Never mind, I figured it out. My bad, I didn't notice from the debug output that the function is entered twice. I Emailed Fabien regarding mod_auth_crypt, and he has fixed the link you mentioned below.
-- Ryan -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ryan Hart Sent: Monday, September 15, 2003 7:42 PM To: [EMAIL PROTECTED] Subject: RE: [JDEV] jabber:iq:auth password? Ok, I've commented out all of the auth:0k as well as digest stuff in my jabber.xml file. As expected, I no longer get xdb requests for jabber:iq:auth:0k, only jabber:iq:auth. However, it's still unclear to me where I need to do the password check? As you confirmed, I need to update the mod_auth_plain.c module source file. I assume I need to update the mod_auth_plain_jane function? The code snippet below from this function seems to do the password check. I've added the log_debug statement, but when I run the jabber server in debug mode, it never seems to get here... which obviously must mean that m->user->pass is NULL, but what gives? I see the xdb authorization request at my xdb component. I send a response with the password. Any ideas? Thanks, Ryan. /* if there is a password avail, always handle */ if(m->user->pass != NULL) { log_debug("mod_auth_plain","CHECKING PASSWORD"); if(strcmp(pass, m->user->pass) != 0) jutil_error(m->packet->x, TERROR_AUTH); else jutil_iqresult(m->packet->x); return M_HANDLED; } -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, September 12, 2003 5:09 PM To: [EMAIL PROTECTED] Subject: Re: [JDEV] jabber:iq:auth password? On Fri, 12 Sep 2003, Ryan L. Hart wrote: > I've created a JECL xdb component using an existing Sybase > backend to replace the Jabber 1.4.2 xdb_file module. [...] > I think the authorization is really being handled by the > jabber:iq:auth:0k response instead? No, 0k is a special authorization scheme. To make it short, just disable it in jabber.xml and forget it. It's a nice idea but has security issues. auth_plain and auth_digest both use the plain-text password entries from the user's data. > My assumption was that I would just need to modify some jsm > auth module to crypt the clear text password passed by the > client to see if it matches the crypted password returned by > my xdb component for jabber:iq:auth. Is this true? If so, > what module (mod_auth_plain, etc.)? mod_auth_plain, yes. In fact, there has been a mod_auth_crypt available (see http://mailman.jabber.org/pipermail/jdev/2001-August/007934.html) which implemented part of the functionality you seem to want but unfortunately its website seems to be gone. Regards _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev
