src/modules/extra/m_sqlauth.cpp

   1 /*       +------------------------------------+
   2  *       | Inspire Internet Relay Chat Daemon |
   3  *       +------------------------------------+
   4  *
   5  *  InspIRCd: (C) 2002-2009 InspIRCd Development Team
   6  * See: http://wiki.inspircd.org/Credits
   7  *
   8  * This program is free but copyrighted software; see
   9  *            the file COPYING for details.
  10  *
  11  * ---------------------------------------------------
  12  */
  13
  14 #include "inspircd.h"
  15 #include "m_sqlv2.h"
  16 #include "m_sqlutils.h"
  17 #include "m_hash.h"
  18
  19 /* $ModDesc: Allow/Deny connections based upon an arbitary SQL table */
  20 /* $ModDep: m_sqlv2.h m_sqlutils.h m_hash.h */
  21
  22 class ModuleSQLAuth : public Module
  23 {
  24         Module* SQLutils;
  25         Module* SQLprovider;
  26
  27         std::string freeformquery;
  28         std::string killreason;
  29         std::string allowpattern;
  30         std::string databaseid;
  31
  32         bool verbose;
  33
  34 public:
  35         ModuleSQLAuth(InspIRCd* Me)
  36         : Module(Me)
  37         {
  38                 ServerInstance->Modules->UseInterface("SQLutils");
  39                 ServerInstance->Modules->UseInterface("SQL");
  40
  41                 SQLutils = ServerInstance->Modules->Find("m_sqlutils.so");
  42                 if (!SQLutils)
  43                         throw ModuleException("Can't find m_sqlutils.so. Please load m_sqlutils.so before m_sqlauth.so.");
  44
  45                 SQLprovider = ServerInstance->Modules->FindFeature("SQL");
  46                 if (!SQLprovider)
  47                         throw ModuleException("Can't find an SQL provider module. Please load one before attempting to load m_sqlauth.");
  48
  49                 OnRehash(NULL);
  50                 Implementation eventlist[] = { I_OnUserDisconnect, I_OnCheckReady, I_OnRequest, I_OnRehash, I_OnUserRegister };
  51                 ServerInstance->Modules->Attach(eventlist, this, 5);
  52         }
  53
  54         virtual ~ModuleSQLAuth()
  55         {
  56                 ServerInstance->Modules->DoneWithInterface("SQL");
  57                 ServerInstance->Modules->DoneWithInterface("SQLutils");
  58         }
  59
  60
  61         virtual void OnRehash(User* user)
  62         {
  63                 ConfigReader Conf(ServerInstance);
  64
  65                 databaseid      = Conf.ReadValue("sqlauth", "dbid", 0);                 /* Database ID, given to the SQL service provider */
  66                 freeformquery   = Conf.ReadValue("sqlauth", "query", 0);        /* Field name where username can be found */
  67                 killreason      = Conf.ReadValue("sqlauth", "killreason", 0);   /* Reason to give when access is denied to a user (put your reg details here) */
  68                 allowpattern    = Conf.ReadValue("sqlauth", "allowpattern",0 ); /* Allow nicks matching this pattern without requiring auth */
  69                 verbose         = Conf.ReadFlag("sqlauth", "verbose", 0);               /* Set to true if failed connects should be reported to operators */
  70         }
  71
  72         virtual ModResult OnUserRegister(User* user)
  73         {
  74                 if ((!allowpattern.empty()) && (InspIRCd::Match(user->nick,allowpattern)))
  75                 {
  76                         user->Extend("sqlauthed");
  77                         return MOD_RES_PASSTHRU;
  78                 }
  79
  80                 if (!CheckCredentials(user))
  81                 {
  82                         ServerInstance->Users->QuitUser(user, killreason);
  83                         return MOD_RES_DENY;
  84                 }
  85                 return MOD_RES_PASSTHRU;
  86         }
  87
  88         bool CheckCredentials(User* user)
  89         {
  90                 std::string thisquery = freeformquery;
  91                 std::string safepass = user->password;
  92                 std::string safegecos = user->fullname;
  93
  94                 /* Search and replace the escaped nick and escaped pass into the query */
  95
  96                 SearchAndReplace(safepass, std::string("\""), std::string("\\\""));
  97                 SearchAndReplace(safegecos, std::string("\""), std::string("\\\""));
  98
  99                 SearchAndReplace(thisquery, std::string("$nick"), user->nick);
 100                 SearchAndReplace(thisquery, std::string("$pass"), safepass);
 101                 SearchAndReplace(thisquery, std::string("$host"), user->host);
 102                 SearchAndReplace(thisquery, std::string("$ip"), std::string(user->GetIPString()));
 103                 SearchAndReplace(thisquery, std::string("$gecos"), safegecos);
 104                 SearchAndReplace(thisquery, std::string("$ident"), user->ident);
 105                 SearchAndReplace(thisquery, std::string("$server"), std::string(user->server));
 106                 SearchAndReplace(thisquery, std::string("$uuid"), user->uuid);
 107
 108                 Module* HashMod = ServerInstance->Modules->Find("m_md5.so");
 109
 110                 if (HashMod)
 111                 {
