2002-11-23 21:55:05 +01:00
|
|
|
%%%----------------------------------------------------------------------
|
|
|
|
|
%%% File : ejabberd_auth.erl
|
2007-12-24 12:41:41 +01:00
|
|
|
%%% Author : Alexey Shchepin <alexey@process-one.net>
|
2004-12-12 22:00:34 +01:00
|
|
|
%%% Purpose : Authentification
|
2007-12-24 12:41:41 +01:00
|
|
|
%%% Created : 23 Nov 2002 by Alexey Shchepin <alexey@process-one.net>
|
|
|
|
|
%%%
|
|
|
|
|
%%%
|
2017-01-02 21:41:53 +01:00
|
|
|
%%% ejabberd, Copyright (C) 2002-2017 ProcessOne
|
2007-12-24 12:41:41 +01:00
|
|
|
%%%
|
|
|
|
|
%%% This program is free software; you can redistribute it and/or
|
|
|
|
|
%%% modify it under the terms of the GNU General Public License as
|
|
|
|
|
%%% published by the Free Software Foundation; either version 2 of the
|
|
|
|
|
%%% License, or (at your option) any later version.
|
|
|
|
|
%%%
|
|
|
|
|
%%% This program is distributed in the hope that it will be useful,
|
|
|
|
|
%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
|
%%% General Public License for more details.
|
2009-01-12 15:44:42 +01:00
|
|
|
%%%
|
2014-02-22 11:27:40 +01:00
|
|
|
%%% You should have received a copy of the GNU General Public License along
|
|
|
|
|
%%% with this program; if not, write to the Free Software Foundation, Inc.,
|
|
|
|
|
%%% 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
2007-12-24 12:41:41 +01:00
|
|
|
%%%
|
2002-11-23 21:55:05 +01:00
|
|
|
%%%----------------------------------------------------------------------
|
|
|
|
|
|
2006-04-07 02:39:24 +02:00
|
|
|
%% TODO: Use the functions in ejabberd auth to add and remove users.
|
|
|
|
|
|
2002-11-23 21:55:05 +01:00
|
|
|
-module(ejabberd_auth).
|
2013-03-14 10:33:02 +01:00
|
|
|
|
2017-02-24 10:05:47 +01:00
|
|
|
-behaviour(gen_server).
|
2015-06-01 14:38:27 +02:00
|
|
|
-behaviour(ejabberd_config).
|
|
|
|
|
|
2007-12-24 12:41:41 +01:00
|
|
|
-author('alexey@process-one.net').
|
2002-11-23 21:55:05 +01:00
|
|
|
|
|
|
|
|
%% External exports
|
2017-02-24 12:06:47 +01:00
|
|
|
-export([start_link/0, host_up/1, host_down/1, config_reloaded/0,
|
|
|
|
|
set_password/3, check_password/4,
|
2015-04-09 03:21:09 +02:00
|
|
|
check_password/6, check_password_with_authmodule/4,
|
|
|
|
|
check_password_with_authmodule/6, try_register/3,
|
2013-03-14 10:33:02 +01:00
|
|
|
dirty_get_registered_users/0, get_vh_registered_users/1,
|
2016-11-22 14:48:01 +01:00
|
|
|
get_vh_registered_users/2, export/1, import_info/0,
|
|
|
|
|
get_vh_registered_users_number/1, import/5, import_start/2,
|
2013-03-14 10:33:02 +01:00
|
|
|
get_vh_registered_users_number/2, get_password/2,
|
|
|
|
|
get_password_s/2, get_password_with_authmodule/2,
|
|
|
|
|
is_user_exists/2, is_user_exists_in_other_modules/3,
|
|
|
|
|
remove_user/2, remove_user/3, plain_password_required/1,
|
2017-04-28 12:23:32 +02:00
|
|
|
store_type/1, entropy/1, backend_type/1, password_format/1]).
|
2017-02-24 10:05:47 +01:00
|
|
|
%% gen_server callbacks
|
|
|
|
|
-export([init/1, handle_call/3, handle_cast/2, handle_info/2,
|
|
|
|
|
terminate/2, code_change/3]).
|
2002-11-23 21:55:05 +01:00
|
|
|
|
2015-06-01 14:38:27 +02:00
|
|
|
-export([auth_modules/1, opt_type/1]).
|
2006-04-07 02:39:24 +02:00
|
|
|
|
2005-04-20 01:10:22 +02:00
|
|
|
-include("ejabberd.hrl").
|
2013-04-08 11:12:54 +02:00
|
|
|
-include("logger.hrl").
|
2005-04-20 01:10:22 +02:00
|
|
|
|
2017-02-24 12:06:47 +01:00
|
|
|
-record(state, {host_modules = #{} :: map()}).
|
2017-02-24 10:05:47 +01:00
|
|
|
|
2017-02-18 07:36:27 +01:00
|
|
|
-type scrammed_password() :: {binary(), binary(), binary(), non_neg_integer()}.
|
|
|
|
|
-type password() :: binary() | scrammed_password().
|
|
|
|
|
-export_type([password/0]).
