mirror of
https://github.com/processone/ejabberd.git
synced 2024-10-19 15:32:08 +02:00
allow inband password change (EJAB-199)
This commit is contained in:
parent
b0d5ac0b33
commit
e117ce1b7b
@ -182,13 +182,20 @@ check_password(User, Server, Password) ->
|
|||||||
check_password(User, Server, Password, _Digest, _DigestGen) ->
|
check_password(User, Server, Password, _Digest, _DigestGen) ->
|
||||||
check_password(User, Server, Password).
|
check_password(User, Server, Password).
|
||||||
|
|
||||||
%% @spec (User, Server, Password) -> {error, not_allowed}
|
%% @spec (User, Server, Password) -> {error, Reason} | ok
|
||||||
%% User = string()
|
%% User = string()
|
||||||
%% Server = string()
|
%% Server = string()
|
||||||
%% Password = string()
|
%% Password = string()
|
||||||
|
%% Reason = term()
|
||||||
|
|
||||||
set_password(_User, _Server, _Password) ->
|
set_password(User, Server, Password) ->
|
||||||
{error, not_allowed}.
|
{ok, State} = eldap_utils:get_state(Server, ?MODULE),
|
||||||
|
case find_user_dn(User, State) of
|
||||||
|
false ->
|
||||||
|
{error, user_not_found};
|
||||||
|
DN ->
|
||||||
|
eldap_pool:modify_passwd(State#state.eldap_id, DN, Password)
|
||||||
|
end.
|
||||||
|
|
||||||
%% @spec (User, Server, Password) -> {error, not_allowed}
|
%% @spec (User, Server, Password) -> {error, not_allowed}
|
||||||
%% User = string()
|
%% User = string()
|
||||||
|
@ -286,6 +286,16 @@ ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
|
|||||||
responseName [10] LDAPOID OPTIONAL,
|
responseName [10] LDAPOID OPTIONAL,
|
||||||
response [11] OCTET STRING OPTIONAL }
|
response [11] OCTET STRING OPTIONAL }
|
||||||
|
|
||||||
|
passwdModifyOID LDAPOID ::= "1.3.6.1.4.1.4203.1.11.1"
|
||||||
|
|
||||||
|
PasswdModifyRequestValue ::= SEQUENCE {
|
||||||
|
userIdentity [0] OCTET STRING OPTIONAL,
|
||||||
|
oldPasswd [1] OCTET STRING OPTIONAL,
|
||||||
|
newPasswd [2] OCTET STRING OPTIONAL }
|
||||||
|
|
||||||
|
PasswdModifyResponseValue ::= SEQUENCE {
|
||||||
|
genPasswd [0] OCTET STRING OPTIONAL }
|
||||||
|
|
||||||
END
|
END
|
||||||
|
|
||||||
|
|
||||||
|
@ -33,9 +33,11 @@
|
|||||||
|
|
||||||
%%% Modified by Alexey Shchepin <alexey@sevcom.net>
|
%%% Modified by Alexey Shchepin <alexey@sevcom.net>
|
||||||
|
|
||||||
%%% Modified by Evgeniy Khramtsov <xram@jabber.ru>
|
%%% Modified by Evgeniy Khramtsov <ekhramtsov@process-one.net>
|
||||||
%%% Implemented queue for bind() requests to prevent pending binds.
|
%%% Implemented queue for bind() requests to prevent pending binds.
|
||||||
%%% Implemented extensibleMatch/2 function.
|
%%% Implemented extensibleMatch/2 function.
|
||||||
|
%%% Implemented LDAP Extended Operations (currently only Password Modify
|
||||||
|
%%% is supported - RFC 3062).
|
||||||
|
|
||||||
%%% Modified by Christophe Romain <christophe.romain@process-one.net>
|
%%% Modified by Christophe Romain <christophe.romain@process-one.net>
|
||||||
%%% Improve error case handling
|
%%% Improve error case handling
|
||||||
@ -74,7 +76,7 @@
|
|||||||
equalityMatch/2,greaterOrEqual/2,lessOrEqual/2,
|
equalityMatch/2,greaterOrEqual/2,lessOrEqual/2,
|
||||||
approxMatch/2,search/2,substrings/2,present/1,extensibleMatch/2,
|
approxMatch/2,search/2,substrings/2,present/1,extensibleMatch/2,
|
||||||
'and'/1,'or'/1,'not'/1,modify/3, mod_add/2, mod_delete/2,
|
'and'/1,'or'/1,'not'/1,modify/3, mod_add/2, mod_delete/2,
|
||||||
mod_replace/2, add/3, delete/2, modify_dn/5, bind/3]).
|
mod_replace/2, add/3, delete/2, modify_dn/5, modify_passwd/3, bind/3]).
|
||||||
-export([get_status/1]).
|
-export([get_status/1]).
|
||||||
|
|
||||||
%% gen_fsm callbacks
|
%% gen_fsm callbacks
|
||||||
@ -240,6 +242,10 @@ modify_dn(Handle, Entry, NewRDN, DelOldRDN, NewSup)
|
|||||||
{modify_dn, Entry, NewRDN, bool_p(DelOldRDN), optional(NewSup)},
|
{modify_dn, Entry, NewRDN, bool_p(DelOldRDN), optional(NewSup)},
|
||||||
?CALL_TIMEOUT).
|
?CALL_TIMEOUT).
