Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ready to merge] Refactor C2S / SASL / auth interface #828

Merged
merged 19 commits into from
Jun 29, 2016
Merged

[ready to merge] Refactor C2S / SASL / auth interface #828

merged 19 commits into from
Jun 29, 2016

Conversation

erszcz
Copy link
Member

@erszcz erszcz commented May 18, 2016
edited
Loading

This PR introduces:

  • a mongoose_credentials type,
  • a sasl_mechanisms config option.

A single instance of mongoose_credentials corresponds to a single authentication/authorization request. The datatype is instantiated in ejabberd_c2s when the session is initially authenticated. It gathers all information obtained by the chosen SASL mechanism, which is later consumed by the auth backend(s). The auth backends might add more information (like session capabilities, validity period, etc.) when returning the credentials back to C2S - this information can e.g. come from decrypting an authorization token or from an external authorization service. The idea is to have all the bits and pieces of information in one place in order to enable extending the authentication process through hooks (no such hook is introduced in this PR yet).

The sasl_mechanisms option controls which mechanisms are started on MongooseIM startup as well as their startup order. It's a list of cyrsasl_* module names.

This is not intended for merging yet, as auth backends other than internal aren't ready. I just want to get feedback from Travis.

erszcz added 18 commits May 18, 2016 14:28
@erszcz
Fix formatting
a811f5a
@erszcz
Remove duplicated code
613f660
@erszcz
Make SASL mechanisms to start configurable
e617ad3
@erszcz
Add mongoose_credentials
3b03ef5
@erszcz
Use mongoose_credentials on the c2s-cyrsasl-auth path and back
92cf520 
This, as of now, breaks configurations different than PLAIN/internal.
@erszcz
Make SCRAM/internal work with mongoose_credentials
d8b4c9c
@erszcz
Make DIGEST/internal work with mongoose_credentials
d952458
@erszcz
Make ANONYMOUS work with mongoose_credentials
efe8254
@erszcz
Make X-OAUTH work with mongoose_credentials
b60bf05
@erszcz
Adhere to the modified cyrsasl behaviour
af79810 
(cherry picked from commit 05c20b1b6929bc7e688f2cef7f2a9a9b90b6ab8f)
@erszcz
Use a custom name when using a custom mechanism
89a6e63 
(cherry picked from commit 4561804e931cfc0c9b533aeebef92c8c4a757036)
@erszcz
Forward ejabberd_auth_http:authorize/1 to check_password/3,5
e6df5e9 
(cherry picked from commit eb7cf11d8565014acd0d550748bdcccceebae8a9)
@erszcz
Fix regression: make all ejabberd_auth_* use mongoose_credentials
8ab29c4 
(cherry picked from commit b301384dd7d9caf0a434a0f2ecbae304844eec3d)
@erszcz
Make ejabberd_auth_http use the same authorize/1 impl as the rest
53344cd
@erszcz
Smooth out the type/spec wrinkles
50381f0
@erszcz
Fix mongoose_credentials specs
e406de4
@erszcz
Use ejabberd:luser/0 which actually exists
1b5bd4c
@erszcz
Fix dialyzer warning about crysasl_scram.erl:84 - is_tuple/1 can't wo…
4e716ff 
…rk on binary()
@erszcz erszcz changed the title [do not merge] Refactor C2S / SASL / auth interface [ready to merge] Refactor C2S / SASL / auth interface Jun 29, 2016
@michalwski michalwski merged commit 57a1b75 into master Jun 29, 2016
@michalwski michalwski deleted the esl-refactor-auth branch June 29, 2016 07:44
@michalwski michalwski mentioned this pull request Aug 29, 2016
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
ready refactoring
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@erszcz @sstrigler @michalwski