testing/ejabberd: upgrade to 2.1.12

testing/ejabberd/APKBUILD

@@ -1,25 +1,30 @@
 # Contributor: Leonardo Arena <rnarld@alpinelinux.org>
-# Maintainer:
+# Maintainer: Francesco Colista <francesco.colista@gmail.com>
 pkgname=ejabberd
-pkgver=2.1.10
-pkgrel=2
+pkgver=2.1.12
+pkgrel=0
 pkgdesc="An erlang jabber server"
 url="http://www.ejabberd.im"
-arch="x86"
+arch="all"
 license="GPL"
 depends="erlang"
-depends_dev="erlang-dev expat-dev libiconv-dev openssl-dev zlib-dev"
+depends_dev="erlang-dev expat-dev libiconv-dev openssl-dev zlib-dev heimdal-dev"
 makedepends="$depends_dev"
-install="$pkgname.post-install $pkgname.post-upgrade"
+pkgusers="ejabberd"
+pkggroups="ejabberd"
+install=""
 subpackages="$pkgname-dev $pkgname-doc"
-source="http://www.process-one.net/downloads/ejabberd/${pkgver/_/-}/ejabberd-${pkgver}.tar.gz"
-
-
+source="http://www.process-one.net/downloads/$pkgname/$pkgver/$pkgname-$pkgver.tgz
+	gssapi-2.1.0.diff"
 _builddir="$srcdir"/$pkgname-$pkgver
 
 prepare() {
 	cd "$_builddir"
-	return 0
+	for i in $source; do
+		case $i in
+		*.patch) msg $i; patch -p2 -i "$srcdir"/$i || return 1;;
+		esac
+	done
 }
 
 build() {
@@ -41,6 +46,15 @@ package() {
 	install -D -m0644 ../../../$pkgname.logrotate ${pkgdir}/etc/logrotate.d/$pkgname
 	install -m755 -D ../../../$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
 	install -m644 -D ../../../$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
+	chown -R ejabberd.ejabberd "$pkgdir"/var/log/ejabberd
+	chown -R ejabberd.ejabberd "$pkgdir"/var/spool/ejabberd
+	chown -R ejabberd.ejabberd "$pkgdir"/var/lib/ejabberd
+	chgrp ejabberd "$pkgdir"/etc/ejabberd/ejabberd.cfg "$pkgdir"/etc/ejabberd/ejabberdctl.cfg "$pkgdir"/etc/ejabberd
 }
 
-md5sums="70f0e17983114c62893e43b6ef2e9d0c  ejabberd-2.1.10.tar.gz"
+md5sums="7d49242cf04282f3c4cebfafa2cc2f46  ejabberd-2.1.12.tgz
+e68959e95b5bf8974d1eee03bd3397a7  gssapi-2.1.0.diff"
+sha256sums="38f0825346773c00c85a66b33586c75f2d191d1eb0ed8ae09fa17368d6ddfd19  ejabberd-2.1.12.tgz
+3cb3d3a8dcd7a5369a36c674fd26f3b60d976a76fc55ca3da329db851d3ff48d  gssapi-2.1.0.diff"
+sha512sums="725ab9563a6c73e85b5115f66bac157cf9b1170913c1bfed7cf066408c6b3ac5b4bdba22c6c3ed1505391a7048a86ce3b59484f78264ab023612c539422278db  ejabberd-2.1.12.tgz
+031f8ff688c947988ac6de56757f35b7d5d9dead3d5c8ed1b6fffada7b358616ce56ad92cfe65e004fd665908277c0609c5223cdcb0e366dd2965d19d25b944f  gssapi-2.1.0.diff"

testing/ejabberd/gssapi-2.1.0.diff

@@ -0,0 +1,410 @@
+commit e99cc20600e5668e4edb9a2671e0cb7a23663389
+Author: Badlop <badlop@process-one.net>
+Date:   Tue Sep 29 15:10:15 2009 +0200
+
+    Support to authenticate against SASL GSSAPI http://www.ejabberd.im/cyrsasl_gssapi
+
+diff --git a/src/cyrsasl.erl b/src/cyrsasl.erl
+index f993b99..e8bd275 100644
+--- a/src/cyrsasl.erl
++++ b/src/cyrsasl.erl
+@@ -30,19 +30,20 @@
+ -export([start/0,
+ 	 register_mechanism/3,
+ 	 listmech/1,
+-	 server_new/7,
++	 server_new/8,
+ 	 server_start/3,
+ 	 server_step/2]).
+ 
+ -record(sasl_mechanism, {mechanism, module, require_plain_password}).
+--record(sasl_state, {service, myname, realm,
+-		     get_password, check_password, check_password_digest,
+-		     mech_mod, mech_state}).
++-record(sasl_state, {service, myname,
++		     mech_mod, mech_state, ctx}).
++
++-include("ejabberd.hrl").
+ 
+ -export([behaviour_info/1]).
+ 
+ behaviour_info(callbacks) ->
+-    [{mech_new, 4}, {mech_step, 2}];
++    [{mech_new, 1}, {mech_step, 2}];
+ behaviour_info(_Other) ->
+     undefined.
+ 
+@@ -50,6 +51,7 @@ start() ->
+     ets:new(sasl_mechanism, [named_table,
+ 			     public,
+ 			     {keypos, #sasl_mechanism.mechanism}]),
++    cyrsasl_gssapi:start([]),
+     cyrsasl_plain:start([]),
+     cyrsasl_digest:start([]),
+     cyrsasl_anonymous:start([]),
+@@ -113,24 +115,26 @@ listmech(Host) ->
+     filter_anonymous(Host, Mechs).
+ 
+ server_new(Service, ServerFQDN, UserRealm, _SecFlags,
+-	   GetPassword, CheckPassword, CheckPasswordDigest) ->
++	   GetPassword, CheckPassword, CheckPasswordDigest, FQDN) ->
++    Ctx = #sasl_ctx{
++      host = ServerFQDN,
++      realm = UserRealm,
++      get_password = GetPassword,
++      check_password = CheckPassword,
++      check_password_digest= CheckPasswordDigest,
++      fqdn = FQDN
++     },
++     
+     #sasl_state{service = Service,
+ 		myname = ServerFQDN,
+-		realm = UserRealm,
+-		get_password = GetPassword,
+-		check_password = CheckPassword,
+-		check_password_digest= CheckPasswordDigest}.
++		ctx = Ctx}.
+ 
+ server_start(State, Mech, ClientIn) ->
+     case lists:member(Mech, listmech(State#sasl_state.myname)) of
+ 	true ->
+ 	    case ets:lookup(sasl_mechanism, Mech) of
+ 		[#sasl_mechanism{module = Module}] ->
+-		    {ok, MechState} = Module:mech_new(
+-					State#sasl_state.myname,
+-					State#sasl_state.get_password,
+-					State#sasl_state.check_password,
+-					State#sasl_state.check_password_digest),
++		    {ok, MechState} = Module:mech_new(State#sasl_state.ctx),
+ 		    server_step(State#sasl_state{mech_mod = Module,
+ 						 mech_state = MechState},
+ 				ClientIn);
+diff --git a/src/cyrsasl_anonymous.erl b/src/cyrsasl_anonymous.erl
+index 19e65d6..af93207 100644
+--- a/src/cyrsasl_anonymous.erl
++++ b/src/cyrsasl_anonymous.erl
+@@ -27,12 +27,14 @@
+ 
+ -module(cyrsasl_anonymous).
+ 
+--export([start/1, stop/0, mech_new/4, mech_step/2]).
++-export([start/1, stop/0, mech_new/1, mech_step/2]).
+ 
+ -behaviour(cyrsasl).
+ 
+ -record(state, {server}).
+ 
++-include("ejabberd.hrl").
++
+ start(_Opts) ->
+     cyrsasl:register_mechanism("ANONYMOUS", ?MODULE, false),
+     ok.
+@@ -40,7 +42,7 @@ start(_Opts) ->
+ stop() ->
+     ok.
+ 
+-mech_new(Host, _GetPassword, _CheckPassword, _CheckPasswordDigest) ->
++mech_new(#sasl_ctx{host=Host}) ->
+     {ok, #state{server = Host}}.
