1173

Committed 28 Oct 2025 11:02AM UTC coverage: 33.768% (-0.02%) from 33.79%

Build # 1173

Build Type

push

github

Committed by

badlop

Commit Message

CHANGELOG.md: Update to 25.10

Run Details

15513 of 45940 relevant lines covered (33.77%)

1078.01 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

28.36

/src/ejabberd_auth_sql.erl

%%%----------------------------------------------------------------------
%%% File    : ejabberd_auth_sql.erl
%%% Author  : Alexey Shchepin <alexey@process-one.net>
%%% Purpose : Authentication via ODBC
%%% Created : 12 Dec 2004 by Alexey Shchepin <alexey@process-one.net>
%%%
%%%
%%% ejabberd, Copyright (C) 2002-2025   ProcessOne
%%%
%%% This program is free software; you can redistribute it and/or
%%% modify it under the terms of the GNU General Public License as
%%% published by the Free Software Foundation; either version 2 of the
%%% License, or (at your option) any later version.
%%%
%%% This program is distributed in the hope that it will be useful,
%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
%%% General Public License for more details.
%%%
%%% You should have received a copy of the GNU General Public License along
%%% with this program; if not, write to the Free Software Foundation, Inc.,
%%% 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
%%%
%%%----------------------------------------------------------------------

-module(ejabberd_auth_sql).


-author('alexey@process-one.net').

-behaviour(ejabberd_auth).

-export([start/1, stop/1, set_password_multiple/3, try_register_multiple/3,
         get_users/2, count_users/2, get_password/2,
         remove_user/2, store_type/1, plain_password_required/1,
         export/1, which_users_exists/2, drop_password_type/2, set_password_instance/3]).
-export([sql_schemas/0]).

-include_lib("xmpp/include/scram.hrl").
-include("logger.hrl").
-include("ejabberd_sql_pt.hrl").
-include("ejabberd_auth.hrl").

%%%----------------------------------------------------------------------
%%% API
%%%----------------------------------------------------------------------
start(Host) ->
    ejabberd_sql_schema:update_schema(Host, ?MODULE, sql_schemas()),
    ok.

sql_schemas() ->
    [
        #sql_schema{
        version = 2,
        tables =
        [#sql_table{
            name = <<"users">>,
            columns =
            [#sql_column{name = <<"username">>, type = text},
                #sql_column{name = <<"server_host">>, type = text},
                #sql_column{name = <<"type">>, type = smallint},
                #sql_column{name = <<"password">>, type = text},
                #sql_column{name = <<"serverkey">>, type = {text, 128},
                    default = true},
                #sql_column{name = <<"salt">>, type = {text, 128},
                    default = true},
                #sql_column{name = <<"iterationcount">>, type = integer,
                    default = true},
                #sql_column{name = <<"created_at">>, type = timestamp,
                    default = true}],
            indices = [#sql_index{
                columns = [<<"server_host">>, <<"username">>, <<"type">>],
                unique = true}]}],
        update = [
            {add_column, <<"users">>, <<"type">>},
            {update_primary_key,<<"users">>,
                [<<"server_host">>, <<"username">>, <<"type">>]}
        ]},
    #sql_schema{
        version = 1,
        tables =
            [#sql_table{
                name = <<"users">>,
                columns =
                    [#sql_column{name = <<"username">>, type = text},
                     #sql_column{name = <<"server_host">>, type = text},
                     #sql_column{name = <<"password">>, type = text},
                     #sql_column{name = <<"serverkey">>, type = {text, 128},
                                 default = true},
                     #sql_column{name = <<"salt">>, type = {text, 128},
                                 default = true},
                     #sql_column{name = <<"iterationcount">>, type = integer,
                                 default = true},
                     #sql_column{name = <<"created_at">>, type = timestamp,
                                 default = true}],
                indices = [#sql_index{
                              columns = [<<"server_host">>, <<"username">>],
                              unique = true}]}]}].

stop(_Host) -> ok.

plain_password_required(Server) ->
    store_type(Server) == scram.

store_type(Server) ->
    ejabberd_auth:password_format(Server).

hash_to_num(plain) -> 1;
hash_to_num(sha) -> 2;
hash_to_num(sha256) -> 3;
hash_to_num(sha512) -> 4.