|
|
|
|
|
|
2002-11-23 21:55:05 +01:00
|
|
|
%%%----------------------------------------------------------------------
|
|
|
|
|
%%% API
|
|
|
|
|
%%%----------------------------------------------------------------------
|
2013-03-14 10:33:02 +01:00
|
|
|
-type opts() :: [{prefix, binary()} | {from, integer()} |
|
|
|
|
|
{to, integer()} | {limit, integer()} |
|
|
|
|
|
{offset, integer()}].
|
|
|
|
|
|
|
|
|
|
-callback start(binary()) -> any().
|
2017-02-23 14:19:22 +01:00
|
|
|
-callback stop(binary()) -> any().
|
2013-03-14 10:33:02 +01:00
|
|
|
-callback plain_password_required() -> boolean().
|
|
|
|
|
-callback store_type() -> plain | external | scram.
|
|
|
|
|
-callback set_password(binary(), binary(), binary()) -> ok | {error, atom()}.
|
|
|
|
|
-callback remove_user(binary(), binary()) -> any().
|
|
|
|
|
-callback remove_user(binary(), binary(), binary()) -> any().
|
|
|
|
|
-callback is_user_exists(binary(), binary()) -> boolean() | {error, atom()}.
|
2015-04-09 03:21:09 +02:00
|
|
|
-callback check_password(binary(), binary(), binary(), binary()) -> boolean().
|
|
|
|
|
-callback check_password(binary(), binary(), binary(), binary(), binary(),
|
2013-03-14 10:33:02 +01:00
|
|
|
fun((binary()) -> binary())) -> boolean().
|
|
|
|
|
-callback try_register(binary(), binary(), binary()) -> {atomic, atom()} |
|
|
|
|
|
{error, atom()}.
|
|
|
|
|
-callback dirty_get_registered_users() -> [{binary(), binary()}].
|
|
|
|
|
-callback get_vh_registered_users(binary()) -> [{binary(), binary()}].
|
|
|
|
|
-callback get_vh_registered_users(binary(), opts()) -> [{binary(), binary()}].
|
|
|
|
|
-callback get_vh_registered_users_number(binary()) -> number().
|
|
|
|
|
-callback get_vh_registered_users_number(binary(), opts()) -> number().
|
2017-02-18 07:36:27 +01:00
|
|
|
-callback get_password(binary(), binary()) -> false | password().
|
|
|
|
|
-callback get_password_s(binary(), binary()) -> password().
|
2003-11-23 21:11:21 +01:00
|
|
|
|
2017-02-24 10:05:47 +01:00
|
|
|
-spec start_link() -> {ok, pid()} | {error, any()}.
|
|
|
|
|
start_link() ->
|
|
|
|
|
gen_server:start_link({local, ?MODULE}, ?MODULE, [], []).
|
|
|
|
|
|
|
|
|
|
init([]) ->
|
2017-02-24 12:06:47 +01:00
|
|
|
ejabberd_hooks:add(host_up, ?MODULE, host_up, 30),
|
|
|
|
|
ejabberd_hooks:add(host_down, ?MODULE, host_down, 80),
|
|
|
|
|
ejabberd_hooks:add(config_reloaded, ?MODULE, config_reloaded, 40),
|
|
|
|
|
HostModules = lists:foldl(
|
|
|
|
|
fun(Host, Acc) ->
|
|
|
|
|
Modules = auth_modules(Host),
|
|
|
|
|
start(Host, Modules),
|
2017-02-27 20:38:59 +01:00
|
|
|
maps:put(Host, Modules, Acc)
|
2017-02-24 12:06:47 +01:00
|
|
|
end, #{}, ?MYHOSTS),
|
|
|
|
|
{ok, #state{host_modules = HostModules}}.
|
2017-02-24 10:05:47 +01:00
|
|
|
|
|
|
|
|
handle_call(_Request, _From, State) ->
|
|
|
|
|
Reply = ok,
|
|
|
|
|
{reply, Reply, State}.
|
|
|
|
|
|
2017-02-24 12:06:47 +01:00
|
|
|
handle_cast({host_up, Host}, #state{host_modules = HostModules} = State) ->
|
|
|
|
|
Modules = auth_modules(Host),
|
|
|
|
|
start(Host, Modules),
|
2017-02-27 20:38:59 +01:00
|
|
|
NewHostModules = maps:put(Host, Modules, HostModules),
|
2017-02-24 12:06:47 +01:00
|
|
|
{noreply, State#state{host_modules = NewHostModules}};
|
|
|
|
|
handle_cast({host_down, Host}, #state{host_modules = HostModules} = State) ->
|
|
|
|
|
Modules = maps:get(Host, HostModules, []),
|
|
|
|
|
stop(Host, Modules),
|
|
|
|
|
NewHostModules = maps:remove(Host, HostModules),
|
|
|
|
|
{noreply, State#state{host_modules = NewHostModules}};
|
|
|
|
|
handle_cast(config_reloaded, #state{host_modules = HostModules} = State) ->
|
|
|
|
|
NewHostModules = lists:foldl(
|
|
|
|
|
fun(Host, Acc) ->
|
|
|
|
|
OldModules = maps:get(Host, HostModules, []),
|
|
|
|
|
NewModules = auth_modules(Host),
|
|
|
|
|
start(Host, NewModules -- OldModules),
|
|
|
|
|
stop(Host, OldModules -- NewModules),
|
2017-02-27 20:38:59 +01:00
|
|
|
maps:put(Host, NewModules, Acc)
|
2017-02-24 12:06:47 +01:00
|
|
|
end, HostModules, ?MYHOSTS),
|
|
|
|
|
{noreply, State#state{host_modules = NewHostModules}};
|
|
|
|
|
handle_cast(Msg, State) ->
|
|
|
|
|
?WARNING_MSG("unexpected cast: ~p", [Msg]),
|
2017-02-24 10:05:47 +01:00
|
|
|
{noreply, State}.