+ 
+ mech_step(State, _ClientIn) ->
+diff --git a/src/cyrsasl_digest.erl b/src/cyrsasl_digest.erl
+index b3e80e0..d26fec1 100644
+--- a/src/cyrsasl_digest.erl
++++ b/src/cyrsasl_digest.erl
+@@ -29,7 +29,7 @@
+ 
+ -export([start/1,
+ 	 stop/0,
+-	 mech_new/4,
++	 mech_new/1,
+ 	 mech_step/2]).
+ 
+ -include("ejabberd.hrl").
+@@ -45,7 +45,7 @@ start(_Opts) ->
+ stop() ->
+     ok.
+ 
+-mech_new(Host, GetPassword, _CheckPassword, CheckPasswordDigest) ->
++mech_new(#sasl_ctx{host=Host, get_password=GetPassword, check_password = CheckPasswordDigest}) ->
+     {ok, #state{step = 1,
+ 		nonce = randoms:get_string(),
+ 		host = Host,
+diff --git a/src/cyrsasl_gssapi.erl b/src/cyrsasl_gssapi.erl
+new file mode 100644
+index 0000000..d292565
+--- /dev/null
++++ b/src/cyrsasl_gssapi.erl
+@@ -0,0 +1,143 @@
++%%%----------------------------------------------------------------------
++%%% File    : cyrsasl_gssapi.erl
++%%% Author  : Mikael Magnusson <mikma@users.sourceforge.net>
++%%% Purpose : GSSAPI SASL mechanism
++%%% Created : 1 June 2007 by Mikael Magnusson <mikma@users.sourceforge.net>
++%%% Id      : $Id: $
++%%%----------------------------------------------------------------------
++%%%
++%%% Copyright (C) 2007  Mikael Magnusson <mikma@users.sourceforge.net>
++%%%
++%%% Permission is hereby granted, free of charge, to any person
++%%% obtaining a copy of this software and associated documentation
++%%% files (the "Software"), to deal in the Software without
++%%% restriction, including without limitation the rights to use, copy,
++%%% modify, merge, publish, distribute, sublicense, and/or sell copies
++%%% of the Software, and to permit persons to whom the Software is
++%%% furnished to do so, subject to the following conditions:
++%%%
++%%% The above copyright notice and this permission notice shall be
++%%% included in all copies or substantial portions of the Software.
++%%%
++%%% THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
++%%% EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
++%%% MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
++%%% NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
++%%% BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
++%%% ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
++%%% CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
++%%% SOFTWARE.
++%%%
++
++%%%
++%%% configuration options:
++%%% {sasl_realm, "<Kerberos realm>"}.
++%%%
++%%% environment variables:
++%%% KRB5_KTNAME
++%%%
++
++-module(cyrsasl_gssapi).
++-author('mikma@users.sourceforge.net').
++-vsn('$Revision: $ ').
++
++-include("ejabberd.hrl").
++
++-export([start/1,
++	 stop/0,
++	 mech_new/1,
++	 mech_step/2]).
++
++-behaviour(cyrsasl).
++
++-define(SERVER, cyrsasl_gssapi).
++-define(MSG, ?DEBUG).
++
++-record(state, {sasl,
++		needsmore=true,
++		step=0,
++		host,
++		authid,
++		authzid,
++		authrealm}).
++
++start(_Opts) ->
++    ChildSpec =
++	{?SERVER,
++	 {esasl, start_link, [{local, ?SERVER}]},
++	 transient,
++	 1000,
++	 worker,
++	 [esasl]},
++
++    {ok, _Pid} = supervisor:start_child(ejabberd_sup, ChildSpec),
++
++    cyrsasl:register_mechanism("GSSAPI", ?MODULE, false).
++
++stop() ->
++    esasl:stop(?SERVER),
++    supervisor:terminate_child(ejabberd_sup, ?SERVER),
++    supervisor:delete_child(ejabberd_sup, ?SERVER).
++
++mech_new(#sasl_ctx{host=Host, fqdn=FQDN}) ->
++    ?MSG("mech_new ~p ~p~n", [Host, FQDN]),
++    {ok, Sasl} = esasl:server_start(?SERVER, "GSSAPI", "xmpp", FQDN),
++    {ok, #state{sasl=Sasl,host=Host}}.
