Add support for SCRAM-SHA-{256,512}-{PLUS} authentication
This commit is contained in:
parent
02cc212f16
commit
0371b0f664
|
@ -57,7 +57,7 @@
|
||||||
{stringprep, ".*", {git, "https://github.com/processone/stringprep", {tag, "1.0.23"}}},
|
{stringprep, ".*", {git, "https://github.com/processone/stringprep", {tag, "1.0.23"}}},
|
||||||
{if_var_true, stun,
|
{if_var_true, stun,
|
||||||
{stun, ".*", {git, "https://github.com/processone/stun", {tag, "1.0.39"}}}},
|
{stun, ".*", {git, "https://github.com/processone/stun", {tag, "1.0.39"}}}},
|
||||||
{xmpp, ".*", {git, "https://github.com/processone/xmpp", {tag, "1.4.10"}}},
|
{xmpp, ".*", {git, "https://github.com/processone/xmpp", "e21de94967c9d6b632058b1f5d34614e0dc9bfe8"}},
|
||||||
{yconf, ".*", {git, "https://github.com/processone/yconf", {tag, "1.0.8"}}}
|
{yconf, ".*", {git, "https://github.com/processone/yconf", {tag, "1.0.8"}}}
|
||||||
]}.
|
]}.
|
||||||
|
|
||||||
|
|
|
@ -373,7 +373,7 @@ unauthenticated_stream_features(#{lserver := LServer}) ->
|
||||||
authenticated_stream_features(#{lserver := LServer}) ->
|
authenticated_stream_features(#{lserver := LServer}) ->
|
||||||
ejabberd_hooks:run_fold(c2s_post_auth_features, LServer, [], [LServer]).
|
ejabberd_hooks:run_fold(c2s_post_auth_features, LServer, [], [LServer]).
|
||||||
|
|
||||||
sasl_mechanisms(Mechs, #{lserver := LServer} = State) ->
|
sasl_mechanisms(Mechs, #{lserver := LServer, stream_encrypted := Encrypted} = State) ->
|
||||||
Type = ejabberd_auth:store_type(LServer),
|
Type = ejabberd_auth:store_type(LServer),
|
||||||
Mechs1 = ejabberd_option:disable_sasl_mechanisms(LServer),
|
Mechs1 = ejabberd_option:disable_sasl_mechanisms(LServer),
|
||||||
%% I re-created it from cyrsasl ets magic, but I think it's wrong
|
%% I re-created it from cyrsasl ets magic, but I think it's wrong
|
||||||
|
@ -383,6 +383,11 @@ sasl_mechanisms(Mechs, #{lserver := LServer} = State) ->
|
||||||
ejabberd_auth_anonymous:is_sasl_anonymous_enabled(LServer);
|
ejabberd_auth_anonymous:is_sasl_anonymous_enabled(LServer);
|
||||||
(<<"DIGEST-MD5">>) -> Type == plain;
|
(<<"DIGEST-MD5">>) -> Type == plain;
|
||||||
(<<"SCRAM-SHA-1">>) -> Type /= external;
|
(<<"SCRAM-SHA-1">>) -> Type /= external;
|
||||||
|
(<<"SCRAM-SHA-1-PLUS">>) -> Type /= external andalso Encrypted;
|
||||||
|
(<<"SCRAM-SHA-256">>) -> Type == plain;
|
||||||
|
(<<"SCRAM-SHA-256-PLUS">>) -> Type == plain andalso Encrypted;
|
||||||
|
(<<"SCRAM-SHA-512">>) -> Type == plain;
|
||||||
|
(<<"SCRAM-SHA-512-PLUS">>) -> Type == plain andalso Encrypted;
|
||||||
(<<"PLAIN">>) -> true;
|
(<<"PLAIN">>) -> true;
|
||||||
(<<"X-OAUTH2">>) -> [ejabberd_auth_anonymous] /= ejabberd_auth:auth_modules(LServer);
|
(<<"X-OAUTH2">>) -> [ejabberd_auth_anonymous] /= ejabberd_auth:auth_modules(LServer);
|
||||||
(<<"EXTERNAL">>) -> maps:get(tls_verify, State, false);
|
(<<"EXTERNAL">>) -> maps:get(tls_verify, State, false);
|
||||||
|
|
Loading…
Reference in New Issue