mirror of
https://github.com/processone/ejabberd.git
synced 2024-11-30 16:36:29 +01:00
Detect auth errors and report in log file. Support auth when domain not provided.
SVN Revision: 2331
This commit is contained in:
parent
0aca6920a7
commit
b9cbb7a72b
@ -45,7 +45,6 @@
|
|||||||
?XMLATTR('name', Name),
|
?XMLATTR('name', Name),
|
||||||
?XMLATTR('value', Value)])).
|
?XMLATTR('value', Value)])).
|
||||||
|
|
||||||
|
|
||||||
process(["doc", LocalFile], _Request) ->
|
process(["doc", LocalFile], _Request) ->
|
||||||
DocPath = case os:getenv("EJABBERD_DOC_PATH") of
|
DocPath = case os:getenv("EJABBERD_DOC_PATH") of
|
||||||
P when is_list(P) -> P;
|
P when is_list(P) -> P;
|
||||||
@ -70,71 +69,87 @@ process(["doc", LocalFile], _Request) ->
|
|||||||
end
|
end
|
||||||
end;
|
end;
|
||||||
|
|
||||||
process(["server", SHost | RPath], #request{auth = Auth} = Request) ->
|
process(["server", SHost | RPath], #request{auth = Auth, lang = Lang, host = HostHTTP} = Request) ->
|
||||||
Host = exmpp_stringprep:nameprep(SHost),
|
Host = exmpp_stringprep:nameprep(SHost),
|
||||||
case lists:member(Host, ?MYHOSTS) of
|
case lists:member(Host, ?MYHOSTS) of
|
||||||
true ->
|
true ->
|
||||||
case get_auth(Auth) of
|
case get_auth_admin(Auth, Host, HostHTTP) of
|
||||||
{User, Server} ->
|
{ok, {User, Server}} ->
|
||||||
case acl:match_rule(
|
process_admin(Host, Request#request{path = RPath,
|
||||||
Host, configure, exmpp_jid:make(User, Server)) of
|
us = {User, Server}});
|
||||||
deny ->
|
{unauthorized, "no-auth-provided"} ->
|
||||||
ejabberd_web:error(not_allowed);
|
|
||||||
allow ->
|
|
||||||
process_admin(
|
|
||||||
Host, Request#request{path = RPath,
|
|
||||||
us = {User, Server}})
|
|
||||||
end;
|
|
||||||
unauthorized ->
|
|
||||||
{401,
|
{401,
|
||||||
[{"WWW-Authenticate", "basic realm=\"ejabberd\""}],
|
[{"WWW-Authenticate", "basic realm=\"ejabberd\""}],
|
||||||
ejabberd_web:make_xhtml([#xmlel{ns = ?NS_XHTML, name = 'h1', children =
|
ejabberd_web:make_xhtml([?XCT('h1', "Unauthorized")])};
|
||||||
[#xmlcdata{cdata = <<"401 Unauthorized">>}]}])}
|
{unauthorized, Error} ->
|
||||||
|
?WARNING_MSG("Access ~p failed with error: ~p~n~p",
|
||||||
|
[Auth, Error, Request]),
|
||||||
|
{401,
|
||||||
|
[{"WWW-Authenticate",
|
||||||
|
"basic realm=\"auth error, retry login to ejabberd\""}],
|
||||||
|
ejabberd_web:make_xhtml([?XCT('h1', "Unauthorized")])}
|
||||||
end;
|
end;
|
||||||
false ->
|
false ->
|
||||||
ejabberd_web:error(not_found)
|
ejabberd_web:error(not_found)
|
||||||
end;
|
end;
|
||||||
|
|
||||||
process(RPath, #request{auth = Auth} = Request) ->
|
process(RPath, #request{auth = Auth, lang = Lang, host = HostHTTP} = Request) ->
|
||||||
case get_auth(Auth) of
|
case get_auth_admin(Auth, global, HostHTTP) of
|
||||||
{User, Server} ->
|
{ok, {User, Server}} ->
|
||||||
case acl:match_rule(
|
process_admin(global, Request#request{path = RPath,
|
||||||
global, configure, exmpp_jid:make(User, Server)) of
|
us = {User, Server}});
|
||||||
deny ->
|
{unauthorized, "no-auth-provided"} ->
|
||||||
ejabberd_web:error(not_allowed);
|
|
||||||
allow ->
|
|
||||||
process_admin(
|
|
||||||
global, Request#request{path = RPath,
|
|
||||||
us = {User, Server}})
|
|
||||||
end;
|
|
||||||
unauthorized ->
|
|
||||||
%% XXX bard: any reason to send this data now and not
|
|
||||||
%% always in case of an 401? ought to check http specs...
