diff options
author | Evgeniy Khramtsov <ekhramtsov@process-one.net> | 2017-05-11 14:37:21 +0300 |
---|---|---|
committer | Evgeniy Khramtsov <ekhramtsov@process-one.net> | 2017-05-11 14:37:21 +0300 |
commit | 633b68db1130c81551b063f3aa15d599b0d355e5 (patch) | |
tree | df2f0be4b75b001e8e47d1778e8e01637a9dfbcd /src/ejabberd_auth_ldap.erl | |
parent | Use misc:atom_to_binary/1 instead of the deprecated jlib.erl (#1510) (diff) |
Use cache for authentication backends
The commit introduces the following API incompatibilities:
In ejabberd_auth.erl:
* dirty_get_registered_users/0 is renamed to get_users/0
* get_vh_registered_users/1 is renamed to get_users/1
* get_vh_registered_users/2 is renamed to get_users/2
* get_vh_registered_users_number/1 is renamed to count_users/1
* get_vh_registered_users_number/2 is renamed to count_users/2
In ejabberd_auth callbacks
* plain_password_required/0 is replaced by plain_password_required/1
where the argument is a virtual host
* store_type/0 is replaced by store_type/1 where the argument is
a virtual host
* set_password/3 is now an optional callback
* remove_user/3 callback is no longer needed
* remove_user/2 now should return `ok | {error, atom()}`
* is_user_exists/2 now must only be implemented for backends
with `external` store type
* check_password/6 is no longer needed
* check_password/4 now must only be implemented for backends
with `external` store type
* try_register/3 is now an optional callback and should return
`ok | {error, atom()}`
* dirty_get_registered_users/0 is no longer needed
* get_vh_registered_users/1 is no longer needed
* get_vh_registered_users/2 is renamed to get_users/2
* get_vh_registered_users_number/1 is no longer needed
* get_vh_registered_users_number/2 is renamed to count_users/2
* get_password_s/2 is no longer needed
* get_password/2 now must only be implemented for backends with
`plain` or `scram` store type
Additionally, the commit introduces two new callbacks:
* use_cache/1 where the argument is a virtual host
* cache_nodes/1 where the argument is a virtual host
New options are also introduced: `auth_use_cache`, `auth_cache_missed`,
`auth_cache_life_time` and `auth_cache_size`.
Diffstat (limited to 'src/ejabberd_auth_ldap.erl')
-rw-r--r-- | src/ejabberd_auth_ldap.erl | 64 |
1 files changed, 17 insertions, 47 deletions
diff --git a/src/ejabberd_auth_ldap.erl b/src/ejabberd_auth_ldap.erl index 8a4532e3..15abebed 100644 --- a/src/ejabberd_auth_ldap.erl +++ b/src/ejabberd_auth_ldap.erl @@ -37,13 +37,9 @@ handle_cast/2, terminate/2, code_change/3]). -export([start/1, stop/1, start_link/1, set_password/3, - check_password/4, check_password/6, try_register/3, - dirty_get_registered_users/0, get_vh_registered_users/1, - get_vh_registered_users/2, - get_vh_registered_users_number/1, - get_vh_registered_users_number/2, get_password/2, - get_password_s/2, is_user_exists/2, remove_user/2, - remove_user/3, store_type/0, plain_password_required/0, + check_password/4, is_user_exists/2, + get_users/2, count_users/2, + store_type/1, plain_password_required/1, opt_type/1]). -include("ejabberd.hrl"). @@ -112,9 +108,9 @@ init(Host) -> State#state.password, State#state.tls_options), {ok, State}. -plain_password_required() -> true. +plain_password_required(_) -> true. -store_type() -> external. +store_type(_) -> external. check_password(User, AuthzId, Server, Password) -> if AuthzId /= <<>> andalso AuthzId /= User -> @@ -129,60 +125,34 @@ check_password(User, AuthzId, Server, Password) -> end end. -check_password(User, AuthzId, Server, Password, _Digest, - _DigestGen) -> - check_password(User, AuthzId, Server, Password). - set_password(User, Server, Password) -> {ok, State} = eldap_utils:get_state(Server, ?MODULE), case find_user_dn(User, State) of - false -> {error, user_not_found}; + false -> {error, notfound}; DN -> - eldap_pool:modify_passwd(State#state.eldap_id, DN, - Password) + case eldap_pool:modify_passwd(State#state.eldap_id, DN, + Password) of + ok -> ok; + _Err -> {error, db_failure} + end end. -%% @spec (User, Server, Password) -> {error, not_allowed} -try_register(_User, _Server, _Password) -> - {error, not_allowed}. - -dirty_get_registered_users() -> - Servers = ejabberd_config:get_vh_by_auth_method(ldap), - lists:flatmap(fun (Server) -> - get_vh_registered_users(Server) - end, - Servers). - -get_vh_registered_users(Server) -> - case catch get_vh_registered_users_ldap(Server) of +get_users(Server, []) -> + case catch get_users_ldap(Server) of {'EXIT', _} -> []; Result -> Result end. -get_vh_registered_users(Server, _) -> - get_vh_registered_users(Server). - -get_vh_registered_users_number(Server) -> - length(get_vh_registered_users(Server)). - -get_vh_registered_users_number(Server, _) -> - get_vh_registered_users_number(Server). - -get_password(_User, _Server) -> false. - -get_password_s(_User, _Server) -> <<"">>. +count_users(Server, Opts) -> + length(get_users(Server, Opts)). %% @spec (User, Server) -> true | false | {error, Error} is_user_exists(User, Server) -> case catch is_user_exists_ldap(User, Server) of - {'EXIT', Error} -> {error, Error}; + {'EXIT', _Error} -> {error, db_failure}; Result -> Result end. -remove_user(_User, _Server) -> {error, not_allowed}. - -remove_user(_User, _Server, _Password) -> not_allowed. - %%%---------------------------------------------------------------------- %%% Internal functions %%%---------------------------------------------------------------------- @@ -199,7 +169,7 @@ check_password_ldap(User, Server, Password) -> end end. -get_vh_registered_users_ldap(Server) -> +get_users_ldap(Server) -> {ok, State} = eldap_utils:get_state(Server, ?MODULE), UIDs = State#state.uids, Eldap_ID = State#state.eldap_id, |