num_to_hash(2) -> sha;
num_to_hash(3) -> sha256;
num_to_hash(4) -> sha512.

set_password_instance(User, Server, #scram{hash = Hash, storedkey = SK, serverkey = SEK,
                                           salt = Salt, iterationcount = IC}) ->
    F = fun() ->
        set_password_scram_t(User, Server, Hash,
                             SK, SEK, Salt, IC)
        end,
    case ejabberd_sql:sql_transaction(Server, F) of
        {atomic, _} ->
            ok;
        {aborted, _} ->
            {error, db_failure}
    end;
set_password_instance(User, Server, Plain) ->
    F = fun() ->
        set_password_t(User, Server, Plain)
        end,
    case ejabberd_sql:sql_transaction(Server, F) of
        {atomic, _} ->
            ok;
        {aborted, _} ->
            {error, db_failure}
    end.

set_password_multiple(User, Server, Passwords) ->
    F =
    fun() ->
        ejabberd_sql:sql_query_t(
            ?SQL("delete from users where username=%(User)s and %(Server)H")),
        lists:foreach(
            fun(#scram{hash = Hash, storedkey = SK, serverkey = SEK,
                       salt = Salt, iterationcount = IC}) ->
                set_password_scram_t(
                    User, Server, Hash,
                    SK, SEK, Salt, IC);
               (Plain) ->
                   set_password_t(User, Server, Plain)
            end, Passwords)
    end,
    case ejabberd_sql:sql_transaction(Server, F) of
        {atomic, _} ->
            {cache, {ok, Passwords}};
        {aborted, _} ->
            {nocache, {error, db_failure}}
    end.

try_register_multiple(User, Server, Passwords) ->
    F =
        fun() ->
            case ejabberd_sql:sql_query_t(
                ?SQL("select @(count(*))d from users where username=%(User)s and %(Server)H")) of
                {selected, [{0}]} ->
                    lists:foreach(
                        fun(#scram{hash = Hash, storedkey = SK, serverkey = SEK,
                                   salt = Salt, iterationcount = IC}) ->
                            set_password_scram_t(
                                User, Server, Hash,
                                SK, SEK, Salt, IC);
                           (Plain) ->
                               set_password_t(User, Server, Plain)
                        end, Passwords),
                    {cache, {ok, Passwords}};
                {selected, _} ->
                    {nocache, {error, exists}};
                _ ->
                    {nocache, {error, db_failure}}
            end
        end,
    case ejabberd_sql:sql_transaction(Server, F) of
        {atomic, Res} ->
            Res;
        {aborted, _} ->
            {nocache, {error, db_failure}}
    end.

get_users(Server, Opts) ->
    case list_users(Server, Opts) of
        {selected, Res} ->
            [{U, Server} || {U} <- Res];
        _ -> []
    end.

count_users(Server, Opts) ->
    case users_number(Server, Opts) of
        {selected, [{Res}]} ->
            Res;
        _Other -> 0
    end.

get_password(User, Server) ->
    case get_password_scram(Server, User) of
        {selected, []} ->
            {cache, error};
        {selected, Passwords} ->
            Converted = lists:map(
                fun({0, Password, <<>>, <<>>, 0}) ->
                    update_password_type(User, Server, 1),
                    Password;
                   ({_, Password, <<>>, <<>>, 0}) ->
                       Password;
                   ({0, StoredKey, ServerKey, Salt, IterationCount}) ->
                       {Hash, SK} = case StoredKey of
                                        <<"sha256:", Rest/binary>> ->
                                            update_password_type(User, Server, 3, Rest),
                                            {sha256, Rest};
                                        <<"sha512:", Rest/binary>> ->
                                            update_password_type(User, Server, 4, Rest),
                                            {sha512, Rest};
                                        Other ->
                                            update_password_type(User, Server, 2),
                                            {sha, Other}
                                    end,
                       #scram{storedkey = SK,
                              serverkey = ServerKey,
                              salt = Salt,
                              hash = Hash,
                              iterationcount = IterationCount};
                   ({Type, StoredKey, ServerKey, Salt, IterationCount}) ->
                       Hash = num_to_hash(Type),
                       #scram{storedkey = StoredKey,
                              serverkey = ServerKey,
                              salt = Salt,
                              hash = Hash,
                              iterationcount = IterationCount}
                end, Passwords),
            {cache, {ok, Converted}};
        _ ->
            {nocache, error}
    end.