|
|
|
|
|
|
|
|
|
|
handle_info(_Info, State) ->
|
|
|
|
|
{noreply, State}.
|
|
|
|
|
|
2017-02-24 12:06:47 +01:00
|
|
|
terminate(_Reason, State) ->
|
2017-02-24 10:05:47 +01:00
|
|
|
ejabberd_hooks:delete(host_up, ?MODULE, start, 30),
|
|
|
|
|
ejabberd_hooks:delete(host_down, ?MODULE, stop, 80),
|
2017-02-24 12:06:47 +01:00
|
|
|
ejabberd_hooks:delete(config_reloaded, ?MODULE, config_reloaded, 40),
|
|
|
|
|
lists:foreach(
|
|
|
|
|
fun({Host, Modules}) ->
|
|
|
|
|
stop(Host, Modules)
|
|
|
|
|
end, maps:to_list(State#state.host_modules)).
|
2017-02-24 10:05:47 +01:00
|
|
|
|
|
|
|
|
code_change(_OldVsn, State, _Extra) ->
|
|
|
|
|
{ok, State}.
|
2017-02-23 14:19:22 +01:00
|
|
|
|
2017-02-24 12:06:47 +01:00
|
|
|
start(Host, Modules) ->
|
2017-02-23 14:19:22 +01:00
|
|
|
lists:foreach(fun(M) -> M:start(Host) end, Modules).
|
|
|
|
|
|
2017-02-24 12:06:47 +01:00
|
|
|
stop(Host, Modules) ->
|
|
|
|
|
lists:foreach(fun(M) -> M:stop(Host) end, Modules).
|
|
|
|
|
|
|
|
|
|
host_up(Host) ->
|
|
|
|
|
gen_server:cast(?MODULE, {host_up, Host}).
|
|
|
|
|
|
|
|
|
|
host_down(Host) ->
|
|
|
|
|
gen_server:cast(?MODULE, {host_down, Host}).
|
|
|
|
|
|
|
|
|
|
config_reloaded() ->
|
|
|
|
|
gen_server:cast(?MODULE, config_reloaded).
|
2013-03-14 10:33:02 +01:00
|
|
|
|
2005-07-13 05:24:13 +02:00
|
|
|
plain_password_required(Server) ->
|
2013-03-14 10:33:02 +01:00
|
|
|
lists:any(fun (M) -> M:plain_password_required() end,
|
|
|
|
|
auth_modules(Server)).
|
2003-11-23 21:11:21 +01:00
|
|
|
|
2011-08-16 00:26:49 +02:00
|
|
|
store_type(Server) ->
|
2008-04-22 19:41:30 +02:00
|
|
|
%% @doc Check if the user and password can login in server.
|
|
|
|
|
%% @spec (User::string(), Server::string(), Password::string()) ->
|
|
|
|
|
%% true | false
|
2013-03-14 10:33:02 +01:00
|
|
|
lists:foldl(fun (_, external) -> external;
|
|
|
|
|
(M, scram) ->
|
|
|
|
|
case M:store_type() of
|
|
|
|
|
external -> external;
|
|
|
|
|
_Else -> scram
|
|
|
|
|
end;
|
|
|
|
|
(M, plain) -> M:store_type()
|
|
|
|
|
end,
|
|
|
|
|
plain, auth_modules(Server)).
|
|
|
|
|
|
2015-04-09 03:21:09 +02:00
|
|
|
-spec check_password(binary(), binary(), binary(), binary()) -> boolean().
|
2013-03-14 10:33:02 +01:00
|
|
|
|
2015-04-09 03:21:09 +02:00
|
|
|
check_password(User, AuthzId, Server, Password) ->
|
|
|
|
|
case check_password_with_authmodule(User, AuthzId, Server,
|
2013-03-14 10:33:02 +01:00
|
|
|
Password)
|
|
|
|
|
of
|
|
|
|
|
{true, _AuthModule} -> true;
|
|
|
|
|
false -> false
|
2009-03-04 19:34:02 +01:00
|
|
|
end.
|
2002-11-23 21:55:05 +01:00
|
|
|
|
2008-04-22 19:41:30 +02:00
|
|
|
%% @doc Check if the user and password can login in server.
|
2015-04-09 03:21:09 +02:00
|
|
|
%% @spec (User::string(), AuthzId::string(), Server::string(), Password::string(),
|
2009-04-22 13:44:03 +02:00
|
|
|
%% Digest::string(), DigestGen::function()) ->
|
2008-04-22 19:41:30 +02:00
|
|
|
%% true | false
|
2015-04-09 03:21:09 +02:00
|
|
|
-spec check_password(binary(), binary(), binary(), binary(), binary(),
|
2013-03-14 10:33:02 +01:00
|
|
|
fun((binary()) -> binary())) -> boolean().
