aboutsummaryrefslogtreecommitdiffstats
path: root/testing/ejabberd
diff options
context:
space:
mode:
Diffstat (limited to 'testing/ejabberd')
-rw-r--r--testing/ejabberd/APKBUILD36
-rw-r--r--testing/ejabberd/gssapi-2.1.0.diff410
2 files changed, 435 insertions, 11 deletions
diff --git a/testing/ejabberd/APKBUILD b/testing/ejabberd/APKBUILD
index a53e432f3c..4e9d7a3ea6 100644
--- a/testing/ejabberd/APKBUILD
+++ b/testing/ejabberd/APKBUILD
@@ -1,25 +1,30 @@
# Contributor: Leonardo Arena <rnarld@alpinelinux.org>
-# Maintainer:
+# Maintainer: Francesco Colista <francesco.colista@gmail.com>
pkgname=ejabberd
-pkgver=2.1.10
-pkgrel=2
+pkgver=2.1.12
+pkgrel=0
pkgdesc="An erlang jabber server"
url="http://www.ejabberd.im"
-arch="x86"
+arch="all"
license="GPL"
depends="erlang"
-depends_dev="erlang-dev expat-dev libiconv-dev openssl-dev zlib-dev"
+depends_dev="erlang-dev expat-dev libiconv-dev openssl-dev zlib-dev heimdal-dev"
makedepends="$depends_dev"
-install="$pkgname.post-install $pkgname.post-upgrade"
+pkgusers="ejabberd"
+pkggroups="ejabberd"
+install=""
subpackages="$pkgname-dev $pkgname-doc"
-source="http://www.process-one.net/downloads/ejabberd/${pkgver/_/-}/ejabberd-${pkgver}.tar.gz"
-
-
+source="http://www.process-one.net/downloads/$pkgname/$pkgver/$pkgname-$pkgver.tgz
+ gssapi-2.1.0.diff"
_builddir="$srcdir"/$pkgname-$pkgver
prepare() {
cd "$_builddir"
- return 0
+ for i in $source; do
+ case $i in
+ *.patch) msg $i; patch -p2 -i "$srcdir"/$i || return 1;;
+ esac
+ done
}
build() {
@@ -41,6 +46,15 @@ package() {
install -D -m0644 ../../../$pkgname.logrotate ${pkgdir}/etc/logrotate.d/$pkgname
install -m755 -D ../../../$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
install -m644 -D ../../../$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
+ chown -R ejabberd.ejabberd "$pkgdir"/var/log/ejabberd
+ chown -R ejabberd.ejabberd "$pkgdir"/var/spool/ejabberd
+ chown -R ejabberd.ejabberd "$pkgdir"/var/lib/ejabberd
+ chgrp ejabberd "$pkgdir"/etc/ejabberd/ejabberd.cfg "$pkgdir"/etc/ejabberd/ejabberdctl.cfg "$pkgdir"/etc/ejabberd
}
-md5sums="70f0e17983114c62893e43b6ef2e9d0c ejabberd-2.1.10.tar.gz"
+md5sums="7d49242cf04282f3c4cebfafa2cc2f46 ejabberd-2.1.12.tgz
+e68959e95b5bf8974d1eee03bd3397a7 gssapi-2.1.0.diff"
+sha256sums="38f0825346773c00c85a66b33586c75f2d191d1eb0ed8ae09fa17368d6ddfd19 ejabberd-2.1.12.tgz
+3cb3d3a8dcd7a5369a36c674fd26f3b60d976a76fc55ca3da329db851d3ff48d gssapi-2.1.0.diff"
+sha512sums="725ab9563a6c73e85b5115f66bac157cf9b1170913c1bfed7cf066408c6b3ac5b4bdba22c6c3ed1505391a7048a86ce3b59484f78264ab023612c539422278db ejabberd-2.1.12.tgz
+031f8ff688c947988ac6de56757f35b7d5d9dead3d5c8ed1b6fffada7b358616ce56ad92cfe65e004fd665908277c0609c5223cdcb0e366dd2965d19d25b944f gssapi-2.1.0.diff"
diff --git a/testing/ejabberd/gssapi-2.1.0.diff b/testing/ejabberd/gssapi-2.1.0.diff
new file mode 100644
index 0000000000..d3d5578773
--- /dev/null
+++ b/testing/ejabberd/gssapi-2.1.0.diff
@@ -0,0 +1,410 @@
+commit e99cc20600e5668e4edb9a2671e0cb7a23663389
+Author: Badlop <badlop@process-one.net>
+Date: Tue Sep 29 15:10:15 2009 +0200
+
+ Support to authenticate against SASL GSSAPI http://www.ejabberd.im/cyrsasl_gssapi
+
+diff --git a/src/cyrsasl.erl b/src/cyrsasl.erl
+index f993b99..e8bd275 100644
+--- a/src/cyrsasl.erl
++++ b/src/cyrsasl.erl
+@@ -30,19 +30,20 @@
+ -export([start/0,
+ register_mechanism/3,
+ listmech/1,
+- server_new/7,
++ server_new/8,
+ server_start/3,
+ server_step/2]).
