Merge v2.0.23 and v2.0.24 into master.

[user/henk/code/inspircd.git] / src / modules / m_sqlauth.cpp

/*
 * InspIRCd -- Internet Relay Chat Daemon
 *
 *   Copyright (C) 2009-2010 Daniel De Graaf <danieldg@inspircd.org>
 *
 * This file is part of InspIRCd.  InspIRCd is free software: you can
 * redistribute it and/or modify it under the terms of the GNU General Public
 * License as published by the Free Software Foundation, version 2.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 * details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */


#include "inspircd.h"
#include "modules/sql.h"
#include "modules/hash.h"
#include "modules/ssl.h"

enum AuthState {
        AUTH_STATE_NONE = 0,
        AUTH_STATE_BUSY = 1,
        AUTH_STATE_FAIL = 2
};

class AuthQuery : public SQLQuery
{
 public:
        const std::string uid;
        LocalIntExt& pendingExt;
        bool verbose;
        AuthQuery(Module* me, const std::string& u, LocalIntExt& e, bool v)
                : SQLQuery(me), uid(u), pendingExt(e), verbose(v)
        {
        }

        void OnResult(SQLResult& res) CXX11_OVERRIDE
        {
                User* user = ServerInstance->FindNick(uid);
                if (!user)
                        return;
                if (res.Rows())
                {
                        pendingExt.set(user, AUTH_STATE_NONE);
                }
                else
                {
                        if (verbose)
                                ServerInstance->SNO->WriteGlobalSno('a', "Forbidden connection from %s (SQL query returned no matches)", user->GetFullRealHost().c_str());
                        pendingExt.set(user, AUTH_STATE_FAIL);
                }
        }

        void OnError(SQLerror& error) CXX11_OVERRIDE
        {
                User* user = ServerInstance->FindNick(uid);
                if (!user)
                        return;
                pendingExt.set(user, AUTH_STATE_FAIL);
                if (verbose)
                        ServerInstance->SNO->WriteGlobalSno('a', "Forbidden connection from %s (SQL query failed: %s)", user->GetFullRealHost().c_str(), error.Str());
        }
};

class ModuleSQLAuth : public Module
{
        LocalIntExt pendingExt;
        dynamic_reference<SQLProvider> SQL;

        std::string freeformquery;
        std::string killreason;
        std::string allowpattern;
        bool verbose;

 public:
        ModuleSQLAuth()
                : pendingExt("sqlauth-wait", ExtensionItem::EXT_USER, this)
                , SQL(this, "SQL")
        {
        }

        void ReadConfig(ConfigStatus& status) CXX11_OVERRIDE
        {
                ConfigTag* conf = ServerInstance->Config->ConfValue("sqlauth");
                std::string dbid = conf->getString("dbid");
                if (dbid.empty())
                        SQL.SetProvider("SQL");
                else
                        SQL.SetProvider("SQL/" + dbid);
                freeformquery = conf->getString("query");
                killreason = conf->getString("killreason");
                allowpattern = conf->getString("allowpattern");
                verbose = conf->getBool("verbose");
        }

        ModResult OnUserRegister(LocalUser* user) CXX11_OVERRIDE
        {
                // Note this is their initial (unresolved) connect block
                ConfigTag* tag = user->MyClass->config;
                if (!tag->getBool("usesqlauth", true))
                        return MOD_RES_PASSTHRU;

                if (!allowpattern.empty() && InspIRCd::Match(user->nick,allowpattern))
                        return MOD_RES_PASSTHRU;

                if (pendingExt.get(user))
                        return MOD_RES_PASSTHRU;

                if (!SQL)
                {
                        ServerInstance->SNO->WriteGlobalSno('a', "Forbiding connection from %s (SQL database not present)", user->GetFullRealHost().c_str());
                        ServerInstance->Users->QuitUser(user, killreason);
                        return MOD_RES_PASSTHRU;
                }

                pendingExt.set(user, AUTH_STATE_BUSY);

                ParamM userinfo;
                SQL->PopulateUserInfo(user, userinfo);
                userinfo["pass"] = user->password;

                HashProvider* md5 = ServerInstance->Modules->FindDataService<HashProvider>("hash/md5");
                if (md5)
                        userinfo["md5pass"] = md5->Generate(user->password);

                HashProvider* sha256 = ServerInstance->Modules->FindDataService<HashProvider>("hash/sha256");
                if (sha256)
                        userinfo["sha256pass"] = sha256->Generate(user->password);

                const std::string certfp = SSLClientCert::GetFingerprint(&user->eh);
                userinfo["certfp"] = certfp;

                SQL->submit(new AuthQuery(this, user->uuid, pendingExt, verbose), freeformquery, userinfo);

                return MOD_RES_PASSTHRU;
        }

        ModResult OnCheckReady(LocalUser* user) CXX11_OVERRIDE
        {
                switch (pendingExt.get(user))
                {
                        case AUTH_STATE_NONE:
                                return MOD_RES_PASSTHRU;
                        case AUTH_STATE_BUSY:
                                return MOD_RES_DENY;
                        case AUTH_STATE_FAIL:
                                ServerInstance->Users->QuitUser(user, killreason);
                                return MOD_RES_DENY;
                }
                return MOD_RES_PASSTHRU;
        }

        Version GetVersion() CXX11_OVERRIDE
        {
                return Version("Allow/Deny connections based upon an arbitrary SQL table", VF_VENDOR);
        }
};

MODULE_INIT(ModuleSQLAuth)