diff options
author | Paweł Chmielowski <pchmielowski@process-one.net> | 2020-12-08 12:06:52 +0100 |
---|---|---|
committer | Paweł Chmielowski <pchmielowski@process-one.net> | 2020-12-08 12:06:52 +0100 |
commit | 1dc0ecd1e98e88617d1f1e05563012330aab4a27 (patch) | |
tree | ff4f3472954dd131c190f64d08180930bd100d38 /src/ejabberd_c2s.erl | |
parent | Normalize names passed to destroy_room (diff) |
Allow to use different hash for storing scram passwords
Diffstat (limited to '')
-rw-r--r-- | src/ejabberd_c2s.erl | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/src/ejabberd_c2s.erl b/src/ejabberd_c2s.erl index 56410ed82..3f42e9dd6 100644 --- a/src/ejabberd_c2s.erl +++ b/src/ejabberd_c2s.erl @@ -376,18 +376,23 @@ authenticated_stream_features(#{lserver := LServer}) -> sasl_mechanisms(Mechs, #{lserver := LServer, stream_encrypted := Encrypted} = State) -> Type = ejabberd_auth:store_type(LServer), Mechs1 = ejabberd_option:disable_sasl_mechanisms(LServer), + + ScramHash = ejabberd_option:auth_scram_hash(LServer), + ShaAv = Type == plain orelse (Type == scram andalso ScramHash == sha), + Sha256Av = Type == plain orelse (Type == scram andalso ScramHash == sha256), + Sha512Av = Type == plain orelse (Type == scram andalso ScramHash == sha512), %% I re-created it from cyrsasl ets magic, but I think it's wrong %% TODO: need to check before 18.09 release lists:filter( fun(<<"ANONYMOUS">>) -> ejabberd_auth_anonymous:is_sasl_anonymous_enabled(LServer); (<<"DIGEST-MD5">>) -> Type == plain; - (<<"SCRAM-SHA-1">>) -> Type /= external; - (<<"SCRAM-SHA-1-PLUS">>) -> Type /= external andalso Encrypted; - (<<"SCRAM-SHA-256">>) -> Type == plain; - (<<"SCRAM-SHA-256-PLUS">>) -> Type == plain andalso Encrypted; - (<<"SCRAM-SHA-512">>) -> Type == plain; - (<<"SCRAM-SHA-512-PLUS">>) -> Type == plain andalso Encrypted; + (<<"SCRAM-SHA-1">>) -> ShaAv; + (<<"SCRAM-SHA-1-PLUS">>) -> ShaAv andalso Encrypted; + (<<"SCRAM-SHA-256">>) -> Sha256Av; + (<<"SCRAM-SHA-256-PLUS">>) -> Sha256Av andalso Encrypted; + (<<"SCRAM-SHA-512">>) -> Sha512Av; + (<<"SCRAM-SHA-512-PLUS">>) -> Sha512Av andalso Encrypted; (<<"PLAIN">>) -> true; (<<"X-OAUTH2">>) -> [ejabberd_auth_anonymous] /= ejabberd_auth:auth_modules(LServer); (<<"EXTERNAL">>) -> maps:get(tls_verify, State, false); |