X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fextra%2Fm_sqlauth.cpp;h=7130439e0537ad93e4e3d5a21486b6bb68c425fd;hb=c662a37341e9787ca8c5e553b3d641a19e3b81c8;hp=a079f5003cae686f74a4ed0014bafe4d7fb6d572;hpb=1383dba43e463f292aea094d01f62f355946049d;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/extra/m_sqlauth.cpp b/src/modules/extra/m_sqlauth.cpp index a079f5003..7130439e0 100644 --- a/src/modules/extra/m_sqlauth.cpp +++ b/src/modules/extra/m_sqlauth.cpp @@ -2,185 +2,218 @@ * | Inspire Internet Relay Chat Daemon | * +------------------------------------+ * - * InspIRCd is copyright (C) 2002-2004 ChatSpike-Dev. - * E-mail: - * - * - * - * Written by Craig Edwards, Craig McLure, and others. + * InspIRCd: (C) 2002-2007 InspIRCd Development Team + * See: http://www.inspircd.org/wiki/index.php/Credits + * * This program is free but copyrighted software; see * the file COPYING for details. * * --------------------------------------------------- */ -using namespace std; - -#include #include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include #include "users.h" #include "channels.h" #include "modules.h" #include "inspircd.h" -#include "helperfuncs.h" -#include "m_sql.h" -/* $ModDesc: Allow/Deny connections based upon an arbitary SQL table */ +#include "m_sqlv2.h" +#include "m_sqlutils.h" -Server *Srv; +/* $ModDesc: Allow/Deny connections based upon an arbitary SQL table */ +/* $ModDep: m_sqlv2.h m_sqlutils.h */ class ModuleSQLAuth : public Module { - ConfigReader* Conf; + InspIRCd* Srv; + Module* SQLutils; + Module* SQLprovider; + std::string usertable; std::string userfield; std::string passfield; std::string encryption; std::string killreason; std::string allowpattern; - bool WallOperFail; - unsigned long dbid; - Module* SQLModule; - - public: - bool ReadConfig() + std::string databaseid; + + bool verbose; + +public: + ModuleSQLAuth(InspIRCd* Me) + : Module::Module(Me), Srv(Me) { - Conf = new ConfigReader(); - usertable = Conf->ReadValue("sqlauth","usertable",0); // user table name - dbid = Conf->ReadInteger("sqlauth","dbid",0,true); // database id of a database configured in m_sql (see m_sql config) - userfield = Conf->ReadValue("sqlauth","userfield",0); // field name where username can be found - passfield = Conf->ReadValue("sqlauth","passfield",0); // field name where password can be found - killreason = Conf->ReadValue("sqlauth","killreason",0); // reason to give when access is denied to a user (put your reg details here) - encryption = Conf->ReadValue("sqlauth","encryption",0); // name of sql function used to encrypt password, e.g. "md5" or "passwd". - // define, but leave blank if no encryption is to be used. - WallOperFail = Conf->ReadFlag("sqlauth","verbose",0); // set to 1 if failed connects should be reported to operators - allowpattern = Conf->ReadValue("sqlauth","allowpattern",0); // allow nicks matching the pattern without requiring auth - delete Conf; - SQLModule = Srv->FindModule("m_sql.so"); - if (!SQLModule) - Srv->Log(DEFAULT,"WARNING: m_sqlauth.so could not initialize because m_sql.so is not loaded. Load the module and rehash your server."); - return (SQLModule); + ServerInstance->UseInterface("SQLutils"); + ServerInstance->UseInterface("SQL"); + + SQLutils = ServerInstance->FindModule("m_sqlutils.so"); + if (!SQLutils) + throw ModuleException("Can't find m_sqlutils.so. Please load m_sqlutils.so before m_sqlauth.so."); + + OnRehash(NULL,""); } - ModuleSQLAuth(Server* Me) - : Module::Module(Me) + virtual ~ModuleSQLAuth() { - Srv = Me; - ReadConfig(); + ServerInstance->DoneWithInterface("SQL"); + ServerInstance->DoneWithInterface("SQLutils"); } void Implements(char* List) { - List[I_OnRehash] = List[I_OnUserRegister] = 1; + List[I_OnUserDisconnect] = List[I_OnCheckReady] = List[I_OnRequest] = List[I_OnRehash] = List[I_OnUserRegister] = 1; } - virtual void OnRehash(std::string parameter) + virtual void OnRehash(userrec* user, const std::string ¶meter) { - ReadConfig(); - } + ConfigReader Conf(Srv); + + usertable = Conf.ReadValue("sqlauth", "usertable", 0); /* User table name */ + databaseid = Conf.ReadValue("sqlauth", "dbid", 0); /* Database ID, given to the SQL service provider */ + userfield = Conf.ReadValue("sqlauth", "userfield", 0); /* Field name where username can be found */ + passfield = Conf.ReadValue("sqlauth", "passfield", 0); /* Field name where password can be found */ + killreason = Conf.ReadValue("sqlauth", "killreason", 0); /* Reason to give when access is denied to a user (put your reg details here) */ + allowpattern= Conf.ReadValue("sqlauth", "allowpattern",0 ); /* Allow nicks matching this pattern without requiring auth */ + encryption = Conf.ReadValue("sqlauth", "encryption", 0); /* Name of sql function used to encrypt password, e.g. "md5" or "passwd". + * define, but leave blank if no encryption is to be used. + */ + verbose = Conf.ReadFlag("sqlauth", "verbose", 0); /* Set to true if failed connects should be reported to operators */ + + if (encryption.find("(") == std::string::npos) + { + encryption.append("("); + } + } - virtual void OnUserRegister(userrec* user) + virtual int OnUserRegister(userrec* user) { if ((allowpattern != "") && (Srv->MatchText(user->nick,allowpattern))) - return; + { + user->Extend("sqlauthed"); + return 0; + } - if (!CheckCredentials(user->nick,user->password)) + if (!CheckCredentials(user)) { - if (WallOperFail) - WriteOpers("Forbidden connection from %s!%s@%s (invalid login/password)",user->nick,user->ident,user->host); - Srv->QuitUser(user,killreason); + userrec::QuitUser(Srv,user,killreason); + return 1; } + return 0; } - bool CheckCredentials(std::string username, std::string password) + bool CheckCredentials(userrec* user) { - bool found = false; - - // is the sql module loaded? If not, we don't attempt to do anything. - if (!SQLModule) - return false; - - // sanitize the password (we dont want any mysql insertion exploits!) - std::string temp = ""; - for (unsigned int q = 0; q < password.length(); q++) + Module* target; + + target = Srv->FindFeature("SQL"); + + if(target) { - if (password[q] == '\'') + SQLrequest req = SQLreq(this, target, databaseid, "SELECT ? FROM ? WHERE ? = '?' AND ? = ?'?')", userfield, usertable, userfield, user->nick, passfield, encryption, user->password); + + if(req.Send()) { - temp = temp + "\'"; + /* When we get the query response from the service provider we will be given an ID to play with, + * just an ID number which is unique to this query. We need a way of associating that ID with a userrec + * so we insert it into a map mapping the IDs to users. + * Thankfully m_sqlutils provides this, it will associate a ID with a user or channel, and if the user quits it removes the + * association. This means that if the user quits during a query we will just get a failed lookup from m_sqlutils - telling + * us to discard the query. + */ + ServerInstance->Log(DEBUG, "Sent query, got given ID %lu", req.id); + + AssociateUser(this, SQLutils, req.id, user).Send(); + + return true; } - else if (password[q] == '"') + else { - temp = temp + "\\\""; + ServerInstance->Log(DEBUG, "SQLrequest failed: %s", req.error.Str()); + + if (verbose) + Srv->WriteOpers("Forbidden connection from %s!%s@%s (SQL query failed: %s)", user->nick, user->ident, user->host, req.error.Str()); + + return false; } - else temp = temp + password[q]; } - password = temp; - - // Create a request containing the SQL query and send it to m_sql.so - SQLRequest* query = new SQLRequest(SQL_RESULT,dbid,"SELECT * FROM "+usertable+" WHERE "+userfield+"='"+username+"' AND "+passfield+"="+encryption+"('"+password+"')"); - Request queryrequest((char*)query, this, SQLModule); - SQLResult* result = (SQLResult*)queryrequest.Send(); - - // Did we get "OK" as a result? - if (result->GetType() == SQL_OK) + else { - - // if we did, this means we may now request a row... there should be only one row for each user, so, - // we don't need to loop to fetch multiple rows. - SQLRequest* rowrequest = new SQLRequest(SQL_ROW,dbid,""); - Request rowquery((char*)rowrequest, this, SQLModule); - SQLResult* rowresult = (SQLResult*)rowquery.Send(); - - // did we get a row? If we did, we can now do something with the fields - if (rowresult->GetType() == SQL_ROW) + ServerInstance->Log(SPARSE, "WARNING: Couldn't find SQL provider module. NOBODY will be allowed to connect until it comes back unless they match an exception"); + return false; + } + } + + virtual char* OnRequest(Request* request) + { + if(strcmp(SQLRESID, request->GetId()) == 0) + { + SQLresult* res; + + res = static_cast(request); + + ServerInstance->Log(DEBUG, "Got SQL result (%s) with ID %lu", res->GetId(), res->id); + + userrec* user = GetAssocUser(this, SQLutils, res->id).S().user; + UnAssociate(this, SQLutils, res->id).S(); + + if(user) { - if (rowresult->GetField(userfield) == username) + if(res->error.Id() == NO_ERROR) + { + ServerInstance->Log(DEBUG, "Associated query ID %lu with user %s", res->id, user->nick); + ServerInstance->Log(DEBUG, "Got result with %d rows and %d columns", res->Rows(), res->Cols()); + + if(res->Rows()) + { + /* We got a row in the result, this is enough really */ + user->Extend("sqlauthed"); + } + else if (verbose) + { + /* No rows in result, this means there was no record matching the user */ + Srv->WriteOpers("Forbidden connection from %s!%s@%s (SQL query returned no matches)", user->nick, user->ident, user->host); + user->Extend("sqlauth_failed"); + } + } + else if (verbose) { - // because the query directly asked for the password hash, we do not need to check it - - // if it didnt match it wont be returned in the first place from the SELECT. - // This just checks we didnt get an empty row by accident. - found = true; + ServerInstance->Log(DEBUG, "Query failed: %s", res->error.Str()); + Srv->WriteOpers("Forbidden connection from %s!%s@%s (SQL query failed: %s)", user->nick, user->ident, user->host, res->error.Str()); + user->Extend("sqlauth_failed"); } - delete rowresult; } else { - // we didn't have a row. - found = false; + ServerInstance->Log(DEBUG, "Got query with unknown ID, this probably means the user quit while the query was in progress"); + return NULL; } - delete rowrequest; - delete result; - } - else - { - // the query was bad - found = false; + + if (!user->GetExt("sqlauthed")) + { + userrec::QuitUser(Srv,user,killreason); + } + return SQLSUCCESS; } - query->SetQueryType(SQL_DONE); - query->SetConnID(dbid); - Request donerequest((char*)query, this, SQLModule); - donerequest.Send(); - delete query; - return found; + + ServerInstance->Log(DEBUG, "Got unsupported API version string: %s", request->GetId()); + + return NULL; } - - virtual ~ModuleSQLAuth() + + virtual void OnUserDisconnect(userrec* user) { + user->Shrink("sqlauthed"); + user->Shrink("sqlauth_failed"); } + virtual bool OnCheckReady(userrec* user) + { + return user->GetExt("sqlauthed"); + } + virtual Version GetVersion() { - return Version(1,0,0,1,VF_VENDOR); + return Version(1,1,1,0,VF_VENDOR,API_VERSION); } }; @@ -196,7 +229,7 @@ class ModuleSQLAuthFactory : public ModuleFactory { } - virtual Module * CreateModule(Server* Me) + virtual Module * CreateModule(InspIRCd* Me) { return new ModuleSQLAuth(Me); } @@ -208,4 +241,3 @@ extern "C" void * init_module( void ) { return new ModuleSQLAuthFactory; } -