`.
2017-05-11 13:37:21 +02:00
false -> {error, not_allowed};
Improve robustness of external authentication backends Now all external ports are attached to supervising processes and requests are balanced in round-robin manner until the pool is exhausted. The commit also deprecates `extauth_instances` option and introduces `extauth_pool_size` option instead, with the default value of a number of logical processors (i.e. CPU cores). Fixes #2403
2018-05-07 18:27:18 +02:00
true -> ok;
Use new ets_cache API in ejabberd_auth
2019-06-30 16:15:43 +02:00
{error, Reason} ->
{_, Err} = failure(User, Server, remove_user, Reason),
Err
Optionally cache extauth users in mnesia (EJAB-641)
2010-05-10 16:42:54 +02:00
end.
Use SASL PLAIN authzid as client identity if auth module permits it This allows the authentication modules to perform SASL proxy authentication. It puts the onus on them to authorize the authcid to masquerade as the authzid. Doesn't currently implement such functionality in existing auth modules, since they cannot currently codify a relationship between the two identities. Does not permit the authzid to use a domain differently from the one of the connection. Note: digest might not work, but I have no interest in it, being deprecated.
2015-04-09 03:21:09 +02:00
check_password_extauth(User, _AuthzId, Server, Password) ->
Improve robustness of external authentication backends Now all external ports are attached to supervising processes and requests are balanced in round-robin manner until the pool is exhausted. The commit also deprecates `extauth_instances` option and introduces `extauth_pool_size` option instead, with the default value of a number of logical processors (i.e. CPU cores). Fixes #2403
2018-05-07 18:27:18 +02:00
if Password /= <<"">> ->
case extauth:check_password(User, Server, Password) of
Use new ets_cache API in ejabberd_auth
2019-06-30 16:15:43 +02:00
Res when is_boolean(Res) -> {cache, Res};
Improve robustness of external authentication backends Now all external ports are attached to supervising processes and requests are balanced in round-robin manner until the pool is exhausted. The commit also deprecates `extauth_instances` option and introduces `extauth_pool_size` option instead, with the default value of a number of logical processors (i.e. CPU cores). Fixes #2403
2018-05-07 18:27:18 +02:00
{error, Reason} ->
Use new ets_cache API in ejabberd_auth
2019-06-30 16:15:43 +02:00
{Tag, _} = failure(User, Server, check_password, Reason),
{Tag, false}
Improve robustness of external authentication backends Now all external ports are attached to supervising processes and requests are balanced in round-robin manner until the pool is exhausted. The commit also deprecates `extauth_instances` option and introduces `extauth_pool_size` option instead, with the default value of a number of logical processors (i.e. CPU cores). Fixes #2403
2018-05-07 18:27:18 +02:00
end;
true ->
Use new ets_cache API in ejabberd_auth
2019-06-30 16:15:43 +02:00
{nocache, false}
Improve robustness of external authentication backends Now all external ports are attached to supervising processes and requests are balanced in round-robin manner until the pool is exhausted. The commit also deprecates `extauth_instances` option and introduces `extauth_pool_size` option instead, with the default value of a number of logical processors (i.e. CPU cores). Fixes #2403
2018-05-07 18:27:18 +02:00
end.
Use new ets_cache API in ejabberd_auth
2019-06-30 16:15:43 +02:00
-spec failure(binary(), binary(), atom(), any()) -> {nocache, {error, db_failure}}.
Improve logging of external authentication failures
2018-05-08 08:36:34 +02:00
failure(User, Server, Fun, Reason) ->
?ERROR_MSG("External authentication program failed when calling "
Correctly handle unicode in log messages
2019-09-23 14:17:20 +02:00
"'~ts' for ~ts@~ts: ~p", [Fun, User, Server, Reason]),
Use new ets_cache API in ejabberd_auth
2019-06-30 16:15:43 +02:00
{nocache, {error, db_failure}}.