Chapril/xmpp.chapril.org-ejabberd
25
1
Fork 0
mirror of https://github.com/processone/ejabberd.git synced 2024-11-22 16:20:52 +01:00
Code Releases Activity

Report in SQL when scram is enabled but the stored password isn't (#1096)

Browse Source
This commit is contained in:
Badlop 2016-06-01 20:48:52 +02:00
parent bbb90b9928
commit 5352037680
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/ejabberd_auth_sql.erl
View File

@ -88,7 +88,7 @@ check_password(User, AuthzId, Server, Password) ->
serverkey = ServerKey, serverkey = ServerKey,
salt = Salt, salt = Salt,
iterationcount = IterationCount}, iterationcount = IterationCount},
is_password_scram_valid(Password, Scram); is_password_scram_valid_stored(Password, Scram, LUser, LServer);
{selected, []} -> {selected, []} ->
false; %% Account does not exist false; %% Account does not exist
{error, _Error} -> {error, _Error} ->
@ -417,6 +417,15 @@ password_to_scram(Password, IterationCount) ->
salt = jlib:encode_base64(Salt), salt = jlib:encode_base64(Salt),
iterationcount = IterationCount}. iterationcount = IterationCount}.
is_password_scram_valid_stored(Pass, {scram,Pass,<<>>,<<>>,0}, LUser, LServer) ->
?INFO_MSG("Apparently, SQL auth method and scram password formatting are "
"enabled, but the password of user '~s' in the 'users' table is not "
"scrammed. You may want to execute this command: "
"ejabberdctl convert_to_scram ~s", [LUser, LServer]),
false;
is_password_scram_valid_stored(Password, Scram, _, _) ->
is_password_scram_valid(Password, Scram).
is_password_scram_valid(Password, Scram) -> is_password_scram_valid(Password, Scram) ->
IterationCount = Scram#scram.iterationcount, IterationCount = Scram#scram.iterationcount,
Salt = jlib:decode_base64(Scram#scram.salt), Salt = jlib:decode_base64(Scram#scram.salt),