-/* +------------------------------------+
- * | Inspire Internet Relay Chat Daemon |
- * +------------------------------------+
+/*
+ * InspIRCd -- Internet Relay Chat Daemon
*
- * InspIRCd: (C) 2002-2009 InspIRCd Development Team
- * See: http://wiki.inspircd.org/Credits
+ * Copyright (C) 2009-2010 Daniel De Graaf <danieldg@inspircd.org>
*
- * This program is free but copyrighted software; see
- * the file COPYING for details.
+ * This file is part of InspIRCd. InspIRCd is free software: you can
+ * redistribute it and/or modify it under the terms of the GNU General Public
+ * License as published by the Free Software Foundation, version 2.
*
- * ---------------------------------------------------
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+
#include "inspircd.h"
-#include "m_sqlv2.h"
-#include "m_sqlutils.h"
-#include "m_hash.h"
+#include "sql.h"
+#include "hash.h"
+
+/* $ModDesc: Allow/Deny connections based upon an arbitrary SQL table */
+
+enum AuthState {
+ AUTH_STATE_NONE = 0,
+ AUTH_STATE_BUSY = 1,
+ AUTH_STATE_FAIL = 2
+};
+
+class AuthQuery : public SQLQuery
+{
+ public:
+ const std::string uid;
+ LocalIntExt& pendingExt;
+ bool verbose;
+ AuthQuery(Module* me, const std::string& u, LocalIntExt& e, bool v)
+ : SQLQuery(me), uid(u), pendingExt(e), verbose(v)
+ {
+ }
+
+ void OnResult(SQLResult& res)
+ {
+ User* user = ServerInstance->FindNick(uid);
+ if (!user)
+ return;
+ if (res.Rows())
+ {
+ pendingExt.set(user, AUTH_STATE_NONE);
+ }
+ else
+ {
+ if (verbose)
+ ServerInstance->SNO->WriteGlobalSno('a', "Forbidden connection from %s (SQL query returned no matches)", user->GetFullRealHost().c_str());
+ pendingExt.set(user, AUTH_STATE_FAIL);
+ }
+ }
-/* $ModDesc: Allow/Deny connections based upon an arbitary SQL table */
-/* $ModDep: m_sqlv2.h m_sqlutils.h m_hash.h */
+ void OnError(SQLerror& error)
+ {
+ User* user = ServerInstance->FindNick(uid);
+ if (!user)
+ return;
+ pendingExt.set(user, AUTH_STATE_FAIL);
+ if (verbose)
+ ServerInstance->SNO->WriteGlobalSno('a', "Forbidden connection from %s (SQL query failed: %s)", user->GetFullRealHost().c_str(), error.Str());
+ }
+};
class ModuleSQLAuth : public Module
{
- LocalIntExt sqlAuthed;
- Module* SQLutils;
- Module* SQLprovider;
+ LocalIntExt pendingExt;
+ dynamic_reference<SQLProvider> SQL;
std::string freeformquery;
std::string killreason;
std::string allowpattern;
- std::string databaseid;
-
bool verbose;
-public:
- ModuleSQLAuth() : sqlAuthed("sqlauth", this)
+ public:
+ ModuleSQLAuth() : pendingExt("sqlauth-wait", this), SQL(this, "SQL")
{
- ServerInstance->Modules->UseInterface("SQLutils");
- ServerInstance->Modules->UseInterface("SQL");
-
- SQLutils = ServerInstance->Modules->Find("m_sqlutils.so");
- if (!SQLutils)
- throw ModuleException("Can't find m_sqlutils.so. Please load m_sqlutils.so before m_sqlauth.so.");
-
- SQLprovider = ServerInstance->Modules->FindFeature("SQL");
- if (!SQLprovider)
- throw ModuleException("Can't find an SQL provider module. Please load one before attempting to load m_sqlauth.");
-
- OnRehash(NULL);
- Implementation eventlist[] = { I_OnUserDisconnect, I_OnCheckReady, I_OnRequest, I_OnRehash, I_OnUserRegister };
- ServerInstance->Modules->Attach(eventlist, this, 5);
}
- virtual ~ModuleSQLAuth()
+ void init()
{
- ServerInstance->Modules->DoneWithInterface("SQL");
- ServerInstance->Modules->DoneWithInterface("SQLutils");
+ ServerInstance->Modules->AddService(pendingExt);
+ OnRehash(NULL);
+ Implementation eventlist[] = { I_OnCheckReady, I_OnRehash, I_OnUserRegister };
+ ServerInstance->Modules->Attach(eventlist, this, sizeof(eventlist)/sizeof(Implementation));
}
-
void OnRehash(User* user)
{
- ConfigReader Conf;
-
- databaseid = Conf.ReadValue("sqlauth", "dbid", 0); /* Database ID, given to the SQL service provider */
- freeformquery = Conf.ReadValue("sqlauth", "query", 0); /* Field name where username can be found */
- killreason = Conf.ReadValue("sqlauth", "killreason", 0); /* Reason to give when access is denied to a user (put your reg details here) */
- allowpattern = Conf.ReadValue("sqlauth", "allowpattern",0 ); /* Allow nicks matching this pattern without requiring auth */
- verbose = Conf.ReadFlag("sqlauth", "verbose", 0); /* Set to true if failed connects should be reported to operators */
+ ConfigTag* conf = ServerInstance->Config->ConfValue("sqlauth");
+ std::string dbid = conf->getString("dbid");
+ if (dbid.empty())
+ SQL.SetProvider("SQL");
+ else
+ SQL.SetProvider("SQL/" + dbid);
+ freeformquery = conf->getString("query");
+ killreason = conf->getString("killreason");
+ allowpattern = conf->getString("allowpattern");
+ verbose = conf->getBool("verbose");
}
- ModResult OnUserRegister(User* user)
+ ModResult OnUserRegister(LocalUser* user)
{
- if ((!allowpattern.empty()) && (InspIRCd::Match(user->nick,allowpattern)))
- {
- sqlAuthed.set(user, 1);
+ // Note this is their initial (unresolved) connect block
+ ConfigTag* tag = user->MyClass->config;
+ if (!tag->getBool("usesqlauth", true))
+ return MOD_RES_PASSTHRU;
+
+ if (!allowpattern.empty() && InspIRCd::Match(user->nick,allowpattern))
return MOD_RES_PASSTHRU;
- }
- if (!CheckCredentials(user))
+ if (pendingExt.get(user))
+ return MOD_RES_PASSTHRU;
+
+ if (!SQL)
{
+ ServerInstance->SNO->WriteGlobalSno('a', "Forbiding connection from %s (SQL database not present)", user->GetFullRealHost().c_str());
ServerInstance->Users->QuitUser(user, killreason);
- return MOD_RES_DENY;
+ return MOD_RES_PASSTHRU;
}
- return MOD_RES_PASSTHRU;
- }
-
- bool CheckCredentials(User* user)
- {
- std::string thisquery = freeformquery;
- std::string safepass = user->password;
- std::string safegecos = user->fullname;
-
- /* Search and replace the escaped nick and escaped pass into the query */
- SearchAndReplace(safepass, std::string("\""), std::string("\\\""));
- SearchAndReplace(safegecos, std::string("\""), std::string("\\\""));
+ pendingExt.set(user, AUTH_STATE_BUSY);
- SearchAndReplace(thisquery, std::string("$nick"), user->nick);
- SearchAndReplace(thisquery, std::string("$pass"), safepass);
- SearchAndReplace(thisquery, std::string("$host"), user->host);
- SearchAndReplace(thisquery, std::string("$ip"), std::string(user->GetIPString()));
- SearchAndReplace(thisquery, std::string("$gecos"), safegecos);
- SearchAndReplace(thisquery, std::string("$ident"), user->ident);
- SearchAndReplace(thisquery, std::string("$server"), std::string(user->server));
- SearchAndReplace(thisquery, std::string("$uuid"), user->uuid);
-
- Module* HashMod = ServerInstance->Modules->Find("m_md5.so");
-
- if (HashMod)
- {
- HashResetRequest(this, HashMod).Send();
- SearchAndReplace(thisquery, std::string("$md5pass"), std::string(HashSumRequest(this, HashMod, user->password).Send()));
- }
+ ParamM userinfo;
+ SQL->PopulateUserInfo(user, userinfo);
+ userinfo["pass"] = user->password;
- HashMod = ServerInstance->Modules->Find("m_sha256.so");
+ HashProvider* md5 = ServerInstance->Modules->FindDataService<HashProvider>("hash/md5");
+ if (md5)
+ userinfo["md5pass"] = md5->hexsum(user->password);
- if (HashMod)
- {
- HashResetRequest(this, HashMod).Send();
- SearchAndReplace(thisquery, std::string("$sha256pass"), std::string(HashSumRequest(this, HashMod, user->password).Send()));
- }
+ HashProvider* sha256 = ServerInstance->Modules->FindDataService<HashProvider>("hash/sha256");
+ if (sha256)
+ userinfo["sha256pass"] = sha256->hexsum(user->password);
- /* Build the query */
- SQLrequest req = SQLrequest(this, SQLprovider, databaseid, SQLquery(thisquery));
+ SQL->submit(new AuthQuery(this, user->uuid, pendingExt, verbose), freeformquery, userinfo);
- if(req.Send())
- {
- /* When we get the query response from the service provider we will be given an ID to play with,
- * just an ID number which is unique to this query. We need a way of associating that ID with a User
- * so we insert it into a map mapping the IDs to users.
- * Thankfully m_sqlutils provides this, it will associate a ID with a user or channel, and if the user quits it removes the
- * association. This means that if the user quits during a query we will just get a failed lookup from m_sqlutils - telling
- * us to discard the query.
- */
- AssociateUser(this, SQLutils, req.id, user).Send();
-
- return true;
- }
- else
- {
- if (verbose)
- ServerInstance->SNO->WriteGlobalSno('a', "Forbidden connection from %s!%s@%s (SQL query failed: %s)", user->nick.c_str(), user->ident.c_str(), user->host.c_str(), req.error.Str());
- return false;
- }
+ return MOD_RES_PASSTHRU;
}
- virtual const char* OnRequest(Request* request)
+ ModResult OnCheckReady(LocalUser* user)
{
- if(strcmp(SQLRESID, request->GetId()) == 0)
+ switch (pendingExt.get(user))
{
- SQLresult* res = static_cast<SQLresult*>(request);
-
- User* user = GetAssocUser(this, SQLutils, res->id).S().user;
- UnAssociate(this, SQLutils, res->id).S();
-
- if(user)
- {
- if(res->error.Id() == SQL_NO_ERROR)
- {
- if(res->Rows())
- {
- /* We got a row in the result, this is enough really */
- sqlAuthed.set(user, 1);
- }
- else if (verbose)
- {
- /* No rows in result, this means there was no record matching the user */
- ServerInstance->SNO->WriteGlobalSno('a', "Forbidden connection from %s!%s@%s (SQL query returned no matches)", user->nick.c_str(), user->ident.c_str(), user->host.c_str());
- }
- }
- else if (verbose)
- {
- ServerInstance->SNO->WriteGlobalSno('a', "Forbidden connection from %s!%s@%s (SQL query failed: %s)", user->nick.c_str(), user->ident.c_str(), user->host.c_str(), res->error.Str());
- }
- }
- else
- {
- return NULL;
- }
-
- if (!sqlAuthed.get(user))
- {
+ case AUTH_STATE_NONE:
+ return MOD_RES_PASSTHRU;
+ case AUTH_STATE_BUSY:
+ return MOD_RES_DENY;
+ case AUTH_STATE_FAIL:
ServerInstance->Users->QuitUser(user, killreason);
- }
- return SQLSUCCESS;
+ return MOD_RES_DENY;
}
- return NULL;
- }
-
- ModResult OnCheckReady(User* user)
- {
- return sqlAuthed.get(user) ? MOD_RES_PASSTHRU : MOD_RES_DENY;
+ return MOD_RES_PASSTHRU;
}
Version GetVersion()
{
- return Version("Allow/Deny connections based upon an arbitary SQL table", VF_VENDOR, API_VERSION);
+ return Version("Allow/Deny connections based upon an arbitrary SQL table", VF_VENDOR);
}
-
};
MODULE_INIT(ModuleSQLAuth)
projects / user / henk / code / inspircd.git / blobdiff