yetangitu/ejabberd
1
0
Fork 0
mirror of https://github.com/processone/ejabberd synced 2025-10-03 17:59:31 +02:00
Code Issues Releases Wiki Activity

Rename auth_password_types_hidden_in_scram1 option to auth_password_types_hidden_in_sasl1

Browse source 
Also add migration code from old name
This commit is contained in:
Pawel Chmielowski 2025-07-25 09:35:10 +02:00
parent 1a9b147baf
commit fe8710fe00
5 changed files with 15 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/ejabberd_c2s.erl
View file

@ -455,7 +455,7 @@ sasl_mechanisms(Mechs, #{lserver := LServer, stream_encrypted := Encrypted} = St
(<<"EXTERNAL">>) -> maps:get(tls_verify, State, false); (<<"EXTERNAL">>) -> maps:get(tls_verify, State, false);
(_) -> false (_) -> false
end, Mechs -- Mechs1), end, Mechs -- Mechs1),
case ejabberd_option:auth_password_types_hidden_in_scram1() of case ejabberd_option:auth_password_types_hidden_in_sasl1() of
[] -> Mechs2; [] -> Mechs2;
List -> List ->
Mechs3 = lists:foldl( Mechs3 = lists:foldl(

2
src/ejabberd_config_transformer.erl
View file

@ -230,6 +230,8 @@ filter(_Host, captcha_host, _, _) ->
filter(_Host, route_subdomains, _, _) -> filter(_Host, route_subdomains, _, _) ->
warn_removed_option(route_subdomains, s2s_access), warn_removed_option(route_subdomains, s2s_access),
false; false;
filter(_Host, auth_password_types_hidden_in_scram1, Val, _) ->
{true, {auth_password_types_hidden_in_sasl1, Val}};
filter(Host, modules, ModOpts, State) -> filter(Host, modules, ModOpts, State) ->
NoDialbackHosts = maps:get(remove_s2s_dialback, State, []), NoDialbackHosts = maps:get(remove_s2s_dialback, State, []),
ModOpts1 = lists:filter( ModOpts1 = lists:filter(

14
src/ejabberd_option.erl
View file

@ -18,7 +18,7 @@
-export([auth_method/0, auth_method/1]). -export([auth_method/0, auth_method/1]).
-export([auth_opts/0, auth_opts/1]). -export([auth_opts/0, auth_opts/1]).
-export([auth_password_format/0, auth_password_format/1]). -export([auth_password_format/0, auth_password_format/1]).
-export([auth_password_types_hidden_in_scram1/0, auth_password_types_hidden_in_scram1/1]). -export([auth_password_types_hidden_in_sasl1/0, auth_password_types_hidden_in_sasl1/1]).
-export([auth_scram_hash/0, auth_scram_hash/1]). -export([auth_scram_hash/0, auth_scram_hash/1]).
-export([auth_stored_password_types/0, auth_stored_password_types/1]). -export([auth_stored_password_types/0, auth_stored_password_types/1]).
-export([auth_use_cache/0, auth_use_cache/1]). -export([auth_use_cache/0, auth_use_cache/1]).
@ -264,12 +264,12 @@ auth_password_format() ->
auth_password_format(Host) -> auth_password_format(Host) ->
ejabberd_config:get_option({auth_password_format, Host}). ejabberd_config:get_option({auth_password_format, Host}).
-spec auth_password_types_hidden_in_scram1() -> ['plain' | 'scram_sha1' | 'scram_sha256' | 'scram_sha512']. -spec auth_password_types_hidden_in_sasl1() -> ['plain' | 'scram_sha1' | 'scram_sha256' | 'scram_sha512'].
auth_password_types_hidden_in_scram1() -> auth_password_types_hidden_in_sasl1() ->
auth_password_types_hidden_in_scram1(global). auth_password_types_hidden_in_sasl1(global).
-spec auth_password_types_hidden_in_scram1(global | binary()) -> ['plain' | 'scram_sha1' | 'scram_sha256' | 'scram_sha512']. -spec auth_password_types_hidden_in_sasl1(global | binary()) -> ['plain' | 'scram_sha1' | 'scram_sha256' | 'scram_sha512'].
auth_password_types_hidden_in_scram1(Host) -> auth_password_types_hidden_in_sasl1(Host) ->
ejabberd_config:get_option({auth_password_types_hidden_in_scram1, Host}). ejabberd_config:get_option({auth_password_types_hidden_in_sasl1, Host}).
-spec auth_scram_hash() -> 'sha' | 'sha256' | 'sha512'. -spec auth_scram_hash() -> 'sha' | 'sha256' | 'sha512'.
auth_scram_hash() -> auth_scram_hash() ->

4
src/ejabberd_options.erl
View file

@ -79,7 +79,7 @@ opt_type(auth_opts) ->
end; end;
opt_type(auth_stored_password_types) -> opt_type(auth_stored_password_types) ->
econf:list(econf:enum([plain, scram_sha1, scram_sha256, scram_sha512])); econf:list(econf:enum([plain, scram_sha1, scram_sha256, scram_sha512]));
opt_type(auth_password_types_hidden_in_scram1) -> opt_type(auth_password_types_hidden_in_sasl1) ->
econf:list(econf:enum([plain, scram_sha1, scram_sha256, scram_sha512])); econf:list(econf:enum([plain, scram_sha1, scram_sha256, scram_sha512]));
opt_type(auth_password_format) -> opt_type(auth_password_format) ->
econf:enum([plain, scram]); econf:enum([plain, scram]);
@ -566,7 +566,7 @@ options() ->
{auth_password_format, plain}, {auth_password_format, plain},
{auth_scram_hash, sha}, {auth_scram_hash, sha},
{auth_stored_password_types, []}, {auth_stored_password_types, []},
{auth_password_types_hidden_in_scram1, []}, {auth_password_types_hidden_in_sasl1, []},
{auth_external_user_exists_check, true}, {auth_external_user_exists_check, true},
{auth_use_cache, {auth_use_cache,
fun(Host) -> ejabberd_config:get_option({use_cache, Host}) end}, fun(Host) -> ejabberd_config:get_option({use_cache, Host}) end},

6
src/ejabberd_options_doc.erl
View file

@ -399,12 +399,12 @@ doc() ->
"depends on the _`auth_scram_hash`_ option."), "", "depends on the _`auth_scram_hash`_ option."), "",
?T("The default value is 'plain'."), ""]}}, ?T("The default value is 'plain'."), ""]}},
{auth_password_types_hidden_in_scram1, {auth_password_types_hidden_in_sasl1,
#{value => "[plain | scram_sha1 | scram_sha256 | scram_sha512]", #{value => "[plain | scram_sha1 | scram_sha256 | scram_sha512]",
note => "added in 25.07", note => "added in 25.07",
desc => desc =>
?T("List of password types that should not be offered in SCRAM1 authenticatication. " ?T("List of password types that should not be offered in SASL1 authenticatication. "
"Because SCRAM1, unlike SCRAM2, can't have list of available mechanisms tailored to " "Because SASL1, unlike SASL2, can't have list of available mechanisms tailored to "
"individual user, it's possible that offered mechanisms will not be compatible " "individual user, it's possible that offered mechanisms will not be compatible "
"with stored password, especially if new password type was added recently. " "with stored password, especially if new password type was added recently. "
"This option allows disabling offering some mechanisms in SASL1, to a time until new " "This option allows disabling offering some mechanisms in SASL1, to a time until new "