25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-10-31 15:21:38 +01:00
Commit Graph

123 Commits

Author SHA1 Message Date
Badlop
55417dfb37 Update copyright to 2019 (#2756) 2019-01-08 22:53:27 +01:00
Paweł Chmielowski
45eb08d05c Add auth:which_user_exist to bulk checking existence of list of users 2018-12-05 14:22:09 +01:00
Evgeny Khramtsov
2d246f61dd Fix some dialyzer warnings 2018-09-09 09:59:08 +03:00
Holger Weiss
2d45832a39 ejabberd_auth: Restore lost case clause
Let check_password_with_authmodule/6 handle the case where
validate_credentials/2 returns an error.  This got lost in commit
4f8af723c6.
2018-07-26 22:37:25 +02:00
Evgeniy Khramtsov
491993d401 Reload internal room's configuration when mod_muc is reloaded
Fixes #2513
2018-07-08 14:52:12 +03:00
Evgeniy Khramtsov
ed1ee6061e Move move randoms module to p1_utils repo 2018-07-05 11:51:49 +03:00
Evgeniy Khramtsov
fd8e07af47 Get rid of ejabberd.hrl header
The header consisted of too many unrelated stuff and macros misuse.
Some stuff is moved into scram.hrl and type_compat.hrl.
All macros have been replaced with the corresponding function calls.

TODO: probably type_compat.hrl is not even needed anymore since
we support only Erlang >= OTP 17.5
2018-06-14 14:00:47 +03:00
Evgeniy Khramtsov
1261502f6a Improve indentation 2018-05-30 22:53:34 +03:00
Stu Tomlinson
4f8af723c6 Fix authentication for usernames containing uppercase characters
Applies to authentication methods that compare User (normalized)
and AuthzId (was not being normalized). These are external, ldap & pam.

Fixes #2280
2018-05-30 18:43:26 +01:00
Evgeniy Khramtsov
b23d5754e8 Improve robustness of external authentication backends
Now all external ports are attached to supervising processes
and requests are balanced in round-robin manner until the pool
is exhausted.

The commit also deprecates `extauth_instances` option and introduces
`extauth_pool_size` option instead, with the default value of a number
of logical processors (i.e. CPU cores).

Fixes #2403
2018-05-07 19:27:18 +03:00
Holger Weiss
410db89167 ejabberd_auth: Don't use cache if it's disabled
Don't let the check whether a user exists use the cache if caching was
disabled in the configuration.
2018-05-03 00:31:33 +02:00
Evgeniy Khramtsov
ff06bdf144 Don't ask other nodes to invalidate cache when the key is not updated 2018-02-18 09:02:23 +03:00
Evgeniy Khramtsov
cffdb06b66 Cache 'isuser' queries to external auth program 2018-02-16 20:50:22 +03:00
Evgeniy Khramtsov
cdc7c1d1ed Update copyright dates 2018-01-05 23:18:58 +03:00
Christophe Romain
675cc3e0ea Allow auth and pubsub plugin to use Elixir module 2017-10-31 11:04:32 +01:00
Evgeniy Khramtsov
29462f0053 Make it possible to convert to SQL for any current db_type
It is now possible to run `export` command even when the current `db_type` is not `sql`
2017-10-25 21:21:52 +03:00
Christophe Romain
3d185c0fb8 Fix missing validation from 633b68db1 (#1900) 2017-08-04 11:53:32 +02:00
Evgeniy Khramtsov
e93762a720 Deprecate misc:encode_base64/1 and misc:decode_base64/1 2017-05-23 10:43:26 +03:00
Evgeniy Khramtsov
cdb191bb48 Rename is_user_exists -> user_exists 2017-05-11 15:49:06 +03:00
Evgeniy Khramtsov
633b68db11 Use cache for authentication backends
The commit introduces the following API incompatibilities:

In ejabberd_auth.erl:
* dirty_get_registered_users/0 is renamed to get_users/0
* get_vh_registered_users/1 is renamed to get_users/1
* get_vh_registered_users/2 is renamed to get_users/2
* get_vh_registered_users_number/1 is renamed to count_users/1
* get_vh_registered_users_number/2 is renamed to count_users/2

In ejabberd_auth callbacks
* plain_password_required/0 is replaced by plain_password_required/1
  where the argument is a virtual host
* store_type/0 is replaced by store_type/1 where the argument is
  a virtual host
* set_password/3 is now an optional callback
* remove_user/3 callback is no longer needed
* remove_user/2 now should return `ok | {error, atom()}`
* is_user_exists/2 now must only be implemented for backends
  with `external` store type
* check_password/6 is no longer needed
* check_password/4 now must only be implemented for backends
  with `external` store type
* try_register/3 is now an optional callback and should return
  `ok | {error, atom()}`
* dirty_get_registered_users/0 is no longer needed
* get_vh_registered_users/1 is no longer needed
* get_vh_registered_users/2 is renamed to get_users/2
* get_vh_registered_users_number/1 is no longer needed
* get_vh_registered_users_number/2 is renamed to count_users/2
* get_password_s/2 is no longer needed
* get_password/2 now must only be implemented for backends with
  `plain` or `scram` store type

Additionally, the commit introduces two new callbacks:
* use_cache/1 where the argument is a virtual host
* cache_nodes/1 where the argument is a virtual host

