25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-12-22 17:28:25 +01:00

Add SCRAM and remove MD5 support to ejabberd commands auth verification

This commit is contained in:
Badlop 2012-08-27 16:57:56 +02:00
parent 4147081f0b
commit 8a737f875f
2 changed files with 6 additions and 13 deletions

View File

@ -5010,7 +5010,6 @@ In this example there is no restriction:
\end{verbatim}
If account \term{robot1@example.org} is registered in \ejabberd{} with password \term{abcdef}
(which MD5 is E8B501798950FC58AAD83C8C14978E),
and \term{ejabberd.cfg} contains this setting:
\begin{verbatim}
{hosts, ["example.org"]}.
@ -5022,7 +5021,7 @@ then you can do this in the shell:
\begin{verbatim}
$ ejabberdctl registered_users example.org
Error: no_auth_provided
$ ejabberdctl --auth robot1 example.org E8B501798950FC58AAD83C8C14978E registered_users example.org
$ ejabberdctl --auth robot1 example.org abcdef registered_users example.org
robot1
testuser1
testuser2
@ -5215,7 +5214,6 @@ and is Username, Hostname and Password of a local XMPP account
that has permission to execute the corresponding command.
This means that the account must be registered in the local ejabberd,
because the information will be verified.
It is possible to provide the plaintext password or its MD5 sum.
When one or several access restrictions are defined and the
authentication information is provided,

View File

@ -381,18 +381,13 @@ check_auth(noauth) ->
no_auth_provided;
check_auth({User, Server, Password}) ->
%% Check the account exists and password is valid
AccountPass = ejabberd_auth:get_password_s(User, Server),
AccountPassMD5 = get_md5(AccountPass),
case Password of
AccountPass -> {ok, User, Server};
AccountPassMD5 -> {ok, User, Server};
_ -> throw({error, invalid_account_data})
case ejabberd_auth:check_password(User, Server, Password) of
true ->
{ok, User, Server};
false ->
throw({error, invalid_account_data})
end.
get_md5(AccountPass) ->
lists:flatten([io_lib:format("~.16B", [X])
|| X <- binary_to_list(crypto:md5(AccountPass))]).
check_access(all, _) ->
true;
check_access(Access, Auth) ->