diff --git a/src/ejabberd_admin.erl b/src/ejabberd_admin.erl index 3e02e6bd0..64f8fba7c 100644 --- a/src/ejabberd_admin.erl +++ b/src/ejabberd_admin.erl @@ -269,12 +269,11 @@ get_commands_spec() -> args_example = ["example.com"], args = [{host, string}], result = {res, rescode}}, #ejabberd_commands{name = convert_to_scram, tags = [sql], - desc = "Convert the passwords in 'users' ODBC table to SCRAM", - module = ejabberd_auth_sql, function = convert_to_scram, + desc = "Convert the passwords of users to SCRAM", + module = ejabberd_auth, function = convert_to_scram, args_desc = ["Vhost which users' passwords will be scrammed"], args_example = ["example.com"], args = [{host, binary}], result = {res, rescode}}, - #ejabberd_commands{name = import_prosody, tags = [mnesia, sql], desc = "Import data from Prosody", longdesc = "Note: this method requires ejabberd compiled with optional tools support " diff --git a/src/ejabberd_auth.erl b/src/ejabberd_auth.erl index 9a7479e40..1fc05f8cb 100644 --- a/src/ejabberd_auth.erl +++ b/src/ejabberd_auth.erl @@ -46,7 +46,7 @@ -export([init/1, handle_call/3, handle_cast/2, handle_info/2, terminate/2, code_change/3]). --export([auth_modules/1]). +-export([auth_modules/1, convert_to_scram/1]). -include("scram.hrl"). -include("logger.hrl"). @@ -915,3 +915,24 @@ import(Server, {sql, _}, mnesia, <<"users">>, Fields) -> ejabberd_auth_mnesia:import(Server, Fields); import(_LServer, {sql, _}, sql, <<"users">>, _) -> ok. + +-spec convert_to_scram(binary()) -> {error, any()} | ok. +convert_to_scram(Server) -> + LServer = jid:nameprep(Server), + if + LServer == error; + LServer == <<>> -> + {error, {incorrect_server_name, Server}}; + true -> + lists:foreach( + fun({U, S}) -> + case get_password(U, S) of + Pass when is_binary(Pass) -> + SPass = password_to_scram(Pass), + set_password(U, S, SPass); + _ -> + ok + end + end, get_users(LServer)), + ok + end. diff --git a/src/ejabberd_auth_sql.erl b/src/ejabberd_auth_sql.erl index 106c83b47..3fa96b735 100644 --- a/src/ejabberd_auth_sql.erl +++ b/src/ejabberd_auth_sql.erl @@ -33,7 +33,7 @@ -export([start/1, stop/1, set_password/3, try_register/3, get_users/2, count_users/2, get_password/2, remove_user/2, store_type/1, plain_password_required/1, - convert_to_scram/1, export/1, which_users_exists/2]). + export/1, which_users_exists/2]). -include("scram.hrl"). -include("logger.hrl"). @@ -269,54 +269,6 @@ which_users_exists(LServer, LUsers) -> end end. - -convert_to_scram(Server) -> - LServer = jid:nameprep(Server), - if - LServer == error; - LServer == <<>> -> - {error, {incorrect_server_name, Server}}; - true -> - F = fun () -> - BatchSize = ?BATCH_SIZE, - case ejabberd_sql:sql_query_t( - ?SQL("select @(username)s, @(password)s" - " from users" - " where iterationcount=0 and %(LServer)H" - " limit %(BatchSize)d")) of - {selected, []} -> - ok; - {selected, Rs} -> - lists:foreach( - fun({LUser, Password}) -> - case jid:resourceprep(Password) of - error -> - ?ERROR_MSG( - "SASLprep failed for " - "password of user ~ts@~ts", - [LUser, LServer]); - _ -> - Scram = ejabberd_auth:password_to_scram(Password), - set_password_scram_t( - LUser, LServer, - Scram#scram.storedkey, - Scram#scram.serverkey, - Scram#scram.salt, - Scram#scram.iterationcount) - end - end, Rs), - continue; - Err -> {bad_reply, Err} - end - end, - case ejabberd_sql:sql_transaction(LServer, F) of - {atomic, ok} -> ok; - {atomic, continue} -> convert_to_scram(Server); - {atomic, Error} -> {error, Error}; - Error -> Error - end - end. - export(_Server) -> [{passwd, fun(Host, #passwd{us = {LUser, LServer}, password = Password})