diff options
| -rw-r--r-- | rebar.config | 2 | ||||
| -rw-r--r-- | src/ejabberd_config.erl | 14 | ||||
| -rw-r--r-- | src/mod_http_upload.erl | 2 | ||||
| -rw-r--r-- | test/ejabberd_cyrsasl_test.exs | 171 |
4 files changed, 15 insertions, 174 deletions
diff --git a/rebar.config b/rebar.config index 35dfb3553..7c77b6561 100644 --- a/rebar.config +++ b/rebar.config @@ -25,7 +25,7 @@ {fast_tls, ".*", {git, "https://github.com/processone/fast_tls", {tag, "1.0.23"}}}, {stringprep, ".*", {git, "https://github.com/processone/stringprep", {tag, "1.0.12"}}}, {fast_xml, ".*", {git, "https://github.com/processone/fast_xml", {tag, "1.1.32"}}}, - {xmpp, ".*", {git, "https://github.com/processone/xmpp", "2a5193c"}}, + {xmpp, ".*", {git, "https://github.com/processone/xmpp", "64fbddd"}}, {fast_yaml, ".*", {git, "https://github.com/processone/fast_yaml", {tag, "1.0.15"}}}, {jiffy, ".*", {git, "https://github.com/davisp/jiffy", {tag, "0.14.8"}}}, {p1_oauth2, ".*", {git, "https://github.com/processone/p1_oauth2", {tag, "0.6.3"}}}, diff --git a/src/ejabberd_config.erl b/src/ejabberd_config.erl index 5dcb24711..a31651430 100644 --- a/src/ejabberd_config.erl +++ b/src/ejabberd_config.erl @@ -57,6 +57,7 @@ -include("logger.hrl"). -include("ejabberd_config.hrl"). -include_lib("kernel/include/file.hrl"). +-include_lib("kernel/include/inet.hrl"). -include_lib("stdlib/include/ms_transform.hrl"). -callback opt_type(atom()) -> function() | [atom()]. @@ -786,7 +787,18 @@ set_opts(State) -> set_log_level(). set_fqdn() -> - FQDNs = get_option(fqdn, []), + FQDNs = case get_option(fqdn, []) of + [] -> + {ok, Hostname} = inet:gethostname(), + case inet:gethostbyname(Hostname) of + {ok, #hostent{h_name = FQDN}} -> + [iolist_to_binary(FQDN)]; + {error, _} -> + [] + end; + Domains -> + Domains + end, xmpp:set_config([{fqdn, FQDNs}]). set_log_level() -> diff --git a/src/mod_http_upload.erl b/src/mod_http_upload.erl index 377e625cd..846071a2a 100644 --- a/src/mod_http_upload.erl +++ b/src/mod_http_upload.erl @@ -688,7 +688,7 @@ make_query_string(Slot, Size, #state{external_secret = Key}) when Key /= <<>> -> UrlPath = str:join(Slot, <<$/>>), SizeStr = integer_to_binary(Size), Data = <<UrlPath/binary, " ", SizeStr/binary>>, - HMAC = str:to_hexlist(crypto:hmac(sha256, Data, Key)), + HMAC = str:to_hexlist(crypto:hmac(sha256, Key, Data)), <<"?v=", HMAC/binary>>; make_query_string(_Slot, _Size, _State) -> <<>>. diff --git a/test/ejabberd_cyrsasl_test.exs b/test/ejabberd_cyrsasl_test.exs deleted file mode 100644 index e73c12a14..000000000 --- a/test/ejabberd_cyrsasl_test.exs +++ /dev/null @@ -1,171 +0,0 @@ -# ---------------------------------------------------------------------- -# -# ejabberd, Copyright (C) 2002-2017 ProcessOne -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; either version 2 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# ---------------------------------------------------------------------- - -defmodule EjabberdCyrsaslTest do - @author "pawel@process-one.net" - - use ExUnit.Case, async: true - - setup_all do - :ok = :ejabberd.start_app(:lager) - :p1_sha.load_nif() - :mnesia.start - :ejabberd_mnesia.start - :ok = start_module(:stringprep) - start_module(:jid) - :ejabberd_hooks.start_link - :ok = :ejabberd_config.start(["domain1"], []) - {:ok, _} = :xmpp_sasl.start_link - cyrstate = :xmpp_sasl.server_new("domain1", "domain1", "domain1", :ok, &get_password/1, - &check_password/3, &check_password_digest/5) - setup_anonymous_mocks() - {:ok, cyrstate: cyrstate} - end - - test "Plain text (correct user and pass)", context do - step1 = :xmpp_sasl.server_start(context[:cyrstate], "PLAIN", <<0,"user1",0,"pass">>) - assert {:ok, _} = step1 - {:ok, kv} = step1 - assert kv[:authzid] == "user1", "got correct user" - end - - test "Plain text (correct user wrong pass)", context do - step1 = :xmpp_sasl.server_start(context[:cyrstate], "PLAIN", <<0,"user1",0,"badpass">>) - assert step1 == {:error, :not_authorized, "user1"} - end - - test "Plain text (wrong user wrong pass)", context do - step1 = :xmpp_sasl.server_start(context[:cyrstate], "PLAIN", <<0,"nouser1",0,"badpass">>) - assert step1 == {:error, :not_authorized, "nouser1"} - end - - test "Anonymous", context do - step1 = :xmpp_sasl.server_start(context[:cyrstate], "ANONYMOUS", "domain1") - assert {:ok, _} = step1 - end - - test "Digest-MD5 (correct user and pass)", context do - assert {:ok, _list} = process_digest_md5(context[:cyrstate], "user1", "domain1", "pass") - end - - test "Digest-MD5 (correct user wrong pass)", context do - assert {:error, :not_authorized, "user1"} = process_digest_md5(context[:cyrstate], "user1", "domain1", "badpass") - end - - test "Digest-MD5 (wrong user correct pass)", context do - assert {:error, :not_authorized, "baduser"} = process_digest_md5(context[:cyrstate], "baduser", "domain1", "pass") - end - - test "Digest-MD5 (wrong user and pass)", context do - assert {:error, :not_authorized, "baduser"} = process_digest_md5(context[:cyrstate], "baduser", "domain1", "badpass") - end - - defp process_digest_md5(cyrstate, user, domain, pass) do - assert {:continue, init_str, state1} = :xmpp_sasl.server_start(cyrstate, "DIGEST-MD5", "") - assert [_, nonce] = Regex.run(~r/nonce="(.*?)"/, init_str) - digest_uri = "xmpp/#{domain}" - cnonce = "abcd" - nc = "00000001" - response_hash = calc_digest_md5(user, domain, pass, nc, nonce, cnonce) - response = "username=\"#{user}\",realm=\"#{domain}\",nonce=\"#{nonce}\",cnonce=\"#{cnonce}\"," <> - "nc=\"#{nc}\",qop=auth,digest-uri=\"#{digest_uri}\",response=\"#{response_hash}\"," <> - "charset=utf-8,algorithm=md5-sess" - case :xmpp_sasl.server_step(state1, response) do - {:continue, _calc_str, state2} -> :xmpp_sasl.server_step(state2, "") - other -> other - end - end - - defp calc_digest_md5(user, domain, pass, nc, nonce, cnonce) do - digest_uri = "xmpp/#{domain}" - a0 = "#{user}:#{domain}:#{pass}" - a1 = "#{str_md5(a0)}:#{nonce}:#{cnonce}" - a2 = "AUTHENTICATE:#{digest_uri}" - hex_md5("#{hex_md5(a1)}:#{nonce}:#{nc}:#{cnonce}:auth:#{hex_md5(a2)}") - end - - defp str_md5(str) do - :erlang.md5(str) - end - - defp hex_md5(str) do - :p1_sha.to_hexlist(:erlang.md5(str)) - end - - defp setup_anonymous_mocks() do - :meck.unload - mock(:ejabberd_auth_anonymous, :is_sasl_anonymous_enabled, - fn (_host) -> - true - end) - mock(:ejabberd_auth, :user_exists, - fn (user, domain) -> - domain == "domain1" and get_password(user) != {:false, :internal} - end) - end - - defp start_module(module) do - case apply(module, :start, []) do - :ok -> :ok - {:error, {:already_started, _}} -> :ok - other -> other - end - end - - defp get_password(user) do - if user == "user1" or user == "user2" do - {"pass", :internal} - else - {:false, :internal} - end - end - - defp check_password(_user, authzid, pass) do - case get_password(authzid) do - {^pass, mod} -> - {true, mod} - _ -> - false - end - end - - defp check_password_digest(_user, authzid, _pass, digest, digest_gen) do - case get_password(authzid) do - {:false, _} -> - false - {spass, mod} -> - v = digest_gen.(spass) - if v == digest do - {true, mod} - else - false - end - end - end - - defp mock(module, function, fun) do - try do - :meck.new(module, [:non_strict]) - catch - :error, {:already_started, _pid} -> :ok - end - :meck.expect(module, function, fun) - end -end |