diff options
Diffstat (limited to 'testing')
-rw-r--r-- | testing/ejabberd/APKBUILD | 23 | ||||
-rw-r--r-- | testing/ejabberd/gssapi-2.1.0.diff | 410 |
2 files changed, 5 insertions, 428 deletions
diff --git a/testing/ejabberd/APKBUILD b/testing/ejabberd/APKBUILD index b6395c64ba..c3bd75a5c9 100644 --- a/testing/ejabberd/APKBUILD +++ b/testing/ejabberd/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Francesco Colista <francesco.colista@gmail.com> pkgname=ejabberd pkgver=2.1.12 -pkgrel=1 +pkgrel=2 pkgdesc="An erlang jabber server" url="http://www.ejabberd.im" arch="all" @@ -14,19 +14,9 @@ pkgusers="ejabberd" pkggroups="ejabberd" install="$pkgname.pre-install" subpackages="$pkgname-dev $pkgname-doc" -source="http://www.process-one.net/downloads/$pkgname/$pkgver/$pkgname-$pkgver.tgz - gssapi-2.1.0.diff" +source="http://www.process-one.net/downloads/$pkgname/$pkgver/$pkgname-$pkgver.tgz" _builddir="$srcdir"/$pkgname-$pkgver -prepare() { - cd "$_builddir" - for i in $source; do - case $i in - *.patch) msg $i; patch -p2 -i "$srcdir"/$i || return 1;; - esac - done -} - build() { cd "$_builddir"/src ./configure --prefix=/usr \ @@ -52,9 +42,6 @@ package() { chgrp ejabberd "$pkgdir"/etc/ejabberd/ejabberd.cfg "$pkgdir"/etc/ejabberd/ejabberdctl.cfg "$pkgdir"/etc/ejabberd } -md5sums="7d49242cf04282f3c4cebfafa2cc2f46 ejabberd-2.1.12.tgz -e68959e95b5bf8974d1eee03bd3397a7 gssapi-2.1.0.diff" -sha256sums="38f0825346773c00c85a66b33586c75f2d191d1eb0ed8ae09fa17368d6ddfd19 ejabberd-2.1.12.tgz -3cb3d3a8dcd7a5369a36c674fd26f3b60d976a76fc55ca3da329db851d3ff48d gssapi-2.1.0.diff" -sha512sums="725ab9563a6c73e85b5115f66bac157cf9b1170913c1bfed7cf066408c6b3ac5b4bdba22c6c3ed1505391a7048a86ce3b59484f78264ab023612c539422278db ejabberd-2.1.12.tgz -031f8ff688c947988ac6de56757f35b7d5d9dead3d5c8ed1b6fffada7b358616ce56ad92cfe65e004fd665908277c0609c5223cdcb0e366dd2965d19d25b944f gssapi-2.1.0.diff" +md5sums="7d49242cf04282f3c4cebfafa2cc2f46 ejabberd-2.1.12.tgz" +sha256sums="38f0825346773c00c85a66b33586c75f2d191d1eb0ed8ae09fa17368d6ddfd19 ejabberd-2.1.12.tgz" +sha512sums="725ab9563a6c73e85b5115f66bac157cf9b1170913c1bfed7cf066408c6b3ac5b4bdba22c6c3ed1505391a7048a86ce3b59484f78264ab023612c539422278db ejabberd-2.1.12.tgz" diff --git a/testing/ejabberd/gssapi-2.1.0.diff b/testing/ejabberd/gssapi-2.1.0.diff deleted file mode 100644 index d3d5578773..0000000000 --- a/testing/ejabberd/gssapi-2.1.0.diff +++ /dev/null @@ -1,410 +0,0 @@ -commit e99cc20600e5668e4edb9a2671e0cb7a23663389 -Author: Badlop <badlop@process-one.net> -Date: Tue Sep 29 15:10:15 2009 +0200 - - Support to authenticate against SASL GSSAPI http://www.ejabberd.im/cyrsasl_gssapi - -diff --git a/src/cyrsasl.erl b/src/cyrsasl.erl -index f993b99..e8bd275 100644 ---- a/src/cyrsasl.erl -+++ b/src/cyrsasl.erl -@@ -30,19 +30,20 @@ - -export([start/0, - register_mechanism/3, - listmech/1, -- server_new/7, -+ server_new/8, - server_start/3, - server_step/2]). - - -record(sasl_mechanism, {mechanism, module, require_plain_password}). ---record(sasl_state, {service, myname, realm, -- get_password, check_password, check_password_digest, -- mech_mod, mech_state}). -+-record(sasl_state, {service, myname, -+ mech_mod, mech_state, ctx}). -+ -+-include("ejabberd.hrl"). - - -export([behaviour_info/1]). - - behaviour_info(callbacks) -> -- [{mech_new, 4}, {mech_step, 2}]; -+ [{mech_new, 1}, {mech_step, 2}]; - behaviour_info(_Other) -> - undefined. - -@@ -50,6 +51,7 @@ start() -> - ets:new(sasl_mechanism, [named_table, - public, - {keypos, #sasl_mechanism.mechanism}]), -+ cyrsasl_gssapi:start([]), - cyrsasl_plain:start([]), - cyrsasl_digest:start([]), - cyrsasl_anonymous:start([]), -@@ -113,24 +115,26 @@ listmech(Host) -> - filter_anonymous(Host, Mechs). - - server_new(Service, ServerFQDN, UserRealm, _SecFlags, -- GetPassword, CheckPassword, CheckPasswordDigest) -> -+ GetPassword, CheckPassword, CheckPasswordDigest, FQDN) -> -+ Ctx = #sasl_ctx{ -+ host = ServerFQDN, -+ realm = UserRealm, -+ get_password = GetPassword, -+ check_password = CheckPassword, -+ check_password_digest= CheckPasswordDigest, -+ fqdn = FQDN -+ }, -+ - #sasl_state{service = Service, - myname = ServerFQDN, -- realm = UserRealm, -- get_password = GetPassword, -- check_password = CheckPassword, -- check_password_digest= CheckPasswordDigest}. -+ ctx = Ctx}. - - server_start(State, Mech, ClientIn) -> - case lists:member(Mech, listmech(State#sasl_state.myname)) of - true -> - case ets:lookup(sasl_mechanism, Mech) of - [#sasl_mechanism{module = Module}] -> -- {ok, MechState} = Module:mech_new( -- State#sasl_state.myname, -- State#sasl_state.get_password, -- State#sasl_state.check_password, -- State#sasl_state.check_password_digest), -+ {ok, MechState} = Module:mech_new(State#sasl_state.ctx), - server_step(State#sasl_state{mech_mod = Module, - mech_state = MechState}, - ClientIn); -diff --git a/src/cyrsasl_anonymous.erl b/src/cyrsasl_anonymous.erl -index 19e65d6..af93207 100644 ---- a/src/cyrsasl_anonymous.erl -+++ b/src/cyrsasl_anonymous.erl -@@ -27,12 +27,14 @@ - - -module(cyrsasl_anonymous). - ---export([start/1, stop/0, mech_new/4, mech_step/2]). -+-export([start/1, stop/0, mech_new/1, mech_step/2]). - - -behaviour(cyrsasl). - - -record(state, {server}). - -+-include("ejabberd.hrl"). -+ - start(_Opts) -> - cyrsasl:register_mechanism("ANONYMOUS", ?MODULE, false), - ok. -@@ -40,7 +42,7 @@ start(_Opts) -> - stop() -> - ok. - --mech_new(Host, _GetPassword, _CheckPassword, _CheckPasswordDigest) -> -+mech_new(#sasl_ctx{host=Host}) -> - {ok, #state{server = Host}}. - - mech_step(State, _ClientIn) -> -diff --git a/src/cyrsasl_digest.erl b/src/cyrsasl_digest.erl -index b3e80e0..d26fec1 100644 ---- a/src/cyrsasl_digest.erl -+++ b/src/cyrsasl_digest.erl -@@ -29,7 +29,7 @@ - - -export([start/1, - stop/0, -- mech_new/4, -+ mech_new/1, - mech_step/2]). - - -include("ejabberd.hrl"). -@@ -45,7 +45,7 @@ start(_Opts) -> - stop() -> - ok. - --mech_new(Host, GetPassword, _CheckPassword, CheckPasswordDigest) -> -+mech_new(#sasl_ctx{host=Host, get_password=GetPassword, check_password = CheckPasswordDigest}) -> - {ok, #state{step = 1, - nonce = randoms:get_string(), - host = Host, -diff --git a/src/cyrsasl_gssapi.erl b/src/cyrsasl_gssapi.erl -new file mode 100644 -index 0000000..d292565 ---- /dev/null -+++ b/src/cyrsasl_gssapi.erl -@@ -0,0 +1,143 @@ -+%%%---------------------------------------------------------------------- -+%%% File : cyrsasl_gssapi.erl -+%%% Author : Mikael Magnusson <mikma@users.sourceforge.net> -+%%% Purpose : GSSAPI SASL mechanism -+%%% Created : 1 June 2007 by Mikael Magnusson <mikma@users.sourceforge.net> -+%%% Id : $Id: $ -+%%%---------------------------------------------------------------------- -+%%% -+%%% Copyright (C) 2007 Mikael Magnusson <mikma@users.sourceforge.net> -+%%% -+%%% Permission is hereby granted, free of charge, to any person -+%%% obtaining a copy of this software and associated documentation -+%%% files (the "Software"), to deal in the Software without -+%%% restriction, including without limitation the rights to use, copy, -+%%% modify, merge, publish, distribute, sublicense, and/or sell copies -+%%% of the Software, and to permit persons to whom the Software is -+%%% furnished to do so, subject to the following conditions: -+%%% -+%%% The above copyright notice and this permission notice shall be -+%%% included in all copies or substantial portions of the Software. -+%%% -+%%% THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -+%%% EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -+%%% MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -+%%% NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -+%%% BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -+%%% ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -+%%% CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -+%%% SOFTWARE. -+%%% -+ -+%%% -+%%% configuration options: -+%%% {sasl_realm, "<Kerberos realm>"}. -+%%% -+%%% environment variables: -+%%% KRB5_KTNAME -+%%% -+ -+-module(cyrsasl_gssapi). -+-author('mikma@users.sourceforge.net'). -+-vsn('$Revision: $ '). -+ -+-include("ejabberd.hrl"). -+ -+-export([start/1, -+ stop/0, -+ mech_new/1, -+ mech_step/2]). -+ -+-behaviour(cyrsasl). -+ -+-define(SERVER, cyrsasl_gssapi). -+-define(MSG, ?DEBUG). -+ -+-record(state, {sasl, -+ needsmore=true, -+ step=0, -+ host, -+ authid, -+ authzid, -+ authrealm}). -+ -+start(_Opts) -> -+ ChildSpec = -+ {?SERVER, -+ {esasl, start_link, [{local, ?SERVER}]}, -+ transient, -+ 1000, -+ worker, -+ [esasl]}, -+ -+ {ok, _Pid} = supervisor:start_child(ejabberd_sup, ChildSpec), -+ -+ cyrsasl:register_mechanism("GSSAPI", ?MODULE, false). -+ -+stop() -> -+ esasl:stop(?SERVER), -+ supervisor:terminate_child(ejabberd_sup, ?SERVER), -+ supervisor:delete_child(ejabberd_sup, ?SERVER). -+ -+mech_new(#sasl_ctx{host=Host, fqdn=FQDN}) -> -+ ?MSG("mech_new ~p ~p~n", [Host, FQDN]), -+ {ok, Sasl} = esasl:server_start(?SERVER, "GSSAPI", "xmpp", FQDN), -+ {ok, #state{sasl=Sasl,host=Host}}. -+ -+mech_step(State, ClientIn) when is_list(ClientIn) -> -+ catch do_step(State, ClientIn). -+ -+do_step(#state{needsmore=false}=State, _) -> -+ check_user(State); -+do_step(#state{needsmore=true,sasl=Sasl,step=Step}=State, ClientIn) -> -+ ?MSG("mech_step~n", []), -+ case esasl:step(Sasl, list_to_binary(ClientIn)) of -+ {ok, RspAuth} -> -+ ?MSG("ok~n", []), -+ {ok, Display_name} = esasl:property_get(Sasl, gssapi_display_name), -+ {ok, Authzid} = esasl:property_get(Sasl, authzid), -+ {Authid, [$@ | Auth_realm]} = -+ lists:splitwith(fun(E)->E =/= $@ end, Display_name), -+ State1 = State#state{authid=Authid, -+ authzid=Authzid, -+ authrealm=Auth_realm}, -+ handle_step_ok(State1, binary_to_list(RspAuth)); -+ {needsmore, RspAuth} -> -+ ?MSG("needsmore~n", []), -+ if (Step > 0) and (ClientIn =:= []) and (RspAuth =:= <<>>) -> -+ {error, "not-authorized"}; -+ true -> -+ {continue, binary_to_list(RspAuth), -+ State#state{step=Step+1}} -+ end; -+ {error, _} -> -+ {error, "not-authorized"} -+ end. -+ -+handle_step_ok(State, []) -> -+ check_user(State); -+handle_step_ok(#state{step=Step}=State, RspAuth) -> -+ ?MSG("continue~n", []), -+ {continue, RspAuth, State#state{needsmore=false,step=Step+1}}. -+ -+check_user(#state{authid=Authid,authzid=Authzid, -+ authrealm=Auth_realm,host=Host}) -> -+ Realm = ejabberd_config:get_local_option({sasl_realm, Host}), -+ -+ if Realm =/= Auth_realm -> -+ ?MSG("bad realm ~p (expected ~p)~n",[Auth_realm, Realm]), -+ throw({error, "not-authorized"}); -+ true -> -+ ok -+ end, -+ -+ case ejabberd_auth:is_user_exists(Authid, Host) of -+ false -> -+ ?MSG("bad user ~p~n",[Authid]), -+ throw({error, "not-authorized"}); -+ true -> -+ ok -+ end, -+ -+ ?MSG("GSSAPI authenticated ~p ~p~n", [Authid, Authzid]), -+ {ok, [{username, Authid}, {authzid, Authzid}]}. -diff --git a/src/cyrsasl_plain.erl b/src/cyrsasl_plain.erl -index 4e69b06..5187665 100644 ---- a/src/cyrsasl_plain.erl -+++ b/src/cyrsasl_plain.erl -@@ -27,10 +27,11 @@ - -module(cyrsasl_plain). - -author('alexey@process-one.net'). - ---export([start/1, stop/0, mech_new/4, mech_step/2, parse/1]). -+-export([start/1, stop/0, mech_new/1, mech_step/2, parse/1]). - - -behaviour(cyrsasl). - -+-include("ejabberd.hrl"). - -record(state, {check_password}). - - start(_Opts) -> -@@ -40,7 +41,7 @@ start(_Opts) -> - stop() -> - ok. - --mech_new(_Host, _GetPassword, CheckPassword, _CheckPasswordDigest) -> -+mech_new(#sasl_ctx{check_password=CheckPassword}) -> - {ok, #state{check_password = CheckPassword}}. - - mech_step(State, ClientIn) -> -diff --git a/src/ejabberd.hrl b/src/ejabberd.hrl -index 717496f..4d683bb 100644 ---- a/src/ejabberd.hrl -+++ b/src/ejabberd.hrl -@@ -59,3 +59,10 @@ - -define(CRITICAL_MSG(Format, Args), - ejabberd_logger:critical_msg(?MODULE,?LINE,Format, Args)). - -+-record(sasl_ctx, { -+ host, -+ realm, -+ get_password, -+ check_password, -+ check_password_digest, -+ fqdn}). -diff --git a/src/ejabberd_c2s.erl b/src/ejabberd_c2s.erl -index 8ca5f5c..aebd860 100644 ---- a/src/ejabberd_c2s.erl -+++ b/src/ejabberd_c2s.erl -@@ -67,6 +67,7 @@ - -record(state, {socket, - sockmod, - socket_monitor, -+ fqdn, - xml_socket, - streamid, - sasl_state, -@@ -204,9 +205,11 @@ init([{SockMod, Socket}, Opts]) -> - Socket - end, - SocketMonitor = SockMod:monitor(Socket1), -+ {ok, FQDN} = ejabberd_net:gethostname(Socket), - {ok, wait_for_stream, #state{socket = Socket1, - sockmod = SockMod, - socket_monitor = SocketMonitor, -+ fqdn = FQDN, - xml_socket = XMLSocket, - zlib = Zlib, - tls = TLS, -@@ -250,6 +253,8 @@ wait_for_stream({xmlstreamstart, _Name, Attrs}, StateData) -> - send_header(StateData, Server, "1.0", DefaultLang), - case StateData#state.authenticated of - false -> -+ FQDN = StateData#state.fqdn, -+ ?INFO_MSG("FQDN: ~p~n", [FQDN]), - SASLState = - cyrsasl:server_new( - "jabber", Server, "", [], -@@ -264,7 +269,8 @@ wait_for_stream({xmlstreamstart, _Name, Attrs}, StateData) -> - fun(U, P, D, DG) -> - ejabberd_auth:check_password_with_authmodule( - U, Server, P, D, DG) -- end), -+ end, -+ FQDN), - Mechs = lists:map( - fun(S) -> - {xmlelement, "mechanism", [], -diff --git a/src/ejabberd_net.erl b/src/ejabberd_net.erl -new file mode 100644 -index 0000000..e9ab70a ---- /dev/null -+++ b/src/ejabberd_net.erl -@@ -0,0 +1,39 @@ -+%%%---------------------------------------------------------------------- -+%%% File : ejabberd_net.erl -+%%% Author : Mikael Magnusson <mikma@users.sourceforge.net> -+%%% Purpose : Serve C2S connection -+%%% Created : 6 June 2007 by Mikael Magnusson <mikma@users.sourceforge.net> -+%%% Id : $Id: $ -+%%%---------------------------------------------------------------------- -+ -+-module(ejabberd_net). -+-author('mikma@users.sourceforge.net'). -+%% -update_info({update, 0}). -+ -+-export([gethostname/1]). -+ -+-include("ejabberd.hrl"). -+-include_lib("kernel/include/inet.hrl"). -+ -+%% Copied from ejabberd_socket.erl of ejabberd 2.0.3 -+-record(socket_state, {sockmod, socket, receiver}). -+ -+%% -+%% gethostname(Socket) -+%% -+gethostname(Socket) -> -+ ?INFO_MSG("gethostname ~p~n", [Socket]), -+%% {ok, "skinner.hem.za.org"}. -+ -+ case ejabberd_config:get_local_option({sasl_fqdn, ?MYNAME}) of -+ undefined -> -+ {ok, {Addr, _Port}} = inet:sockname(Socket#socket_state.socket), -+ case inet:gethostbyaddr(Addr) of -+ {ok, HostEnt} when is_record(HostEnt, hostent) -> -+ {ok, HostEnt#hostent.h_name}; -+ {error, What} -> -+ ?ERROR_MSG("Error in gethostname:~nSocket: ~p~nError: ~p", [What]), -+ error -+ end; -+ F -> {ok, F} -+ end. |