2 * InspIRCd -- Internet Relay Chat Daemon
4 * Copyright (C) 2015 Daniel Vassdal <shutter@canternet.org>
5 * Copyright (C) 2013, 2017-2019 Sadie Powell <sadie@witchery.services>
6 * Copyright (C) 2012-2015 Attila Molnar <attilamolnar@hush.com>
7 * Copyright (C) 2012, 2019 Robby <robby@chatbelgie.be>
8 * Copyright (C) 2009-2010 Daniel De Graaf <danieldg@inspircd.org>
9 * Copyright (C) 2007-2008, 2010 Craig Edwards <brain@inspircd.org>
10 * Copyright (C) 2007-2008 Robin Burchell <robin+git@viroteck.net>
11 * Copyright (C) 2007 Dennis Friis <peavey@inspircd.org>
13 * This file is part of InspIRCd. InspIRCd is free software: you can
14 * redistribute it and/or modify it under the terms of the GNU General Public
15 * License as published by the Free Software Foundation, version 2.
17 * This program is distributed in the hope that it will be useful, but WITHOUT
18 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
19 * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
22 * You should have received a copy of the GNU General Public License
23 * along with this program. If not, see <http://www.gnu.org/licenses/>.
28 #include "modules/sql.h"
29 #include "modules/hash.h"
30 #include "modules/ssl.h"
38 class AuthQuery : public SQL::Query
41 const std::string uid;
42 LocalIntExt& pendingExt;
44 const std::string& kdf;
45 const std::string& pwcolumn;
47 AuthQuery(Module* me, const std::string& u, LocalIntExt& e, bool v, const std::string& kd, const std::string& pwcol)
57 void OnResult(SQL::Result& res) CXX11_OVERRIDE
59 LocalUser* user = IS_LOCAL(ServerInstance->FindUUID(uid));
67 HashProvider* hashprov = ServerInstance->Modules->FindDataService<HashProvider>("hash/" + kdf);
71 ServerInstance->SNO->WriteGlobalSno('a', "Forbidden connection from %s (a provider for %s was not loaded)", user->GetFullRealHost().c_str(), kdf.c_str());
72 pendingExt.set(user, AUTH_STATE_FAIL);
77 if (!pwcolumn.empty() && !res.HasColumn(pwcolumn, colindex))
80 ServerInstance->SNO->WriteGlobalSno('a', "Forbidden connection from %s (the column specified (%s) was not returned)", user->GetFullRealHost().c_str(), pwcolumn.c_str());
81 pendingExt.set(user, AUTH_STATE_FAIL);
86 while (res.GetRow(row))
88 if (hashprov->Compare(user->password, row[colindex]))
90 pendingExt.set(user, AUTH_STATE_NONE);
96 ServerInstance->SNO->WriteGlobalSno('a', "Forbidden connection from %s (password from the SQL query did not match the user provided password)", user->GetFullRealHost().c_str());
97 pendingExt.set(user, AUTH_STATE_FAIL);
101 pendingExt.set(user, AUTH_STATE_NONE);
106 ServerInstance->SNO->WriteGlobalSno('a', "Forbidden connection from %s (SQL query returned no matches)", user->GetFullRealHost().c_str());
107 pendingExt.set(user, AUTH_STATE_FAIL);
111 void OnError(SQL::Error& error) CXX11_OVERRIDE
113 User* user = ServerInstance->FindNick(uid);
116 pendingExt.set(user, AUTH_STATE_FAIL);
118 ServerInstance->SNO->WriteGlobalSno('a', "Forbidden connection from %s (SQL query failed: %s)", user->GetFullRealHost().c_str(), error.ToString());
122 class ModuleSQLAuth : public Module
124 LocalIntExt pendingExt;
125 dynamic_reference<SQL::Provider> SQL;
126 UserCertificateAPI sslapi;
128 std::string freeformquery;
129 std::string killreason;
130 std::string allowpattern;
132 std::vector<std::string> hash_algos;
134 std::string pwcolumn;
138 : pendingExt("sqlauth-wait", ExtensionItem::EXT_USER, this)
144 void ReadConfig(ConfigStatus& status) CXX11_OVERRIDE
146 ConfigTag* conf = ServerInstance->Config->ConfValue("sqlauth");
147 std::string dbid = conf->getString("dbid");
149 SQL.SetProvider("SQL");
151 SQL.SetProvider("SQL/" + dbid);
152 freeformquery = conf->getString("query");
153 killreason = conf->getString("killreason");
154 allowpattern = conf->getString("allowpattern");
155 verbose = conf->getBool("verbose");
156 kdf = conf->getString("kdf");
157 pwcolumn = conf->getString("column");
160 irc::commasepstream algos(conf->getString("hash", "md5,sha256"));
162 while (algos.GetToken(algo))
163 hash_algos.push_back(algo);
166 ModResult OnUserRegister(LocalUser* user) CXX11_OVERRIDE
168 // Note this is their initial (unresolved) connect block
169 ConfigTag* tag = user->MyClass->config;
170 if (!tag->getBool("usesqlauth", true))
171 return MOD_RES_PASSTHRU;
173 if (!allowpattern.empty() && InspIRCd::Match(user->nick,allowpattern))
174 return MOD_RES_PASSTHRU;
176 if (pendingExt.get(user))
177 return MOD_RES_PASSTHRU;
181 ServerInstance->SNO->WriteGlobalSno('a', "Forbidden connection from %s (SQL database not present)", user->GetFullRealHost().c_str());
182 ServerInstance->Users->QuitUser(user, killreason);
183 return MOD_RES_PASSTHRU;
186 pendingExt.set(user, AUTH_STATE_BUSY);
188 SQL::ParamMap userinfo;
189 SQL::PopulateUserInfo(user, userinfo);
190 userinfo["pass"] = user->password;
191 userinfo["certfp"] = sslapi ? sslapi->GetFingerprint(user) : "";
193 for (std::vector<std::string>::const_iterator it = hash_algos.begin(); it != hash_algos.end(); ++it)
195 HashProvider* hashprov = ServerInstance->Modules->FindDataService<HashProvider>("hash/" + *it);
196 if (hashprov && !hashprov->IsKDF())
197 userinfo[*it + "pass"] = hashprov->Generate(user->password);
200 SQL->Submit(new AuthQuery(this, user->uuid, pendingExt, verbose, kdf, pwcolumn), freeformquery, userinfo);
202 return MOD_RES_PASSTHRU;
205 ModResult OnCheckReady(LocalUser* user) CXX11_OVERRIDE
207 switch (pendingExt.get(user))
209 case AUTH_STATE_NONE:
210 return MOD_RES_PASSTHRU;
211 case AUTH_STATE_BUSY:
213 case AUTH_STATE_FAIL:
214 ServerInstance->Users->QuitUser(user, killreason);
217 return MOD_RES_PASSTHRU;
220 Version GetVersion() CXX11_OVERRIDE
222 return Version("Allow/deny connections based upon an arbitrary SQL table", VF_VENDOR);
226 MODULE_INIT(ModuleSQLAuth)