+
+ -record(sasl_mechanism, {mechanism, module, require_plain_password}).
+--record(sasl_state, {service, myname, realm,
+- get_password, check_password, check_password_digest,
+- mech_mod, mech_state}).
++-record(sasl_state, {service, myname,
++ mech_mod, mech_state, ctx}).
++
++-include("ejabberd.hrl").
+
+ -export([behaviour_info/1]).
+
+ behaviour_info(callbacks) ->
+- [{mech_new, 4}, {mech_step, 2}];
++ [{mech_new, 1}, {mech_step, 2}];
+ behaviour_info(_Other) ->
+ undefined.
+
+@@ -50,6 +51,7 @@ start() ->
+ ets:new(sasl_mechanism, [named_table,
+ public,
+ {keypos, #sasl_mechanism.mechanism}]),
++ cyrsasl_gssapi:start([]),
+ cyrsasl_plain:start([]),
+ cyrsasl_digest:start([]),
+ cyrsasl_anonymous:start([]),
+@@ -113,24 +115,26 @@ listmech(Host) ->
+ filter_anonymous(Host, Mechs).
+
+ server_new(Service, ServerFQDN, UserRealm, _SecFlags,
+- GetPassword, CheckPassword, CheckPasswordDigest) ->
++ GetPassword, CheckPassword, CheckPasswordDigest, FQDN) ->
++ Ctx = #sasl_ctx{
++ host = ServerFQDN,
++ realm = UserRealm,
++ get_password = GetPassword,
++ check_password = CheckPassword,
++ check_password_digest= CheckPasswordDigest,
++ fqdn = FQDN
++ },
++
+ #sasl_state{service = Service,
+ myname = ServerFQDN,
+- realm = UserRealm,
+- get_password = GetPassword,
+- check_password = CheckPassword,
+- check_password_digest= CheckPasswordDigest}.
++ ctx = Ctx}.
+
+ server_start(State, Mech, ClientIn) ->
+ case lists:member(Mech, listmech(State#sasl_state.myname)) of
+ true ->
+ case ets:lookup(sasl_mechanism, Mech) of
+ [#sasl_mechanism{module = Module}] ->
+- {ok, MechState} = Module:mech_new(
+- State#sasl_state.myname,
+- State#sasl_state.get_password,
+- State#sasl_state.check_password,
+- State#sasl_state.check_password_digest),
++ {ok, MechState} = Module:mech_new(State#sasl_state.ctx),
+ server_step(State#sasl_state{mech_mod = Module,
+ mech_state = MechState},
+ ClientIn);
+diff --git a/src/cyrsasl_anonymous.erl b/src/cyrsasl_anonymous.erl
+index 19e65d6..af93207 100644
+--- a/src/cyrsasl_anonymous.erl
++++ b/src/cyrsasl_anonymous.erl
+@@ -27,12 +27,14 @@
+
+ -module(cyrsasl_anonymous).
+
+--export([start/1, stop/0, mech_new/4, mech_step/2]).
++-export([start/1, stop/0, mech_new/1, mech_step/2]).
+
+ -behaviour(cyrsasl).
+
+ -record(state, {server}).
+
++-include("ejabberd.hrl").
