25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-11-22 16:20:52 +01:00

Add support for SCRAM-SHA-{256,512}-{PLUS} authentication

This commit is contained in:
Paweł Chmielowski 2020-12-03 15:07:09 +01:00
parent 02cc212f16
commit 0371b0f664
2 changed files with 7 additions and 2 deletions

View File

@ -57,7 +57,7 @@
{stringprep, ".*", {git, "https://github.com/processone/stringprep", {tag, "1.0.23"}}},
{if_var_true, stun,
{stun, ".*", {git, "https://github.com/processone/stun", {tag, "1.0.39"}}}},
{xmpp, ".*", {git, "https://github.com/processone/xmpp", {tag, "1.4.10"}}},
{xmpp, ".*", {git, "https://github.com/processone/xmpp", "e21de94967c9d6b632058b1f5d34614e0dc9bfe8"}},
{yconf, ".*", {git, "https://github.com/processone/yconf", {tag, "1.0.8"}}}
]}.

View File

@ -373,7 +373,7 @@ unauthenticated_stream_features(#{lserver := LServer}) ->
authenticated_stream_features(#{lserver := LServer}) ->
ejabberd_hooks:run_fold(c2s_post_auth_features, LServer, [], [LServer]).
sasl_mechanisms(Mechs, #{lserver := LServer} = State) ->
sasl_mechanisms(Mechs, #{lserver := LServer, stream_encrypted := Encrypted} = State) ->
Type = ejabberd_auth:store_type(LServer),
Mechs1 = ejabberd_option:disable_sasl_mechanisms(LServer),
%% I re-created it from cyrsasl ets magic, but I think it's wrong
@ -383,6 +383,11 @@ sasl_mechanisms(Mechs, #{lserver := LServer} = State) ->
ejabberd_auth_anonymous:is_sasl_anonymous_enabled(LServer);
(<<"DIGEST-MD5">>) -> Type == plain;
(<<"SCRAM-SHA-1">>) -> Type /= external;
(<<"SCRAM-SHA-1-PLUS">>) -> Type /= external andalso Encrypted;
(<<"SCRAM-SHA-256">>) -> Type == plain;
(<<"SCRAM-SHA-256-PLUS">>) -> Type == plain andalso Encrypted;
(<<"SCRAM-SHA-512">>) -> Type == plain;
(<<"SCRAM-SHA-512-PLUS">>) -> Type == plain andalso Encrypted;
(<<"PLAIN">>) -> true;
(<<"X-OAUTH2">>) -> [ejabberd_auth_anonymous] /= ejabberd_auth:auth_modules(LServer);
(<<"EXTERNAL">>) -> maps:get(tls_verify, State, false);