 112                         HashResetRequest(this, HashMod).Send();
 113                         SearchAndReplace(thisquery, std::string("$md5pass"), std::string(HashSumRequest(this, HashMod, user->password).Send()));
 114                 }
 115
 116                 HashMod = ServerInstance->Modules->Find("m_sha256.so");
 117
 118                 if (HashMod)
 119                 {
 120                         HashResetRequest(this, HashMod).Send();
 121                         SearchAndReplace(thisquery, std::string("$sha256pass"), std::string(HashSumRequest(this, HashMod, user->password).Send()));
 122                 }
 123
 124                 /* Build the query */
 125                 SQLrequest req = SQLrequest(this, SQLprovider, databaseid, SQLquery(thisquery));
 126
 127                 if(req.Send())
 128                 {
 129                         /* When we get the query response from the service provider we will be given an ID to play with,
 130                          * just an ID number which is unique to this query. We need a way of associating that ID with a User
 131                          * so we insert it into a map mapping the IDs to users.
 132                          * Thankfully m_sqlutils provides this, it will associate a ID with a user or channel, and if the user quits it removes the
 133                          * association. This means that if the user quits during a query we will just get a failed lookup from m_sqlutils - telling
 134                          * us to discard the query.
 135                          */
 136                         AssociateUser(this, SQLutils, req.id, user).Send();
 137
 138                         return true;
 139                 }
 140                 else
 141                 {
 142                         if (verbose)
 143                                 ServerInstance->SNO->WriteGlobalSno('a', "Forbidden connection from %s!%s@%s (SQL query failed: %s)", user->nick.c_str(), user->ident.c_str(), user->host.c_str(), req.error.Str());
 144                         return false;
 145                 }
 146         }
 147
 148         virtual const char* OnRequest(Request* request)
 149         {
 150                 if(strcmp(SQLRESID, request->GetId()) == 0)
 151                 {
 152                         SQLresult* res = static_cast<SQLresult*>(request);
 153
 154                         User* user = GetAssocUser(this, SQLutils, res->id).S().user;
 155                         UnAssociate(this, SQLutils, res->id).S();
 156
 157                         if(user)
 158                         {
 159                                 if(res->error.Id() == SQL_NO_ERROR)
 160                                 {
 161                                         if(res->Rows())
 162                                         {
 163                                                 /* We got a row in the result, this is enough really */
 164                                                 user->Extend("sqlauthed");
 165                                         }
 166                                         else if (verbose)
 167                                         {
 168                                                 /* No rows in result, this means there was no record matching the user */
 169                                                 ServerInstance->SNO->WriteGlobalSno('a', "Forbidden connection from %s!%s@%s (SQL query returned no matches)", user->nick.c_str(), user->ident.c_str(), user->host.c_str());
 170                                                 user->Extend("sqlauth_failed");
 171                                         }
 172                                 }
 173                                 else if (verbose)
 174                                 {
 175                                         ServerInstance->SNO->WriteGlobalSno('a', "Forbidden connection from %s!%s@%s (SQL query failed: %s)", user->nick.c_str(), user->ident.c_str(), user->host.c_str(), res->error.Str());
 176                                         user->Extend("sqlauth_failed");
 177                                 }
 178                         }
 179                         else
 180                         {
 181                                 return NULL;
 182                         }
 183
 184                         if (!user->GetExt("sqlauthed"))
 185                         {
 186                                 ServerInstance->Users->QuitUser(user, killreason);
 187                         }
 188                         return SQLSUCCESS;
 189                 }
 190                 return NULL;
 191         }
 192
 193         virtual void OnUserDisconnect(User* user)
 194         {
 195                 user->Shrink("sqlauthed");
 196                 user->Shrink("sqlauth_failed");
 197         }
 198
 199         virtual ModResult OnCheckReady(User* user)
 200         {
 201                 return user->GetExt("sqlauthed") ? MOD_RES_PASSTHRU : MOD_RES_DENY;
 202         }
 203
 204         virtual Version GetVersion()
 205         {
 206                 return Version("Allow/Deny connections based upon an arbitary SQL table", VF_VENDOR, API_VERSION);
 207         }
 208
 209 };
 210
 211 MODULE_INIT(ModuleSQLAuth)