mirror of
https://github.com/processone/ejabberd.git
synced 2024-12-26 17:38:45 +01:00
Migration of scram passwords with piefxis (riak and internal only)
This commit is contained in:
parent
ed502673f4
commit
eb52c118d0
@ -151,7 +151,10 @@ set_password(User, Server, Password) ->
|
|||||||
try_register(User, Server, PasswordList) ->
|
try_register(User, Server, PasswordList) ->
|
||||||
LUser = jlib:nodeprep(User),
|
LUser = jlib:nodeprep(User),
|
||||||
LServer = jlib:nameprep(Server),
|
LServer = jlib:nameprep(Server),
|
||||||
Password = iolist_to_binary(PasswordList),
|
Password = if is_list(PasswordList); is_binary(PasswordList) ->
|
||||||
|
iolist_to_binary(PasswordList);
|
||||||
|
true -> PasswordList
|
||||||
|
end,
|
||||||
US = {LUser, LServer},
|
US = {LUser, LServer},
|
||||||
if (LUser == error) or (LServer == error) ->
|
if (LUser == error) or (LServer == error) ->
|
||||||
{error, invalid_jid};
|
{error, invalid_jid};
|
||||||
|
@ -125,7 +125,10 @@ set_password(User, Server, Password) ->
|
|||||||
try_register(User, Server, PasswordList) ->
|
try_register(User, Server, PasswordList) ->
|
||||||
LUser = jlib:nodeprep(User),
|
LUser = jlib:nodeprep(User),
|
||||||
LServer = jlib:nameprep(Server),
|
LServer = jlib:nameprep(Server),
|
||||||
Password = iolist_to_binary(PasswordList),
|
Password = if is_list(PasswordList); is_binary(PasswordList) ->
|
||||||
|
iolist_to_binary(PasswordList);
|
||||||
|
true -> PasswordList
|
||||||
|
end,
|
||||||
US = {LUser, LServer},
|
US = {LUser, LServer},
|
||||||
if (LUser == error) or (LServer == error) ->
|
if (LUser == error) or (LServer == error) ->
|
||||||
{error, invalid_jid};
|
{error, invalid_jid};
|
||||||
|
@ -238,7 +238,17 @@ export_users([], _Server, _Fd) ->
|
|||||||
%%%==================================
|
%%%==================================
|
||||||
%%%% Utilities
|
%%%% Utilities
|
||||||
export_user(User, Server, Fd) ->
|
export_user(User, Server, Fd) ->
|
||||||
Pass = ejabberd_auth:get_password_s(User, Server),
|
Password = ejabberd_auth:get_password_s(User, Server),
|
||||||
|
LServer = jlib:nameprep(Server),
|
||||||
|
PasswordFormat = ejabberd_config:get_option({auth_password_format, LServer}, fun(X) -> X end, plain),
|
||||||
|
Pass = case Password of
|
||||||
|
{_,_,_,_} ->
|
||||||
|
case PasswordFormat of
|
||||||
|
scram -> format_scram_password(Password);
|
||||||
|
_ -> <<"">>
|
||||||
|
end;
|
||||||
|
_ -> Password
|
||||||
|
end,
|
||||||
Els = get_offline(User, Server) ++
|
Els = get_offline(User, Server) ++
|
||||||
get_vcard(User, Server) ++
|
get_vcard(User, Server) ++
|
||||||
get_privacy(User, Server) ++
|
get_privacy(User, Server) ++
|
||||||
@ -250,6 +260,23 @@ export_user(User, Server, Fd) ->
|
|||||||
{<<"password">>, Pass}],
|
{<<"password">>, Pass}],
|
||||||
children = Els})).
|
children = Els})).
|
||||||
|
|
||||||
|
format_scram_password({StoredKey, ServerKey, Salt, IterationCount}) ->
|
||||||
|
StoredKeyB64 = base64:encode(StoredKey),
|
||||||
|
ServerKeyB64 = base64:encode(ServerKey),
|
||||||
|
SaltB64 = base64:encode(Salt),
|
||||||
|
IterationCountBin = list_to_binary(integer_to_list(IterationCount)),
|
||||||
|
<<"scram:", StoredKeyB64/binary, ",", ServerKeyB64/binary, ",", SaltB64/binary, ",", IterationCountBin/binary>>.