remove_user(User, Server) ->
    case del_user(Server, User) of
        {updated, _} ->
            ok;
        _ ->
            {error, db_failure}
    end.

drop_password_type(LServer, Hash) ->
    Type = hash_to_num(Hash),
    ejabberd_sql:sql_query(
        LServer,
        ?SQL("delete from users"
             " where type=%(Type)d and %(LServer)H")).

set_password_scram_t(LUser, LServer, Hash,
                     StoredKey, ServerKey, Salt, IterationCount) ->
    Type = hash_to_num(Hash),
    ?SQL_UPSERT_T(
       "users",
       ["!username=%(LUser)s",
        "!server_host=%(LServer)s",
        "!type=%(Type)d",
        "password=%(StoredKey)s",
        "serverkey=%(ServerKey)s",
        "salt=%(Salt)s",
        "iterationcount=%(IterationCount)d"]).

set_password_t(LUser, LServer, Password) ->
    ?SQL_UPSERT_T(
       "users",
       ["!username=%(LUser)s",
        "!server_host=%(LServer)s",
        "!type=1",
        "password=%(Password)s",
        "serverkey=''",
        "salt=''",
        "iterationcount=0"]).

update_password_type(LUser, LServer, Type, Password) ->
    ejabberd_sql:sql_query(
        LServer,
        ?SQL("update users set type=%(Type)d, password=%(Password)s"
             " where username=%(LUser)s and type=0 and %(LServer)H")).

update_password_type(LUser, LServer, Type) ->
    ejabberd_sql:sql_query(
        LServer,
        ?SQL("update users set type=%(Type)d"
             " where username=%(LUser)s and type=0 and %(LServer)H")).

get_password_scram(LServer, LUser) ->
    ejabberd_sql:sql_query(
      LServer,
      ?SQL("select @(type)d, @(password)s, @(serverkey)s, @(salt)s, @(iterationcount)d"
           " from users"
           " where username=%(LUser)s and %(LServer)H")).

del_user(LServer, LUser) ->
    ejabberd_sql:sql_query(
      LServer,
      ?SQL("delete from users where username=%(LUser)s and %(LServer)H")).

list_users(LServer, []) ->
    ejabberd_sql:sql_query(
      LServer,
      ?SQL("select @(distinct username)s from users where %(LServer)H"));
list_users(LServer, [{from, Start}, {to, End}])
    when is_integer(Start) and is_integer(End) ->
    list_users(LServer,
               [{limit, End - Start + 1}, {offset, Start - 1}]);
list_users(LServer,
           [{prefix, Prefix}, {from, Start}, {to, End}])
    when is_binary(Prefix) and is_integer(Start) and
           is_integer(End) ->
    list_users(LServer,
               [{prefix, Prefix}, {limit, End - Start + 1},
                {offset, Start - 1}]);
list_users(LServer, [{limit, Limit}, {offset, Offset}])
    when is_integer(Limit) and is_integer(Offset) ->
    ejabberd_sql:sql_query(
      LServer,
      ?SQL("select @(distinct username)s from users "
           "where %(LServer)H "
           "order by username "
           "limit %(Limit)d offset %(Offset)d"));
list_users(LServer,
           [{prefix, Prefix}, {limit, Limit}, {offset, Offset}])
    when is_binary(Prefix) and is_integer(Limit) and
           is_integer(Offset) ->
    SPrefix = ejabberd_sql:escape_like_arg(Prefix),
    SPrefix2 = <<SPrefix/binary, $%>>,
    ejabberd_sql:sql_query(
      LServer,
      ?SQL("select @(distinct username)s from users "
           "where username like %(SPrefix2)s %ESCAPE and %(LServer)H "
           "order by username "
           "limit %(Limit)d offset %(Offset)d")).

users_number(LServer) ->
    ejabberd_sql:sql_query(
      LServer,
      fun(pgsql, _) ->
              case
                  ejabberd_option:pgsql_users_number_estimate(LServer) of
                  true ->
                      ejabberd_sql:sql_query_t(
                        ?SQL("select @(reltuples :: bigint)d from pg_class"
                             " where oid = 'users'::regclass::oid"));
                  _ ->
                      ejabberd_sql:sql_query_t(
                        ?SQL("select @(count(distinct username))d from users where %(LServer)H"))
          end;
         (_Type, _) ->
              ejabberd_sql:sql_query_t(
                ?SQL("select @(count(distinct username))d from users where %(LServer)H"))
      end).

users_number(LServer, [{prefix, Prefix}])
    when is_binary(Prefix) ->
    SPrefix = ejabberd_sql:escape_like_arg(Prefix),
    SPrefix2 = <<SPrefix/binary, $%>>,
    ejabberd_sql:sql_query(
      LServer,
      ?SQL("select @(count(distinct username))d from users "
           "where username like %(SPrefix2)s %ESCAPE and %(LServer)H"));
users_number(LServer, []) ->
    users_number(LServer).

which_users_exists(LServer, LUsers) when length(LUsers) =< 100 ->
    try ejabberd_sql:sql_query(
        LServer,
        ?SQL("select @(distinct username)s from users where username in %(LUsers)ls")) of
        {selected, Matching} ->
            [U || {U} <- Matching];
        {error, _} = E ->
            E
    catch _:B ->
        {error, B}
    end;
which_users_exists(LServer, LUsers) ->
    {First, Rest} = lists:split(100, LUsers),
    case which_users_exists(LServer, First) of
        {error, _} = E ->
            E;
        V ->
            case which_users_exists(LServer, Rest) of
                {error, _} = E2 ->
                    E2;
                V2 ->
                    V ++ V2
            end
    end.

export(_Server) ->
    [{passwd,
      fun(Host, #passwd{us = {LUser, LServer, plain}, password = Password})
            when LServer == Host,
                 is_binary(Password) ->
              [?SQL("delete from users where username=%(LUser)s and type=1 and %(LServer)H;"),
               ?SQL_INSERT(
                  "users",
                  ["username=%(LUser)s",
                   "server_host=%(LServer)s",
                   "type=1",
                   "password=%(Password)s"])];
         (Host, {passwd, {LUser, LServer, _},
                         {scram, StoredKey, ServerKey, Salt, IterationCount}})
            when LServer == Host ->
              Hash = sha,
              Type = hash_to_num(Hash),
              [?SQL("delete from users where username=%(LUser)s and type=%(Type)d and %(LServer)H;"),
               ?SQL_INSERT(
                  "users",
                  ["username=%(LUser)s",
                   "server_host=%(LServer)s",
                   "type=%(Type)d",
                   "password=%(StoredKey)s",
                   "serverkey=%(ServerKey)s",
                   "salt=%(Salt)s",
                   "iterationcount=%(IterationCount)d"])];
         (Host, #passwd{us = {LUser, LServer, _}, password = #scram{} = Scram})
            when LServer == Host ->
              StoredKey = Scram#scram.storedkey,
              ServerKey = Scram#scram.serverkey,
              Salt = Scram#scram.salt,
              IterationCount = Scram#scram.iterationcount,
              Type = hash_to_num(Scram#scram.hash),
              [?SQL("delete from users where username=%(LUser)s and type=%(Type)d and %(LServer)H;"),
               ?SQL_INSERT(
                  "users",
                  ["username=%(LUser)s",
                   "server_host=%(LServer)s",
                   "type=%(Type)d",
                   "password=%(StoredKey)s",
                   "serverkey=%(ServerKey)s",
                   "salt=%(Salt)s",
                   "iterationcount=%(IterationCount)d"])];
         (_Host, _R) ->
              []
      end}].

1	%%%----------------------------------------------------------------------
2	%%% File : ejabberd_auth_sql.erl
3	%%% Author : Alexey Shchepin <alexey@process-one.net>
4	%%% Purpose : Authentication via ODBC
5	%%% Created : 12 Dec 2004 by Alexey Shchepin <alexey@process-one.net>
6	%%%
7	%%%
8	%%% ejabberd, Copyright (C) 2002-2025 ProcessOne
9	%%%
10	%%% This program is free software; you can redistribute it and/or
11	%%% modify it under the terms of the GNU General Public License as
12	%%% published by the Free Software Foundation; either version 2 of the
13	%%% License, or (at your option) any later version.
14	%%%
15	%%% This program is distributed in the hope that it will be useful,
16	%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
17	%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18	%%% General Public License for more details.
19	%%%
20	%%% You should have received a copy of the GNU General Public License along
21	%%% with this program; if not, write to the Free Software Foundation, Inc.,
22	%%% 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23	%%%
24	%%%----------------------------------------------------------------------
25
26	-module(ejabberd_auth_sql).
27
28
29	-author('alexey@process-one.net').
30
31	-behaviour(ejabberd_auth).
32
33	-export([start/1, stop/1, set_password_multiple/3, try_register_multiple/3,
34	get_users/2, count_users/2, get_password/2,
35	remove_user/2, store_type/1, plain_password_required/1,
36	export/1, which_users_exists/2, drop_password_type/2, set_password_instance/3]).
37	-export([sql_schemas/0]).
38
39	-include_lib("xmpp/include/scram.hrl").
40	-include("logger.hrl").
41	-include("ejabberd_sql_pt.hrl").
42	-include("ejabberd_auth.hrl").
43
44	%%%----------------------------------------------------------------------
45	%%% API
46	%%%----------------------------------------------------------------------
47	start(Host) ->
48	ejabberd_sql_schema:update_schema(Host, ?MODULE, sql_schemas()),	6✔
49	ok.	6✔
50
51	sql_schemas() ->
52	[
53	#sql_schema{	6✔
54	version = 2,
55	tables =
56	[#sql_table{
57	name = <<"users">>,
58	columns =
59	[#sql_column{name = <<"username">>, type = text},
60	#sql_column{name = <<"server_host">>, type = text},
61	#sql_column{name = <<"type">>, type = smallint},
62	#sql_column{name = <<"password">>, type = text},
63	#sql_column{name = <<"serverkey">>, type = {text, 128},
64	default = true},
65	#sql_column{name = <<"salt">>, type = {text, 128},
66	default = true},
67	#sql_column{name = <<"iterationcount">>, type = integer,
68	default = true},
69	#sql_column{name = <<"created_at">>, type = timestamp,
70	default = true}],
71	indices = [#sql_index{
72	columns = [<<"server_host">>, <<"username">>, <<"type">>],
73	unique = true}]}],
74	update = [
75	{add_column, <<"users">>, <<"type">>},
76	{update_primary_key,<<"users">>,
77	[<<"server_host">>, <<"username">>, <<"type">>]}
78	]},
79	#sql_schema{
80	version = 1,
81	tables =
82	[#sql_table{
83	name = <<"users">>,
84	columns =
85	[#sql_column{name = <<"username">>, type = text},
86	#sql_column{name = <<"server_host">>, type = text},
87	#sql_column{name = <<"password">>, type = text},
88	#sql_column{name = <<"serverkey">>, type = {text, 128},
89	default = true},
90	#sql_column{name = <<"salt">>, type = {text, 128},
91	default = true},
92	#sql_column{name = <<"iterationcount">>, type = integer,
93	default = true},
94	#sql_column{name = <<"created_at">>, type = timestamp,
95	default = true}],
96	indices = [#sql_index{
97	columns = [<<"server_host">>, <<"username">>],
