Created
July 4, 2014 11:42
-
-
Save weiss/8f64dc5cb98f08487563 to your computer and use it in GitHub Desktop.
Also pass the client IP address to external ejabberd authentication script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From holger@zedat.fu-berlin.de Mon Sep 17 00:00:00 2001 | |
| From: Holger Weiss <holger@zedat.fu-berlin.de> | |
| Date: Mon, 14 Apr 2014 17:10:49 +0200 | |
| Subject: [PATCH] Pass client IP address to authentication script | |
| --- | |
| src/ejabberd_auth.erl | 10 +++++++++- | |
| src/ejabberd_auth_external.erl | 34 +++++++++++++++++++--------------- | |
| src/ejabberd_c2s.erl | 2 +- | |
| src/extauth.erl | 11 +++++++++-- | |
| 4 files changed, 38 insertions(+), 19 deletions(-) | |
| diff --git a/src/ejabberd_auth.erl b/src/ejabberd_auth.erl | |
| index 27c253f..55ce14d 100644 | |
| --- a/src/ejabberd_auth.erl | |
| +++ b/src/ejabberd_auth.erl | |
| @@ -32,6 +32,7 @@ | |
| %% External exports | |
| -export([start/0, set_password/3, check_password/3, | |
| check_password/5, check_password_with_authmodule/3, | |
| + check_password_with_authmodule/4, | |
| check_password_with_authmodule/5, try_register/3, | |
| dirty_get_registered_users/0, get_vh_registered_users/1, | |
| get_vh_registered_users/2, export/1, import/1, | |
| @@ -141,10 +142,17 @@ check_password(User, Server, Password, Digest, | |
| check_password_with_authmodule(User, Server, | |
| Password) -> | |
| + check_password_with_authmodule(User, Server, Password, unknown). | |
| + | |
| +-spec check_password_with_authmodule(binary(), binary(), binary(), | |
| + binary()) -> false | {true, atom()}. | |
| + | |
| +check_password_with_authmodule(User, Server, | |
| + Password, Address) -> | |
| case handle_automatic_registration(User, Server, Password) of | |
| ok -> | |
| check_password_loop(auth_modules(Server), | |
| - [User, Server, Password]); | |
| + [User, Server, Password, Address]); | |
| _ -> | |
| false | |
| end. | |
| diff --git a/src/ejabberd_auth_external.erl b/src/ejabberd_auth_external.erl | |
| index 9a92db3..23276b1 100644 | |
| --- a/src/ejabberd_auth_external.erl | |
| +++ b/src/ejabberd_auth_external.erl | |
| @@ -30,7 +30,7 @@ | |
| -behaviour(ejabberd_auth). | |
| %% External exports | |
| --export([start/1, set_password/3, check_password/3, | |
| +-export([start/1, set_password/3, check_password/3, check_password/4, | |
| check_password/5, try_register/3, | |
| dirty_get_registered_users/0, get_vh_registered_users/1, | |
| get_vh_registered_users/2, | |
| @@ -76,10 +76,13 @@ plain_password_required() -> true. | |
| store_type() -> external. | |
| check_password(User, Server, Password) -> | |
| + check_password(User, Server, Password, unknown). | |
| + | |
| +check_password(User, Server, Password, Address) -> | |
| case get_cache_option(Server) of | |
| - false -> check_password_extauth(User, Server, Password); | |
| + false -> check_password_extauth(User, Server, Password, Address); | |
| {true, CacheTime} -> | |
| - check_password_cache(User, Server, Password, CacheTime) | |
| + check_password_cache(User, Server, Password, CacheTime, Address) | |
| end. | |
| check_password(User, Server, Password, _Digest, | |
| @@ -177,30 +180,30 @@ get_cache_option(Host) -> | |
| CacheTime -> {true, CacheTime} | |
| end. | |
| -%% @spec (User, Server, Password) -> true | false | |
| -check_password_extauth(User, Server, Password) -> | |
| - extauth:check_password(User, Server, Password) andalso | |
| +%% @spec (User, Server, Password, Address) -> true | false | |
| +check_password_extauth(User, Server, Password, Address) -> | |
| + extauth:check_password(User, Server, Password, Address) andalso | |
| Password /= <<"">>. | |
| %% @spec (User, Server, Password) -> true | false | |
| try_register_extauth(User, Server, Password) -> | |
