aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/ejabberd_admin.erl5
-rw-r--r--src/ejabberd_auth.erl23
-rw-r--r--src/ejabberd_auth_sql.erl50
3 files changed, 25 insertions, 53 deletions
diff --git a/src/ejabberd_admin.erl b/src/ejabberd_admin.erl
index 3e02e6bd0..64f8fba7c 100644
--- a/src/ejabberd_admin.erl
+++ b/src/ejabberd_admin.erl
@@ -269,12 +269,11 @@ get_commands_spec() ->
args_example = ["example.com"],
args = [{host, string}], result = {res, rescode}},
#ejabberd_commands{name = convert_to_scram, tags = [sql],
- desc = "Convert the passwords in 'users' ODBC table to SCRAM",
- module = ejabberd_auth_sql, function = convert_to_scram,
+ desc = "Convert the passwords of users to SCRAM",
+ module = ejabberd_auth, function = convert_to_scram,
args_desc = ["Vhost which users' passwords will be scrammed"],
args_example = ["example.com"],
args = [{host, binary}], result = {res, rescode}},
-
#ejabberd_commands{name = import_prosody, tags = [mnesia, sql],
desc = "Import data from Prosody",
longdesc = "Note: this method requires ejabberd compiled with optional tools support "
diff --git a/src/ejabberd_auth.erl b/src/ejabberd_auth.erl
index 9a7479e40..1fc05f8cb 100644
--- a/src/ejabberd_auth.erl
+++ b/src/ejabberd_auth.erl
@@ -46,7 +46,7 @@
-export([init/1, handle_call/3, handle_cast/2, handle_info/2,
terminate/2, code_change/3]).
--export([auth_modules/1]).
+-export([auth_modules/1, convert_to_scram/1]).
-include("scram.hrl").
-include("logger.hrl").
@@ -915,3 +915,24 @@ import(Server, {sql, _}, mnesia, <<"users">>, Fields) ->
ejabberd_auth_mnesia:import(Server, Fields);
import(_LServer, {sql, _}, sql, <<"users">>, _) ->
ok.
+
+-spec convert_to_scram(binary()) -> {error, any()} | ok.
+convert_to_scram(Server) ->
+ LServer = jid:nameprep(Server),
+ if
+ LServer == error;
+ LServer == <<>> ->
+ {error, {incorrect_server_name, Server}};
+ true ->
+ lists:foreach(
+ fun({U, S}) ->
+ case get_password(U, S) of
+ Pass when is_binary(Pass) ->
+ SPass = password_to_scram(Pass),
+ set_password(U, S, SPass);
+ _ ->
+ ok
+ end
+ end, get_users(LServer)),
+ ok
+ end.
diff --git a/src/ejabberd_auth_sql.erl b/src/ejabberd_auth_sql.erl
index 106c83b47..3fa96b735 100644
--- a/src/ejabberd_auth_sql.erl
+++ b/src/ejabberd_auth_sql.erl
@@ -33,7 +33,7 @@
-export([start/1, stop/1, set_password/3, try_register/3,
get_users/2, count_users/2, get_password/2,
remove_user/2, store_type/1, plain_password_required/1,
- convert_to_scram/1, export/1, which_users_exists/2]).
+ export/1, which_users_exists/2]).
-include("scram.hrl").
-include("logger.hrl").
@@ -269,54 +269,6 @@ which_users_exists(LServer, LUsers) ->
end
end.
-
-convert_to_scram(Server) ->
- LServer = jid:nameprep(Server),
- if
- LServer == error;
- LServer == <<>> ->
- {error, {incorrect_server_name, Server}};
- true ->
- F = fun () ->
- BatchSize = ?BATCH_SIZE,
- case ejabberd_sql:sql_query_t(
- ?SQL("select @(username)s, @(password)s"
- " from users"
- " where iterationcount=0 and %(LServer)H"
- " limit %(BatchSize)d")) of
- {selected, []} ->
- ok;
- {selected, Rs} ->
- lists:foreach(
- fun({LUser, Password}) ->
- case jid:resourceprep(Password) of
- error ->
- ?ERROR_MSG(
- "SASLprep failed for "
- "password of user ~ts@~ts",
- [LUser, LServer]);
- _ ->
- Scram = ejabberd_auth:password_to_scram(Password),
- set_password_scram_t(
- LUser, LServer,
- Scram#scram.storedkey,
- Scram#scram.serverkey,
- Scram#scram.salt,
- Scram#scram.iterationcount)
- end
- end, Rs),
- continue;
- Err -> {bad_reply, Err}
- end
- end,
- case ejabberd_sql:sql_transaction(LServer, F) of
- {atomic, ok} -> ok;
- {atomic, continue} -> convert_to_scram(Server);
- {atomic, Error} -> {error, Error};
- Error -> Error
- end
- end.
-
export(_Server) ->
[{passwd,
fun(Host, #passwd{us = {LUser, LServer}, password = Password})