++
++mech_step(State, ClientIn) when is_list(ClientIn) ->
++    catch do_step(State, ClientIn).
++
++do_step(#state{needsmore=false}=State, _) ->
++    check_user(State);
++do_step(#state{needsmore=true,sasl=Sasl,step=Step}=State, ClientIn) ->
++    ?MSG("mech_step~n", []),
++    case esasl:step(Sasl, list_to_binary(ClientIn)) of
++	{ok, RspAuth} ->
++	    ?MSG("ok~n", []),
++	    {ok, Display_name} = esasl:property_get(Sasl, gssapi_display_name),
++	    {ok, Authzid} = esasl:property_get(Sasl, authzid),
++	    {Authid, [$@ | Auth_realm]} =
++		lists:splitwith(fun(E)->E =/= $@ end, Display_name),
++	    State1 = State#state{authid=Authid,
++				 authzid=Authzid,
++				 authrealm=Auth_realm},
++	    handle_step_ok(State1, binary_to_list(RspAuth));
++	{needsmore, RspAuth} ->
++	    ?MSG("needsmore~n", []),
++	    if (Step > 0) and (ClientIn =:= []) and (RspAuth =:= <<>>) ->
++		    {error, "not-authorized"};
++		true ->
++		    {continue, binary_to_list(RspAuth),
++		     State#state{step=Step+1}}
++	    end;
++	{error, _} ->
++	    {error, "not-authorized"}
++    end.
++
++handle_step_ok(State, []) ->
++    check_user(State);
++handle_step_ok(#state{step=Step}=State, RspAuth) ->
++    ?MSG("continue~n", []),
++    {continue, RspAuth, State#state{needsmore=false,step=Step+1}}.
++
++check_user(#state{authid=Authid,authzid=Authzid,
++		  authrealm=Auth_realm,host=Host}) ->
++    Realm = ejabberd_config:get_local_option({sasl_realm, Host}),
++
++    if Realm =/= Auth_realm ->
++	    ?MSG("bad realm ~p (expected ~p)~n",[Auth_realm, Realm]),
++	    throw({error, "not-authorized"});
++       true ->
++	    ok
++    end,
++
++    case ejabberd_auth:is_user_exists(Authid, Host) of
++	false ->
++	    ?MSG("bad user ~p~n",[Authid]),
++	    throw({error, "not-authorized"});
++	true ->
++	    ok
++    end,
++
++    ?MSG("GSSAPI authenticated ~p ~p~n", [Authid, Authzid]),
++    {ok, [{username, Authid}, {authzid, Authzid}]}.
+diff --git a/src/cyrsasl_plain.erl b/src/cyrsasl_plain.erl
+index 4e69b06..5187665 100644
+--- a/src/cyrsasl_plain.erl
++++ b/src/cyrsasl_plain.erl
+@@ -27,10 +27,11 @@
+ -module(cyrsasl_plain).
+ -author('alexey@process-one.net').
+ 
+--export([start/1, stop/0, mech_new/4, mech_step/2, parse/1]).
++-export([start/1, stop/0, mech_new/1, mech_step/2, parse/1]).
+ 
+ -behaviour(cyrsasl).
+ 
++-include("ejabberd.hrl").
+ -record(state, {check_password}).
+ 
+ start(_Opts) ->
+@@ -40,7 +41,7 @@ start(_Opts) ->
+ stop() ->
+     ok.
+ 
+-mech_new(_Host, _GetPassword, CheckPassword, _CheckPasswordDigest) ->
++mech_new(#sasl_ctx{check_password=CheckPassword}) ->
+     {ok, #state{check_password = CheckPassword}}.
+ 
+ mech_step(State, ClientIn) ->
+diff --git a/src/ejabberd.hrl b/src/ejabberd.hrl
+index 717496f..4d683bb 100644
+--- a/src/ejabberd.hrl
++++ b/src/ejabberd.hrl
+@@ -59,3 +59,10 @@
+ -define(CRITICAL_MSG(Format, Args),
+     ejabberd_logger:critical_msg(?MODULE,?LINE,Format, Args)).
