25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-10-31 15:21:38 +01:00
Commit Graph

76 Commits

Author SHA1 Message Date
Paweł Chmielowski
b39a1e2d74 Add reload handler to ejabberd_auth_ldap
This will restart ldap process with new options, and should made it
recognize new values.

This fixes issue #3181
2020-03-04 13:19:41 +01:00
Badlop
2d32c66fd7 Update copyright to 2020 (#3149) 2020-01-28 15:49:23 +01:00
Evgeny Khramtsov
15b4b3fa1b Fix typos using codespell 2019-07-16 22:07:39 +03:00
Evgeny Khramtsov
6f5d99275b Process unexpected messages uniformly 2019-07-12 11:55:36 +03:00
Evgeny Khramtsov
253ec13971 Use new ets_cache API in ejabberd_auth 2019-06-30 17:15:43 +03:00
Evgeny Khramtsov
a02cff0e78 Use new configuration validator 2019-06-14 12:33:26 +03:00
Badlop
55417dfb37 Update copyright to 2019 (#2756) 2019-01-08 22:53:27 +01:00
Evgeny Khramtsov
2d246f61dd Fix some dialyzer warnings 2018-09-09 09:59:08 +03:00
Evgeniy Khramtsov
fd8e07af47 Get rid of ejabberd.hrl header
The header consisted of too many unrelated stuff and macros misuse.
Some stuff is moved into scram.hrl and type_compat.hrl.
All macros have been replaced with the corresponding function calls.

TODO: probably type_compat.hrl is not even needed anymore since
we support only Erlang >= OTP 17.5
2018-06-14 14:00:47 +03:00
Evgeniy Khramtsov
cdc7c1d1ed Update copyright dates 2018-01-05 23:18:58 +03:00
Evgeniy Khramtsov
cdb191bb48 Rename is_user_exists -> user_exists 2017-05-11 15:49:06 +03:00
Evgeniy Khramtsov
633b68db11 Use cache for authentication backends
The commit introduces the following API incompatibilities:

In ejabberd_auth.erl:
* dirty_get_registered_users/0 is renamed to get_users/0
* get_vh_registered_users/1 is renamed to get_users/1
* get_vh_registered_users/2 is renamed to get_users/2
* get_vh_registered_users_number/1 is renamed to count_users/1
* get_vh_registered_users_number/2 is renamed to count_users/2

In ejabberd_auth callbacks
* plain_password_required/0 is replaced by plain_password_required/1
  where the argument is a virtual host
* store_type/0 is replaced by store_type/1 where the argument is
  a virtual host
* set_password/3 is now an optional callback
* remove_user/3 callback is no longer needed
* remove_user/2 now should return `ok | {error, atom()}`
* is_user_exists/2 now must only be implemented for backends
  with `external` store type
* check_password/6 is no longer needed
* check_password/4 now must only be implemented for backends
  with `external` store type
* try_register/3 is now an optional callback and should return
  `ok | {error, atom()}`
* dirty_get_registered_users/0 is no longer needed
* get_vh_registered_users/1 is no longer needed
* get_vh_registered_users/2 is renamed to get_users/2
* get_vh_registered_users_number/1 is no longer needed
* get_vh_registered_users_number/2 is renamed to count_users/2
* get_password_s/2 is no longer needed
* get_password/2 now must only be implemented for backends with
  `plain` or `scram` store type

Additionally, the commit introduces two new callbacks:
* use_cache/1 where the argument is a virtual host
* cache_nodes/1 where the argument is a virtual host

New options are also introduced: `auth_use_cache`, `auth_cache_missed`,
`auth_cache_life_time` and `auth_cache_size`.
2017-05-11 14:37:21 +03:00
Evgeniy Khramtsov
01a2c9fe12 Add type specs for Module:opt_type/1 2017-05-08 12:59:28 +03:00
Evgeniy Khramtsov
fddd6110e0 Don't validate an option in gen_mod:get*opt() functions
The changes are very similar to those from previous commit:
* Now there is no need to pass validating function in
  gen_mod:get_opt() and gen_mod:get_module_opt() functions,
  because the modules' configuration keeps already validated values.
* New functions gen_mod:get_opt/2 and gen_mod:get_module_opt/3 are
  introduced.
* Functions gen_mod:get_opt/4 and get_module_opt/5 are deprecated.
  If the functions are still called, the "function" argument is
  simply ignored.
* Validating callback Mod:listen_opt_type/1 is introduced to validate
  listening options at startup.
2017-04-30 19:01:47 +03:00
Evgeniy Khramtsov
7129aebe76 Don't re-define validation functions in multiple places 2017-04-28 13:23:32 +03:00
Christophe Romain
b1acd1183f Rename aux.erl as misc.erl
Thanks Microsoft Windows to not support some filenames
2017-04-11 12:13:58 +02:00
Evgeniy Khramtsov
7bcbea2108 Deprecate jlib.erl in favor of aux.erl
Since the main goal of jlib.erl is lost, all auxiliary functions
are now moved to aux.erl, and the whole jlib.erl is now deprecated.
2017-03-30 14:17:13 +03:00
Evgeniy Khramtsov
67d6ca9f10 Improve startup procedure 2017-02-24 12:05:47 +03:00
Evgeniy Khramtsov
6cdead166b Start/stop auth modules when host is added/deleted 2017-02-23 16:19:22 +03:00
Evgeniy Khramtsov
940ca9311d Fix some dialyzer warnings 2017-02-18 09:36:27 +03:00
Badlop
5fdd1c39fe Update copyright date automatically (#1442) 2017-01-02 21:42:06 +01:00
Holger Weiss
a2f0e157bc ejabberd_auth*: Fix indentation 2016-05-24 00:40:25 +02:00
Evgeniy Khramtsov
46568fb959 Merge commit 'refs/pull/524/head' of github.com:processone/ejabberd into sasl-api-change 2016-03-25 18:16:50 +03:00
Badlop
f448ff608a Update copyright to 2016 (#901) 2016-01-13 12:29:14 +01:00
Evgeniy Khramtsov
95265dd3ad Move JID related functions to jid.erl (#847) 2015-11-24 18:44:13 +03:00
Evgeniy Khramtsov
c1119b1f39 Remove unused validation code 2015-06-03 16:05:17 +03:00
Evgeniy Khramtsov
fb6267f38e Add config validation at startup 2015-06-01 15:38:27 +03:00
Evgeniy Khramtsov
a9f7d9481f Do not try to fetch module options via eldap_utils 2015-06-01 15:22:31 +03:00
Ben Langfeld
917d48f30b Use SASL PLAIN authzid as client identity if auth module permits it
This allows the authentication modules to perform SASL proxy authentication. It puts the onus on them to authorize the authcid to masquerade as the authzid. Doesn't currently implement such functionality in existing auth modules, since they cannot currently codify a relationship between the two identities. Does not permit the authzid to use a domain differently from the one of the connection.

Note: digest might not work, but I have no interest in it, being deprecated.
2015-05-06 14:12:15 -03:00
Badlop
5a35405cd5 Update copyright dates to 2015 (EJAB-1733) 2015-01-08 17:34:43 +01:00
Holger Weiss
46d035c142 Fix parsing of "ldap_dn_filter" option 2014-11-22 01:33:23 +01:00
badlop
285c4c17cf Merge pull request #146 from jamielinux/master
Update FSF address
2014-04-11 13:35:46 +02:00
Badlop
633d47f784 Update copyright dates to 2014 (EJAB-1679) 2014-03-13 12:30:57 +01:00
Jamie Nguyen
8538997d61 Update FSF address 2014-02-22 10:27:40 +00:00
Evgeniy Khramtsov
91a74e3e27 Change configuration file format to YAML 2013-08-21 22:17:59 +10:00
Evgeniy Khramtsov
4d8f770624 Switch to rebar build tool
Use dynamic Rebar configuration
Make iconv dependency optional
Disable transient_supervisors compile option
Add hipe compilation support
Only compile ibrowse and lhttpc when needed
Make it possible to generate an OTP application release
Add --enable-debug compile option
Add --enable-all compiler option
Add --enable-tools configure option
Add --with-erlang configure option.
Add --enable-erlang-version-check configure option.
Add lager support
Improve the test suite
2013-06-13 11:11:02 +02:00
Badlop
9deb294328 Accumulated patch to binarize and indent code 2013-03-14 10:33:02 +01:00
Alexey Shchepin
0ae400533c Update copyright dates 2013-01-24 16:25:13 +02:00
Alexey Shchepin
b1e2538488 Update copyright dates 2012-02-23 17:52:34 +02:00
Evgeniy Khramtsov
33766a124d New option support: ldap_deref_aliases (EJAB-639) 2011-09-19 16:58:55 +10:00
Badlop
1ee6eae684 Fix and improve support for SCRAM auth method (EJAB-1196) 2011-08-16 00:26:49 +02:00
Badlop
e80b92b481 Preliminary patch for SASL SCRAM-SHA-1 (thanks to Stephen Röttger)(EJAB-1196) 2011-08-16 00:25:03 +02:00
Evgeniy Khramtsov
7e14b2d46a Add ldap_tls_cacertfile and ldap_tls_depth options (EJAB-1299) 2011-07-13 15:40:27 +10:00
Evgeniy Khramtsov
6cc6c04c4a Log an error when an LDAP filter is incorrect (EJAB-1395) 2011-06-15 20:06:32 +10:00
Christophe Romain
fd52f2cb7d update copyright up to 2011 2011-02-14 13:50:55 +01:00
Evgeniy Khramtsov
f58d03c12e new option ldap_tls_verify is added (EJAB-1229) 2010-05-10 19:37:37 +10:00
Evgeniy Khramtsov
c2362db03d allow inband password change (EJAB-199) 2010-04-19 20:57:24 +10:00
Evgeniy Khramtsov
606860e1cc ldap_dn_filter option is documented; now fetching only needed attributes in LDAP search requests (EJAB-1204) 2010-03-08 16:44:14 +09:00
Badlop
7b76fdcde7 Update year of ProcessOne copyright from 2009 to 2010 (EJAB-1159)
SVN Revision: 2891
2010-01-12 16:11:32 +00:00
Badlop
31aa201ee8 Support LDAPS with TLS (EJAB-109)(thanks to Thomas Baden, Andy Harb, Sergei Golovan, Anton Podavalov)
SVN Revision: 2098
2009-05-25 17:15:48 +00:00