| extauth:try_register(User, Server, Password). | |
| -check_password_cache(User, Server, Password, 0) -> | |
| - check_password_external_cache(User, Server, Password); | |
| +check_password_cache(User, Server, Password, 0, Address) -> | |
| + check_password_external_cache(User, Server, Password, Address); | |
| check_password_cache(User, Server, Password, | |
| - CacheTime) -> | |
| + CacheTime, Address) -> | |
| case get_last_access(User, Server) of | |
| online -> | |
| check_password_internal(User, Server, Password); | |
| never -> | |
| - check_password_external_cache(User, Server, Password); | |
| + check_password_external_cache(User, Server, Password, Address); | |
| mod_last_required -> | |
| ?ERROR_MSG("extauth is used, extauth_cache is enabled " | |
| "but mod_last is not enabled in that " | |
| "host", | |
| []), | |
| - check_password_external_cache(User, Server, Password); | |
| + check_password_external_cache(User, Server, Password, Address); | |
| TimeStamp -> | |
| case is_fresh_enough(TimeStamp, CacheTime) of | |
| %% If no need to refresh, check password against Mnesia | |
| @@ -210,11 +213,12 @@ check_password_cache(User, Server, Password, | |
| true -> true; | |
| %% Else (password nonvalid in Mnesia), check in extauth and cache result | |
| false -> | |
| - check_password_external_cache(User, Server, Password) | |
| + check_password_external_cache(User, Server, Password, | |
| + Address) | |
| end; | |
| %% Else (need to refresh), check in extauth and cache result | |
| false -> | |
| - check_password_external_cache(User, Server, Password) | |
| + check_password_external_cache(User, Server, Password, Address) | |
| end | |
| end. | |
| @@ -240,8 +244,8 @@ get_password_cache(User, Server, CacheTime) -> | |
| end. | |
| %% Check the password using extauth; if success then cache it | |
| -check_password_external_cache(User, Server, Password) -> | |
| - case check_password_extauth(User, Server, Password) of | |
| +check_password_external_cache(User, Server, Password, Address) -> | |
| + case check_password_extauth(User, Server, Password, Address) of | |
| true -> | |
| set_password_internal(User, Server, Password), true; | |
| false -> false | |
| diff --git a/src/ejabberd_c2s.erl b/src/ejabberd_c2s.erl | |
| index 0f47008..ec6f4ff 100644 | |
| --- a/src/ejabberd_c2s.erl | |
| +++ b/src/ejabberd_c2s.erl | |
| @@ -395,7 +395,7 @@ wait_for_stream({xmlstreamstart, _Name, Attrs}, StateData) -> | |
| end, | |
| fun(U, P) -> | |
| ejabberd_auth:check_password_with_authmodule( | |
| - U, Server, P) | |
| + U, Server, P, StateData#state.ip) | |
| end, | |
| fun(U, P, D, DG) -> | |
| ejabberd_auth:check_password_with_authmodule( | |
| diff --git a/src/extauth.erl b/src/extauth.erl | |
| index 51b4611..cecc6ca 100644 | |
| --- a/src/extauth.erl | |
| +++ b/src/extauth.erl | |
| @@ -27,7 +27,7 @@ | |
| -author('leifj@it.su.se'). | |
| --export([start/2, stop/1, init/2, check_password/3, | |
| +-export([start/2, stop/1, init/2, check_password/3, check_password/4, | |
| set_password/3, try_register/3, remove_user/2, | |
| remove_user/3, is_user_exists/2]). | |
| @@ -69,7 +69,14 @@ get_process_name(Host, Integer) -> | |
| eauth). | |
| check_password(User, Server, Password) -> | |
| - call_port(Server, [<<"auth">>, User, Server, Password]). | |
| + call_port(Server, [<<"auth">>, User, Server, Password, | |
| + <<"unknown">>]). | |
| + | |
| +check_password(User, Server, Password, unknown) -> | |
| + check_password(User, Server, Password); | |
| +check_password(User, Server, Password, Address) -> | |
| + call_port(Server, [<<"auth">>, User, Server, Password, | |
| + jlib:ip_to_list(Address)]). | |
| is_user_exists(User, Server) -> | |
| call_port(Server, [<<"isuser">>, User, Server]). | |
| -- | |
| 1.9.0-zedat |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment