diff options
Diffstat (limited to 'testing/ejabberd')
-rw-r--r-- | testing/ejabberd/APKBUILD | 36 | ||||
-rw-r--r-- | testing/ejabberd/gssapi-2.1.0.diff | 410 |
2 files changed, 435 insertions, 11 deletions
diff --git a/testing/ejabberd/APKBUILD b/testing/ejabberd/APKBUILD index a53e432f3c..4e9d7a3ea6 100644 --- a/testing/ejabberd/APKBUILD +++ b/testing/ejabberd/APKBUILD @@ -1,25 +1,30 @@ # Contributor: Leonardo Arena <rnarld@alpinelinux.org> -# Maintainer: +# Maintainer: Francesco Colista <francesco.colista@gmail.com> pkgname=ejabberd -pkgver=2.1.10 -pkgrel=2 +pkgver=2.1.12 +pkgrel=0 pkgdesc="An erlang jabber server" url="http://www.ejabberd.im" -arch="x86" +arch="all" license="GPL" depends="erlang" -depends_dev="erlang-dev expat-dev libiconv-dev openssl-dev zlib-dev" +depends_dev="erlang-dev expat-dev libiconv-dev openssl-dev zlib-dev heimdal-dev" makedepends="$depends_dev" -install="$pkgname.post-install $pkgname.post-upgrade" +pkgusers="ejabberd" +pkggroups="ejabberd" +install="" subpackages="$pkgname-dev $pkgname-doc" -source="http://www.process-one.net/downloads/ejabberd/${pkgver/_/-}/ejabberd-${pkgver}.tar.gz" - - +source="http://www.process-one.net/downloads/$pkgname/$pkgver/$pkgname-$pkgver.tgz + gssapi-2.1.0.diff" _builddir="$srcdir"/$pkgname-$pkgver prepare() { cd "$_builddir" - return 0 + for i in $source; do + case $i in + *.patch) msg $i; patch -p2 -i "$srcdir"/$i || return 1;; + esac + done } build() { @@ -41,6 +46,15 @@ package() { install -D -m0644 ../../../$pkgname.logrotate ${pkgdir}/etc/logrotate.d/$pkgname install -m755 -D ../../../$pkgname.initd "$pkgdir"/etc/init.d/$pkgname install -m644 -D ../../../$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname + chown -R ejabberd.ejabberd "$pkgdir"/var/log/ejabberd + chown -R ejabberd.ejabberd "$pkgdir"/var/spool/ejabberd + chown -R ejabberd.ejabberd "$pkgdir"/var/lib/ejabberd + chgrp ejabberd "$pkgdir"/etc/ejabberd/ejabberd.cfg "$pkgdir"/etc/ejabberd/ejabberdctl.cfg "$pkgdir"/etc/ejabberd } -md5sums="70f0e17983114c62893e43b6ef2e9d0c ejabberd-2.1.10.tar.gz" +md5sums="7d49242cf04282f3c4cebfafa2cc2f46 ejabberd-2.1.12.tgz +e68959e95b5bf8974d1eee03bd3397a7 gssapi-2.1.0.diff" +sha256sums="38f0825346773c00c85a66b33586c75f2d191d1eb0ed8ae09fa17368d6ddfd19 ejabberd-2.1.12.tgz +3cb3d3a8dcd7a5369a36c674fd26f3b60d976a76fc55ca3da329db851d3ff48d gssapi-2.1.0.diff" +sha512sums="725ab9563a6c73e85b5115f66bac157cf9b1170913c1bfed7cf066408c6b3ac5b4bdba22c6c3ed1505391a7048a86ce3b59484f78264ab023612c539422278db ejabberd-2.1.12.tgz +031f8ff688c947988ac6de56757f35b7d5d9dead3d5c8ed1b6fffada7b358616ce56ad92cfe65e004fd665908277c0609c5223cdcb0e366dd2965d19d25b944f gssapi-2.1.0.diff" diff --git a/testing/ejabberd/gssapi-2.1.0.diff b/testing/ejabberd/gssapi-2.1.0.diff new file mode 100644 index 0000000000..d3d5578773 --- /dev/null +++ b/testing/ejabberd/gssapi-2.1.0.diff @@ -0,0 +1,410 @@ +commit e99cc20600e5668e4edb9a2671e0cb7a23663389 +Author: Badlop <badlop@process-one.net> +Date: Tue Sep 29 15:10:15 2009 +0200 + + Support to authenticate against SASL GSSAPI http://www.ejabberd.im/cyrsasl_gssapi + +diff --git a/src/cyrsasl.erl b/src/cyrsasl.erl +index f993b99..e8bd275 100644 +--- a/src/cyrsasl.erl ++++ b/src/cyrsasl.erl +@@ -30,19 +30,20 @@ + -export([start/0, + register_mechanism/3, + listmech/1, +- server_new/7, ++ server_new/8, + server_start/3, + server_step/2]). + + -record(sasl_mechanism, {mechanism, module, require_plain_password}). +--record(sasl_state, {service, myname, realm, +- get_password, check_password, check_password_digest, +- mech_mod, mech_state}). ++-record(sasl_state, {service, myname, ++ mech_mod, mech_state, ctx}). ++ ++-include("ejabberd.hrl"). + + -export([behaviour_info/1]). + + behaviour_info(callbacks) -> +- [{mech_new, 4}, {mech_step, 2}]; ++ [{mech_new, 1}, {mech_step, 2}]; + behaviour_info(_Other) -> + undefined. + +@@ -50,6 +51,7 @@ start() -> + ets:new(sasl_mechanism, [named_table, + public, + {keypos, #sasl_mechanism.mechanism}]), ++ cyrsasl_gssapi:start([]), + cyrsasl_plain:start([]), + cyrsasl_digest:start([]), + cyrsasl_anonymous:start([]), +@@ -113,24 +115,26 @@ listmech(Host) -> + filter_anonymous(Host, Mechs). + + server_new(Service, ServerFQDN, UserRealm, _SecFlags, +- GetPassword, CheckPassword, CheckPasswordDigest) -> ++ GetPassword, CheckPassword, CheckPasswordDigest, FQDN) -> ++ Ctx = #sasl_ctx{ ++ host = ServerFQDN, ++ realm = UserRealm, ++ get_password = GetPassword, ++ check_password = CheckPassword, ++ check_password_digest= CheckPasswordDigest, ++ fqdn = FQDN ++ }, ++ + #sasl_state{service = Service, + myname = ServerFQDN, +- realm = UserRealm, +- get_password = GetPassword, +- check_password = CheckPassword, +- check_password_digest= CheckPasswordDigest}. ++ ctx = Ctx}. + + server_start(State, Mech, ClientIn) -> + case lists:member(Mech, listmech(State#sasl_state.myname)) of + true -> + case ets:lookup(sasl_mechanism, Mech) of + [#sasl_mechanism{module = Module}] -> +- {ok, MechState} = Module:mech_new( +- State#sasl_state.myname, +- State#sasl_state.get_password, +- State#sasl_state.check_password, +- State#sasl_state.check_password_digest), ++ {ok, MechState} = Module:mech_new(State#sasl_state.ctx), + server_step(State#sasl_state{mech_mod = Module, + mech_state = MechState}, + ClientIn); +diff --git a/src/cyrsasl_anonymous.erl b/src/cyrsasl_anonymous.erl +index 19e65d6..af93207 100644 +--- a/src/cyrsasl_anonymous.erl ++++ b/src/cyrsasl_anonymous.erl +@@ -27,12 +27,14 @@ + + -module(cyrsasl_anonymous). + +--export([start/1, stop/0, mech_new/4, mech_step/2]). ++-export([start/1, stop/0, mech_new/1, mech_step/2]). + + -behaviour(cyrsasl). + + -record(state, {server}). + ++-include("ejabberd.hrl"). ++ + start(_Opts) -> + cyrsasl:register_mechanism("ANONYMOUS", ?MODULE, false), + ok. +@@ -40,7 +42,7 @@ start(_Opts) -> + stop() -> + ok. + +-mech_new(Host, _GetPassword, _CheckPassword, _CheckPasswordDigest) -> ++mech_new(#sasl_ctx{host=Host}) -> + {ok, #state{server = Host}}. + + mech_step(State, _ClientIn) -> +diff --git a/src/cyrsasl_digest.erl b/src/cyrsasl_digest.erl +index b3e80e0..d26fec1 100644 +--- a/src/cyrsasl_digest.erl ++++ b/src/cyrsasl_digest.erl +@@ -29,7 +29,7 @@ + + -export([start/1, + stop/0, +- mech_new/4, ++ mech_new/1, + mech_step/2]). + + -include("ejabberd.hrl"). +@@ -45,7 +45,7 @@ start(_Opts) -> + stop() -> + ok. + +-mech_new(Host, GetPassword, _CheckPassword, CheckPasswordDigest) -> ++mech_new(#sasl_ctx{host=Host, get_password=GetPassword, check_password = CheckPasswordDigest}) -> + {ok, #state{step = 1, + nonce = randoms:get_string(), + host = Host, +diff --git a/src/cyrsasl_gssapi.erl b/src/cyrsasl_gssapi.erl +new file mode 100644 +index 0000000..d292565 +--- /dev/null ++++ b/src/cyrsasl_gssapi.erl +@@ -0,0 +1,143 @@ ++%%%---------------------------------------------------------------------- ++%%% File : cyrsasl_gssapi.erl ++%%% Author : Mikael Magnusson <mikma@users.sourceforge.net> ++%%% Purpose : GSSAPI SASL mechanism ++%%% Created : 1 June 2007 by Mikael Magnusson <mikma@users.sourceforge.net> ++%%% Id : $Id: $ ++%%%---------------------------------------------------------------------- ++%%% ++%%% Copyright (C) 2007 Mikael Magnusson <mikma@users.sourceforge.net> ++%%% ++%%% Permission is hereby granted, free of charge, to any person ++%%% obtaining a copy of this software and associated documentation ++%%% files (the "Software"), to deal in the Software without ++%%% restriction, including without limitation the rights to use, copy, ++%%% modify, merge, publish, distribute, sublicense, and/or sell copies ++%%% of the Software, and to permit persons to whom the Software is ++%%% furnished to do so, subject to the following conditions: ++%%% ++%%% The above copyright notice and this permission notice shall be ++%%% included in all copies or substantial portions of the Software. ++%%% ++%%% THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, ++%%% EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF ++%%% MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ++%%% NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS ++%%% BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ++%%% ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN ++%%% CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE ++%%% SOFTWARE. ++%%% ++ ++%%% ++%%% configuration options: ++%%% {sasl_realm, "<Kerberos realm>"}. ++%%% ++%%% environment variables: ++%%% KRB5_KTNAME ++%%% ++ ++-module(cyrsasl_gssapi). ++-author('mikma@users.sourceforge.net'). ++-vsn('$Revision: $ '). ++ ++-include("ejabberd.hrl"). ++ ++-export([start/1, ++ stop/0, ++ mech_new/1, ++ mech_step/2]). ++ ++-behaviour(cyrsasl). ++ ++-define(SERVER, cyrsasl_gssapi). ++-define(MSG, ?DEBUG). ++ ++-record(state, {sasl, ++ needsmore=true, ++ step=0, ++ host, ++ authid, ++ authzid, ++ authrealm}). ++ ++start(_Opts) -> ++ ChildSpec = ++ {?SERVER, ++ {esasl, start_link, [{local, ?SERVER}]}, ++ transient, ++ 1000, ++ worker, ++ [esasl]}, ++ ++ {ok, _Pid} = supervisor:start_child(ejabberd_sup, ChildSpec), ++ ++ cyrsasl:register_mechanism("GSSAPI", ?MODULE, false). ++ ++stop() -> ++ esasl:stop(?SERVER), ++ supervisor:terminate_child(ejabberd_sup, ?SERVER), ++ supervisor:delete_child(ejabberd_sup, ?SERVER). ++ ++mech_new(#sasl_ctx{host=Host, fqdn=FQDN}) -> ++ ?MSG("mech_new ~p ~p~n", [Host, FQDN]), ++ {ok, Sasl} = esasl:server_start(?SERVER, "GSSAPI", "xmpp", FQDN), ++ {ok, #state{sasl=Sasl,host=Host}}. ++ ++mech_step(State, ClientIn) when is_list(ClientIn) -> ++ catch do_step(State, ClientIn). ++ ++do_step(#state{needsmore=false}=State, _) -> ++ check_user(State); ++do_step(#state{needsmore=true,sasl=Sasl,step=Step}=State, ClientIn) -> ++ ?MSG("mech_step~n", []), ++ case esasl:step(Sasl, list_to_binary(ClientIn)) of ++ {ok, RspAuth} -> ++ ?MSG("ok~n", []), ++ {ok, Display_name} = esasl:property_get(Sasl, gssapi_display_name), ++ {ok, Authzid} = esasl:property_get(Sasl, authzid), ++ {Authid, [$@ | Auth_realm]} = ++ lists:splitwith(fun(E)->E =/= $@ end, Display_name), ++ State1 = State#state{authid=Authid, ++ authzid=Authzid, ++ authrealm=Auth_realm}, ++ handle_step_ok(State1, binary_to_list(RspAuth)); ++ {needsmore, RspAuth} -> ++ ?MSG("needsmore~n", []), ++ if (Step > 0) and (ClientIn =:= []) and (RspAuth =:= <<>>) -> ++ {error, "not-authorized"}; ++ true -> ++ {continue, binary_to_list(RspAuth), ++ State#state{step=Step+1}} ++ end; ++ {error, _} -> ++ {error, "not-authorized"} ++ end. ++ ++handle_step_ok(State, []) -> ++ check_user(State); ++handle_step_ok(#state{step=Step}=State, RspAuth) -> ++ ?MSG("continue~n", []), ++ {continue, RspAuth, State#state{needsmore=false,step=Step+1}}. ++ ++check_user(#state{authid=Authid,authzid=Authzid, ++ authrealm=Auth_realm,host=Host}) -> ++ Realm = ejabberd_config:get_local_option({sasl_realm, Host}), ++ ++ if Realm =/= Auth_realm -> ++ ?MSG("bad realm ~p (expected ~p)~n",[Auth_realm, Realm]), ++ throw({error, "not-authorized"}); ++ true -> ++ ok ++ end, ++ ++ case ejabberd_auth:is_user_exists(Authid, Host) of ++ false -> ++ ?MSG("bad user ~p~n",[Authid]), ++ throw({error, "not-authorized"}); ++ true -> ++ ok ++ end, ++ ++ ?MSG("GSSAPI authenticated ~p ~p~n", [Authid, Authzid]), ++ {ok, [{username, Authid}, {authzid, Authzid}]}. +diff --git a/src/cyrsasl_plain.erl b/src/cyrsasl_plain.erl +index 4e69b06..5187665 100644 +--- a/src/cyrsasl_plain.erl ++++ b/src/cyrsasl_plain.erl +@@ -27,10 +27,11 @@ + -module(cyrsasl_plain). + -author('alexey@process-one.net'). + +--export([start/1, stop/0, mech_new/4, mech_step/2, parse/1]). ++-export([start/1, stop/0, mech_new/1, mech_step/2, parse/1]). + + -behaviour(cyrsasl). + ++-include("ejabberd.hrl"). + -record(state, {check_password}). + + start(_Opts) -> +@@ -40,7 +41,7 @@ start(_Opts) -> + stop() -> + ok. + +-mech_new(_Host, _GetPassword, CheckPassword, _CheckPasswordDigest) -> ++mech_new(#sasl_ctx{check_password=CheckPassword}) -> + {ok, #state{check_password = CheckPassword}}. + + mech_step(State, ClientIn) -> +diff --git a/src/ejabberd.hrl b/src/ejabberd.hrl +index 717496f..4d683bb 100644 +--- a/src/ejabberd.hrl ++++ b/src/ejabberd.hrl +@@ -59,3 +59,10 @@ + -define(CRITICAL_MSG(Format, Args), + ejabberd_logger:critical_msg(?MODULE,?LINE,Format, Args)). + ++-record(sasl_ctx, { ++ host, ++ realm, ++ get_password, ++ check_password, ++ check_password_digest, ++ fqdn}). +diff --git a/src/ejabberd_c2s.erl b/src/ejabberd_c2s.erl +index 8ca5f5c..aebd860 100644 +--- a/src/ejabberd_c2s.erl ++++ b/src/ejabberd_c2s.erl +@@ -67,6 +67,7 @@ + -record(state, {socket, + sockmod, + socket_monitor, ++ fqdn, + xml_socket, + streamid, + sasl_state, +@@ -204,9 +205,11 @@ init([{SockMod, Socket}, Opts]) -> + Socket + end, + SocketMonitor = SockMod:monitor(Socket1), ++ {ok, FQDN} = ejabberd_net:gethostname(Socket), + {ok, wait_for_stream, #state{socket = Socket1, + sockmod = SockMod, + socket_monitor = SocketMonitor, ++ fqdn = FQDN, + xml_socket = XMLSocket, + zlib = Zlib, + tls = TLS, +@@ -250,6 +253,8 @@ wait_for_stream({xmlstreamstart, _Name, Attrs}, StateData) -> + send_header(StateData, Server, "1.0", DefaultLang), + case StateData#state.authenticated of + false -> ++ FQDN = StateData#state.fqdn, ++ ?INFO_MSG("FQDN: ~p~n", [FQDN]), + SASLState = + cyrsasl:server_new( + "jabber", Server, "", [], +@@ -264,7 +269,8 @@ wait_for_stream({xmlstreamstart, _Name, Attrs}, StateData) -> + fun(U, P, D, DG) -> + ejabberd_auth:check_password_with_authmodule( + U, Server, P, D, DG) +- end), ++ end, ++ FQDN), + Mechs = lists:map( + fun(S) -> + {xmlelement, "mechanism", [], +diff --git a/src/ejabberd_net.erl b/src/ejabberd_net.erl +new file mode 100644 +index 0000000..e9ab70a +--- /dev/null ++++ b/src/ejabberd_net.erl +@@ -0,0 +1,39 @@ ++%%%---------------------------------------------------------------------- ++%%% File : ejabberd_net.erl ++%%% Author : Mikael Magnusson <mikma@users.sourceforge.net> ++%%% Purpose : Serve C2S connection ++%%% Created : 6 June 2007 by Mikael Magnusson <mikma@users.sourceforge.net> ++%%% Id : $Id: $ ++%%%---------------------------------------------------------------------- ++ ++-module(ejabberd_net). ++-author('mikma@users.sourceforge.net'). ++%% -update_info({update, 0}). ++ ++-export([gethostname/1]). ++ ++-include("ejabberd.hrl"). ++-include_lib("kernel/include/inet.hrl"). ++ ++%% Copied from ejabberd_socket.erl of ejabberd 2.0.3 ++-record(socket_state, {sockmod, socket, receiver}). ++ ++%% ++%% gethostname(Socket) ++%% ++gethostname(Socket) -> ++ ?INFO_MSG("gethostname ~p~n", [Socket]), ++%% {ok, "skinner.hem.za.org"}. ++ ++ case ejabberd_config:get_local_option({sasl_fqdn, ?MYNAME}) of ++ undefined -> ++ {ok, {Addr, _Port}} = inet:sockname(Socket#socket_state.socket), ++ case inet:gethostbyaddr(Addr) of ++ {ok, HostEnt} when is_record(HostEnt, hostent) -> ++ {ok, HostEnt#hostent.h_name}; ++ {error, What} -> ++ ?ERROR_MSG("Error in gethostname:~nSocket: ~p~nError: ~p", [What]), ++ error ++ end; ++ F -> {ok, F} ++ end. |