|
|
|
|
|
|
2015-04-09 03:21:09 +02:00
|
|
|
check_password(User, AuthzId, Server, Password, Digest,
|
2013-03-14 10:33:02 +01:00
|
|
|
DigestGen) ->
|
2015-04-09 03:21:09 +02:00
|
|
|
case check_password_with_authmodule(User, AuthzId, Server,
|
2013-03-14 10:33:02 +01:00
|
|
|
Password, Digest, DigestGen)
|
|
|
|
|
of
|
|
|
|
|
{true, _AuthModule} -> true;
|
|
|
|
|
false -> false
|
2009-03-04 19:34:02 +01:00
|
|
|
end.
|
2002-12-20 21:42:08 +01:00
|
|
|
|
2008-04-22 19:41:30 +02:00
|
|
|
%% @doc Check if the user and password can login in server.
|
|
|
|
|
%% The user can login if at least an authentication method accepts the user
|
|
|
|
|
%% and the password.
|
|
|
|
|
%% The first authentication method that accepts the credentials is returned.
|
2015-04-09 03:21:09 +02:00
|
|
|
%% @spec (User::string(), AuthzId::string(), Server::string(), Password::string()) ->
|
2008-04-22 19:41:30 +02:00
|
|
|
%% {true, AuthModule} | false
|
|
|
|
|
%% where
|
|
|
|
|
%% AuthModule = ejabberd_auth_anonymous | ejabberd_auth_external
|
2016-04-27 08:44:32 +02:00
|
|
|
%% | ejabberd_auth_mnesia | ejabberd_auth_ldap
|
2016-04-20 11:27:32 +02:00
|
|
|
%% | ejabberd_auth_sql | ejabberd_auth_pam | ejabberd_auth_riak
|
2015-04-09 03:21:09 +02:00
|
|
|
-spec check_password_with_authmodule(binary(), binary(), binary(), binary()) -> false |
|
2013-03-14 10:33:02 +01:00
|
|
|
{true, atom()}.
|
2008-04-22 19:41:30 +02:00
|
|
|
|
2015-04-09 03:21:09 +02:00
|
|
|
check_password_with_authmodule(User, AuthzId, Server,
|
2013-03-14 10:33:02 +01:00
|
|
|
Password) ->
|
|
|
|
|
check_password_loop(auth_modules(Server),
|
2015-04-09 03:21:09 +02:00
|
|
|
[User, AuthzId, Server, Password]).
|
2009-03-04 19:34:02 +01:00
|
|
|
|
2015-04-09 03:21:09 +02:00
|
|
|
-spec check_password_with_authmodule(binary(), binary(), binary(), binary(), binary(),
|
2013-03-14 10:33:02 +01:00
|
|
|
fun((binary()) -> binary())) -> false |
|
|
|
|
|
{true, atom()}.
|
|
|
|
|
|
2015-04-09 03:21:09 +02:00
|
|
|
check_password_with_authmodule(User, AuthzId, Server, Password,
|
2013-03-14 10:33:02 +01:00
|
|
|
Digest, DigestGen) ->
|
|
|
|
|
check_password_loop(auth_modules(Server),
|
2015-04-09 03:21:09 +02:00
|
|
|
[User, AuthzId, Server, Password, Digest, DigestGen]).
|
2013-03-14 10:33:02 +01:00
|
|
|
|
|
|
|
|
check_password_loop([], _Args) -> false;
|
2009-03-04 19:34:02 +01:00
|
|
|
check_password_loop([AuthModule | AuthModules], Args) ->
|
|
|
|
|
case apply(AuthModule, check_password, Args) of
|
2013-03-14 10:33:02 +01:00
|
|
|
true -> {true, AuthModule};
|
|
|
|
|
false -> check_password_loop(AuthModules, Args)
|
2008-04-22 19:41:30 +02:00
|
|
|
end.
|
|
|
|
|
|
2013-03-14 10:33:02 +01:00
|
|
|
-spec set_password(binary(), binary(), binary()) -> ok |
|
|
|
|
|
{error, atom()}.
|
2009-03-04 19:34:02 +01:00
|
|
|
|
2008-08-18 20:21:10 +02:00
|
|
|
%% @spec (User::string(), Server::string(), Password::string()) ->
|
|
|
|
|
%% ok | {error, ErrorType}
|
|
|
|
|
%% where ErrorType = empty_password | not_allowed | invalid_jid
|
2013-03-14 10:33:02 +01:00
|
|
|
set_password(_User, _Server, <<"">>) ->
|
2008-08-18 20:21:10 +02:00
|
|
|
{error, empty_password};
|
2005-04-17 20:08:34 +02:00
|
|
|
set_password(User, Server, Password) ->
|
2008-12-23 20:15:33 +01:00
|
|
|
%% @spec (User, Server, Password) -> {atomic, ok} | {atomic, exists} | {error, not_allowed}
|
2013-03-14 10:33:02 +01:00
|
|
|
lists:foldl(fun (M, {error, _}) ->
|
|
|
|
|
M:set_password(User, Server, Password);
|
|
|
|
|
(_M, Res) -> Res
|
|
|
|
|
end,
|
|
|
|
|
{error, not_allowed}, auth_modules(Server)).
|
|
|
|
|
|
|
|
|
|
-spec try_register(binary(), binary(), binary()) -> {atomic, atom()} |
|
|
|
|
|
{error, atom()}.
|
|
|
|
|
|
|
|
|
|
try_register(_User, _Server, <<"">>) ->
|
|
|
|
|
{error, not_allowed};
|
2005-04-17 20:08:34 +02:00
|
|
|
try_register(User, Server, Password) ->
|
2013-03-14 10:33:02 +01:00
|
|
|
case is_user_exists(User, Server) of
|
|
|
|
|
true -> {atomic, exists};
|
|
|
|
|
false ->
|
2015-11-24 16:44:13 +01:00
|
|
|
LServer = jid:nameprep(Server),
|
2016-12-29 22:00:36 +01:00
|
|
|
case ejabberd_router:is_my_host(LServer) of
|
2013-03-14 10:33:02 +01:00
|
|
|
true ->
|
|
|
|
|
Res = lists:foldl(fun (_M, {atomic, ok} = Res) -> Res;
|
|
|
|
|
(M, _) ->
|
|
|
|
|
M:try_register(User, Server, Password)
|
|
|
|
|
end,
|
|
|
|
|
{error, not_allowed}, auth_modules(Server)),
|
|
|
|
|
case Res of
|
|
|
|
|
{atomic, ok} ->
|
|
|
|
|
ejabberd_hooks:run(register_user, Server,
|
|
|
|
|
[User, Server]),
|
|
|
|
|
{atomic, ok};
|
|
|
|
|
_ -> Res
|
|
|
|
|
end;
|
|
|
|
|
false -> {error, not_allowed}
|
|
|
|
|
end
|
2005-04-20 01:10:22 +02:00
|
|
|
end.
|
2002-12-14 21:07:26 +01:00
|
|
|
|
2006-04-07 02:39:24 +02:00
|
|
|
%% Registered users list do not include anonymous users logged
|
2013-03-14 10:33:02 +01:00
|
|
|
-spec dirty_get_registered_users() -> [{binary(), binary()}].
|
|
|
|
|
|
2003-01-01 20:54:44 +01:00
|
|
|
dirty_get_registered_users() ->
|
2013-03-14 10:33:02 +01:00
|
|
|
lists:flatmap(fun (M) -> M:dirty_get_registered_users()
|
|
|
|
|
end,
|
|
|
|
|
auth_modules()).
|
|
|
|
|
|
|
|
|
|
-spec get_vh_registered_users(binary()) -> [{binary(), binary()}].
|
2003-01-01 20:54:44 +01:00
|
|
|
|
2006-04-07 02:39:24 +02:00
|
|
|
%% Registered users list do not include anonymous users logged
|
2005-04-17 20:08:34 +02:00
|
|
|
get_vh_registered_users(Server) ->
|
2013-03-14 10:33:02 +01:00
|
|
|
lists:flatmap(fun (M) ->
|
|
|
|
|
M:get_vh_registered_users(Server)
|
|
|
|
|
end,
|
|
|
|
|
auth_modules(Server)).
|
|
|
|
|
|
|
|
|
|
-spec get_vh_registered_users(binary(), opts()) -> [{binary(), binary()}].
|
2003-03-12 20:48:05 +01:00
|
|
|
|
2007-11-03 18:35:23 +01:00
|
|
|
get_vh_registered_users(Server, Opts) ->
|
2013-03-14 10:33:02 +01:00
|
|
|
lists:flatmap(fun (M) ->
|
|
|
|
|
case erlang:function_exported(M,
|
|
|
|
|
get_vh_registered_users,
|
|
|
|
|
2)
|
|
|
|
|
of
|
|
|
|
|
true -> M:get_vh_registered_users(Server, Opts);
|
|
|
|
|
false -> M:get_vh_registered_users(Server)
|
|
|
|
|
end
|
|
|
|
|
end,
|
|
|
|
|
auth_modules(Server)).
|
2007-11-03 18:35:23 +01:00
|
|
|
|
2007-05-12 20:09:38 +02:00
|
|
|
get_vh_registered_users_number(Server) ->
|
2013-03-14 10:33:02 +01:00
|
|
|
lists:sum(lists:map(fun (M) ->
|
|
|
|
|
case erlang:function_exported(M,
|
|
|
|
|
get_vh_registered_users_number,
|
|
|
|
|
1)
|
|
|
|
|
of
|
|
|
|
|
true ->
|
|
|
|
|
M:get_vh_registered_users_number(Server);
|
|
|
|
|
false ->
|
|
|
|
|
length(M:get_vh_registered_users(Server))
|
|
|
|
|
end
|
|
|
|
|
end,
|
|
|
|
|
auth_modules(Server))).
|
|
|
|
|
|
|
|
|
|
-spec get_vh_registered_users_number(binary(), opts()) -> number().
|
2007-11-03 18:35:23 +01:00
|
|
|
|
|
|
|
|
get_vh_registered_users_number(Server, Opts) ->
|
2008-04-22 19:41:30 +02:00
|
|
|
%% @doc Get the password of the user.
|
|
|
|
|
%% @spec (User::string(), Server::string()) -> Password::string()
|
2013-03-14 10:33:02 +01:00
|
|
|
lists:sum(lists:map(fun (M) ->
|
|
|
|
|
case erlang:function_exported(M,
|
|
|
|
|
get_vh_registered_users_number,
|
|
|
|
|
2)
|
|
|
|
|
of
|
|
|
|
|
true ->
|
|
|
|
|
M:get_vh_registered_users_number(Server,
|
|
|
|
|
Opts);
|
|
|
|
|
false ->
|
|
|
|
|
length(M:get_vh_registered_users(Server))
|
|
|
|
|
end
|
|
|
|
|
end,
|
|
|
|
|
auth_modules(Server))).
|
|
|
|
|
|
2017-02-18 07:36:27 +01:00
|
|
|
-spec get_password(binary(), binary()) -> false | password().
|
2013-03-14 10:33:02 +01:00
|
|
|
|
2005-04-17 20:08:34 +02:00
|
|
|
get_password(User, Server) ->
|
2013-03-14 10:33:02 +01:00
|
|
|
lists:foldl(fun (M, false) ->
|
|
|
|
|
M:get_password(User, Server);
|
|
|
|
|
(_M, Password) -> Password
|
|
|
|
|
end,
|
|
|
|
|
false, auth_modules(Server)).
|
|
|
|
|
|
2017-02-18 07:36:27 +01:00
|
|
|
-spec get_password_s(binary(), binary()) -> password().
|
2003-01-21 21:36:55 +01:00
|
|
|
|
2005-04-17 20:08:34 +02:00
|
|
|
get_password_s(User, Server) ->
|
2006-04-07 02:39:24 +02:00
|
|
|
case get_password(User, Server) of
|
2013-03-14 10:33:02 +01:00
|
|
|
false -> <<"">>;
|
|
|
|
|
Password -> Password
|
2006-04-07 02:39:24 +02:00
|
|
|
end.
|
2003-01-26 21:16:53 +01:00
|
|
|
|
2008-04-22 19:41:30 +02:00
|
|
|
%% @doc Get the password of the user and the auth module.
|
|
|
|
|
%% @spec (User::string(), Server::string()) ->
|
|
|
|
|
%% {Password::string(), AuthModule::atom()} | {false, none}
|
2017-02-18 07:36:27 +01:00
|
|
|
-spec get_password_with_authmodule(binary(), binary()) -> {false | password(), module()}.
|
2008-04-22 19:41:30 +02:00
|
|
|
|
2013-03-14 10:33:02 +01:00
|
|
|
get_password_with_authmodule(User, Server) ->
|
2006-04-07 02:39:24 +02:00
|
|
|
%% Returns true if the user exists in the DB or if an anonymous user is logged
|
|
|
|
|
%% under the given name
|
2013-03-14 10:33:02 +01:00
|
|
|
lists:foldl(fun (M, {false, _}) ->
|
|
|
|
|
{M:get_password(User, Server), M};
|
|
|
|
|
(_M, {Password, AuthModule}) -> {Password, AuthModule}
|
|
|
|
|
end,
|
|
|
|
|
{false, none}, auth_modules(Server)).
|
2003-02-21 20:52:15 +01:00
|
|
|
|
2013-03-14 10:33:02 +01:00
|
|
|
-spec is_user_exists(binary(), binary()) -> boolean().
|
|
|
|
|
|
2015-01-08 19:00:26 +01:00
|
|
|
is_user_exists(_User, <<"">>) ->
|
2014-04-30 17:20:58 +02:00
|
|
|
false;
|
|
|
|
|
|
2013-03-14 10:33:02 +01:00
|
|
|
is_user_exists(User, Server) ->
|
2006-06-13 18:52:38 +02:00
|
|
|
%% Check if the user exists in all authentications module except the module
|
|
|
|
|
%% passed as parameter
|
2009-03-04 19:34:02 +01:00
|
|
|
%% @spec (Module::atom(), User, Server) -> true | false | maybe
|
2013-03-14 10:33:02 +01:00
|
|
|
lists:any(fun (M) ->
|
|
|
|
|
case M:is_user_exists(User, Server) of
|
|
|
|
|
{error, Error} ->
|
|
|
|
|
?ERROR_MSG("The authentication module ~p returned "
|
|
|
|
|
"an error~nwhen checking user ~p in server "
|
|
|
|
|
"~p~nError message: ~p",
|
|
|
|
|
[M, User, Server, Error]),
|
|
|
|
|
false;
|
|
|
|
|
Else -> Else
|
|
|
|
|
end
|
|
|
|
|
end,
|
|
|
|
|
auth_modules(Server)).
|
|
|
|
|
|
|
|
|
|
-spec is_user_exists_in_other_modules(atom(), binary(), binary()) -> boolean() | maybe.
|
|
|
|
|
|
2006-06-13 18:52:38 +02:00
|
|
|
is_user_exists_in_other_modules(Module, User, Server) ->
|
2013-03-14 10:33:02 +01:00
|
|
|
is_user_exists_in_other_modules_loop(auth_modules(Server)
|
|
|
|
|
-- [Module],
|
|
|
|
|
User, Server).
|
|
|
|
|
|
|
|
|
|
is_user_exists_in_other_modules_loop([], _User,
|
|
|
|
|
_Server) ->
|
2009-03-04 19:34:02 +01:00
|
|
|
false;
|
2013-03-14 10:33:02 +01:00
|
|
|
is_user_exists_in_other_modules_loop([AuthModule
|
|
|
|
|
| AuthModules],
|
|
|
|
|
User, Server) ->
|
2009-03-04 19:34:02 +01:00
|
|
|
case AuthModule:is_user_exists(User, Server) of
|
2013-03-14 10:33:02 +01:00
|
|
|
true -> true;
|
|
|
|
|
false ->
|
|
|
|
|
is_user_exists_in_other_modules_loop(AuthModules, User,
|
|
|
|
|
Server);
|
|
|
|
|
{error, Error} ->
|
|
|
|
|
?DEBUG("The authentication module ~p returned "
|
|
|
|
|
"an error~nwhen checking user ~p in server "
|
|
|
|
|
"~p~nError message: ~p",
|
|
|
|
|
[AuthModule, User, Server, Error]),
|
|
|
|
|
maybe
|
2009-03-04 19:34:02 +01:00
|
|
|
end.
|
|
|
|
|
|
2013-03-14 10:33:02 +01:00
|
|
|
-spec remove_user(binary(), binary()) -> ok.
|
2006-06-13 18:52:38 +02:00
|
|
|
|
2011-09-05 07:39:55 +02:00
|
|
|
%% @spec (User, Server) -> ok
|
2009-01-03 22:29:54 +01:00
|
|
|
%% @doc Remove user.
|
2008-12-23 20:15:33 +01:00
|
|
|
%% Note: it may return ok even if there was some problem removing the user.
|
2005-04-17 20:08:34 +02:00
|
|
|
remove_user(User, Server) ->
|
2013-03-14 10:33:02 +01:00
|
|
|
lists:foreach(fun (M) -> M:remove_user(User, Server)
|
|
|
|
|
end,
|
|
|
|
|
auth_modules(Server)),
|
2015-11-24 16:44:13 +01:00
|
|
|
ejabberd_hooks:run(remove_user, jid:nameprep(Server),
|
2013-03-14 10:33:02 +01:00
|
|
|
[User, Server]),
|
2011-09-05 07:39:55 +02:00
|
|
|
ok.
|
2005-04-17 20:08:34 +02:00
|
|
|
|
2008-12-23 20:15:33 +01:00
|
|
|
%% @spec (User, Server, Password) -> ok | not_exists | not_allowed | bad_request | error
|
2009-01-03 22:29:54 +01:00
|
|
|
%% @doc Try to remove user if the provided password is correct.
|
2008-12-23 20:15:33 +01:00
|
|
|
%% The removal is attempted in each auth method provided:
|
|
|
|
|
%% when one returns 'ok' the loop stops;
|
|
|
|
|
%% if no method returns 'ok' then it returns the error message indicated by the last method attempted.
|
2013-03-14 10:33:02 +01:00
|
|
|
-spec remove_user(binary(), binary(), binary()) -> any().
|
|
|
|
|
|
2005-04-17 20:08:34 +02:00
|
|
|
remove_user(User, Server, Password) ->
|
2013-03-14 10:33:02 +01:00
|
|
|
R = lists:foldl(fun (_M, ok = Res) -> Res;
|
|
|
|
|
(M, _) -> M:remove_user(User, Server, Password)
|
|
|
|
|
end,
|
|
|
|
|
error, auth_modules(Server)),
|
2008-12-23 20:15:33 +01:00
|
|
|
case R of
|
2013-03-14 10:33:02 +01:00
|
|
|
ok ->
|
2015-11-24 16:44:13 +01:00
|
|
|
ejabberd_hooks:run(remove_user, jid:nameprep(Server),
|
2013-03-14 10:33:02 +01:00
|
|
|
[User, Server]);
|
|
|
|
|
_ -> none
|
2008-12-23 20:15:33 +01:00
|
|
|
end,
|
|
|
|
|
R.
|
2004-07-30 23:09:55 +02:00
|
|
|
|
2010-10-24 09:17:30 +02:00
|
|
|
%% @spec (IOList) -> non_negative_float()
|
|
|
|
|
%% @doc Calculate informational entropy.
|
2013-03-14 10:33:02 +01:00
|
|
|
entropy(B) ->
|
|
|
|
|
case binary_to_list(B) of
|
|
|
|
|
"" -> 0.0;
|
|
|
|
|
S ->
|
|
|
|
|
Set = lists:foldl(fun (C,
|
|
|
|
|
[Digit, Printable, LowLetter, HiLetter,
|
|
|
|
|
Other]) ->
|
|
|
|
|
if C >= $a, C =< $z ->
|
|
|
|
|
[Digit, Printable, 26, HiLetter,
|
|
|
|
|
Other];
|
|
|
|
|
C >= $0, C =< $9 ->
|
|
|
|
|
[9, Printable, LowLetter, HiLetter,
|
|
|
|
|
Other];
|
|
|
|
|
C >= $A, C =< $Z ->
|
|
|
|
|
[Digit, Printable, LowLetter, 26,
|
|
|
|
|
Other];
|
|
|
|
|
C >= 33, C =< 126 ->
|
|
|
|
|
[Digit, 33, LowLetter, HiLetter,
|
|
|
|
|
Other];
|
|
|
|
|
true ->
|
|
|
|
|
[Digit, Printable, LowLetter,
|
|
|
|
|
HiLetter, 128]
|
|
|
|
|
end
|
|
|
|
|
end,
|
|
|
|
|
[0, 0, 0, 0, 0], S),
|
|
|
|
|
length(S) * math:log(lists:sum(Set)) / math:log(2)
|
2010-10-24 09:17:30 +02:00
|
|
|
end.