++
+ start(_Opts) ->
+ cyrsasl:register_mechanism("ANONYMOUS", ?MODULE, false),
+ ok.
+@@ -40,7 +42,7 @@ start(_Opts) ->
+ stop() ->
+ ok.
+
+-mech_new(Host, _GetPassword, _CheckPassword, _CheckPasswordDigest) ->
++mech_new(#sasl_ctx{host=Host}) ->
+ {ok, #state{server = Host}}.
+
+ mech_step(State, _ClientIn) ->
+diff --git a/src/cyrsasl_digest.erl b/src/cyrsasl_digest.erl
+index b3e80e0..d26fec1 100644
+--- a/src/cyrsasl_digest.erl
++++ b/src/cyrsasl_digest.erl
+@@ -29,7 +29,7 @@
+
+ -export([start/1,
+ stop/0,
+- mech_new/4,
++ mech_new/1,
+ mech_step/2]).
+
+ -include("ejabberd.hrl").
+@@ -45,7 +45,7 @@ start(_Opts) ->
+ stop() ->
+ ok.
+
+-mech_new(Host, GetPassword, _CheckPassword, CheckPasswordDigest) ->
++mech_new(#sasl_ctx{host=Host, get_password=GetPassword, check_password = CheckPasswordDigest}) ->
+ {ok, #state{step = 1,
+ nonce = randoms:get_string(),
+ host = Host,
+diff --git a/src/cyrsasl_gssapi.erl b/src/cyrsasl_gssapi.erl
+new file mode 100644
+index 0000000..d292565
+--- /dev/null
++++ b/src/cyrsasl_gssapi.erl
+@@ -0,0 +1,143 @@
++%%%----------------------------------------------------------------------
++%%% File : cyrsasl_gssapi.erl
++%%% Author : Mikael Magnusson <mikma@users.sourceforge.net>
++%%% Purpose : GSSAPI SASL mechanism
++%%% Created : 1 June 2007 by Mikael Magnusson <mikma@users.sourceforge.net>
++%%% Id : $Id: $
++%%%----------------------------------------------------------------------
++%%%
++%%% Copyright (C) 2007 Mikael Magnusson <mikma@users.sourceforge.net>
++%%%
++%%% Permission is hereby granted, free of charge, to any person
++%%% obtaining a copy of this software and associated documentation
++%%% files (the "Software"), to deal in the Software without
++%%% restriction, including without limitation the rights to use, copy,
++%%% modify, merge, publish, distribute, sublicense, and/or sell copies
++%%% of the Software, and to permit persons to whom the Software is
++%%% furnished to do so, subject to the following conditions:
++%%%
++%%% The above copyright notice and this permission notice shall be
++%%% included in all copies or substantial portions of the Software.
++%%%
++%%% THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
++%%% EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
++%%% MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
++%%% NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
++%%% BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
++%%% ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
++%%% CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
++%%% SOFTWARE.
++%%%
++
++%%%
++%%% configuration options:
++%%% {sasl_realm, "<Kerberos realm>"}.
++%%%
++%%% environment variables:
++%%% KRB5_KTNAME
++%%%
++
++-module(cyrsasl_gssapi).
++-author('mikma@users.sourceforge.net').
++-vsn('$Revision: $ ').
++
++-include("ejabberd.hrl").
++
++-export([start/1,
++ stop/0,
++ mech_new/1,
++ mech_step/2]).
++
++-behaviour(cyrsasl).
++
++-define(SERVER, cyrsasl_gssapi).
++-define(MSG, ?DEBUG).
++
++-record(state, {sasl,
++ needsmore=true,
++ step=0,
++ host,
++ authid,
++ authzid,
++ authrealm}).
++
++start(_Opts) ->
++ ChildSpec =
++ {?SERVER,
++ {esasl, start_link, [{local, ?SERVER}]},
++ transient,
++ 1000,
++ worker,
++ [esasl]},
++
++ {ok, _Pid} = supervisor:start_child(ejabberd_sup, ChildSpec),
++
++ cyrsasl:register_mechanism("GSSAPI", ?MODULE, false).
