%% Continue = {continue, ServerOut, New_State}
%% ServerOut = string()
%% New_State = saslstate()
-%% Error = {error, Reason} | {error, Username, Reason}
+%% Error = {error, Reason} | {error, Reason, Username}
%% Reason = term()
%% Username = string()
%% Continue = {continue, ServerOut, New_State}
%% ServerOut = string()
%% New_State = saslstate()
-%% Error = {error, Reason} | {error, Username, Reason}
+%% Error = {error, Reason} | {error, Reason, Text, Username}
%% Reason = term()
+%% Text = string()
%% Username = string()
server_step(State, ClientIn) ->
{continue, ServerOut, NewMechState} ->
{continue, ServerOut,
State#sasl_state{mech_state = NewMechState}};
- {error, Error, Username} ->
- {error, Error, Username};
+ {error, Error, Text, Username} ->
+ {error, Error, Text, Username};
{error, Error} ->
{error, Error}
end.
%% Continue = {continue, ServerOut, New_State}
%% ServerOut = string()
%% New_State = mechstate()
-%% Error = {error, Reason} | {error, Reason, Username}
+%% Error = {error, Reason} | {error, Reason, Text, Username}
%% Reason = term()
mech_step(#state{step = 1, nonce = Nonce} = State, _) ->
false ->
?DEBUG("User login not authorized because digest-uri "
"seems invalid: ~p", [DigestURI]),
- {error, 'not-authorized', UserName};
+ {error, 'not-authorized', "", UserName};
true ->
AuthzId = proplists:get_value("authzid", KeyVals, ""),
case (State#state.get_password)(UserName) of
{false, _} ->
- {error, 'not-authorized', UserName};
+ {error, 'not-authorized', "", UserName};
{Passwd, AuthModule} ->
case (State#state.check_password)(UserName, "",
proplists:get_value("response", KeyVals, ""),
username = UserName,
authzid = AuthzId}};
false ->
- {error, 'not-authorized', UserName};
+ {error, 'not-authorized', "", UserName};
{false, _} ->
- {error, 'not-authorized', UserName}
+ {error, 'not-authorized', "", UserName}
end
end
end
{needsmore, RspAuth} ->
?DEBUG("needsmore~n", []),
if (Step > 0) and (ClientIn =:= []) and (RspAuth =:= <<>>) ->
- {error, "not-authorized"};
+ {error, 'not-authorized'};
true ->
{continue, binary_to_list(RspAuth),
State#state{step=Step+1}}
end;
{error, _} ->
- {error, "not-authorized"}
+ {error, 'not-authorized'}
end.
handle_step_ok(State, []) ->
authrealm=Auth_realm,host=Host,realm=Realm}) ->
if Realm =/= Auth_realm ->
?DEBUG("bad realm ~p (expected ~p)~n",[Auth_realm, Realm]),
- throw({error, "not-authorized"});
+ throw({error, 'not-authorized'});
true ->
ok
end,
case ejabberd_auth:is_user_exists(Authid, Host) of
false ->
?DEBUG("bad user ~p~n",[Authid]),
- throw({error, "not-authorized"});
+ throw({error, 'not-authorized'});
true ->
ok
end,
%% Username = string()
%% AuthzId = string()
%% AuthModule = atom()
-%% Error = {error, Reason} | {error, Reason, Username}
-%% Reason = term()
+%% Error = {error, Reason} | {error, Reason, Text, Username}
mech_step(State, ClientIn) ->
case prepare(ClientIn) of
{ok, [{username, User}, {authzid, AuthzId},
{auth_module, AuthModule}]};
{false, ReasonAuthFail} when is_list(ReasonAuthFail) ->
- {error, ReasonAuthFail, User};
+ {error, 'not-authorized', ReasonAuthFail, User};
_ ->
- {error, 'not-authorized', User}
+ {error, 'not-authorized', "", User}
end;
_ ->
{error, 'bad-protocol'}
%% {true, AuthModule} | {false, Reason::string()}
%% where
%% AuthModule = ejabberd_auth_anonymous | ejabberd_auth_external
-%% | ejabberd_auth_ldap | ejabberd_auth_pam | ejabberd_auth_storage
+%% | ejabberd_auth_internal | ejabberd_auth_ldap
+%% | ejabberd_auth_odbc | ejabberd_auth_pam
%% @doc Check if the user and password can login in server.
%% The user can login if at least an authentication method accepts the user
%% and the password.
fsm_next_state(wait_for_sasl_response,
StateData#state{
sasl_state = NewSASLState});
- {error, Error, Username} when is_list(Error) ->
+ {error, Error, Text, Username} ->
?INFO_MSG(
- "(~w) Failed authentication for ~s@~s due to ~s",
+ "(~w) Failed authentication for ~s@~s due to ~p ~s",
[StateData#state.socket,
- Username, StateData#state.server, Error]),
+ Username, StateData#state.server, Error, Text]),
send_element(StateData,
- exmpp_server_sasl:failure(Error)),
+ exmpp_server_sasl:failure(Error, Text)),
{next_state, wait_for_feature_request, StateData,
?C2S_OPEN_TIMEOUT};
{error, Error} ->
exmpp_server_sasl:challenge(ServerOut)),
fsm_next_state(wait_for_sasl_response,
StateData#state{sasl_state = NewSASLState});
- {error, Error, Username} ->
+ {error, Error, Text, Username} ->
?INFO_MSG(
- "(~w) Failed authentication for ~s@~s",
+ "(~w) Failed authentication for ~s@~s due to ~p ~s",
[StateData#state.socket,
- Username, StateData#state.server]),
+ Username, StateData#state.server, Error, Text]),
send_element(StateData,
- exmpp_server_sasl:failure(Error)),
+ exmpp_server_sasl:failure(Error, Text)),
fsm_next_state(wait_for_feature_request, StateData);
{error, Error} ->
send_element(StateData,
projects / ejabberd / commitdiff