mirror of
https://github.com/processone/ejabberd.git
synced 2024-06-06 21:37:17 +02:00
* src/ejabberd_auth.erl: If anonymous auth is enabled, when
checking if the account already exists in other auth methods, take into account if the auth method failed (EJAB-882) * src/ejabberd_auth_anonymous.erl: Likewise * src/ejabberd_auth_external.erl: Likewise * src/ejabberd_auth_internal.erl: Likewise * src/ejabberd_auth_ldap.erl: Likewise * src/ejabberd_auth_odbc.erl: Likewise * src/ejabberd_auth_pam.erl: Likewise SVN Revision: 1966
This commit is contained in:
parent
7af7afc30e
commit
7982492f50
10
ChangeLog
10
ChangeLog
|
@ -1,5 +1,15 @@
|
|||
2009-03-04 Badlop <badlop@process-one.net>
|
||||
|
||||
* src/ejabberd_auth.erl: If anonymous auth is enabled, when
|
||||
checking if the account already exists in other auth methods, take
|
||||
into account if the auth method failed (EJAB-882)
|
||||
* src/ejabberd_auth_anonymous.erl: Likewise
|
||||
* src/ejabberd_auth_external.erl: Likewise
|
||||
* src/ejabberd_auth_internal.erl: Likewise
|
||||
* src/ejabberd_auth_ldap.erl: Likewise
|
||||
* src/ejabberd_auth_odbc.erl: Likewise
|
||||
* src/ejabberd_auth_pam.erl: Likewise
|
||||
|
||||
* src/mod_caps.erl: Fix two small compilation errors
|
||||
|
||||
2009-03-04 Christophe Romain <christophe.romain@process-one.net>
|
||||
|
|
|
@ -92,10 +92,10 @@ plain_password_required(Server) when is_list(Server) ->
|
|||
|
||||
check_password(User, Server, Password)
|
||||
when is_list(User), is_list(Server), is_list(Password) ->
|
||||
lists:any(
|
||||
fun(M) ->
|
||||
M:check_password(User, Server, Password)
|
||||
end, auth_modules(Server)).
|
||||
case check_password_with_authmodule(User, Server, Password) of
|
||||
{true, _AuthModule} -> true;
|
||||
false -> false
|
||||
end.
|
||||
|
||||
%% @spec (User, Server, Password, StreamID, Digest) -> bool()
|
||||
%% User = string()
|
||||
|
@ -108,10 +108,11 @@ check_password(User, Server, Password)
|
|||
check_password(User, Server, Password, StreamID, Digest)
|
||||
when is_list(User), is_list(Server), is_list(Password),
|
||||
is_list(StreamID), is_list(Digest) ->
|
||||
lists:any(
|
||||
fun(M) ->
|
||||
M:check_password(User, Server, Password, StreamID, Digest)
|
||||
end, auth_modules(Server)).
|
||||
case check_password_with_authmodule(User, Server, Password,
|
||||
StreamID, Digest) of
|
||||
{true, _AuthModule} -> true;
|
||||
false -> false
|
||||
end.
|
||||
|
||||
%% @spec (User, Server, Password) -> {true, AuthModule} | false
|
||||
%% User = string()
|
||||
|
@ -125,15 +126,7 @@ check_password(User, Server, Password, StreamID, Digest)
|
|||
|
||||
check_password_with_authmodule(User, Server, Password)
|
||||
when is_list(User), is_list(Server), is_list(Password) ->
|
||||
Res = lists:dropwhile(
|
||||
fun(M) ->
|
||||
not apply(M, check_password,
|
||||
[User, Server, Password])
|
||||
end, auth_modules(Server)),
|
||||
case Res of
|
||||
[] -> false;
|
||||
[AuthMod | _] -> {true, AuthMod}
|
||||
end.
|
||||
check_password_loop(auth_modules(Server), [User, Server, Password]).
|
||||
|
||||
%% @spec (User, Server, Password, StreamID, Digest) -> {true, AuthModule} | false
|
||||
%% User = string()
|
||||
|
@ -149,14 +142,17 @@ check_password_with_authmodule(User, Server, Password)
|
|||
check_password_with_authmodule(User, Server, Password, StreamID, Digest)
|
||||
when is_list(User), is_list(Server), (is_list(Password) orelse Password == 'undefined'),
|
||||
is_list(StreamID), (is_list(Digest) orelse Digest == 'undefined')->
|
||||
Res = lists:dropwhile(
|
||||
fun(M) ->
|
||||
not apply(M, check_password,
|
||||
[User, Server, Password, StreamID, Digest])
|
||||
end, auth_modules(Server)),
|
||||
case Res of
|
||||
[] -> false;
|
||||
[AuthMod | _] -> {true, AuthMod}
|
||||
check_password_loop(auth_modules(Server), [User, Server, Password,
|
||||
StreamID, Digest]).
|
||||
|
||||
check_password_loop([], _Args) ->
|
||||
false;
|
||||
check_password_loop([AuthModule | AuthModules], Args) ->
|
||||
case apply(AuthModule, check_password, Args) of
|
||||
true ->
|
||||
{true, AuthModule};
|
||||
false ->
|
||||
check_password_loop(AuthModules, Args)
|
||||
end.
|
||||
|
||||
%% @spec (User, Server, Password) -> ok | {error, ErrorType}
|
||||
|
@ -347,7 +343,7 @@ is_user_exists(User, Server) when is_list(User), is_list(Server) ->
|
|||
M:is_user_exists(User, Server)
|
||||
end, auth_modules(Server)).
|
||||
|
||||
%% @spec (Module, User, Server) -> bool
|
||||
%% @spec (Module, User, Server) -> true | false | maybe
|
||||
%% Module = authmodule()
|
||||
%% User = string()
|
||||
%% Server = string()
|
||||
|
@ -356,10 +352,24 @@ is_user_exists(User, Server) when is_list(User), is_list(Server) ->
|
|||
|
||||
is_user_exists_in_other_modules(Module, User, Server)
|
||||
when is_list(User), is_list(Server) ->
|
||||
lists:any(
|
||||
fun(M) ->
|
||||
M:is_user_exists(User, Server)
|
||||
end, auth_modules(Server)--[Module]).
|
||||
is_user_exists_in_other_modules_loop(
|
||||
auth_modules(Server)--[Module],
|
||||
User, Server).
|
||||
is_user_exists_in_other_modules_loop([], _User, _Server) ->
|
||||
false;
|
||||
is_user_exists_in_other_modules_loop([AuthModule|AuthModules], User, Server) ->
|
||||
case AuthModule:is_user_exists(User, Server) of
|
||||
true ->
|
||||
true;
|
||||
false ->
|
||||
is_user_exists_in_other_modules_loop(AuthModules, User, Server);
|
||||
{error, Error} ->
|
||||
?DEBUG("The authentication module ~p returned an error~nwhen "
|
||||
"checking user ~p in server ~p~nError message: ~p",
|
||||
[AuthModule, User, Server, Error]),
|
||||
maybe
|
||||
end.
|
||||
|
||||
|
||||
%% @spec (User, Server) -> ok | error | {error, not_allowed}
|
||||
%% User = string()
|
||||
|
|
|
@ -234,7 +234,10 @@ check_password(User, Server, _Password, _StreamID, _Digest) ->
|
|||
%% they however are "reserved")
|
||||
case ejabberd_auth:is_user_exists_in_other_modules(?MODULE,
|
||||
User, Server) of
|
||||
%% If user exists in other module, reject anonnymous authentication
|
||||
true -> false;
|
||||
%% If we are not sure whether the user exists in other module, reject anon auth
|
||||
maybe -> false;
|
||||
false -> login(User, Server)
|
||||
end.
|
||||
|
||||
|
|
|
@ -128,8 +128,13 @@ get_password_s(_User, _Server) ->
|
|||
%% User = string()
|
||||
%% Server = string()
|
||||
|
||||
%% @spec (User, Server) -> true | false | {error, Error}
|
||||
is_user_exists(User, Server) ->
|
||||
extauth:is_user_exists(User, Server).
|
||||
try extauth:is_user_exists(User, Server) of
|
||||
Res -> Res
|
||||
catch
|
||||
_:Error -> {error, Error}
|
||||
end.
|
||||
|
||||
%% @spec (User, Server) -> {error, not_allowed}
|
||||
%% User = string()
|
||||
|
|
|
@ -310,6 +310,7 @@ get_password_s(User, Server) ->
|
|||
%% User = string()
|
||||
%% Server = string()
|
||||
|
||||
%% @spec (User, Server) -> true | false | {error, Error}
|
||||
is_user_exists(User, Server) ->
|
||||
try
|
||||
LUser = exmpp_stringprep:nodeprep(User),
|
||||
|
@ -320,8 +321,8 @@ is_user_exists(User, Server) ->
|
|||
false;
|
||||
[_] ->
|
||||
true;
|
||||
_ ->
|
||||
false
|
||||
Other ->
|
||||
{error, Other}
|
||||
end
|
||||
catch
|
||||
_ ->
|
||||
|
|
|
@ -242,10 +242,11 @@ get_password_s(_User, _Server) ->
|
|||
%% User = string()
|
||||
%% Server = string()
|
||||
|
||||
%% @spec (User, Server) -> true | false | {error, Error}
|
||||
is_user_exists(User, Server) ->
|
||||
case catch is_user_exists_ldap(User, Server) of
|
||||
{'EXIT', _} ->
|
||||
false;
|
||||
{'EXIT', Error} ->
|
||||
{error, Error};
|
||||
Result ->
|
||||
Result
|
||||
end.