++
++stop() ->
++ esasl:stop(?SERVER),
++ supervisor:terminate_child(ejabberd_sup, ?SERVER),
++ supervisor:delete_child(ejabberd_sup, ?SERVER).
++
++mech_new(#sasl_ctx{host=Host, fqdn=FQDN}) ->
++ ?MSG("mech_new ~p ~p~n", [Host, FQDN]),
++ {ok, Sasl} = esasl:server_start(?SERVER, "GSSAPI", "xmpp", FQDN),
++ {ok, #state{sasl=Sasl,host=Host}}.
++
++mech_step(State, ClientIn) when is_list(ClientIn) ->
++ catch do_step(State, ClientIn).
++
++do_step(#state{needsmore=false}=State, _) ->
++ check_user(State);
++do_step(#state{needsmore=true,sasl=Sasl,step=Step}=State, ClientIn) ->
++ ?MSG("mech_step~n", []),
++ case esasl:step(Sasl, list_to_binary(ClientIn)) of
++ {ok, RspAuth} ->
++ ?MSG("ok~n", []),
++ {ok, Display_name} = esasl:property_get(Sasl, gssapi_display_name),
++ {ok, Authzid} = esasl:property_get(Sasl, authzid),
++ {Authid, [$@ | Auth_realm]} =
++ lists:splitwith(fun(E)->E =/= $@ end, Display_name),
++ State1 = State#state{authid=Authid,
++ authzid=Authzid,
++ authrealm=Auth_realm},
++ handle_step_ok(State1, binary_to_list(RspAuth));
++ {needsmore, RspAuth} ->
++ ?MSG("needsmore~n", []),
++ if (Step > 0) and (ClientIn =:= []) and (RspAuth =:= <<>>) ->
++ {error, "not-authorized"};
++ true ->
++ {continue, binary_to_list(RspAuth),
++ State#state{step=Step+1}}
++ end;
++ {error, _} ->
++ {error, "not-authorized"}
++ end.
++
++handle_step_ok(State, []) ->
++ check_user(State);
++handle_step_ok(#state{step=Step}=State, RspAuth) ->
++ ?MSG("continue~n", []),
++ {continue, RspAuth, State#state{needsmore=false,step=Step+1}}.
++
++check_user(#state{authid=Authid,authzid=Authzid,
++ authrealm=Auth_realm,host=Host}) ->
++ Realm = ejabberd_config:get_local_option({sasl_realm, Host}),
++
++ if Realm =/= Auth_realm ->
++ ?MSG("bad realm ~p (expected ~p)~n",[Auth_realm, Realm]),
++ throw({error, "not-authorized"});
++ true ->
++ ok
++ end,
++
++ case ejabberd_auth:is_user_exists(Authid, Host) of
++ false ->
++ ?MSG("bad user ~p~n",[Authid]),
++ throw({error, "not-authorized"});
++ true ->
++ ok
++ end,
++
++ ?MSG("GSSAPI authenticated ~p ~p~n", [Authid, Authzid]),
++ {ok, [{username, Authid}, {authzid, Authzid}]}.
+diff --git a/src/cyrsasl_plain.erl b/src/cyrsasl_plain.erl
+index 4e69b06..5187665 100644
+--- a/src/cyrsasl_plain.erl
++++ b/src/cyrsasl_plain.erl
+@@ -27,10 +27,11 @@
+ -module(cyrsasl_plain).
+ -author('alexey@process-one.net').
+
+--export([start/1, stop/0, mech_new/4, mech_step/2, parse/1]).
++-export([start/1, stop/0, mech_new/1, mech_step/2, parse/1]).
+
+ -behaviour(cyrsasl).
+
++-include("ejabberd.hrl").
+ -record(state, {check_password}).
+
+ start(_Opts) ->
+@@ -40,7 +41,7 @@ start(_Opts) ->
+ stop() ->
+ ok.
+
+-mech_new(_Host, _GetPassword, CheckPassword, _CheckPasswordDigest) ->
++mech_new(#sasl_ctx{check_password=CheckPassword}) ->
+ {ok, #state{check_password = CheckPassword}}.
