diff --git a/ChangeLog b/ChangeLog index c4e30e4af..732436543 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,33 +1,46 @@ +2007-02-20 Alexey Shchepin + + * src/ejabberd_c2s.erl: Init shaper with a default value first + after stream opening + + * src/ejabberd_c2s.erl: Log failed SASL login attempts + * src/cyrsasl.erl: Updated API + * src/cyrsasl_plain.erl: Likewise + * src/cyrsasl_digest.erl: Likewise + 2007-02-19 Mickael Remond * src/mod_muc/mod_muc_room.erl: Added an option set affiliations. - * doc/api/*: Added Erlang documentation generation script (EJAB-188). + * doc/api/*: Added Erlang documentation generation script + (EJAB-188). * doc/version.tex: Updated. * src/ejabberd.app: Updated. - * src/odbc/pg.sql: last table, state column cannot be NULL (EJAB-191). + * src/odbc/pg.sql: last table, state column cannot be NULL + (EJAB-191). * src/odbc/mysql.sql: likewise. - * src/odbc/mssql.sql. likewise. + * src/odbc/mssql.sql: likewise. - * src/ejabberd_auth_ldap.erl: prevent anonymous bind on LDAP servers - as ejabberd is providing other anonymous authentication mechanism + * src/ejabberd_auth_ldap.erl: prevent anonymous bind on LDAP + servers as ejabberd is providing other anonymous authentication + mechanism (EJAB-190). - * src/cyrsasl_plain.erl: bad-auth error code replaced by not-authorized - (EJAB-187). + * src/cyrsasl_plain.erl: bad-auth error code replaced by + not-authorized (EJAB-187). - * src/aclocal.m4: configure --with-erlang option is now working (Thanks - to Jerome Sautret) (EJAB-186). + * src/aclocal.m4: configure --with-erlang option is now working + (Thanks to Jerome Sautret) (EJAB-186). - * src/mod_muc/mod_muc_log.erl: Spam prevention: The default behaviour - is now to use the nofollow rel attributes for links that are submitted - by users (EJAB-185). + * src/mod_muc/mod_muc_log.erl: Spam prevention: The default + behaviour is now to use the nofollow rel attributes for links that + are submitted by users (EJAB-185). * doc/guide.tex: Likewise. - * src/mod_muc/mod_muc_room.erl: API improvement: Implementation of an - event to destroy MUC room from an external application (Thanks to - Massimiliano Mirra) (EJAB-184). + * src/mod_muc/mod_muc_room.erl: API improvement: Implementation of + an event to destroy MUC room from an external application (Thanks + to Massimiliano Mirra) (EJAB-184). 2007-02-18 Alexey Shchepin @@ -119,16 +132,16 @@ 2007-01-11 Mickael Remond - * doc/guide.tex: Latex / Hevea related improvements for documentation - generation (thanks to Sander Devrieze). + * doc/guide.tex: Latex / Hevea related improvements for + documentation generation (thanks to Sander Devrieze). * doc/introduction.tex: Likewise. * doc/dev.tex: Likewise. * doc/features.tex: Likewise. 2007-01-08 Christophe Romain - * src/mod_pubsub/mod_pubsub.erl: add presence_based_delivery cluster - support + * src/mod_pubsub/mod_pubsub.erl: add presence_based_delivery + cluster support 2007-01-05 Alexey Shchepin diff --git a/src/cyrsasl.erl b/src/cyrsasl.erl index f8e548826..eb2346cda 100644 --- a/src/cyrsasl.erl +++ b/src/cyrsasl.erl @@ -136,6 +136,8 @@ server_step(State, ClientIn) -> {continue, ServerOut, NewMechState} -> {continue, ServerOut, State#sasl_state{mech_state = NewMechState}}; + {error, Error, Username} -> + {error, Error, Username}; {error, Error} -> {error, Error} end. diff --git a/src/cyrsasl_digest.erl b/src/cyrsasl_digest.erl index cc44b1a95..9966bddd1 100644 --- a/src/cyrsasl_digest.erl +++ b/src/cyrsasl_digest.erl @@ -44,7 +44,7 @@ mech_step(#state{step = 3, nonce = Nonce} = State, ClientIn) -> AuthzId = xml:get_attr_s("authzid", KeyVals), case (State#state.get_password)(UserName) of false -> - {error, "not-authorized"}; + {error, "not-authorized", UserName}; Passwd -> Response = response(KeyVals, UserName, Passwd, Nonce, AuthzId, "AUTHENTICATE"), @@ -59,7 +59,7 @@ mech_step(#state{step = 3, nonce = Nonce} = State, ClientIn) -> username = UserName, authzid = AuthzId}}; _ -> - {error, "not-authorized"} + {error, "not-authorized", UserName} end end end; diff --git a/src/cyrsasl_plain.erl b/src/cyrsasl_plain.erl index 59f88bf25..a2fee76ec 100644 --- a/src/cyrsasl_plain.erl +++ b/src/cyrsasl_plain.erl @@ -33,7 +33,7 @@ mech_step(State, ClientIn) -> true -> {ok, [{username, User}, {authzid, AuthzId}]}; _ -> - {error, "not-authorized"} + {error, "not-authorized", User} end; _ -> {error, "bad-protocol"} diff --git a/src/ejabberd_c2s.erl b/src/ejabberd_c2s.erl index 0865fba5b..f1c3dddfc 100644 --- a/src/ejabberd_c2s.erl +++ b/src/ejabberd_c2s.erl @@ -174,6 +174,7 @@ wait_for_stream({xmlstreamstart, _Name, Attrs}, StateData) -> case lists:member(Server, ?MYHOSTS) of true -> Lang = xml:get_attr_s("xml:lang", Attrs), + change_shaper(StateData, jlib:make_jid("", Server, "")), case xml:get_attr_s("version", Attrs) of "1.0" -> Header = io_lib:format(?STREAM_HEADER, @@ -493,6 +494,16 @@ wait_for_feature_request({xmlstreamelement, El}, StateData) -> jlib:encode_base64(ServerOut)}]}), {next_state, wait_for_sasl_response, StateData#state{sasl_state = NewSASLState}}; + {error, Error, Username} -> + ?INFO_MSG( + "(~w) Failed authentication for ~s@~s", + [StateData#state.socket, + Username, StateData#state.server]), + send_element(StateData, + {xmlelement, "failure", + [{"xmlns", ?NS_SASL}], + [{xmlelement, Error, [], []}]}), + {next_state, wait_for_feature_request, StateData}; {error, Error} -> send_element(StateData, {xmlelement, "failure", @@ -609,6 +620,16 @@ wait_for_sasl_response({xmlstreamelement, El}, StateData) -> jlib:encode_base64(ServerOut)}]}), {next_state, wait_for_sasl_response, StateData#state{sasl_state = NewSASLState}}; + {error, Error, Username} -> + ?INFO_MSG( + "(~w) Failed authentication for ~s@~s", + [StateData#state.socket, + Username, StateData#state.server]), + send_element(StateData, + {xmlelement, "failure", + [{"xmlns", ?NS_SASL}], + [{xmlelement, Error, [], []}]}), + {next_state, wait_for_feature_request, StateData}; {error, Error} -> send_element(StateData, {xmlelement, "failure",