set_password(User, Server, Password) ->
LUser = jid:nodeprep(User),
LServer = jid:nameprep(Server),
+ LPassword = jid:resourceprep(Password),
US = {LUser, LServer},
if (LUser == error) or (LServer == error) ->
{error, invalid_jid};
+ LPassword == error ->
+ {error, invalid_password};
true ->
F = fun () ->
Password2 = case is_scrammed() and is_binary(Password)
iolist_to_binary(PasswordList);
true -> PasswordList
end,
+ LPassword = jid:resourceprep(Password),
US = {LUser, LServer},
if (LUser == error) or (LServer == error) ->
{error, invalid_jid};
+ LPassword == error ->
+ {error, invalid_password};
true ->
F = fun () ->
case mnesia:read({passwd, US}) of
?INFO_MSG("Converting the stored passwords into "
"SCRAM bits",
[]),
- Fun = fun (#passwd{password = Password} = P) ->
- Scram = password_to_scram(Password),
- P#passwd{password = Scram}
+ Fun = fun (#passwd{us = {U, S}, password = Password} = P)
+ when is_binary(Password) ->
+ case jid:resourceprep(Password) of
+ error ->
+ ?ERROR_MSG(
+ "SASLprep failed for "
+ "password of user ~s@~s",
+ [U, S]),
+ P;
+ _ ->
+ Scram = password_to_scram(Password),
+ P#passwd{password = Scram}
+ end;
+ (P) ->
+ P
end,
Fields = record_info(fields, passwd),
mnesia:transform_table(passwd, Fun, Fields).
iterationcount = IterationCount}.
is_password_scram_valid(Password, Scram) ->
- IterationCount = Scram#scram.iterationcount,
- Salt = jlib:decode_base64(Scram#scram.salt),
- SaltedPassword = scram:salted_password(Password, Salt,
- IterationCount),
- StoredKey =
- scram:stored_key(scram:client_key(SaltedPassword)),
- jlib:decode_base64(Scram#scram.storedkey) == StoredKey.
+ case jid:resourceprep(Password) of
+ error ->
+ false;
+ _ ->
+ IterationCount = Scram#scram.iterationcount,
+ Salt = jlib:decode_base64(Scram#scram.salt),
+ SaltedPassword = scram:salted_password(Password, Salt,
+ IterationCount),
+ StoredKey =
+ scram:stored_key(scram:client_key(SaltedPassword)),
+ jlib:decode_base64(Scram#scram.storedkey) == StoredKey
+ end.
export(_Server) ->
[{passwd,
set_password(User, Server, Password) ->
LUser = jid:nodeprep(User),
LServer = jid:nameprep(Server),
+ LPassword = jid:resourceprep(Password),
US = {LUser, LServer},
if (LUser == error) or (LServer == error) ->
{error, invalid_jid};
+ LPassword == error ->
+ {error, invalid_password};
true ->
Password2 = case is_scrammed() and is_binary(Password)
of
iolist_to_binary(PasswordList);
true -> PasswordList
end,
+ LPassword = jid:resourceprep(Password),
US = {LUser, LServer},
if (LUser == error) or (LServer == error) ->
{error, invalid_jid};
+ LPassword == error ->
+ {error, invalid_password};
true ->
case ejabberd_riak:get(passwd, passwd_schema(), US) of
{error, notfound} ->
iterationcount = IterationCount}.
is_password_scram_valid(Password, Scram) ->
- IterationCount = Scram#scram.iterationcount,
- Salt = jlib:decode_base64(Scram#scram.salt),
- SaltedPassword = scram:salted_password(Password, Salt,
- IterationCount),
- StoredKey =
- scram:stored_key(scram:client_key(SaltedPassword)),
- jlib:decode_base64(Scram#scram.storedkey) == StoredKey.
+ case jid:resourceprep(Password) of
+ error ->
+ false;
+ _ ->
+ IterationCount = Scram#scram.iterationcount,
+ Salt = jlib:decode_base64(Scram#scram.salt),
+ SaltedPassword = scram:salted_password(Password, Salt,
+ IterationCount),
+ StoredKey =
+ scram:stored_key(scram:client_key(SaltedPassword)),
+ jlib:decode_base64(Scram#scram.storedkey) == StoredKey
+ end.
export(_Server) ->
[{passwd,
set_password(User, Server, Password) ->
LServer = jid:nameprep(Server),
LUser = jid:nodeprep(User),
+ LPassword = jid:resourceprep(Password),
if (LUser == error) or (LServer == error) ->
{error, invalid_jid};
(LUser == <<>>) or (LServer == <<>>) ->
{error, invalid_jid};
+ LPassword == error ->
+ {error, invalid_password};
true ->
case is_scrammed() of
true ->
try_register(User, Server, Password) ->
LServer = jid:nameprep(Server),
LUser = jid:nodeprep(User),
+ LPassword = jid:resourceprep(Password),
if (LUser == error) or (LServer == error) ->
{error, invalid_jid};
(LUser == <<>>) or (LServer == <<>>) ->
{error, invalid_jid};
+ LPassword == error ->
+ {error, invalid_password};
true ->
case is_scrammed() of
true ->
is_password_scram_valid(Password, Scram).
is_password_scram_valid(Password, Scram) ->
- IterationCount = Scram#scram.iterationcount,
- Salt = jlib:decode_base64(Scram#scram.salt),
- SaltedPassword = scram:salted_password(Password, Salt,
- IterationCount),
- StoredKey =
- scram:stored_key(scram:client_key(SaltedPassword)),
- jlib:decode_base64(Scram#scram.storedkey) == StoredKey.
+ case jid:resourceprep(Password) of
+ error ->
+ false;
+ _ ->
+ IterationCount = Scram#scram.iterationcount,
+ Salt = jlib:decode_base64(Scram#scram.salt),
+ SaltedPassword = scram:salted_password(Password, Salt,
+ IterationCount),
+ StoredKey =
+ scram:stored_key(scram:client_key(SaltedPassword)),
+ jlib:decode_base64(Scram#scram.storedkey) == StoredKey
+ end.
-define(BATCH_SIZE, 1000).
{selected, Rs} ->
lists:foreach(
fun({LUser, Password}) ->
- Scram = password_to_scram(Password),
- set_password_scram_t(
- LUser,
- Scram#scram.storedkey,
- Scram#scram.serverkey,
- Scram#scram.salt,
- Scram#scram.iterationcount
- )
+ case jid:resourceprep(Password) of
+ error ->
+ ?ERROR_MSG(
+ "SASLprep failed for "
+ "password of user ~s@~s",
+ [LUser, LServer]);
+ _ ->
+ Scram = password_to_scram(Password),
+ set_password_scram_t(
+ LUser,
+ Scram#scram.storedkey,
+ Scram#scram.serverkey,
+ Scram#scram.salt,
+ Scram#scram.iterationcount)
+ end
end, Rs),
continue;
Err -> {bad_reply, Err}
projects / ejabberd / commitdiff