From fe8710fe00a2b87e56f3b0d237c41f1159c78ea3 Mon Sep 17 00:00:00 2001 From: Pawel Chmielowski Date: Fri, 25 Jul 2025 09:35:10 +0200 Subject: [PATCH] Rename auth_password_types_hidden_in_scram1 option to auth_password_types_hidden_in_sasl1 Also add migration code from old name --- src/ejabberd_c2s.erl | 2 +- src/ejabberd_config_transformer.erl | 2 ++ src/ejabberd_option.erl | 14 +++++++------- src/ejabberd_options.erl | 4 ++-- src/ejabberd_options_doc.erl | 6 +++--- 5 files changed, 15 insertions(+), 13 deletions(-) diff --git a/src/ejabberd_c2s.erl b/src/ejabberd_c2s.erl index 1a03adc9f..f0f225bee 100644 --- a/src/ejabberd_c2s.erl +++ b/src/ejabberd_c2s.erl @@ -455,7 +455,7 @@ sasl_mechanisms(Mechs, #{lserver := LServer, stream_encrypted := Encrypted} = St (<<"EXTERNAL">>) -> maps:get(tls_verify, State, false); (_) -> false end, Mechs -- Mechs1), - case ejabberd_option:auth_password_types_hidden_in_scram1() of + case ejabberd_option:auth_password_types_hidden_in_sasl1() of [] -> Mechs2; List -> Mechs3 = lists:foldl( diff --git a/src/ejabberd_config_transformer.erl b/src/ejabberd_config_transformer.erl index 362bbecea..1aed7c6a8 100644 --- a/src/ejabberd_config_transformer.erl +++ b/src/ejabberd_config_transformer.erl @@ -230,6 +230,8 @@ filter(_Host, captcha_host, _, _) -> filter(_Host, route_subdomains, _, _) -> warn_removed_option(route_subdomains, s2s_access), false; +filter(_Host, auth_password_types_hidden_in_scram1, Val, _) -> + {true, {auth_password_types_hidden_in_sasl1, Val}}; filter(Host, modules, ModOpts, State) -> NoDialbackHosts = maps:get(remove_s2s_dialback, State, []), ModOpts1 = lists:filter( diff --git a/src/ejabberd_option.erl b/src/ejabberd_option.erl index 4361571f8..775ea14c9 100644 --- a/src/ejabberd_option.erl +++ b/src/ejabberd_option.erl @@ -18,7 +18,7 @@ -export([auth_method/0, auth_method/1]). -export([auth_opts/0, auth_opts/1]). -export([auth_password_format/0, auth_password_format/1]). --export([auth_password_types_hidden_in_scram1/0, auth_password_types_hidden_in_scram1/1]). +-export([auth_password_types_hidden_in_sasl1/0, auth_password_types_hidden_in_sasl1/1]). -export([auth_scram_hash/0, auth_scram_hash/1]). -export([auth_stored_password_types/0, auth_stored_password_types/1]). -export([auth_use_cache/0, auth_use_cache/1]). @@ -264,12 +264,12 @@ auth_password_format() -> auth_password_format(Host) -> ejabberd_config:get_option({auth_password_format, Host}). --spec auth_password_types_hidden_in_scram1() -> ['plain' | 'scram_sha1' | 'scram_sha256' | 'scram_sha512']. -auth_password_types_hidden_in_scram1() -> - auth_password_types_hidden_in_scram1(global). --spec auth_password_types_hidden_in_scram1(global | binary()) -> ['plain' | 'scram_sha1' | 'scram_sha256' | 'scram_sha512']. -auth_password_types_hidden_in_scram1(Host) -> - ejabberd_config:get_option({auth_password_types_hidden_in_scram1, Host}). +-spec auth_password_types_hidden_in_sasl1() -> ['plain' | 'scram_sha1' | 'scram_sha256' | 'scram_sha512']. +auth_password_types_hidden_in_sasl1() -> + auth_password_types_hidden_in_sasl1(global). +-spec auth_password_types_hidden_in_sasl1(global | binary()) -> ['plain' | 'scram_sha1' | 'scram_sha256' | 'scram_sha512']. +auth_password_types_hidden_in_sasl1(Host) -> + ejabberd_config:get_option({auth_password_types_hidden_in_sasl1, Host}). -spec auth_scram_hash() -> 'sha' | 'sha256' | 'sha512'. auth_scram_hash() -> diff --git a/src/ejabberd_options.erl b/src/ejabberd_options.erl index ee3acfc58..609d75b93 100644 --- a/src/ejabberd_options.erl +++ b/src/ejabberd_options.erl @@ -79,7 +79,7 @@ opt_type(auth_opts) -> end; opt_type(auth_stored_password_types) -> econf:list(econf:enum([plain, scram_sha1, scram_sha256, scram_sha512])); -opt_type(auth_password_types_hidden_in_scram1) -> +opt_type(auth_password_types_hidden_in_sasl1) -> econf:list(econf:enum([plain, scram_sha1, scram_sha256, scram_sha512])); opt_type(auth_password_format) -> econf:enum([plain, scram]); @@ -566,7 +566,7 @@ options() -> {auth_password_format, plain}, {auth_scram_hash, sha}, {auth_stored_password_types, []}, - {auth_password_types_hidden_in_scram1, []}, + {auth_password_types_hidden_in_sasl1, []}, {auth_external_user_exists_check, true}, {auth_use_cache, fun(Host) -> ejabberd_config:get_option({use_cache, Host}) end}, diff --git a/src/ejabberd_options_doc.erl b/src/ejabberd_options_doc.erl index a8d5962f5..56e2633c3 100644 --- a/src/ejabberd_options_doc.erl +++ b/src/ejabberd_options_doc.erl @@ -399,12 +399,12 @@ doc() -> "depends on the _`auth_scram_hash`_ option."), "", ?T("The default value is 'plain'."), ""]}}, - {auth_password_types_hidden_in_scram1, + {auth_password_types_hidden_in_sasl1, #{value => "[plain | scram_sha1 | scram_sha256 | scram_sha512]", note => "added in 25.07", desc => - ?T("List of password types that should not be offered in SCRAM1 authenticatication. " - "Because SCRAM1, unlike SCRAM2, can't have list of available mechanisms tailored to " + ?T("List of password types that should not be offered in SASL1 authenticatication. " + "Because SASL1, unlike SASL2, can't have list of available mechanisms tailored to " "individual user, it's possible that offered mechanisms will not be compatible " "with stored password, especially if new password type was added recently. " "This option allows disabling offering some mechanisms in SASL1, to a time until new "