New options are also introduced: `auth_use_cache`, `auth_cache_missed`,
`auth_cache_life_time` and `auth_cache_size`.
2017-05-11 14:37:21 +03:00
Evgeniy Khramtsov
01a2c9fe12 Add type specs for Module:opt_type/1 2017-05-08 12:59:28 +03:00
Evgeniy Khramtsov
b82b93f8f0 Don't validate an option in ejabberd_config:get_option() functions
The commit introduces the following changes:
* Now there is no need to pass validating function in
  ejabberd_config:get_option() functions, because the configuration
  keeps already validated values.
* New function ejabberd_config:get_option/1 is introduced
* Function ejabberd_config:get_option/3 is deprecated. If the function
  is still called, the second argument (validating function) is simply
  ignored.
* The second argument for ejabberd_config:get_option/2 is now
  a default value, not a validating function.
2017-04-29 11:39:40 +03:00
Evgeniy Khramtsov
7129aebe76 Don't re-define validation functions in multiple places 2017-04-28 13:23:32 +03:00
Christophe Romain
b1acd1183f Rename aux.erl as misc.erl
Thanks Microsoft Windows to not support some filenames
2017-04-11 12:13:58 +02:00
Evgeniy Khramtsov
7bcbea2108 Deprecate jlib.erl in favor of aux.erl
Since the main goal of jlib.erl is lost, all auxiliary functions
are now moved to aux.erl, and the whole jlib.erl is now deprecated.
2017-03-30 14:17:13 +03:00
Paweł Chmielowski
7a186e242d Fix compilation on R17 2017-02-27 20:38:59 +01:00
Evgeniy Khramtsov
0db99ccb4b Improve config reloading support by ejabberd_auth 2017-02-24 14:06:47 +03:00
Evgeniy Khramtsov
67d6ca9f10 Improve startup procedure 2017-02-24 12:05:47 +03:00
Evgeniy Khramtsov
6cdead166b Start/stop auth modules when host is added/deleted 2017-02-23 16:19:22 +03:00
Evgeniy Khramtsov
940ca9311d Fix some dialyzer warnings 2017-02-18 09:36:27 +03:00
Evgeniy Khramtsov
d5d906184f Merge branch 'new_stream'
Conflicts:
	src/cyrsasl.erl
	src/ejabberd_c2s.erl
	src/ejabberd_cluster.erl
	src/ejabberd_frontend_socket.erl
	src/ejabberd_node_groups.erl
	src/ejabberd_router.erl
	src/mod_bosh.erl
	src/mod_ip_blacklist.erl
	src/mod_muc_mnesia.erl
	src/mod_offline.erl
	src/mod_proxy65_sm.erl
2017-01-20 19:35:46 +03:00
Badlop
5fdd1c39fe Update copyright date automatically (#1442) 2017-01-02 21:42:06 +01:00
Evgeniy Khramtsov
e7fe4dc474 More refactoring on session management 2016-12-30 00:00:36 +03:00
Evgeniy Khramtsov
309bdfbe28 Add xmpp_stream_out behaviour and rewrite s2s/SM code 2016-12-28 09:47:11 +03:00
Christophe Romain
fbfbb96872 Improve ODBC import 2016-11-22 14:48:01 +01:00
Evgeniy Khramtsov
9c369b7a8c Improve detection of databases supported by modules (#1092) 2016-04-27 17:10:50 +03:00
Evgeniy Khramtsov
52fde758b3 Get rid of "internal" DB type. This also fixes #1092 2016-04-27 09:44:32 +03:00
Evgeniy Khramtsov
1aae8a9fda Rename odbc to sql everywhere 2016-04-20 13:25:42 +03:00
Evgeniy Khramtsov
46568fb959 Merge commit 'refs/pull/524/head' of github.com:processone/ejabberd into sasl-api-change 2016-03-25 18:16:50 +03:00
Badlop
f448ff608a Update copyright to 2016 (#901) 2016-01-13 12:29:14 +01:00
Evgeniy Khramtsov
95265dd3ad Move JID related functions to jid.erl (#847) 2015-11-24 18:44:13 +03:00
Christophe Romain
6aeb9dcb38 cosmetic cleanup 2015-10-07 14:18:38 +02:00
Evgeniy Khramtsov
fb6267f38e Add config validation at startup 2015-06-01 15:38:27 +03:00
Ben Langfeld
917d48f30b Use SASL PLAIN authzid as client identity if auth module permits it
This allows the authentication modules to perform SASL proxy authentication. It puts the onus on them to authorize the authcid to masquerade as the authzid. Doesn't currently implement such functionality in existing auth modules, since they cannot currently codify a relationship between the two identities. Does not permit the authzid to use a domain differently from the one of the connection.

Note: digest might not work, but I have no interest in it, being deprecated.
2015-05-06 14:12:15 -03:00
Badlop
d624753410 Update get_password_s description with SCRAM return values 2015-04-15 11:51:34 +02:00
Evgeniy Khramtsov
821039b7d5 Swap 'mnesia' and 'internal' types correctly 2015-03-30 12:25:25 +03:00
Evgeniy Khramtsov
fb1fd50df5 The 'default_db' option should impact ejabberd_auth as well 2015-03-30 12:18:18 +03:00
Badlop
176114d28e Try to fix more Dialyzer warnings 2015-03-27 15:55:57 +01:00
Taufan Aditya
864e113256 Fix unused vars warning 2015-01-09 01:00:26 +07:00
Badlop
5a35405cd5 Update copyright dates to 2015 (EJAB-1733) 2015-01-08 17:34:43 +01:00