Chapril/xmpp.chapril.org-ejabberd
25
1
Fork 0
mirror of https://github.com/processone/ejabberd.git synced 2024-12-22 17:28:25 +01:00
Code Releases Activity

Add SCRAM and remove MD5 support to ejabberd commands auth verification

Browse Source
This commit is contained in:
Badlop 2012-08-27 16:57:56 +02:00
parent 4147081f0b
commit 8a737f875f
2 changed files with 6 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/guide.tex
View File

@ -5010,7 +5010,6 @@ In this example there is no restriction:
\end{verbatim} \end{verbatim}
If account \term{robot1@example.org} is registered in \ejabberd{} with password \term{abcdef} If account \term{robot1@example.org} is registered in \ejabberd{} with password \term{abcdef}
(which MD5 is E8B501798950FC58AAD83C8C14978E),
and \term{ejabberd.cfg} contains this setting: and \term{ejabberd.cfg} contains this setting:
\begin{verbatim} \begin{verbatim}
{hosts, ["example.org"]}. {hosts, ["example.org"]}.
@ -5022,7 +5021,7 @@ then you can do this in the shell:
\begin{verbatim} \begin{verbatim}
$ ejabberdctl registered_users example.org $ ejabberdctl registered_users example.org
Error: no_auth_provided Error: no_auth_provided
$ ejabberdctl --auth robot1 example.org E8B501798950FC58AAD83C8C14978E registered_users example.org $ ejabberdctl --auth robot1 example.org abcdef registered_users example.org
robot1 robot1
testuser1 testuser1
testuser2 testuser2
@ -5215,7 +5214,6 @@ and is Username, Hostname and Password of a local XMPP account
that has permission to execute the corresponding command. that has permission to execute the corresponding command.
This means that the account must be registered in the local ejabberd, This means that the account must be registered in the local ejabberd,
because the information will be verified. because the information will be verified.
It is possible to provide the plaintext password or its MD5 sum.
When one or several access restrictions are defined and the When one or several access restrictions are defined and the
authentication information is provided, authentication information is provided,

15
src/ejabberd_commands.erl
View File

@ -381,18 +381,13 @@ check_auth(noauth) ->
no_auth_provided; no_auth_provided;
check_auth({User, Server, Password}) -> check_auth({User, Server, Password}) ->
%% Check the account exists and password is valid %% Check the account exists and password is valid
AccountPass = ejabberd_auth:get_password_s(User, Server), case ejabberd_auth:check_password(User, Server, Password) of
AccountPassMD5 = get_md5(AccountPass), true ->
case Password of {ok, User, Server};
AccountPass -> {ok, User, Server}; false ->
AccountPassMD5 -> {ok, User, Server}; throw({error, invalid_account_data})
_ -> throw({error, invalid_account_data})
end. end.
get_md5(AccountPass) ->
lists:flatten([io_lib:format("~.16B", [X])
|| X <- binary_to_list(crypto:md5(AccountPass))]).
check_access(all, _) -> check_access(all, _) ->
true; true;
check_access(Access, Auth) -> check_access(Access, Auth) ->