+ 
++-record(sasl_ctx, {
++	  host,
++	  realm,
++	  get_password,
++	  check_password,
++	  check_password_digest,
++	  fqdn}).
+diff --git a/src/ejabberd_c2s.erl b/src/ejabberd_c2s.erl
+index 8ca5f5c..aebd860 100644
+--- a/src/ejabberd_c2s.erl
++++ b/src/ejabberd_c2s.erl
+@@ -67,6 +67,7 @@
+ -record(state, {socket,
+ 		sockmod,
+ 		socket_monitor,
++		fqdn,
+ 		xml_socket,
+ 		streamid,
+ 		sasl_state,
+@@ -204,9 +205,11 @@ init([{SockMod, Socket}, Opts]) ->
+ 			Socket
+ 		end,
+ 	    SocketMonitor = SockMod:monitor(Socket1),
++	    {ok, FQDN} = ejabberd_net:gethostname(Socket),
+ 	    {ok, wait_for_stream, #state{socket         = Socket1,
+ 					 sockmod        = SockMod,
+ 					 socket_monitor = SocketMonitor,
++					 fqdn           = FQDN,
+ 					 xml_socket     = XMLSocket,
+ 					 zlib           = Zlib,
+ 					 tls            = TLS,
+@@ -250,6 +253,8 @@ wait_for_stream({xmlstreamstart, _Name, Attrs}, StateData) ->
+ 			    send_header(StateData, Server, "1.0", DefaultLang),
+ 			    case StateData#state.authenticated of
+ 				false ->
++				    FQDN = StateData#state.fqdn,
++				    ?INFO_MSG("FQDN: ~p~n", [FQDN]),
+ 				    SASLState =
+ 					cyrsasl:server_new(
+ 					  "jabber", Server, "", [],
+@@ -264,7 +269,8 @@ wait_for_stream({xmlstreamstart, _Name, Attrs}, StateData) ->
+ 					  fun(U, P, D, DG) ->
+ 						  ejabberd_auth:check_password_with_authmodule(
+ 						    U, Server, P, D, DG)
+-					  end),
++					  end,
++					  FQDN),
+ 				    Mechs = lists:map(
+ 					      fun(S) ->
+ 						      {xmlelement, "mechanism", [],
+diff --git a/src/ejabberd_net.erl b/src/ejabberd_net.erl
+new file mode 100644
+index 0000000..e9ab70a
+--- /dev/null
++++ b/src/ejabberd_net.erl
+@@ -0,0 +1,39 @@
++%%%----------------------------------------------------------------------
++%%% File    : ejabberd_net.erl
++%%% Author  : Mikael Magnusson <mikma@users.sourceforge.net>
++%%% Purpose : Serve C2S connection
++%%% Created : 6 June 2007 by Mikael Magnusson <mikma@users.sourceforge.net>
++%%% Id      : $Id: $
++%%%----------------------------------------------------------------------
++
++-module(ejabberd_net).
++-author('mikma@users.sourceforge.net').
++%% -update_info({update, 0}).
++
++-export([gethostname/1]).
++
++-include("ejabberd.hrl").
++-include_lib("kernel/include/inet.hrl").
++
++%% Copied from ejabberd_socket.erl of ejabberd 2.0.3
++-record(socket_state, {sockmod, socket, receiver}).
++
++%%
++%% gethostname(Socket)
++%%
++gethostname(Socket) ->
++    ?INFO_MSG("gethostname ~p~n", [Socket]),
++%%     {ok, "skinner.hem.za.org"}.
++
++    case ejabberd_config:get_local_option({sasl_fqdn, ?MYNAME}) of
++      undefined ->
++        {ok, {Addr, _Port}} = inet:sockname(Socket#socket_state.socket),
++        case inet:gethostbyaddr(Addr) of
++            {ok, HostEnt} when is_record(HostEnt, hostent) ->
++                {ok, HostEnt#hostent.h_name};
++            {error, What} ->
++                ?ERROR_MSG("Error in gethostname:~nSocket: ~p~nError: ~p", [What]),
++                error
++        end;
++      F -> {ok, F}
++    end.