X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fextra%2Fm_sqlauth.cpp;h=6dc01a5f854932ef6840cfd48e3d78f00c0995e0;hb=c4cb1f9477b1fbf8662bedb1c36f84ff6f87e1f3;hp=36b9b861176fa6e98ce0d44959225a5a2f110d67;hpb=f168d8defa484eec8587e4aad8aedbca4ab8bd0d;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/extra/m_sqlauth.cpp b/src/modules/extra/m_sqlauth.cpp index 36b9b8611..6dc01a5f8 100644 --- a/src/modules/extra/m_sqlauth.cpp +++ b/src/modules/extra/m_sqlauth.cpp @@ -2,224 +2,210 @@ * | Inspire Internet Relay Chat Daemon | * +------------------------------------+ * - * InspIRCd is copyright (C) 2002-2004 ChatSpike-Dev. - * E-mail: - * - * - * - * Written by Craig Edwards, Craig McLure, and others. + * InspIRCd: (C) 2002-2009 InspIRCd Development Team + * See: http://wiki.inspircd.org/Credits + * * This program is free but copyrighted software; see * the file COPYING for details. * * --------------------------------------------------- */ -using namespace std; - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "users.h" -#include "channels.h" -#include "modules.h" #include "inspircd.h" -#include "helperfuncs.h" -#include "m_sql.h" +#include "m_sqlv2.h" +#include "m_sqlutils.h" +#include "m_hash.h" /* $ModDesc: Allow/Deny connections based upon an arbitary SQL table */ - -Server *Srv; +/* $ModDep: m_sqlv2.h m_sqlutils.h m_hash.h */ class ModuleSQLAuth : public Module { - ConfigReader* Conf; - std::string usertable; - std::string userfield; - std::string passfield; - std::string encryption; + Module* SQLutils; + Module* SQLprovider; + + std::string freeformquery; std::string killreason; std::string allowpattern; - bool WallOperFail; - unsigned long dbid; - Module* SQLModule; + std::string databaseid; - public: - bool ReadConfig() - { - Conf = new ConfigReader(); - usertable = Conf->ReadValue("sqlauth","usertable",0); // user table name - dbid = Conf->ReadInteger("sqlauth","dbid",0,true); // database id of a database configured in m_sql (see m_sql config) - userfield = Conf->ReadValue("sqlauth","userfield",0); // field name where username can be found - passfield = Conf->ReadValue("sqlauth","passfield",0); // field name where password can be found - killreason = Conf->ReadValue("sqlauth","killreason",0); // reason to give when access is denied to a user (put your reg details here) - encryption = Conf->ReadValue("sqlauth","encryption",0); // name of sql function used to encrypt password, e.g. "md5" or "passwd". - // define, but leave blank if no encryption is to be used. - WallOperFail = Conf->ReadFlag("sqlauth","verbose",0); // set to 1 if failed connects should be reported to operators - allowpattern = Conf->ReadValue("sqlauth","allowpattern",0); // allow nicks matching the pattern without requiring auth - delete Conf; - SQLModule = Srv->FindModule("m_sql.so"); - if (!SQLModule) - Srv->Log(DEFAULT,"WARNING: m_sqlauth.so could not initialize because m_sql.so is not loaded. Load the module and rehash your server."); - return (SQLModule); - } + bool verbose; - ModuleSQLAuth(Server* Me) - : Module::Module(Me) +public: + ModuleSQLAuth(InspIRCd* Me) + : Module(Me) { - Srv = Me; - ReadConfig(); + ServerInstance->Modules->UseInterface("SQLutils"); + ServerInstance->Modules->UseInterface("SQL"); + + SQLutils = ServerInstance->Modules->Find("m_sqlutils.so"); + if (!SQLutils) + throw ModuleException("Can't find m_sqlutils.so. Please load m_sqlutils.so before m_sqlauth.so."); + + SQLprovider = ServerInstance->Modules->FindFeature("SQL"); + if (!SQLprovider) + throw ModuleException("Can't find an SQL provider module. Please load one before attempting to load m_sqlauth."); + + OnRehash(NULL); + Implementation eventlist[] = { I_OnUserDisconnect, I_OnCheckReady, I_OnRequest, I_OnRehash, I_OnUserRegister }; + ServerInstance->Modules->Attach(eventlist, this, 5); } - void Implements(char* List) + virtual ~ModuleSQLAuth() { - List[I_OnRehash] = List[I_OnUserRegister] = 1; + ServerInstance->Modules->DoneWithInterface("SQL"); + ServerInstance->Modules->DoneWithInterface("SQLutils"); } - virtual void OnRehash(std::string parameter) + + virtual void OnRehash(User* user) { - ReadConfig(); + ConfigReader Conf(ServerInstance); + + databaseid = Conf.ReadValue("sqlauth", "dbid", 0); /* Database ID, given to the SQL service provider */ + freeformquery = Conf.ReadValue("sqlauth", "query", 0); /* Field name where username can be found */ + killreason = Conf.ReadValue("sqlauth", "killreason", 0); /* Reason to give when access is denied to a user (put your reg details here) */ + allowpattern = Conf.ReadValue("sqlauth", "allowpattern",0 ); /* Allow nicks matching this pattern without requiring auth */ + verbose = Conf.ReadFlag("sqlauth", "verbose", 0); /* Set to true if failed connects should be reported to operators */ } - virtual void OnUserRegister(userrec* user) + virtual int OnUserRegister(User* user) { - if ((allowpattern != "") && (Srv->MatchText(user->nick,allowpattern))) - return; - - if (!CheckCredentials(user->nick,user->password)) + if ((!allowpattern.empty()) && (InspIRCd::Match(user->nick,allowpattern))) + { + user->Extend("sqlauthed"); + return 0; + } + + if (!CheckCredentials(user)) { - if (WallOperFail) - WriteOpers("Forbidden connection from %s!%s@%s (invalid login/password)",user->nick,user->ident,user->host); - Srv->QuitUser(user,killreason); + ServerInstance->Users->QuitUser(user, killreason); + return 1; } + return 0; } - bool CheckCredentials(std::string username, std::string password) + bool CheckCredentials(User* user) { - bool found = false; + std::string thisquery = freeformquery; + std::string safepass = user->password; + std::string safegecos = user->fullname; - // is the sql module loaded? If not, we don't attempt to do anything. - if (!SQLModule) - return false; + /* Search and replace the escaped nick and escaped pass into the query */ + + SearchAndReplace(safepass, std::string("\""), std::string("\\\"")); + SearchAndReplace(safegecos, std::string("\""), std::string("\\\"")); - // sanitize the password (we dont want any mysql insertion exploits!) - std::string temp = ""; - for (unsigned int q = 0; q < password.length(); q++) + SearchAndReplace(thisquery, std::string("$nick"), user->nick); + SearchAndReplace(thisquery, std::string("$pass"), safepass); + SearchAndReplace(thisquery, std::string("$host"), user->host); + SearchAndReplace(thisquery, std::string("$ip"), std::string(user->GetIPString())); + SearchAndReplace(thisquery, std::string("$gecos"), safegecos); + SearchAndReplace(thisquery, std::string("$ident"), user->ident); + SearchAndReplace(thisquery, std::string("$server"), std::string(user->server)); + SearchAndReplace(thisquery, std::string("$uuid"), user->uuid); + + Module* HashMod = ServerInstance->Modules->Find("m_md5.so"); + + if (HashMod) { - if (password[q] == '\'') - { - temp = temp + "\'"; - } - else if (password[q] == '"') - { - temp = temp + "\\\""; - } - else temp = temp + password[q]; + HashResetRequest(this, HashMod).Send(); + SearchAndReplace(thisquery, std::string("$md5pass"), std::string(HashSumRequest(this, HashMod, user->password).Send())); } - password = temp; - - // Create a request containing the SQL query and send it to m_sql.so - std::string querystr("SELECT * FROM "+usertable+" WHERE "+userfield+"='"+username+"' AND "+passfield+"="+encryption+"('"+password+"')"); - - Srv->Log(DEBUG, "m_sqlauth.so: Query: " + querystr); - - SQLRequest* query = new SQLRequest(SQL_RESULT,dbid,querystr); - Request queryrequest((char*)query, this, SQLModule); - SQLResult* result = (SQLResult*)queryrequest.Send(); - - // Did we get "OK" as a result? - if (result->GetType() == SQL_OK) + + HashMod = ServerInstance->Modules->Find("m_sha256.so"); + + if (HashMod) + { + HashResetRequest(this, HashMod).Send(); + SearchAndReplace(thisquery, std::string("$sha256pass"), std::string(HashSumRequest(this, HashMod, user->password).Send())); + } + + /* Build the query */ + SQLrequest req = SQLrequest(this, SQLprovider, databaseid, SQLquery(thisquery)); + + if(req.Send()) + { + /* When we get the query response from the service provider we will be given an ID to play with, + * just an ID number which is unique to this query. We need a way of associating that ID with a User + * so we insert it into a map mapping the IDs to users. + * Thankfully m_sqlutils provides this, it will associate a ID with a user or channel, and if the user quits it removes the + * association. This means that if the user quits during a query we will just get a failed lookup from m_sqlutils - telling + * us to discard the query. + */ + AssociateUser(this, SQLutils, req.id, user).Send(); + + return true; + } + else { - log(DEBUG, "m_sqlauth.so: Query OK"); - - // if we did, this means we may now request a row... there should be only one row for each user, so, - // we don't need to loop to fetch multiple rows. - SQLRequest* rowrequest = new SQLRequest(SQL_ROW,dbid,""); - Request rowquery((char*)rowrequest, this, SQLModule); - SQLResult* rowresult = (SQLResult*)rowquery.Send(); - - // did we get a row? If we did, we can now do something with the fields - if (rowresult->GetType() == SQL_ROW) + if (verbose) + ServerInstance->SNO->WriteGlobalSno('a', "Forbidden connection from %s!%s@%s (SQL query failed: %s)", user->nick.c_str(), user->ident.c_str(), user->host.c_str(), req.error.Str()); + return false; + } + } + + virtual const char* OnRequest(Request* request) + { + if(strcmp(SQLRESID, request->GetId()) == 0) + { + SQLresult* res = static_cast(request); + + User* user = GetAssocUser(this, SQLutils, res->id).S().user; + UnAssociate(this, SQLutils, res->id).S(); + + if(user) { - log(DEBUG, "m_sqlauth.so: Got row...user '%s'", rowresult->GetField(userfield).c_str()); - - if (rowresult->GetField(userfield) == username) + if(res->error.Id() == SQL_NO_ERROR) { - log(DEBUG, "m_sqlauth.so: Got correct user..."); - // because the query directly asked for the password hash, we do not need to check it - - // if it didnt match it wont be returned in the first place from the SELECT. - // This just checks we didnt get an empty row by accident. - found = true; + if(res->Rows()) + { + /* We got a row in the result, this is enough really */ + user->Extend("sqlauthed"); + } + else if (verbose) + { + /* No rows in result, this means there was no record matching the user */ + ServerInstance->SNO->WriteGlobalSno('a', "Forbidden connection from %s!%s@%s (SQL query returned no matches)", user->nick.c_str(), user->ident.c_str(), user->host.c_str()); + user->Extend("sqlauth_failed"); + } + } + else if (verbose) + { + ServerInstance->SNO->WriteGlobalSno('a', "Forbidden connection from %s!%s@%s (SQL query failed: %s)", user->nick.c_str(), user->ident.c_str(), user->host.c_str(), res->error.Str()); + user->Extend("sqlauth_failed"); } } else { - log(DEBUG, "m_sqlauth.so: Couldn't find row"); - // we didn't have a row. - found = false; + return NULL; } - - delete rowrequest; - delete rowresult; - } - else - { - log(DEBUG, "m_sqlauth.so: Query failed"); - // the query was bad - found = false; + + if (!user->GetExt("sqlauthed")) + { + ServerInstance->Users->QuitUser(user, killreason); + } + return SQLSUCCESS; } - - query->SetQueryType(SQL_DONE); - query->SetConnID(dbid); - Request donerequest((char*)query, this, SQLModule); - donerequest.Send(); - - delete query; - delete result; - - return found; + return NULL; } - virtual ~ModuleSQLAuth() - { - } - - virtual Version GetVersion() + virtual void OnUserDisconnect(User* user) { - return Version(1,0,0,2,VF_VENDOR); + user->Shrink("sqlauthed"); + user->Shrink("sqlauth_failed"); } - -}; -class ModuleSQLAuthFactory : public ModuleFactory -{ - public: - ModuleSQLAuthFactory() + virtual bool OnCheckReady(User* user) { + return user->GetExt("sqlauthed"); } - - ~ModuleSQLAuthFactory() - { - } - - virtual Module * CreateModule(Server* Me) + + virtual Version GetVersion() { - return new ModuleSQLAuth(Me); + return Version("$Id$", VF_VENDOR, API_VERSION); } - -}; +}; -extern "C" void * init_module( void ) -{ - return new ModuleSQLAuthFactory; -} - +MODULE_INIT(ModuleSQLAuth)