diff options
author | Badlop <badlop@process-one.net> | 2008-04-22 17:41:30 +0000 |
---|---|---|
committer | Badlop <badlop@process-one.net> | 2008-04-22 17:41:30 +0000 |
commit | 96f0c001d9b11f98c842f463537d0056d2ce5acf (patch) | |
tree | 4f5c2908f828cc38ad68044e353a93f7c3dd9ca2 /src/ejabberd_auth.erl | |
parent | * src/ejabberd_s2s_out.erl: Fix long timeout when reconnecting s2s (diff) |
* src/ejabberd_auth.erl: Improve anonymous authentication to not
remove rosters accidentally (EJAB-549). New functions in
ejabberd_auth to get/check password and know which module accepted
the authentication. New element 'auth_module' in ejabberd_c2s
record 'statedata'. Cyrsasl provides a new property in the
response: {auth_module, AuthModule}.
* src/ejabberd_auth_anonymous.erl: Likewise
* src/ejabberd_c2s.erl: Likewise
* src/cyrsasl_anonymous.erl: Likewise
* src/cyrsasl_digest.erl: Likewise
* src/cyrsasl_plain.erl: Likewise
SVN Revision: 1297
Diffstat (limited to 'src/ejabberd_auth.erl')
-rw-r--r-- | src/ejabberd_auth.erl | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/src/ejabberd_auth.erl b/src/ejabberd_auth.erl index 5201900d..d6a7e522 100644 --- a/src/ejabberd_auth.erl +++ b/src/ejabberd_auth.erl @@ -34,6 +34,8 @@ set_password/3, check_password/3, check_password/5, + check_password_with_authmodule/3, + check_password_with_authmodule/5, try_register/3, dirty_get_registered_users/0, get_vh_registered_users/1, @@ -42,6 +44,7 @@ get_vh_registered_users_number/2, get_password/2, get_password_s/2, + get_password_with_authmodule/2, is_user_exists/2, is_user_exists_in_other_modules/3, remove_user/2, @@ -73,18 +76,57 @@ plain_password_required(Server) -> M:plain_password_required() end, auth_modules(Server)). +%% @doc Check if the user and password can login in server. +%% @spec (User::string(), Server::string(), Password::string()) -> +%% true | false check_password(User, Server, Password) -> lists:any( fun(M) -> M:check_password(User, Server, Password) end, auth_modules(Server)). +%% @doc Check if the user and password can login in server. +%% @spec (User::string(), Server::string(), Password::string(), +%% StreamID::string(), Digest::string()) -> +%% true | false check_password(User, Server, Password, StreamID, Digest) -> lists:any( fun(M) -> M:check_password(User, Server, Password, StreamID, Digest) end, auth_modules(Server)). +%% @doc Check if the user and password can login in server. +%% The user can login if at least an authentication method accepts the user +%% and the password. +%% The first authentication method that accepts the credentials is returned. +%% @spec (User::string(), Server::string(), Password::string()) -> +%% {true, AuthModule} | false +%% where +%% AuthModule = ejabberd_auth_anonymous | ejabberd_auth_external +%% | ejabberd_auth_internal | ejabberd_auth_ldap +%% | ejabberd_auth_odbc | ejabberd_auth_pam +check_password_with_authmodule(User, Server, Password) -> + Res = lists:dropwhile( + fun(M) -> + not apply(M, check_password, + [User, Server, Password]) + end, auth_modules(Server)), + case Res of + [] -> false; + [AuthMod | _] -> {true, AuthMod} + end. + +check_password_with_authmodule(User, Server, Password, StreamID, Digest) -> + Res = lists:dropwhile( + fun(M) -> + not apply(M, check_password, + [User, Server, Password, StreamID, Digest]) + end, auth_modules(Server)), + case Res of + [] -> false; + [AuthMod | _] -> {true, AuthMod} + end. + %% We do not allow empty password: set_password(_User, _Server, "") -> {error, not_allowed}; @@ -163,6 +205,8 @@ get_vh_registered_users_number(Server, Opts) -> end end, auth_modules(Server))). +%% @doc Get the password of the user. +%% @spec (User::string(), Server::string()) -> Password::string() get_password(User, Server) -> lists:foldl( fun(M, false) -> @@ -179,6 +223,17 @@ get_password_s(User, Server) -> Password end. +%% @doc Get the password of the user and the auth module. +%% @spec (User::string(), Server::string()) -> +%% {Password::string(), AuthModule::atom()} | {false, none} +get_password_with_authmodule(User, Server) -> + lists:foldl( + fun(M, {false, _}) -> + {M:get_password(User, Server), M}; + (_M, {Password, AuthModule}) -> + {Password, AuthModule} + end, {false, none}, auth_modules(Server)). + %% Returns true if the user exists in the DB or if an anonymous user is logged %% under the given name is_user_exists(User, Server) -> |