|
|
||||||
{401,
|
{401,
|
||||||
[{"WWW-Authenticate", "basic realm=\"ejabberd\""}],
|
[{"WWW-Authenticate", "basic realm=\"ejabberd\""}],
|
||||||
ejabberd_web:make_xhtml([#xmlel{ns = ?NS_XHTML, name = 'h1', children =
|
ejabberd_web:make_xhtml([?XCT('h1', "Unauthorized")])};
|
||||||
[#xmlcdata{cdata = <<"401 Unauthorized">>}]}])}
|
{unauthorized, Error} ->
|
||||||
|
?WARNING_MSG("Access ~p failed with error: ~p~n~p",
|
||||||
|
[Auth, Error, Request]),
|
||||||
|
{401,
|
||||||
|
[{"WWW-Authenticate",
|
||||||
|
"basic realm=\"auth error, retry login to ejabberd\""}],
|
||||||
|
ejabberd_web:make_xhtml([?XCT('h1', "Unauthorized")])}
|
||||||
end.
|
end.
|
||||||
|
|
||||||
get_auth(Auth) ->
|
get_auth_admin(Auth, Host, HostHTTP) ->
|
||||||
case Auth of
|
case Auth of
|
||||||
{SJID, P} ->
|
{SJID, Pass} ->
|
||||||
try
|
try
|
||||||
JID = exmpp_jid:parse(SJID),
|
JID = exmpp_jid:parse(SJID),
|
||||||
U = exmpp_jid:node_as_list(JID),
|
User = exmpp_jid:node_as_list(JID),
|
||||||
S = exmpp_jid:domain_as_list(JID),
|
Server = exmpp_jid:domain_as_list(JID),
|
||||||
case ejabberd_auth:check_password(U, S, P) of
|
case User == undefined of
|
||||||
true ->
|
true ->
|
||||||
{U, S};
|
%% If only specified username, not username@server
|
||||||
|
get_auth_account(Host, Server, HostHTTP, Pass);
|
||||||
false ->
|
false ->
|
||||||
unauthorized
|
get_auth_account(Host, User, Server, Pass)
|
||||||
end
|
end
|
||||||
catch
|
catch
|
||||||
_ ->
|
_ ->
|
||||||
unauthorized
|
{unauthorized, "badformed-jid"}
|
||||||
end;
|
end;
|
||||||
_ ->
|
_ ->
|
||||||
unauthorized
|
{unauthorized, "no-auth-provided"}
|
||||||
|
end.
|
||||||
|
|
||||||
|
get_auth_account(Host, User, Server, Pass) ->
|
||||||
|
case ejabberd_auth:check_password(User, Server, Pass) of
|
||||||
|
true ->
|
||||||
|
case acl:match_rule(Host, configure,
|
||||||
|
exmpp_jid:make(User, Server)) of
|
||||||
|
deny ->
|
||||||
|
{unauthorized, "unprivileged-account"};
|
||||||
|
allow ->
|
||||||
|
{ok, {User, Server}}
|
||||||
|
end;
|
||||||
|
false ->
|
||||||
|
case ejabberd_auth:is_user_exists(User, Server) of
|
||||||
|
true ->
|
||||||
|
{unauthorized, "bad-password"};
|
||||||
|
false ->
|
||||||
|
{unauthorized, "inexistent-account"}
|
||||||
|
end
|
||||||
end.
|
end.
|
||||||
|
|
||||||
make_xhtml(Els, Host, Lang) ->
|
make_xhtml(Els, Host, Lang) ->
|
||||||
|
Loading…
Reference in New Issue
Block a user