+
+ mech_step(State, ClientIn) ->
+diff --git a/src/ejabberd.hrl b/src/ejabberd.hrl
+index 717496f..4d683bb 100644
+--- a/src/ejabberd.hrl
++++ b/src/ejabberd.hrl
+@@ -59,3 +59,10 @@
+ -define(CRITICAL_MSG(Format, Args),
+ ejabberd_logger:critical_msg(?MODULE,?LINE,Format, Args)).
+
++-record(sasl_ctx, {
++ host,
++ realm,
++ get_password,
++ check_password,
++ check_password_digest,
++ fqdn}).
+diff --git a/src/ejabberd_c2s.erl b/src/ejabberd_c2s.erl
+index 8ca5f5c..aebd860 100644
+--- a/src/ejabberd_c2s.erl
++++ b/src/ejabberd_c2s.erl
+@@ -67,6 +67,7 @@
+ -record(state, {socket,
+ sockmod,
+ socket_monitor,
++ fqdn,
+ xml_socket,
+ streamid,
+ sasl_state,
+@@ -204,9 +205,11 @@ init([{SockMod, Socket}, Opts]) ->
+ Socket
+ end,
+ SocketMonitor = SockMod:monitor(Socket1),
++ {ok, FQDN} = ejabberd_net:gethostname(Socket),
+ {ok, wait_for_stream, #state{socket = Socket1,
+ sockmod = SockMod,
+ socket_monitor = SocketMonitor,
++ fqdn = FQDN,
+ xml_socket = XMLSocket,
+ zlib = Zlib,
+ tls = TLS,
+@@ -250,6 +253,8 @@ wait_for_stream({xmlstreamstart, _Name, Attrs}, StateData) ->
+ send_header(StateData, Server, "1.0", DefaultLang),
+ case StateData#state.authenticated of
+ false ->
++ FQDN = StateData#state.fqdn,
++ ?INFO_MSG("FQDN: ~p~n", [FQDN]),
+ SASLState =
+ cyrsasl:server_new(
+ "jabber", Server, "", [],
+@@ -264,7 +269,8 @@ wait_for_stream({xmlstreamstart, _Name, Attrs}, StateData) ->
+ fun(U, P, D, DG) ->
+ ejabberd_auth:check_password_with_authmodule(
+ U, Server, P, D, DG)
+- end),
++ end,
++ FQDN),
+ Mechs = lists:map(
+ fun(S) ->
+ {xmlelement, "mechanism", [],
+diff --git a/src/ejabberd_net.erl b/src/ejabberd_net.erl
+new file mode 100644
+index 0000000..e9ab70a
+--- /dev/null
++++ b/src/ejabberd_net.erl
+@@ -0,0 +1,39 @@
++%%%----------------------------------------------------------------------
++%%% File : ejabberd_net.erl
++%%% Author : Mikael Magnusson <mikma@users.sourceforge.net>
++%%% Purpose : Serve C2S connection
++%%% Created : 6 June 2007 by Mikael Magnusson <mikma@users.sourceforge.net>
++%%% Id : $Id: $
++%%%----------------------------------------------------------------------
++
++-module(ejabberd_net).
++-author('mikma@users.sourceforge.net').
++%% -update_info({update, 0}).
++
++-export([gethostname/1]).
++
++-include("ejabberd.hrl").
++-include_lib("kernel/include/inet.hrl").
++
++%% Copied from ejabberd_socket.erl of ejabberd 2.0.3
++-record(socket_state, {sockmod, socket, receiver}).
++
++%%
++%% gethostname(Socket)
++%%
++gethostname(Socket) ->
++ ?INFO_MSG("gethostname ~p~n", [Socket]),
++%% {ok, "skinner.hem.za.org"}.
++
++ case ejabberd_config:get_local_option({sasl_fqdn, ?MYNAME}) of
++ undefined ->
++ {ok, {Addr, _Port}} = inet:sockname(Socket#socket_state.socket),
++ case inet:gethostbyaddr(Addr) of
++ {ok, HostEnt} when is_record(HostEnt, hostent) ->
++ {ok, HostEnt#hostent.h_name};
++ {error, What} ->
++ ?ERROR_MSG("Error in gethostname:~nSocket: ~p~nError: ~p", [What]),
++ error
++ end;
++ F -> {ok, F}
++ end.