|
||||||
|
|
||||||
|
modify_passwd(Handle, DN, Passwd) when is_list(DN), is_list(Passwd) ->
|
||||||
|
Handle1 = get_handle(Handle),
|
||||||
|
gen_fsm:sync_send_event(
|
||||||
|
Handle1, {modify_passwd, DN, Passwd}, ?CALL_TIMEOUT).
|
||||||
|
|
||||||
%%% --------------------------------------------------------------------
|
%%% --------------------------------------------------------------------
|
||||||
%%% Bind.
|
%%% Bind.
|
||||||
@ -695,6 +701,16 @@ gen_req({modify_dn, Entry, NewRDN, DelOldRDN, NewSup}) ->
|
|||||||
deleteoldrdn = DelOldRDN,
|
deleteoldrdn = DelOldRDN,
|
||||||
newSuperior = NewSup}};
|
newSuperior = NewSup}};
|
||||||
|
|
||||||
|
gen_req({modify_passwd, DN, Passwd}) ->
|
||||||
|
{ok, ReqVal} = asn1rt:encode(
|
||||||
|
'ELDAPv3', 'PasswdModifyRequestValue',
|
||||||
|
#'PasswdModifyRequestValue'{
|
||||||
|
userIdentity = DN,
|
||||||
|
newPasswd = Passwd}),
|
||||||
|
{extendedReq,
|
||||||
|
#'ExtendedRequest'{requestName = ?passwdModifyOID,
|
||||||
|
requestValue = list_to_binary(ReqVal)}};
|
||||||
|
|
||||||
gen_req({bind, RootDN, Passwd}) ->
|
gen_req({bind, RootDN, Passwd}) ->
|
||||||
{bindRequest,
|
{bindRequest,
|
||||||
#'BindRequest'{version = ?LDAP_VERSION,
|
#'BindRequest'{version = ?LDAP_VERSION,
|
||||||
@ -769,6 +785,11 @@ recvd_packet(Pkt, S) ->
|
|||||||
cancel_timer(Timer),
|
cancel_timer(Timer),
|
||||||
Reply = check_bind_reply(Result, From),
|
Reply = check_bind_reply(Result, From),
|
||||||
{reply, Reply, From, S#eldap{dict = New_dict}};
|
{reply, Reply, From, S#eldap{dict = New_dict}};
|
||||||
|
{extendedReq, {extendedResp, Result}} ->
|
||||||
|
New_dict = dict:erase(Id, Dict),
|
||||||
|
cancel_timer(Timer),
|
||||||
|
Reply = check_extended_reply(Result, From),
|
||||||
|
{reply, Reply, From, S#eldap{dict = New_dict}};
|
||||||
{OtherName, OtherResult} ->
|
{OtherName, OtherResult} ->
|
||||||
New_dict = dict:erase(Id, Dict),
|
New_dict = dict:erase(Id, Dict),
|
||||||
cancel_timer(Timer),
|
cancel_timer(Timer),
|
||||||
@ -793,6 +814,15 @@ check_bind_reply(#'BindResponse'{resultCode = Reason}, _From) ->
|
|||||||
check_bind_reply(Other, _From) ->
|
check_bind_reply(Other, _From) ->
|
||||||
{error, Other}.
|
{error, Other}.
|
||||||
|
|
||||||
|
%% TODO: process reply depending on requestName:
|
||||||
|
%% this requires BER-decoding of #'ExtendedResponse'.response
|
||||||
|
check_extended_reply(#'ExtendedResponse'{resultCode = success}, _From) ->
|
||||||
|
ok;
|
||||||
|
check_extended_reply(#'ExtendedResponse'{resultCode = Reason}, _From) ->
|
||||||
|
{error, Reason};
|
||||||
|
check_extended_reply(Other, _From) ->
|
||||||
|
{error, Other}.
|
||||||
|
|
||||||
get_op_rec(Id, Dict) ->
|
get_op_rec(Id, Dict) ->
|
||||||
case dict:find(Id, Dict) of
|
case dict:find(Id, Dict) of
|
||||||
{ok, [{Timer, _Command, From, Name}|Res]} ->
|
{ok, [{Timer, _Command, From, Name}|Res]} ->
|
||||||
|
@ -31,7 +31,8 @@
|
|||||||
-export([
|
-export([
|
||||||
start_link/7,
|
start_link/7,
|
||||||
bind/3,
|
bind/3,
|
||||||
search/2
|
search/2,
|
||||||
|
modify_passwd/3
|
||||||
]).
|
]).
|
||||||
|
|
||||||
-include("ejabberd.hrl").
|
-include("ejabberd.hrl").
|
||||||
@ -45,6 +46,9 @@ bind(PoolName, DN, Passwd) ->
|
|||||||
search(PoolName, Opts) ->
|
search(PoolName, Opts) ->
|
||||||
do_request(PoolName, {search, [Opts]}).
|
do_request(PoolName, {search, [Opts]}).
|
||||||
|
|
||||||
|
modify_passwd(PoolName, DN, Passwd) ->
|
||||||
|
do_request(PoolName, {modify_passwd, [DN, Passwd]}).
|
||||||
|
|
||||||
start_link(Name, Hosts, Backups, Port, Rootdn, Passwd, Encrypt) ->
|
start_link(Name, Hosts, Backups, Port, Rootdn, Passwd, Encrypt) ->
|
||||||
PoolName = make_id(Name),
|
PoolName = make_id(Name),
|
||||||
pg2:create(PoolName),
|
pg2:create(PoolName),
|
||||||
|
Loading…
Reference in New Issue
Block a user