From 426f1107c526caaad1d1dd1438f4a935fab9fc63 Mon Sep 17 00:00:00 2001 From: Steven Lehrburger Date: Tue, 18 Sep 2012 08:02:47 +0000 Subject: [PATCH] Fix issue with ejabberd_xmlrpc user auth and SCRAM After enabling SCRAM password hashing and SSL in ejabberd, XMLRPC ejabberdctl commands were resulting in errors like this: W(<0.2623.0>:ejabberd_xmlrpc:328) : Error -118 A problem '{error,invalid_account_data}' occurred executing the command user_sessions_info with arguments It seems that this because ejabberd_commands was using a different authentication check than everything else, which wasn't properly taking account for potential password hashing. (Note I'm not really sure what AccountPassMD5 is doing, but it seems to be different than the ejabberd_auth_internal's SCRAM hasing.) --- src/ejabberd_commands.erl | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/ejabberd_commands.erl b/src/ejabberd_commands.erl index 1cb73d811..b61ef46de 100644 --- a/src/ejabberd_commands.erl +++ b/src/ejabberd_commands.erl @@ -382,10 +382,8 @@ check_auth(noauth) -> check_auth({User, Server, Password}) -> %% Check the account exists and password is valid case ejabberd_auth:check_password(User, Server, Password) of - true -> - {ok, User, Server}; - false -> - throw({error, invalid_account_data}) + true -> {ok, User, Server}; + _ -> throw({error, invalid_account_data}) end. check_access(all, _) -> -- 2.50.0