From 8a737f875f36252dcac491e3d06ba567b5bda278 Mon Sep 17 00:00:00 2001 From: Badlop Date: Mon, 27 Aug 2012 16:57:56 +0200 Subject: [PATCH] Add SCRAM and remove MD5 support to ejabberd commands auth verification --- doc/guide.tex | 4 +--- src/ejabberd_commands.erl | 15 +++++---------- 2 files changed, 6 insertions(+), 13 deletions(-) diff --git a/doc/guide.tex b/doc/guide.tex index db4a9aeff..242ab6384 100644 --- a/doc/guide.tex +++ b/doc/guide.tex @@ -5010,7 +5010,6 @@ In this example there is no restriction: \end{verbatim} If account \term{robot1@example.org} is registered in \ejabberd{} with password \term{abcdef} -(which MD5 is E8B501798950FC58AAD83C8C14978E), and \term{ejabberd.cfg} contains this setting: \begin{verbatim} {hosts, ["example.org"]}. @@ -5022,7 +5021,7 @@ then you can do this in the shell: \begin{verbatim} $ ejabberdctl registered_users example.org Error: no_auth_provided -$ ejabberdctl --auth robot1 example.org E8B501798950FC58AAD83C8C14978E registered_users example.org +$ ejabberdctl --auth robot1 example.org abcdef registered_users example.org robot1 testuser1 testuser2 @@ -5215,7 +5214,6 @@ and is Username, Hostname and Password of a local XMPP account that has permission to execute the corresponding command. This means that the account must be registered in the local ejabberd, because the information will be verified. -It is possible to provide the plaintext password or its MD5 sum. When one or several access restrictions are defined and the authentication information is provided, diff --git a/src/ejabberd_commands.erl b/src/ejabberd_commands.erl index 215a80876..92b2edc45 100644 --- a/src/ejabberd_commands.erl +++ b/src/ejabberd_commands.erl @@ -381,18 +381,13 @@ check_auth(noauth) -> no_auth_provided; check_auth({User, Server, Password}) -> %% Check the account exists and password is valid - AccountPass = ejabberd_auth:get_password_s(User, Server), - AccountPassMD5 = get_md5(AccountPass), - case Password of - AccountPass -> {ok, User, Server}; - AccountPassMD5 -> {ok, User, Server}; - _ -> throw({error, invalid_account_data}) + case ejabberd_auth:check_password(User, Server, Password) of + true -> + {ok, User, Server}; + false -> + throw({error, invalid_account_data}) end. -get_md5(AccountPass) -> - lists:flatten([io_lib:format("~.16B", [X]) - || X <- binary_to_list(crypto:md5(AccountPass))]). - check_access(all, _) -> true; check_access(Access, Auth) ->