98	unique = true}]}]}].
99
100	stop(_Host) -> ok.	×
101
102	plain_password_required(Server) ->
103	store_type(Server) == scram.	30✔
104
105	store_type(Server) ->
106	ejabberd_auth:password_format(Server).	2,766✔
107
108	hash_to_num(plain) -> 1;	×
109	hash_to_num(sha) -> 2;	×
110	hash_to_num(sha256) -> 3;	16✔
111	hash_to_num(sha512) -> 4.	×
112
113	num_to_hash(2) -> sha;	×
114	num_to_hash(3) -> sha256;	×
115	num_to_hash(4) -> sha512.	×
116
117	set_password_instance(User, Server, #scram{hash = Hash, storedkey = SK, serverkey = SEK,
118	salt = Salt, iterationcount = IC}) ->
119	F = fun() ->	×
120	set_password_scram_t(User, Server, Hash,	×
121	SK, SEK, Salt, IC)
122	end,
123	case ejabberd_sql:sql_transaction(Server, F) of	×
124	{atomic, _} ->
125	ok;	×
126	{aborted, _} ->
127	{error, db_failure}	×
128	end;
129	set_password_instance(User, Server, Plain) ->
130	F = fun() ->	×
131	set_password_t(User, Server, Plain)	×
132	end,
133	case ejabberd_sql:sql_transaction(Server, F) of	×
134	{atomic, _} ->
135	ok;	×
136	{aborted, _} ->
137	{error, db_failure}	×
138	end.
139
140	set_password_multiple(User, Server, Passwords) ->
141	F =	10✔
142	fun() ->
143	ejabberd_sql:sql_query_t(	10✔
144	?SQL("delete from users where username=%(User)s and %(Server)H")),	10✔
145	lists:foreach(	10✔
146	fun(#scram{hash = Hash, storedkey = SK, serverkey = SEK,
147	salt = Salt, iterationcount = IC}) ->
148	set_password_scram_t(	6✔
149	User, Server, Hash,
150	SK, SEK, Salt, IC);
151	(Plain) ->
152	set_password_t(User, Server, Plain)	10✔
153	end, Passwords)
154	end,
155	case ejabberd_sql:sql_transaction(Server, F) of	10✔
156	{atomic, _} ->
157	{cache, {ok, Passwords}};	10✔
158	{aborted, _} ->
159	{nocache, {error, db_failure}}	×
160	end.
161
162	try_register_multiple(User, Server, Passwords) ->
163	F =	30✔
164	fun() ->
165	case ejabberd_sql:sql_query_t(	30✔
166	?SQL("select @(count(*))d from users where username=%(User)s and %(Server)H")) of	30✔
167	{selected, [{0}]} ->
168	lists:foreach(	30✔
169	fun(#scram{hash = Hash, storedkey = SK, serverkey = SEK,
170	salt = Salt, iterationcount = IC}) ->
171	set_password_scram_t(	10✔
172	User, Server, Hash,
173	SK, SEK, Salt, IC);
174	(Plain) ->
175	set_password_t(User, Server, Plain)	30✔
176	end, Passwords),
177	{cache, {ok, Passwords}};	30✔
178	{selected, _} ->
179	{nocache, {error, exists}};	×
180	_ ->
181	{nocache, {error, db_failure}}	×
182	end
183	end,
184	case ejabberd_sql:sql_transaction(Server, F) of	30✔
185	{atomic, Res} ->
186	Res;	30✔
187	{aborted, _} ->
188	{nocache, {error, db_failure}}	×
189	end.
190
191	get_users(Server, Opts) ->
192	case list_users(Server, Opts) of	6✔
193	{selected, Res} ->
194	[{U, Server} \|\| {U} <- Res];	6✔
195	_ -> []	×
196	end.
197
198	count_users(Server, Opts) ->
199	case users_number(Server, Opts) of	×
200	{selected, [{Res}]} ->
201	Res;	×
202	_Other -> 0	×
203	end.
204
205	get_password(User, Server) ->
206	case get_password_scram(Server, User) of	48✔
207	{selected, []} ->
208	{cache, error};	48✔
209	{selected, Passwords} ->
210	Converted = lists:map(	×
211	fun({0, Password, <<>>, <<>>, 0}) ->
212	update_password_type(User, Server, 1),	×
213	Password;	×
214	({_, Password, <<>>, <<>>, 0}) ->
215	Password;	×
216	({0, StoredKey, ServerKey, Salt, IterationCount}) ->
217	{Hash, SK} = case StoredKey of	×
218	<<"sha256:", Rest/binary>> ->
219	update_password_type(User, Server, 3, Rest),	×
220	{sha256, Rest};	×
221	<<"sha512:", Rest/binary>> ->
222	update_password_type(User, Server, 4, Rest),	×
223	{sha512, Rest};	×
