diff options
author | Badlop <badlop@process-one.net> | 2010-05-10 16:42:54 +0200 |
---|---|---|
committer | Badlop <badlop@process-one.net> | 2010-05-10 16:42:54 +0200 |
commit | 9476d8a2c378e0ff092faf0ba504a074bef2489b (patch) | |
tree | 3487e2af7ddb073defa7ac0d43bc3dd16061071f /src/ejabberd_auth_external.erl | |
parent | Fix EDoc comment (diff) |
Optionally cache extauth users in mnesia (EJAB-641)
Diffstat (limited to 'src/ejabberd_auth_external.erl')
-rw-r--r-- | src/ejabberd_auth_external.erl | 241 |
1 files changed, 223 insertions, 18 deletions
diff --git a/src/ejabberd_auth_external.erl b/src/ejabberd_auth_external.erl index 60cea18f..dc9f95eb 100644 --- a/src/ejabberd_auth_external.erl +++ b/src/ejabberd_auth_external.erl @@ -35,6 +35,9 @@ try_register/3, dirty_get_registered_users/0, get_vh_registered_users/1, + get_vh_registered_users/2, + get_vh_registered_users_number/1, + get_vh_registered_users_number/2, get_password/2, get_password_s/2, is_user_exists/2, @@ -43,45 +46,87 @@ plain_password_required/0 ]). +-include("ejabberd.hrl"). + %%%---------------------------------------------------------------------- %%% API %%%---------------------------------------------------------------------- start(Host) -> extauth:start( Host, ejabberd_config:get_local_option({extauth_program, Host})), - ok. + case check_cache_last_options(Host) of + cache -> + ok = ejabberd_auth_internal:start(Host); + no_cache -> + ok + end. + +check_cache_last_options(Server) -> + %% if extauth_cache is enabled, then a mod_last module must also be enabled + case get_cache_option(Server) of + false -> no_cache; + {true, _CacheTime} -> + case get_mod_last_enabled(Server) of + no_mod_last -> + ?ERROR_MSG("In host ~p extauth is used, extauth_cache is enabled but " + "mod_last is not enabled.", [Server]), + no_cache; + _ -> cache + end + end. plain_password_required() -> true. check_password(User, Server, Password) -> - extauth:check_password(User, Server, Password) andalso Password /= "". + case get_cache_option(Server) of + false -> check_password_extauth(User, Server, Password); + {true, CacheTime} -> check_password_cache(User, Server, Password, CacheTime) + end. check_password(User, Server, Password, _Digest, _DigestGen) -> check_password(User, Server, Password). set_password(User, Server, Password) -> case extauth:set_password(User, Server, Password) of - true -> ok; + true -> set_password_internal(User, Server, Password), + ok; _ -> {error, unknown_problem} end. -try_register(_User, _Server, _Password) -> - {error, not_allowed}. +try_register(User, Server, Password) -> + case get_cache_option(Server) of + false -> try_register_extauth(User, Server, Password); + {true, _CacheTime} -> try_register_external_cache(User, Server, Password) + end. -%% TODO -%% Return the list of all users handled by external dirty_get_registered_users() -> - []. + ejabberd_auth_internal:dirty_get_registered_users(). + +get_vh_registered_users(Server) -> + ejabberd_auth_internal:get_vh_registered_users(Server). + +get_vh_registered_users(Server, Data) -> + ejabberd_auth_internal:get_vh_registered_users(Server, Data). + +get_vh_registered_users_number(Server) -> + ejabberd_auth_internal:get_vh_registered_users_number(Server). -get_vh_registered_users(_Server) -> - []. +get_vh_registered_users_number(Server, Data) -> + ejabberd_auth_internal:get_vh_registered_users_number(Server, Data). -get_password(_User, _Server) -> - false. +%% The password can only be returned if cache is enabled, cached info exists and is fresh enough. +get_password(User, Server) -> + case get_cache_option(Server) of + false -> false; + {true, CacheTime} -> get_password_cache(User, Server, CacheTime) + end. -get_password_s(_User, _Server) -> - "". +get_password_s(User, Server) -> + case get_password(User, Server) of + false -> []; + Other -> Other + end. %% @spec (User, Server) -> true | false | {error, Error} is_user_exists(User, Server) -> @@ -91,9 +136,169 @@ is_user_exists(User, Server) -> _:Error -> {error, Error} end. -remove_user(_User, _Server) -> - {error, not_allowed}. +remove_user(User, Server) -> + case extauth:remove_user(User, Server) of + false -> false; + true -> + case get_cache_option(Server) of + false -> false; + {true, _CacheTime} -> + ejabberd_auth_internal:remove_user(User, Server) + end + end. + +remove_user(User, Server, Password) -> + case extauth:remove_user(User, Server, Password) of + false -> false; + true -> + case get_cache_option(Server) of + false -> false; + {true, _CacheTime} -> + ejabberd_auth_internal:remove_user(User, Server, Password) + end + end. + +%%% +%%% Extauth cache management +%%% -remove_user(_User, _Server, _Password) -> - not_allowed. +%% @spec (Host::string()) -> false | {true, CacheTime::integer()} +get_cache_option(Host) -> + case ejabberd_config:get_local_option({extauth_cache, Host}) of + CacheTime when is_integer(CacheTime) -> {true, CacheTime}; + _ -> false + end. +%% @spec (User, Server, Password) -> true | false +check_password_extauth(User, Server, Password) -> + extauth:check_password(User, Server, Password) andalso Password /= "". + +%% @spec (User, Server, Password) -> true | false +try_register_extauth(User, Server, Password) -> + extauth:try_register(User, Server, Password). + +check_password_cache(User, Server, Password, CacheTime) -> + case get_last_access(User, Server) of + online -> + check_password_internal(User, Server, Password); + never -> + check_password_external_cache(User, Server, Password); + mod_last_required -> + ?ERROR_MSG("extauth is used, extauth_cache is enabled but mod_last is not enabled in that host", []), + check_password_external_cache(User, Server, Password); + TimeStamp -> + %% If last access exists, compare last access with cache refresh time + case is_fresh_enough(TimeStamp, CacheTime) of + %% If no need to refresh, check password against Mnesia + true -> + case check_password_internal(User, Server, Password) of + %% If password valid in Mnesia, accept it + true -> + true; + %% Else (password nonvalid in Mnesia), check in extauth and cache result + false -> + check_password_external_cache(User, Server, Password) + end; + %% Else (need to refresh), check in extauth and cache result + false -> + check_password_external_cache(User, Server, Password) + end + end. + +get_password_internal(User, Server) -> + ejabberd_auth_internal:get_password(User, Server). + +%% @spec (User, Server, CacheTime) -> false | Password::string() +get_password_cache(User, Server, CacheTime) -> + case get_last_access(User, Server) of + online -> + get_password_internal(User, Server); + never -> + false; + mod_last_required -> + ?ERROR_MSG("extauth is used, extauth_cache is enabled but mod_last is not enabled in that host", []), + false; + TimeStamp -> + case is_fresh_enough(TimeStamp, CacheTime) of + true -> + get_password_internal(User, Server); + false -> + false + end + end. + + +%% Check the password using extauth; if success then cache it +check_password_external_cache(User, Server, Password) -> + case check_password_extauth(User, Server, Password) of + true -> + set_password_internal(User, Server, Password), true; + false -> + false + end. + +%% Try to register using extauth; if success then cache it +try_register_external_cache(User, Server, Password) -> + case try_register_extauth(User, Server, Password) of + {atomic, ok} = R -> + set_password_internal(User, Server, Password), + R; + _ -> {error, not_allowed} + end. + +%% @spec (User, Server, Password) -> true | false +check_password_internal(User, Server, Password) -> + ejabberd_auth_internal:check_password(User, Server, Password). + +%% @spec (User, Server, Password) -> ok | {error, invalid_jid} +set_password_internal(User, Server, Password) -> + ejabberd_auth_internal:set_password(User, Server, Password). + +%% @spec (TimeLast, CacheTime) -> true | false +%% TimeLast = online | never | integer() +%% CacheTime = integer() | false +is_fresh_enough(online, _CacheTime) -> + true; +is_fresh_enough(never, _CacheTime) -> + false; +is_fresh_enough(TimeStampLast, CacheTime) -> + {MegaSecs, Secs, _MicroSecs} = now(), + Now = MegaSecs * 1000000 + Secs, + (TimeStampLast + CacheTime > Now). + +%% @spec (User, Server) -> online | never | mod_last_required | TimeStamp::integer() +%% Code copied from mod_configure.erl +%% Code copied from web/ejabberd_web_admin.erl +%% TODO: Update time format to XEP-0202: Entity Time +get_last_access(User, Server) -> + case ejabberd_sm:get_user_resources(User, Server) of + [] -> + _US = {User, Server}, + case get_last_info(User, Server) of + mod_last_required -> + mod_last_required; + not_found -> + never; + {ok, Timestamp, _Status} -> + Timestamp + end; + _ -> + online + end. +%% @spec (User, Server) -> {ok, Timestamp, Status} | not_found | mod_last_required +get_last_info(User, Server) -> + case get_mod_last_enabled(Server) of + mod_last -> mod_last:get_last_info(User, Server); + mod_last_odbc -> mod_last_odbc:get_last_info(User, Server); + mod_mod_last -> mod_last_required + end. + +%% @spec (Server) -> mod_last | mod_last_odbc | no_mod_last +get_mod_last_enabled(Server) -> + ML = lists:member(mod_last, gen_mod:loaded_modules(Server)), + MLO = lists:member(mod_last_odbc, gen_mod:loaded_modules(Server)), + case {ML, MLO} of + {true, _} -> mod_last; + {false, true} -> mod_last_odbc; + {false, false} -> no_mod_last + end. |