diff --git a/apps/emqx/src/emqx_passwd.erl b/apps/emqx/src/emqx_passwd.erl index dc940645b..c68a146ed 100644 --- a/apps/emqx/src/emqx_passwd.erl +++ b/apps/emqx/src/emqx_passwd.erl @@ -19,7 +19,8 @@ -export([ hash/2, hash_data/2, - check_pass/3 + check_pass/3, + compare_secure/2 ]). -export_type([ diff --git a/apps/emqx_authn/src/emqx_authn_enterprise.erl b/apps/emqx_authn/src/emqx_authn_enterprise.erl index b50ec2c17..029872694 100644 --- a/apps/emqx_authn/src/emqx_authn_enterprise.erl +++ b/apps/emqx_authn/src/emqx_authn_enterprise.erl @@ -1,5 +1,5 @@ %%-------------------------------------------------------------------- -%% Copyright (c) 2022-2023 EMQ Technologies Co., Ltd. All Rights Reserved. +%% Copyright (c) 2023 EMQ Technologies Co., Ltd. All Rights Reserved. %%-------------------------------------------------------------------- -module(emqx_authn_enterprise). diff --git a/apps/emqx_ldap/src/emqx_ldap_authn.erl b/apps/emqx_ldap/src/emqx_ldap_authn.erl index c7bf61cd2..d814e2aae 100644 --- a/apps/emqx_ldap/src/emqx_ldap_authn.erl +++ b/apps/emqx_ldap/src/emqx_ldap_authn.erl @@ -1,5 +1,5 @@ %%-------------------------------------------------------------------- -%% Copyright (c) 2022-2023 EMQ Technologies Co., Ltd. All Rights Reserved. +%% Copyright (c) 2023 EMQ Technologies Co., Ltd. All Rights Reserved. %%-------------------------------------------------------------------- -module(emqx_ldap_authn). @@ -47,7 +47,7 @@ tags() -> %% used for config check when the schema module is resolved roots() -> - [{?CONF_NS, hoconsc:mk(hoconsc:ref(?MODULE, mysql))}]. + [{?CONF_NS, hoconsc:mk(hoconsc:ref(?MODULE, ldap))}]. fields(ldap) -> [ @@ -73,7 +73,7 @@ is_superuser_attribute(desc) -> ?DESC(?FUNCTION_NAME); is_superuser_attribute(default) -> <<"isSuperuser">>; is_superuser_attribute(_) -> undefined. -query_timeout(type) -> emqx_schema:duration_ms(); +query_timeout(type) -> emqx_schema:timeout_duration_ms(); query_timeout(desc) -> ?DESC(?FUNCTION_NAME); query_timeout(default) -> <<"5s">>; query_timeout(_) -> undefined. @@ -173,7 +173,7 @@ ensure_password( undefined -> {error, no_password}; [LDAPPassword | _] -> - extract_hash_algorithm(LDAPPassword, Password, fun try_decode_passowrd/4, Entry, State) + extract_hash_algorithm(LDAPPassword, Password, fun try_decode_password/4, Entry, State) end. %% RFC 2307 format password @@ -207,7 +207,7 @@ is_valid_algorithm(HashType, PasswordHash, Password, Entry, State) -> end. %% this password is in LDIF format which is base64 encoding -try_decode_passowrd(LDAPPassword, Password, Entry, State) -> +try_decode_password(LDAPPassword, Password, Entry, State) -> case safe_base64_decode(LDAPPassword) of {ok, Decode} -> extract_hash_algorithm( @@ -279,9 +279,7 @@ hash_password(Algorithm, Salt, suffix, Password) -> hash_password(Algorithm, Data) -> crypto:hash(Algorithm, Data). -compare_password(hash, PasswordHash, PasswordHash) -> - true; +compare_password(hash, LDAPPasswordHash, PasswordHash) -> + emqx_passwd:compare_secure(LDAPPasswordHash, PasswordHash); compare_password(base64, Base64HashData, PasswordHash) -> - Base64HashData =:= base64:encode(PasswordHash); -compare_password(_, _, _) -> - false. + emqx_passwd:compare_secure(Base64HashData, base64:encode(PasswordHash)). diff --git a/apps/emqx_ldap/src/emqx_ldap_filter_lexer.xrl b/apps/emqx_ldap/src/emqx_ldap_filter_lexer.xrl index 6d75c2546..a82a3ee3e 100644 --- a/apps/emqx_ldap/src/emqx_ldap_filter_lexer.xrl +++ b/apps/emqx_ldap/src/emqx_ldap_filter_lexer.xrl @@ -27,5 +27,5 @@ dn : {token, {dn, TokenLine}}. Erlang code. %%-------------------------------------------------------------------- -%% Copyright (c) 2022-2023 EMQ Technologies Co., Ltd. All Rights Reserved. +%% Copyright (c) 2023 EMQ Technologies Co., Ltd. All Rights Reserved. %%-------------------------------------------------------------------- diff --git a/apps/emqx_ldap/src/emqx_ldap_filter_parser.yrl b/apps/emqx_ldap/src/emqx_ldap_filter_parser.yrl index 57f526ffd..e1b1ed98e 100644 --- a/apps/emqx_ldap/src/emqx_ldap_filter_parser.yrl +++ b/apps/emqx_ldap/src/emqx_ldap_filter_parser.yrl @@ -1,5 +1,5 @@ Header "%%-------------------------------------------------------------------- -%% Copyright (c) 2022-2023 EMQ Technologies Co., Ltd. All Rights Reserved. +%% Copyright (c) 2023 EMQ Technologies Co., Ltd. All Rights Reserved. %%--------------------------------------------------------------------". Nonterminals diff --git a/apps/emqx_ldap/test/emqx_ldap_SUITE.erl b/apps/emqx_ldap/test/emqx_ldap_SUITE.erl index bf20629ec..a191da3bd 100644 --- a/apps/emqx_ldap/test/emqx_ldap_SUITE.erl +++ b/apps/emqx_ldap/test/emqx_ldap_SUITE.erl @@ -1,5 +1,5 @@ %%-------------------------------------------------------------------- -%% Copyright (c) 2022-2023 EMQ Technologies Co., Ltd. All Rights Reserved. +%% Copyright (c) 2023 EMQ Technologies Co., Ltd. All Rights Reserved. %%-------------------------------------------------------------------- -module(emqx_ldap_SUITE). diff --git a/apps/emqx_ldap/test/emqx_ldap_authn_SUITE.erl b/apps/emqx_ldap/test/emqx_ldap_authn_SUITE.erl index ce7481ef8..d984cc89f 100644 --- a/apps/emqx_ldap/test/emqx_ldap_authn_SUITE.erl +++ b/apps/emqx_ldap/test/emqx_ldap_authn_SUITE.erl @@ -1,5 +1,5 @@ %%-------------------------------------------------------------------- -%% Copyright (c) 2022-2023 EMQ Technologies Co., Ltd. All Rights Reserved. +%% Copyright (c) 2023 EMQ Technologies Co., Ltd. All Rights Reserved. %%-------------------------------------------------------------------- -module(emqx_ldap_authn_SUITE). diff --git a/apps/emqx_ldap/test/emqx_ldap_filter_SUITE.erl b/apps/emqx_ldap/test/emqx_ldap_filter_SUITE.erl index 0351fb93d..1a7e970a8 100644 --- a/apps/emqx_ldap/test/emqx_ldap_filter_SUITE.erl +++ b/apps/emqx_ldap/test/emqx_ldap_filter_SUITE.erl @@ -1,5 +1,5 @@ %%-------------------------------------------------------------------- -%% Copyright (c) 2022-2023 EMQ Technologies Co., Ltd. All Rights Reserved. +%% Copyright (c) 2023 EMQ Technologies Co., Ltd. All Rights Reserved. %%-------------------------------------------------------------------- -module(emqx_ldap_filter_SUITE). diff --git a/changes/ee/feat-11386.en.md b/changes/ee/feat-11386.en.md index cb527fa42..740d8f3bf 100644 --- a/changes/ee/feat-11386.en.md +++ b/changes/ee/feat-11386.en.md @@ -1 +1 @@ -Integrated the LDAP as a new authenticator. +Integrated LDAP as a new authenticator. diff --git a/rel/i18n/emqx_ldap_authn.hocon b/rel/i18n/emqx_ldap_authn.hocon index 7c59f2039..04dc88e83 100644 --- a/rel/i18n/emqx_ldap_authn.hocon +++ b/rel/i18n/emqx_ldap_authn.hocon @@ -10,7 +10,7 @@ password_attribute.label: """Password Attribute""" is_superuser_attribute.desc: -"""Indicates which attribute is used to represent whether the user is a super user.""" +"""Indicates which attribute is used to represent whether the user is a superuser.""" is_superuser_attribute.label: """IsSuperuser Attribute"""