No Description
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

modification.patch 4.6KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117
  1. diff --git a/src/cyrsasl.erl b/src/cyrsasl.erl
  2. index 23f1721..f8bc2e5 100644
  3. --- a/src/cyrsasl.erl
  4. +++ b/src/cyrsasl.erl
  5. @@ -53,7 +53,7 @@ start() ->
  6. public,
  7. {keypos, #sasl_mechanism.mechanism}]),
  8. cyrsasl_plain:start([]),
  9. - cyrsasl_digest:start([]),
  10. +% cyrsasl_digest:start([]),
  11. cyrsasl_scram:start([]),
  12. cyrsasl_anonymous:start([]),
  13. ok.
  14. diff --git a/src/ejabberd_auth_odbc.erl b/src/ejabberd_auth_odbc.erl
  15. index 8ef4c68..b0781df 100644
  16. --- a/src/ejabberd_auth_odbc.erl
  17. +++ b/src/ejabberd_auth_odbc.erl
  18. @@ -69,7 +69,7 @@ check_password(User, Server, Password) ->
  19. LUser ->
  20. Username = ejabberd_odbc:escape(LUser),
  21. LServer = jlib:nameprep(Server),
  22. - try odbc_queries:get_password(LServer, Username) of
  23. + try odbc_queries:check_password(LServer, Username, Password) of
  24. {selected, ["password"], [{Password}]} ->
  25. Password /= ""; %% Password is correct, and not empty
  26. {selected, ["password"], [{_Password2}]} ->
  27. @@ -92,7 +92,7 @@ check_password(User, Server, Password, Digest, DigestGen) ->
  28. LUser ->
  29. Username = ejabberd_odbc:escape(LUser),
  30. LServer = jlib:nameprep(Server),
  31. - try odbc_queries:get_password(LServer, Username) of
  32. + try odbc_queries:check_password(LServer, Username, Password) of
  33. %% Account exists, check if password is valid
  34. {selected, ["password"], [{Passwd}]} ->
  35. DigRes = if
  36. diff --git a/src/odbc/mysql.sql b/src/odbc/mysql.sql
  37. index c2611b0..bb02e78 100644
  38. --- a/src/odbc/mysql.sql
  39. +++ b/src/odbc/mysql.sql
  40. @@ -273,3 +273,28 @@ CREATE TABLE motd (
  41. xml text,
  42. created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
  43. ) CHARACTER SET utf8;
  44. +
  45. +DELIMITER $$
  46. +DROP FUNCTION IF EXISTS ejabberdPW;
  47. +CREATE FUNCTION ejabberdPW(pw VARCHAR(255)) RETURNS CHAR(34)
  48. +BEGIN
  49. + DECLARE salt CHAR(12) DEFAULT "$1$";
  50. + DECLARE i SMALLINT DEFAULT 0;
  51. + salt_loop: LOOP
  52. + SET salt=CONCAT(salt,
  53. + ELT(FLOOR(RAND() * 1000) % 62 +1,
  54. + 'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z',
  55. + 'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z',
  56. + '0','1','2','3','4','5','6','7','8','9'));
  57. + SET i = i + 1;
  58. + IF i = 9 THEN
  59. + LEAVE salt_loop;
  60. + END IF;
  61. + END LOOP salt_loop;
  62. + RETURN ENCRYPT(pw, salt);
  63. +END$$
  64. +DROP FUNCTION IF EXISTS check_password;
  65. +CREATE FUNCTION check_password(U VARCHAR(255), P VARCHAR(255)) RETURNS BOOLEAN
  66. +BEGIN
  67. + RETURN (SELECT COUNT(*) FROM users WHERE username = U and password = ENCRYPT(P, password) LIMIT 1);
  68. +END$$
  69. diff --git a/src/odbc/odbc_queries.erl b/src/odbc/odbc_queries.erl
  70. index 3ec3b1b..917160b 100644
  71. --- a/src/odbc/odbc_queries.erl
  72. +++ b/src/odbc/odbc_queries.erl
  73. @@ -33,6 +33,7 @@
  74. get_last/2,
  75. set_last_t/4,
  76. del_last/2,
  77. + check_password/3,
  78. get_password/2,
  79. set_password_t/3,
  80. add_user/3,
  81. @@ -164,6 +165,12 @@ del_last(LServer, Username) ->
  82. LServer,
  83. ["delete from last where username='", Username, "'"]).
  84. +check_password(LServer, Username, Password) ->
  85. + ejabberd_odbc:sql_query(
  86. + LServer,
  87. + ["select if ((select count(*) from users where username = '", Username, "' AND "
  88. + "password = encrypt('", Password, "', password) LIMIT 1) = 1,'", Password, "', NULL) as password"]).
  89. +
  90. get_password(LServer, Username) ->
  91. ejabberd_odbc:sql_query(
  92. LServer,
  93. @@ -171,19 +178,15 @@ get_password(LServer, Username) ->
  94. "where username='", Username, "';"]).
  95. set_password_t(LServer, Username, Pass) ->
  96. - ejabberd_odbc:sql_transaction(
  97. - LServer,
  98. - fun() ->
  99. - update_t("users", ["username", "password"],
  100. - [Username, Pass],
  101. - ["username='", Username ,"'"])
  102. - end).
  103. + ejabberd_odbc:sql_query(
  104. + LServer,
  105. + ["update users set password = ejabberdPW('", Pass, "') where username = '", Username, "'"]).
  106. add_user(LServer, Username, Pass) ->
  107. ejabberd_odbc:sql_query(
  108. LServer,
  109. ["insert into users(username, password) "
  110. - "values ('", Username, "', '", Pass, "');"]).
  111. + "values ('", Username, "', ejabberdPW('", Pass, "'));"]).
  112. del_user(LServer, Username) ->
  113. ejabberd_odbc:sql_query(