|
||||
|
|
|
@ -73,11 +73,18 @@ check_password(User, Server, Password) ->
|
|||
LUser = exmpp_stringprep:nodeprep(User),
|
||||
Username = ejabberd_odbc:escape(LUser),
|
||||
LServer = exmpp_stringprep:nameprep(Server),
|
||||
case catch odbc_queries:get_password(LServer, Username) of
|
||||
try odbc_queries:get_password(LServer, Username) of
|
||||
{selected, ["password"], [{Password}]} ->
|
||||
Password /= "";
|
||||
_ ->
|
||||
false
|
||||
Password /= ""; %% Password is correct, and not empty
|
||||
{selected, ["password"], [{_Password2}]} ->
|
||||
false; %% Password is not correct
|
||||
{selected, ["password"], []} ->
|
||||
false; %% Account does not exist
|
||||
{error, _Error} ->
|
||||
false %% Typical error is that table doesn't exist
|
||||
catch
|
||||
_:_ ->
|
||||
false %% Typical error is database not accessible
|
||||
end
|
||||
catch
|
||||
_ ->
|
||||
|
@ -96,7 +103,8 @@ check_password(User, Server, Password, StreamID, Digest) ->
|
|||
LUser = exmpp_stringprep:nodeprep(User),
|
||||
Username = ejabberd_odbc:escape(LUser),
|
||||
LServer = exmpp_stringprep:nameprep(Server),
|
||||
case catch odbc_queries:get_password(LServer, Username) of
|
||||
try odbc_queries:get_password(LServer, Username) of
|
||||
%% Account exists, check if password is valid
|
||||
{selected, ["password"], [{Passwd}]} ->
|
||||
DigRes = if
|
||||
Digest /= "" ->
|
||||
|
@ -109,8 +117,13 @@ check_password(User, Server, Password, StreamID, Digest) ->
|
|||
true ->
|
||||
(Passwd == Password) and (Password /= "")
|
||||
end;
|
||||
_ ->
|
||||
false
|
||||
{selected, ["password"], []} ->
|
||||
false; %% Account does not exist
|
||||
{error, _Error} ->
|
||||
false %% Typical error is that table doesn't exist
|
||||
catch
|
||||
_:_ ->
|
||||
false %% Typical error is database not accessible
|
||||
end
|
||||
catch
|
||||
_ ->
|
||||
|
@ -277,16 +290,22 @@ get_password_s(User, Server) ->
|
|||
%% User = string()
|
||||
%% Server = string()
|
||||
|
||||
%% @spec (User, Server) -> true | false | {error, Error}
|
||||
is_user_exists(User, Server) ->
|
||||
try
|
||||
LUser = exmpp_stringprep:nodeprep(User),
|
||||
Username = ejabberd_odbc:escape(LUser),
|
||||
LServer = exmpp_stringprep:nameprep(Server),
|
||||
case catch odbc_queries:get_password(LServer, Username) of
|
||||
try odbc_queries:get_password(LServer, Username) of
|
||||
{selected, ["password"], [{_Password}]} ->
|
||||
true;
|
||||
_ ->
|
||||
false
|
||||
true; %% Account exists
|
||||
{selected, ["password"], []} ->
|
||||
false; %% Account does not exist
|
||||
{error, Error} ->
|
||||
{error, Error} %% Typical error is that table doesn't exist
|
||||
catch
|
||||
_:B ->
|
||||
{error, B} %% Typical error is database not accessible
|
||||
end
|
||||
catch
|
||||
_ ->
|
||||
|
|
|
@ -125,9 +125,11 @@ get_password(_User, _Server) ->
|
|||
get_password_s(_User, _Server) ->
|
||||
"".
|
||||
|
||||
%% @spec (User, Server) -> bool()
|
||||
%% @spec (User, Server) -> true | false | {error, Error}
|
||||
%% User = string()
|
||||
%% Server = string()
|
||||
%% TODO: Improve this function to return an error instead of 'false' when
|
||||
%% connection to PAM failed
|
||||
|
||||
is_user_exists(User, Server) ->
|
||||
Service = get_pam_service(Server),
|
||||
|
|
Loading…
Reference in New Issue
Block a user