26
1
mirror of https://github.com/processone/ejabberd.git synced 2024-12-28 17:38:54 +01:00
Commit Graph

145 Commits

Author SHA1 Message Date
Badlop
6e0161470e Update newest copyright year to 2021 (#3464) 2021-01-27 17:02:06 +01:00
Paweł Chmielowski
d8d9ef32ad Make anonymous auth not override sasl mechaninsm offered by other modules
This stop overriding store_type when anonymous is enabled with other
auth modules, we don't really need that since anonymous is not taking
passwords anyway, and this was disabling scram mechanisms.

This fixes issue #2803.
2020-12-14 16:42:14 +01:00
Paweł Chmielowski
1dc0ecd1e9 Allow to use different hash for storing scram passwords 2020-12-08 12:06:52 +01:00
Paweł Chmielowski
72867f8d1e Fix more places that needed changes after scram.erl api modifications 2020-12-04 09:20:59 +01:00
Paweł Chmielowski
b4ea1625e4 Don't use same value in cache for user don't exist and wrong password
By doing this check_password that returned info about mismatched password
caused user_exists checks performed after that to return wrongly that
account doesn't exist.
2020-10-22 11:10:22 +02:00
Stu Tomlinson
bd11a00f8f
Use include_lib() to include headers from dependencies (#3369) 2020-09-03 13:45:57 +02:00
Badlop
2d32c66fd7 Update copyright to 2020 (#3149) 2020-01-28 15:49:23 +01:00
Paweł Chmielowski
71c44bff8b Make convert_to_scram work with all backends 2019-11-27 10:35:52 +01:00
Alexey Shchepin
0fe1e40a9d JWT-only authentication for some users (#3012) 2019-09-18 18:46:24 +03:00
Evgeny Khramtsov
35576b4608 Improve hooks validator and fix bugs related to hooks registration 2019-07-29 10:46:20 +03:00
Evgeny Khramtsov
3f7d9e3ad6 Remove Riak support
Reasons:
- Riak DB development is almost halted after Basho
- riak-erlang-client is abandoned and doesn't work
  correctly with OTP22
- Riak is slow in comparison to other databases
- Missing key ordering makes it impossible to implement range
  queries efficiently (e.g. MAM queries)
2019-07-18 19:31:12 +03:00
Evgeny Khramtsov
15b4b3fa1b Fix typos using codespell 2019-07-16 22:07:39 +03:00
Evgeny Khramtsov
6f5d99275b Process unexpected messages uniformly 2019-07-12 11:55:36 +03:00
Evgeny Khramtsov
368858a744 Fix return type in try_set_password()
Fixes #2932
2019-07-07 12:16:04 +03:00
Evgeny Khramtsov
253ec13971 Use new ets_cache API in ejabberd_auth 2019-06-30 17:15:43 +03:00
Evgeny Khramtsov
39cf8d86d6 Avoid using broad map() type wherever possible 2019-06-27 15:22:27 +03:00
Evgeny Khramtsov
a3e0cbbdd8 Make logging messages more consistent 2019-06-24 20:32:34 +03:00
Evgeny Khramtsov
a205ebad2b Get rid of "well-known" type 2019-06-15 12:53:16 +03:00
Evgeny Khramtsov
a02cff0e78 Use new configuration validator 2019-06-14 12:33:26 +03:00
Evgeny Khramtsov
3f7a850ae8 Use different cache tables per auth module
Fixes #2322
2019-05-23 11:32:55 +03:00
Evgeny Khramtsov
7c45b52c86 Correctly support cache tags in ejabberd_auth 2019-04-19 15:42:24 +03:00
Evgeny Khramtsov
7f14826564 Use new ets_cache api in ejabberd_auth 2019-04-19 15:08:41 +03:00
Badlop
55417dfb37 Update copyright to 2019 (#2756) 2019-01-08 22:53:27 +01:00
Paweł Chmielowski
45eb08d05c Add auth:which_user_exist to bulk checking existence of list of users 2018-12-05 14:22:09 +01:00
Evgeny Khramtsov
2d246f61dd Fix some dialyzer warnings 2018-09-09 09:59:08 +03:00
Holger Weiss
2d45832a39 ejabberd_auth: Restore lost case clause
Let check_password_with_authmodule/6 handle the case where
validate_credentials/2 returns an error.  This got lost in commit
4f8af723c6.
2018-07-26 22:37:25 +02:00
Evgeniy Khramtsov
491993d401 Reload internal room's configuration when mod_muc is reloaded
Fixes #2513
2018-07-08 14:52:12 +03:00
Evgeniy Khramtsov
ed1ee6061e Move move randoms module to p1_utils repo 2018-07-05 11:51:49 +03:00
Evgeniy Khramtsov
fd8e07af47 Get rid of ejabberd.hrl header
The header consisted of too many unrelated stuff and macros misuse.
Some stuff is moved into scram.hrl and type_compat.hrl.
All macros have been replaced with the corresponding function calls.

TODO: probably type_compat.hrl is not even needed anymore since
we support only Erlang >= OTP 17.5
2018-06-14 14:00:47 +03:00
Evgeniy Khramtsov
1261502f6a Improve indentation 2018-05-30 22:53:34 +03:00
Stu Tomlinson
4f8af723c6 Fix authentication for usernames containing uppercase characters
Applies to authentication methods that compare User (normalized)
and AuthzId (was not being normalized). These are external, ldap & pam.

Fixes #2280
2018-05-30 18:43:26 +01:00
Evgeniy Khramtsov
b23d5754e8 Improve robustness of external authentication backends
Now all external ports are attached to supervising processes
and requests are balanced in round-robin manner until the pool
is exhausted.

The commit also deprecates `extauth_instances` option and introduces
`extauth_pool_size` option instead, with the default value of a number
of logical processors (i.e. CPU cores).

Fixes #2403
2018-05-07 19:27:18 +03:00
Holger Weiss
410db89167 ejabberd_auth: Don't use cache if it's disabled
Don't let the check whether a user exists use the cache if caching was
disabled in the configuration.
2018-05-03 00:31:33 +02:00
Evgeniy Khramtsov
ff06bdf144 Don't ask other nodes to invalidate cache when the key is not updated 2018-02-18 09:02:23 +03:00
Evgeniy Khramtsov
cffdb06b66 Cache 'isuser' queries to external auth program 2018-02-16 20:50:22 +03:00
Evgeniy Khramtsov
cdc7c1d1ed Update copyright dates 2018-01-05 23:18:58 +03:00
Christophe Romain
675cc3e0ea Allow auth and pubsub plugin to use Elixir module 2017-10-31 11:04:32 +01:00
Evgeniy Khramtsov
29462f0053 Make it possible to convert to SQL for any current db_type
It is now possible to run `export` command even when the current `db_type` is not `sql`
2017-10-25 21:21:52 +03:00
Christophe Romain
3d185c0fb8 Fix missing validation from 633b68db1 (#1900) 2017-08-04 11:53:32 +02:00
Evgeniy Khramtsov
e93762a720 Deprecate misc:encode_base64/1 and misc:decode_base64/1 2017-05-23 10:43:26 +03:00
Evgeniy Khramtsov
cdb191bb48 Rename is_user_exists -> user_exists 2017-05-11 15:49:06 +03:00
Evgeniy Khramtsov
633b68db11 Use cache for authentication backends
The commit introduces the following API incompatibilities:

In ejabberd_auth.erl:
* dirty_get_registered_users/0 is renamed to get_users/0
* get_vh_registered_users/1 is renamed to get_users/1
* get_vh_registered_users/2 is renamed to get_users/2
* get_vh_registered_users_number/1 is renamed to count_users/1
* get_vh_registered_users_number/2 is renamed to count_users/2

In ejabberd_auth callbacks
* plain_password_required/0 is replaced by plain_password_required/1
  where the argument is a virtual host
* store_type/0 is replaced by store_type/1 where the argument is
  a virtual host
* set_password/3 is now an optional callback
* remove_user/3 callback is no longer needed
* remove_user/2 now should return `ok | {error, atom()}`
* is_user_exists/2 now must only be implemented for backends
  with `external` store type
* check_password/6 is no longer needed
* check_password/4 now must only be implemented for backends
  with `external` store type
* try_register/3 is now an optional callback and should return
  `ok | {error, atom()}`
* dirty_get_registered_users/0 is no longer needed
* get_vh_registered_users/1 is no longer needed
* get_vh_registered_users/2 is renamed to get_users/2
* get_vh_registered_users_number/1 is no longer needed
* get_vh_registered_users_number/2 is renamed to count_users/2
* get_password_s/2 is no longer needed
* get_password/2 now must only be implemented for backends with
  `plain` or `scram` store type

Additionally, the commit introduces two new callbacks:
* use_cache/1 where the argument is a virtual host
* cache_nodes/1 where the argument is a virtual host

New options are also introduced: `auth_use_cache`, `auth_cache_missed`,
`auth_cache_life_time` and `auth_cache_size`.
2017-05-11 14:37:21 +03:00
Evgeniy Khramtsov
01a2c9fe12 Add type specs for Module:opt_type/1 2017-05-08 12:59:28 +03:00
Evgeniy Khramtsov
b82b93f8f0 Don't validate an option in ejabberd_config:get_option() functions
The commit introduces the following changes:
* Now there is no need to pass validating function in
  ejabberd_config:get_option() functions, because the configuration
  keeps already validated values.
* New function ejabberd_config:get_option/1 is introduced
* Function ejabberd_config:get_option/3 is deprecated. If the function
  is still called, the second argument (validating function) is simply
  ignored.
* The second argument for ejabberd_config:get_option/2 is now
  a default value, not a validating function.
2017-04-29 11:39:40 +03:00
Evgeniy Khramtsov
7129aebe76 Don't re-define validation functions in multiple places 2017-04-28 13:23:32 +03:00
Christophe Romain
b1acd1183f Rename aux.erl as misc.erl
Thanks Microsoft Windows to not support some filenames
2017-04-11 12:13:58 +02:00
Evgeniy Khramtsov
7bcbea2108 Deprecate jlib.erl in favor of aux.erl
Since the main goal of jlib.erl is lost, all auxiliary functions
are now moved to aux.erl, and the whole jlib.erl is now deprecated.
2017-03-30 14:17:13 +03:00
Paweł Chmielowski
7a186e242d Fix compilation on R17 2017-02-27 20:38:59 +01:00
Evgeniy Khramtsov
0db99ccb4b Improve config reloading support by ejabberd_auth 2017-02-24 14:06:47 +03:00
Evgeniy Khramtsov
67d6ca9f10 Improve startup procedure 2017-02-24 12:05:47 +03:00