|
||||||
|
|
||||||
|
parse_scram_password(PassData) ->
|
||||||
|
Split = binary:split(PassData, <<",">>, [global]),
|
||||||
|
[StoredKeyB64, ServerKeyB64, SaltB64, IterationCountBin] = Split,
|
||||||
|
#scram{
|
||||||
|
storedkey = StoredKeyB64,
|
||||||
|
serverkey = ServerKeyB64,
|
||||||
|
salt = SaltB64,
|
||||||
|
iterationcount = list_to_integer(binary_to_list(IterationCountBin))
|
||||||
|
}.
|
||||||
|
|
||||||
get_vcard(User, Server) ->
|
get_vcard(User, Server) ->
|
||||||
JID = jlib:make_jid(User, Server, <<>>),
|
JID = jlib:make_jid(User, Server, <<>>),
|
||||||
case mod_vcard:process_sm_iq(JID, JID, #iq{type = get}) of
|
case mod_vcard:process_sm_iq(JID, JID, #iq{type = get}) of
|
||||||
@ -457,7 +484,18 @@ process_users([], State) ->
|
|||||||
process_user(#xmlel{name = <<"user">>, attrs = Attrs, children = Els},
|
process_user(#xmlel{name = <<"user">>, attrs = Attrs, children = Els},
|
||||||
#state{server = LServer} = State) ->
|
#state{server = LServer} = State) ->
|
||||||
Name = xml:get_attr_s(<<"name">>, Attrs),
|
Name = xml:get_attr_s(<<"name">>, Attrs),
|
||||||
Pass = xml:get_attr_s(<<"password">>, Attrs),
|
Password = xml:get_attr_s(<<"password">>, Attrs),
|
||||||
|
PasswordFormat = ejabberd_config:get_option({auth_password_format, LServer}, fun(X) -> X end, plain),
|
||||||
|
Pass = case PasswordFormat of
|
||||||
|
scram ->
|
||||||
|
case Password of
|
||||||
|
<<"scram:", PassData/binary>> ->
|
||||||
|
parse_scram_password(PassData);
|
||||||
|
P -> P
|
||||||
|
end;
|
||||||
|
_ -> Password
|
||||||
|
end,
|
||||||
|
|
||||||
case jlib:nodeprep(Name) of
|
case jlib:nodeprep(Name) of
|
||||||
error ->
|
error ->
|
||||||
stop("Invalid 'user': ~s", [Name]);
|
stop("Invalid 'user': ~s", [Name]);
|
||||||
@ -541,8 +579,23 @@ process_privacy(El, State = #state{user = U, server = S}) ->
|
|||||||
JID = jlib:make_jid(U, S, <<"">>),
|
JID = jlib:make_jid(U, S, <<"">>),
|
||||||
case mod_privacy:process_iq_set(
|
case mod_privacy:process_iq_set(
|
||||||
[], JID, JID, #iq{type = set, sub_el = El}) of
|
[], JID, JID, #iq{type = set, sub_el = El}) of
|
||||||
{error, _} = Err ->
|
{error, Error} = Err ->
|
||||||
stop("Failed to write privacy: ~p", [Err]);
|
#xmlel{children = Els} = El,
|
||||||
|
Name = case xml:remove_cdata(Els) of
|
||||||
|
[#xmlel{name = N}] -> N;
|
||||||
|
_ -> undefined
|
||||||
|
end,
|
||||||
|
#xmlel{attrs = Attrs} = Error,
|
||||||
|
ErrorCode = case lists:keysearch(<<"code">>, 1, Attrs) of
|
||||||
|
{value, {_, V}} -> V;
|
||||||
|
false -> undefined
|
||||||
|
end,
|
||||||
|
if
|
||||||
|
ErrorCode == <<"404">>, Name == <<"default">> ->
|
||||||
|
{ok, State};
|
||||||
|
true ->
|
||||||
|
stop("Failed to write privacy: ~p", [Err])
|
||||||
|
end;
|
||||||
_ ->
|
_ ->
|
||||||
{ok, State}
|
{ok, State}
|
||||||
end.
|
end.
|
||||||
|
Loading…
Reference in New Issue
Block a user