|
2006-02-20 05:07:42 +01:00
|
|
|
|
2016-12-28 07:47:11 +01:00
|
|
|
-spec backend_type(atom()) -> atom().
|
|
|
|
|
backend_type(Mod) ->
|
|
|
|
|
case atom_to_list(Mod) of
|
|
|
|
|
"ejabberd_auth_" ++ T -> list_to_atom(T);
|
|
|
|
|
_ -> Mod
|
|
|
|
|
end.
|
|
|
|
|
|
2017-04-28 12:23:32 +02:00
|
|
|
password_format(LServer) ->
|
2017-04-29 10:39:40 +02:00
|
|
|
ejabberd_config:get_option({auth_password_format, LServer}, plain).
|
2017-04-28 12:23:32 +02:00
|
|
|
|
2004-12-12 22:00:34 +01:00
|
|
|
%%%----------------------------------------------------------------------
|
|
|
|
|
%%% Internal functions
|
|
|
|
|
%%%----------------------------------------------------------------------
|
2017-02-24 12:06:47 +01:00
|
|
|
-spec auth_modules() -> [module()].
|
2008-02-19 14:49:29 +01:00
|
|
|
auth_modules() ->
|
2017-02-23 14:19:22 +01:00
|
|
|
lists:usort(lists:flatmap(fun auth_modules/1, ?MYHOSTS)).
|
2013-03-14 10:33:02 +01:00
|
|
|
|
2017-02-24 12:06:47 +01:00
|
|
|
-spec auth_modules(binary()) -> [module()].
|
2006-04-07 02:39:24 +02:00
|
|
|
auth_modules(Server) ->
|
2015-11-24 16:44:13 +01:00
|
|
|
LServer = jid:nameprep(Server),
|
2016-04-27 16:10:50 +02:00
|
|
|
Default = ejabberd_config:default_db(LServer, ?MODULE),
|
2017-04-29 10:39:40 +02:00
|
|
|
Methods = ejabberd_config:get_option({auth_method, LServer}, [Default]),
|
2017-04-11 12:13:58 +02:00
|
|
|
[misc:binary_to_atom(<<"ejabberd_auth_",
|
|
|
|
|
(misc:atom_to_binary(M))/binary>>)
|
2013-03-14 10:33:02 +01:00
|
|
|
|| M <- Methods].
|
|
|
|
|
|
|
|
|
|
export(Server) ->
|
2016-04-27 08:44:32 +02:00
|
|
|
ejabberd_auth_mnesia:export(Server).
|
2013-07-21 12:24:36 +02:00
|
|
|
|
2016-11-22 14:48:01 +01:00
|
|
|
import_info() ->
|
|
|
|
|
[{<<"users">>, 3}].
|
2013-07-21 12:24:36 +02:00
|
|
|
|
2016-11-22 14:48:01 +01:00
|
|
|
import_start(_LServer, mnesia) ->
|
|
|
|
|
ejabberd_auth_mnesia:init_db();
|
|
|
|
|
import_start(_LServer, _) ->
|
|
|
|
|
ok.
|
|
|
|
|
|
|
|
|
|
import(Server, {sql, _}, mnesia, <<"users">>, Fields) ->
|
|
|
|
|
ejabberd_auth_mnesia:import(Server, Fields);
|
|
|
|
|
import(Server, {sql, _}, riak, <<"users">>, Fields) ->
|
|
|
|
|
ejabberd_auth_riak:import(Server, Fields);
|
|
|
|
|
import(_LServer, {sql, _}, sql, <<"users">>, _) ->
|
|
|
|
|
ok.
|
2015-06-01 14:38:27 +02:00
|
|
|
|
2017-05-08 11:59:28 +02:00
|
|
|
-spec opt_type(auth_method) -> fun((atom() | [atom()]) -> [atom()]);
|
|
|
|
|
(auth_password_format) -> fun((plain | scram) -> plain | scram);
|
|
|
|
|
(atom()) -> [atom()].
|
2015-06-01 14:38:27 +02:00
|
|
|
opt_type(auth_method) ->
|
|
|
|
|
fun (V) when is_list(V) ->
|
2016-04-27 16:10:50 +02:00
|
|
|
lists:map(fun(M) -> ejabberd_config:v_db(?MODULE, M) end, V);
|
|
|
|
|
(V) -> [ejabberd_config:v_db(?MODULE, V)]
|
2015-06-01 14:38:27 +02:00
|
|
|
end;
|
2017-04-28 12:23:32 +02:00
|
|
|
opt_type(auth_password_format) ->
|
|
|
|
|
fun (plain) -> plain;
|
|
|
|
|
(scram) -> scram
|
|
|
|
|
end;
|
|
|
|
|
opt_type(_) -> [auth_method, auth_password_format].
|
