diff options
| author | Evgeniy Khramtsov <ekhramtsov@process-one.net> | 2017-05-11 14:37:21 +0300 |
|---|---|---|
| committer | Evgeniy Khramtsov <ekhramtsov@process-one.net> | 2017-05-11 14:37:21 +0300 |
| commit | 633b68db1130c81551b063f3aa15d599b0d355e5 (patch) | |
| tree | df2f0be4b75b001e8e47d1778e8e01637a9dfbcd /src/ejabberd_auth_pam.erl | |
| parent | Use misc:atom_to_binary/1 instead of the deprecated jlib.erl (#1510) (diff) | |
Use cache for authentication backends
The commit introduces the following API incompatibilities:
In ejabberd_auth.erl:
* dirty_get_registered_users/0 is renamed to get_users/0
* get_vh_registered_users/1 is renamed to get_users/1
* get_vh_registered_users/2 is renamed to get_users/2
* get_vh_registered_users_number/1 is renamed to count_users/1
* get_vh_registered_users_number/2 is renamed to count_users/2
In ejabberd_auth callbacks
* plain_password_required/0 is replaced by plain_password_required/1
where the argument is a virtual host
* store_type/0 is replaced by store_type/1 where the argument is
a virtual host
* set_password/3 is now an optional callback
* remove_user/3 callback is no longer needed
* remove_user/2 now should return `ok | {error, atom()}`
* is_user_exists/2 now must only be implemented for backends
with `external` store type
* check_password/6 is no longer needed
* check_password/4 now must only be implemented for backends
with `external` store type
* try_register/3 is now an optional callback and should return
`ok | {error, atom()}`
* dirty_get_registered_users/0 is no longer needed
* get_vh_registered_users/1 is no longer needed
* get_vh_registered_users/2 is renamed to get_users/2
* get_vh_registered_users_number/1 is no longer needed
* get_vh_registered_users_number/2 is renamed to count_users/2
* get_password_s/2 is no longer needed
* get_password/2 now must only be implemented for backends with
`plain` or `scram` store type
Additionally, the commit introduces two new callbacks:
* use_cache/1 where the argument is a virtual host
* cache_nodes/1 where the argument is a virtual host
New options are also introduced: `auth_use_cache`, `auth_cache_missed`,
`auth_cache_life_time` and `auth_cache_size`.
Diffstat (limited to 'src/ejabberd_auth_pam.erl')
| -rw-r--r-- | src/ejabberd_auth_pam.erl | 47 |
1 files changed, 6 insertions, 41 deletions
diff --git a/src/ejabberd_auth_pam.erl b/src/ejabberd_auth_pam.erl index 9d2fc819..f865f36f 100644 --- a/src/ejabberd_auth_pam.erl +++ b/src/ejabberd_auth_pam.erl @@ -30,14 +30,8 @@ -behaviour(ejabberd_auth). --export([start/1, stop/1, set_password/3, check_password/4, - check_password/6, try_register/3, - dirty_get_registered_users/0, get_vh_registered_users/1, - get_vh_registered_users/2, - get_vh_registered_users_number/1, - get_vh_registered_users_number/2, get_password/2, - get_password_s/2, is_user_exists/2, remove_user/2, - remove_user/3, store_type/0, plain_password_required/0, +-export([start/1, stop/1, check_password/4, + is_user_exists/2, store_type/1, plain_password_required/1, opt_type/1]). start(_Host) -> @@ -46,13 +40,6 @@ start(_Host) -> stop(_Host) -> ok. -set_password(_User, _Server, _Password) -> - {error, not_allowed}. - -check_password(User, AuthzId, Server, Password, _Digest, - _DigestGen) -> - check_password(User, AuthzId, Server, Password). - check_password(User, AuthzId, Host, Password) -> if AuthzId /= <<>> andalso AuthzId /= User -> false; @@ -70,25 +57,6 @@ check_password(User, AuthzId, Host, Password) -> end end. -try_register(_User, _Server, _Password) -> - {error, not_allowed}. - -dirty_get_registered_users() -> []. - -get_vh_registered_users(_Host) -> []. - -get_vh_registered_users(_Host, _) -> []. - -get_vh_registered_users_number(_Host) -> 0. - -get_vh_registered_users_number(_Host, _) -> 0. - -get_password(_User, _Server) -> false. - -get_password_s(_User, _Server) -> <<"">>. - -%% @spec (User, Server) -> true | false | {error, Error} -%% TODO: Improve this function to return an error instead of 'false' when connection to PAM failed is_user_exists(User, Host) -> Service = get_pam_service(Host), UserInfo = case get_pam_userinfotype(Host) of @@ -97,16 +65,13 @@ is_user_exists(User, Host) -> end, case catch epam:acct_mgmt(Service, UserInfo) of true -> true; - _ -> false + false -> false; + _Err -> {error, db_failure} end. -remove_user(_User, _Server) -> {error, not_allowed}. - -remove_user(_User, _Server, _Password) -> not_allowed. - -plain_password_required() -> true. +plain_password_required(_) -> true. -store_type() -> external. +store_type(_) -> external. %%==================================================================== %% Internal functions |