224	Other ->
225	update_password_type(User, Server, 2),	×
226	{sha, Other}	×
227	end,
228	#scram{storedkey = SK,	×
229	serverkey = ServerKey,
230	salt = Salt,
231	hash = Hash,
232	iterationcount = IterationCount};
233	({Type, StoredKey, ServerKey, Salt, IterationCount}) ->
234	Hash = num_to_hash(Type),	×
235	#scram{storedkey = StoredKey,	×
236	serverkey = ServerKey,
237	salt = Salt,
238	hash = Hash,
239	iterationcount = IterationCount}
240	end, Passwords),
241	{cache, {ok, Converted}};	×
242	_ ->
243	{nocache, error}	×
244	end.
245
246	remove_user(User, Server) ->
247	case del_user(Server, User) of	12✔
248	{updated, _} ->
249	ok;	12✔
250	_ ->
251	{error, db_failure}	×
252	end.
253
254	drop_password_type(LServer, Hash) ->
255	Type = hash_to_num(Hash),	×
256	ejabberd_sql:sql_query(	×
257	LServer,
258	?SQL("delete from users"	×
259	" where type=%(Type)d and %(LServer)H")).
260
261	set_password_scram_t(LUser, LServer, Hash,
262	StoredKey, ServerKey, Salt, IterationCount) ->
263	Type = hash_to_num(Hash),	16✔
264	?SQL_UPSERT_T(	16✔
265	"users",
266	["!username=%(LUser)s",
267	"!server_host=%(LServer)s",
268	"!type=%(Type)d",
269	"password=%(StoredKey)s",
270	"serverkey=%(ServerKey)s",
271	"salt=%(Salt)s",
272	"iterationcount=%(IterationCount)d"]).
273
274	set_password_t(LUser, LServer, Password) ->
275	?SQL_UPSERT_T(	40✔
276	"users",
277	["!username=%(LUser)s",
278	"!server_host=%(LServer)s",
279	"!type=1",
280	"password=%(Password)s",
281	"serverkey=''",
282	"salt=''",
283	"iterationcount=0"]).
284
285	update_password_type(LUser, LServer, Type, Password) ->
286	ejabberd_sql:sql_query(	×
287	LServer,
288	?SQL("update users set type=%(Type)d, password=%(Password)s"	×
289	" where username=%(LUser)s and type=0 and %(LServer)H")).
290
291	update_password_type(LUser, LServer, Type) ->
292	ejabberd_sql:sql_query(	×
293	LServer,
294	?SQL("update users set type=%(Type)d"	×
295	" where username=%(LUser)s and type=0 and %(LServer)H")).
296
297	get_password_scram(LServer, LUser) ->
298	ejabberd_sql:sql_query(	48✔
299	LServer,
300	?SQL("select @(type)d, @(password)s, @(serverkey)s, @(salt)s, @(iterationcount)d"	48✔
301	" from users"
302	" where username=%(LUser)s and %(LServer)H")).
303
304	del_user(LServer, LUser) ->
305	ejabberd_sql:sql_query(	12✔
306	LServer,
307	?SQL("delete from users where username=%(LUser)s and %(LServer)H")).	12✔
308
309	list_users(LServer, []) ->
310	ejabberd_sql:sql_query(	6✔
311	LServer,
312	?SQL("select @(distinct username)s from users where %(LServer)H"));	6✔
313	list_users(LServer, [{from, Start}, {to, End}])
314	when is_integer(Start) and is_integer(End) ->
315	list_users(LServer,	×
316	[{limit, End - Start + 1}, {offset, Start - 1}]);
317	list_users(LServer,
318	[{prefix, Prefix}, {from, Start}, {to, End}])
319	when is_binary(Prefix) and is_integer(Start) and
320	is_integer(End) ->
321	list_users(LServer,	×
322	[{prefix, Prefix}, {limit, End - Start + 1},
323	{offset, Start - 1}]);
324	list_users(LServer, [{limit, Limit}, {offset, Offset}])
325	when is_integer(Limit) and is_integer(Offset) ->
326	ejabberd_sql:sql_query(	×
327	LServer,
328	?SQL("select @(distinct username)s from users "	×
329	"where %(LServer)H "
330	"order by username "
331	"limit %(Limit)d offset %(Offset)d"));
332	list_users(LServer,
333	[{prefix, Prefix}, {limit, Limit}, {offset, Offset}])
334	when is_binary(Prefix) and is_integer(Limit) and
335	is_integer(Offset) ->
336	SPrefix = ejabberd_sql:escape_like_arg(Prefix),	×
337	SPrefix2 = <<SPrefix/binary, $%>>,	×
