Hi,
I am trying to register users over BOSH, but I am getting below error:
gen_fsm <0.507.0> in state wait_for_sasl_response terminated with reason: call to undefined function ejabberd_auth:check_digest(<<"ef3c815f9c350d645c4e6f4109b89c0d">>, #Fun, <<>>, <<56,144,145,122,110,174,81,167,111,108,19,114,199,211,32,122,213,56,80,178>>)
In my setup the call should be made to ejabberd_auth_http but instead it is referring to ejabberd_auth, so what could be the issue?
Also, registration over web admin is working fine.
Thanks,
Prasad
Try with this patch: ---
Try with this patch:
--- a/ejabberd_auth_http/src/scram2.erl +++ b/ejabberd_auth_http/src/scram2.erl @@ -179,8 +179,15 @@ scram_to_tuple(Scram) -> -spec check_digest(scram(), binary(), fun(), binary()) -> boolean(). check_digest(#scram{storedkey = StoredKey}, Digest, DigestGen, Password) -> - Passwd = base64:decode(StoredKey), - ejabberd_auth:check_digest(Digest, DigestGen, Password, Passwd). + Passwd = jlib:decode_base64(StoredKey), + DigRes = if Digest /= <<"">> -> + Digest == DigestGen(Passwd); + true -> false + end, + if DigRes -> true; + true -> (Passwd == Password) and (Password /= <<"">>) + end. + -ifdef(no_crypto_hmac). crypto_hmac(sha, Key, Data) ->Hi Badlop, Thank you for this
Hi Badlop,
Thank you for this patch, now further it appears that the API methods check_password/3 and check_password/5 have been changed to check_password/4 and check_password/6 respectively in auth modules, so encountering below error:
gen_fsm <0.580.0> in state wait_for_sasl_response terminated with reason: call to undefined function ejabberd_auth_http:check_password(<<"user">>, <<"password">>, <<"server">>, <<>>, <<"8021545d530d14a388d17f094d195a7b">>, #Fun)
If you have a patch for this as well it would be helpful.
Else please help me understand the new argument "AuthzId".
UPDATE: The changes made in the ejabberd_auth_http file to implement check_password methods with 4 and 6 arguments are not reflected even after successful compilation of this module. Why could this be?
Thanks.
Right, it expects a new
Right, it expects a new argument called AuthzId, so let's accept it even if it isn't used:
diff --git a/ejabberd_auth_http/src/ejabberd_auth_http.erl b/ejabberd_auth_http/src/ejabberd_auth_http.erl index ba24194..85c59a1 100644 --- a/ejabberd_auth_http/src/ejabberd_auth_http.erl +++ b/ejabberd_auth_http/src/ejabberd_auth_http.erl @@ -15,8 +15,8 @@ %% External exports -export([start/1, set_password/3, - check_password/3, - check_password/5, + check_password/4, + check_password/6, try_register/3, dirty_get_registered_users/0, get_vh_registered_users/1, @@ -69,8 +69,8 @@ plain_password_required() -> store_type() -> ejabberd_auth_odbc:store_type(). --spec check_password(ejabberd:luser(), ejabberd:lserver(), binary()) -> boolean(). -check_password(LUser, LServer, Password) -> +-spec check_password(ejabberd:luser(), binary(), ejabberd:lserver(), binary()) -> boolean(). +check_password(LUser, _AuthzId, LServer, Password) -> case scram2:enabled(LServer) of false -> case make_req(get, <<"check_password">>, LUser, LServer, Password) of @@ -81,8 +81,8 @@ check_password(LUser, LServer, Password) -> {ok, true} =:= verify_scram_password(LUser, LServer, Password) end. --spec check_password(ejabberd:luser(), ejabberd:lserver(), binary(), binary(), fun()) -> boolean(). -check_password(LUser, LServer, Password, Digest, DigestGen) -> +-spec check_password(ejabberd:luser(), binary(), ejabberd:lserver(), binary(), binary(), fun()) -> boolean(). +check_password(LUser, _AuthzId, LServer, Password, Digest, DigestGen) -> case make_req(get, <<"get_password">>, LUser, LServer, <<"">>) of {error, _} -> false; diff --git a/ejabberd_auth_http/src/scram2.erl b/ejabberd_auth_http/src/scram2.erl index 065cef0..fda4771 100644 --- a/ejabberd_auth_http/src/scram2.erl +++ b/ejabberd_auth_http/src/scram2.erl @@ -179,8 +179,15 @@ scram_to_tuple(Scram) -> -spec check_digest(scram(), binary(), fun(), binary()) -> boolean(). check_digest(#scram{storedkey = StoredKey}, Digest, DigestGen, Password) -> - Passwd = base64:decode(StoredKey), - ejabberd_auth:check_digest(Digest, DigestGen, Password, Passwd). + Passwd = jlib:decode_base64(StoredKey), + DigRes = if Digest /= <<"">> -> + Digest == DigestGen(Passwd); + true -> false + end, + if DigRes -> true; + true -> (Passwd == Password) and (Password /= <<"">>) + end. + -ifdef(no_crypto_hmac). crypto_hmac(sha, Key, Data) ->Well, remember to compile and copy the beam file to the "proper place".
Thanks, works like a charm!
Thanks, works like a charm!
Now I have hit a further blocker and have started a new thread for that. The problem being, as it seems, BOSH is still using default authentication, whereas I have used SCRAM in other modules.
So does BOSH support SCRAM authentication, and if it does want changes do I need to make?
Thanks.