338	ejabberd_sql:sql_query(	×
339	LServer,
340	?SQL("select @(distinct username)s from users "	×
341	"where username like %(SPrefix2)s %ESCAPE and %(LServer)H "
342	"order by username "
343	"limit %(Limit)d offset %(Offset)d")).
344
345	users_number(LServer) ->
346	ejabberd_sql:sql_query(	×
347	LServer,
348	fun(pgsql, _) ->
349	case	×
350	ejabberd_option:pgsql_users_number_estimate(LServer) of
351	true ->
352	ejabberd_sql:sql_query_t(	×
353	?SQL("select @(reltuples :: bigint)d from pg_class"	×
354	" where oid = 'users'::regclass::oid"));
355	_ ->
356	ejabberd_sql:sql_query_t(	×
357	?SQL("select @(count(distinct username))d from users where %(LServer)H"))	×
358	end;
359	(_Type, _) ->
360	ejabberd_sql:sql_query_t(	×
361	?SQL("select @(count(distinct username))d from users where %(LServer)H"))	×
362	end).
363
364	users_number(LServer, [{prefix, Prefix}])
365	when is_binary(Prefix) ->
366	SPrefix = ejabberd_sql:escape_like_arg(Prefix),	×
367	SPrefix2 = <<SPrefix/binary, $%>>,	×
368	ejabberd_sql:sql_query(	×
369	LServer,
370	?SQL("select @(count(distinct username))d from users "	×
371	"where username like %(SPrefix2)s %ESCAPE and %(LServer)H"));
372	users_number(LServer, []) ->
373	users_number(LServer).	×
374
375	which_users_exists(LServer, LUsers) when length(LUsers) =< 100 ->
376	try ejabberd_sql:sql_query(	×
377	LServer,
378	?SQL("select @(distinct username)s from users where username in %(LUsers)ls")) of	×
379	{selected, Matching} ->
380	[U \|\| {U} <- Matching];	×
381	{error, _} = E ->
382	E	×
383	catch _:B ->
384	{error, B}	×
385	end;
386	which_users_exists(LServer, LUsers) ->
387	{First, Rest} = lists:split(100, LUsers),	×
388	case which_users_exists(LServer, First) of	×
389	{error, _} = E ->
390	E;	×
391	V ->
392	case which_users_exists(LServer, Rest) of	×
393	{error, _} = E2 ->
394	E2;	×
395	V2 ->
396	V ++ V2	×
397	end
398	end.
399
400	export(_Server) ->
401	[{passwd,	×
402	fun(Host, #passwd{us = {LUser, LServer, plain}, password = Password})
403	when LServer == Host,
404	is_binary(Password) ->
405	[?SQL("delete from users where username=%(LUser)s and type=1 and %(LServer)H;"),	×
406	?SQL_INSERT(	×
407	"users",
408	["username=%(LUser)s",
409	"server_host=%(LServer)s",
410	"type=1",
411	"password=%(Password)s"])];
412	(Host, {passwd, {LUser, LServer, _},
413	{scram, StoredKey, ServerKey, Salt, IterationCount}})
414	when LServer == Host ->
415	Hash = sha,	×
416	Type = hash_to_num(Hash),	×
417	[?SQL("delete from users where username=%(LUser)s and type=%(Type)d and %(LServer)H;"),	×
418	?SQL_INSERT(	×
419	"users",
420	["username=%(LUser)s",
421	"server_host=%(LServer)s",
422	"type=%(Type)d",
423	"password=%(StoredKey)s",
424	"serverkey=%(ServerKey)s",
425	"salt=%(Salt)s",
426	"iterationcount=%(IterationCount)d"])];
427	(Host, #passwd{us = {LUser, LServer, _}, password = #scram{} = Scram})
428	when LServer == Host ->
429	StoredKey = Scram#scram.storedkey,	×
430	ServerKey = Scram#scram.serverkey,	×
431	Salt = Scram#scram.salt,	×
432	IterationCount = Scram#scram.iterationcount,	×
433	Type = hash_to_num(Scram#scram.hash),	×
434	[?SQL("delete from users where username=%(LUser)s and type=%(Type)d and %(LServer)H;"),	×
435	?SQL_INSERT(	×
436	"users",
437	["username=%(LUser)s",
438	"server_host=%(LServer)s",
439	"type=%(Type)d",
440	"password=%(StoredKey)s",
441	"serverkey=%(ServerKey)s",
442	"salt=%(Salt)s",
443	"iterationcount=%(IterationCount)d"])];
444	(_Host, _R) ->
445	[]	×
446	end}].

processone / ejabberd / 1173

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous