X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fextra%2Fm_sqlauth.cpp;h=98b0227e5ad3157927e4dac3ace89fdab33c6bc3;hb=2e1f86fd0c9911210b79e6ac346672441eef18c4;hp=48c6c4183d73f716264e2fb6e128039748c45fd1;hpb=4eb2638b4fb1d8ca950280982d67def2e299f55b;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/extra/m_sqlauth.cpp b/src/modules/extra/m_sqlauth.cpp index 48c6c4183..98b0227e5 100644 --- a/src/modules/extra/m_sqlauth.cpp +++ b/src/modules/extra/m_sqlauth.cpp @@ -2,202 +2,192 @@ * | Inspire Internet Relay Chat Daemon | * +------------------------------------+ * - * Inspire is copyright (C) 2002-2004 ChatSpike-Dev. - * E-mail: - * - * - * - * Written by Craig Edwards, Craig McLure, and others. + * InspIRCd: (C) 2002-2007 InspIRCd Development Team + * See: http://www.inspircd.org/wiki/index.php/Credits + * * This program is free but copyrighted software; see * the file COPYING for details. * * --------------------------------------------------- */ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include +#include "inspircd.h" #include "users.h" #include "channels.h" #include "modules.h" -#include "inspircd.h" -#include "m_sql.h" +#include "m_sqlv2.h" +#include "m_sqlutils.h" /* $ModDesc: Allow/Deny connections based upon an arbitary SQL table */ - -Server *Srv; +/* $ModDep: m_sqlv2.h m_sqlutils.h */ class ModuleSQLAuth : public Module { - ConfigReader* Conf; + Module* SQLutils; + Module* SQLprovider; + std::string usertable; std::string userfield; std::string passfield; std::string encryption; std::string killreason; std::string allowpattern; - bool WallOperFail; - unsigned long dbid; - Module* SQLModule; - - public: - bool ReadConfig() + std::string databaseid; + + bool verbose; + +public: + ModuleSQLAuth(InspIRCd* Me) + : Module::Module(Me) { - Conf = new ConfigReader(); - usertable = Conf->ReadValue("sqlauth","usertable",0); // user table name - dbid = Conf->ReadInteger("sqlauth","dbid",0,true); // database id of a database configured in m_sql (see m_sql config) - userfield = Conf->ReadValue("sqlauth","userfield",0); // field name where username can be found - passfield = Conf->ReadValue("sqlauth","passfield",0); // field name where password can be found - killreason = Conf->ReadValue("sqlauth","killreason",0); // reason to give when access is denied to a user (put your reg details here) - encryption = Conf->ReadValue("sqlauth","encryption",0); // name of sql function used to encrypt password, e.g. "md5" or "passwd". - // define, but leave blank if no encryption is to be used. - WallOperFail = Conf->ReadBool("sqlauth","verbose",0); // set to 1 if failed connects should be reported to operators - allowpattern = Conf->ReadValue("sqlauth","allowpattern",0); // allow nicks matching the pattern without requiring auth - delete Conf; - SQLModule = Srv->FindModule("m_sql.so"); - if (!SQLModule) - Srv->Log(DEFAULT,"WARNING: m_sqlauth.so could not initialize because m_sql.so is not loaded. Load the module and rehash your server."); - return (SQLModule); + ServerInstance->Modules->UseInterface("SQLutils"); + ServerInstance->Modules->UseInterface("SQL"); + + SQLutils = ServerInstance->Modules->Find("m_sqlutils.so"); + if (!SQLutils) + throw ModuleException("Can't find m_sqlutils.so. Please load m_sqlutils.so before m_sqlauth.so."); + + SQLprovider = ServerInstance->Modules->FindFeature("SQL"); + if (!SQLprovider) + throw ModuleException("Can't find an SQL provider module. Please load one before attempting to load m_sqlauth."); + + OnRehash(NULL,""); } - ModuleSQLAuth() + virtual ~ModuleSQLAuth() { - Srv = new Server; - ReadConfig(); + ServerInstance->Modules->DoneWithInterface("SQL"); + ServerInstance->Modules->DoneWithInterface("SQLutils"); } - virtual void OnRehash() + void Implements(char* List) { - ReadConfig(); + List[I_OnUserDisconnect] = List[I_OnCheckReady] = List[I_OnRequest] = List[I_OnRehash] = List[I_OnUserRegister] = 1; } - virtual void OnUserRegister(userrec* user) + virtual void OnRehash(User* user, const std::string ¶meter) { - if (allowpattern != "") && (Srv->MatchText(user->nick,allowpattern)) - return; + ConfigReader Conf(ServerInstance); - if (!CheckCredentials(user->nick,user->password)) + usertable = Conf.ReadValue("sqlauth", "usertable", 0); /* User table name */ + databaseid = Conf.ReadValue("sqlauth", "dbid", 0); /* Database ID, given to the SQL service provider */ + userfield = Conf.ReadValue("sqlauth", "userfield", 0); /* Field name where username can be found */ + passfield = Conf.ReadValue("sqlauth", "passfield", 0); /* Field name where password can be found */ + killreason = Conf.ReadValue("sqlauth", "killreason", 0); /* Reason to give when access is denied to a user (put your reg details here) */ + allowpattern= Conf.ReadValue("sqlauth", "allowpattern",0 ); /* Allow nicks matching this pattern without requiring auth */ + encryption = Conf.ReadValue("sqlauth", "encryption", 0); /* Name of sql function used to encrypt password, e.g. "md5" or "passwd". + * define, but leave blank if no encryption is to be used. + */ + verbose = Conf.ReadFlag("sqlauth", "verbose", 0); /* Set to true if failed connects should be reported to operators */ + + if (encryption.find("(") == std::string::npos) { - if (WallOperFail) - WriteOpers("Forbidden connection from %s!%s@%s (invalid login/password)",user->nick,user->ident,user->host); - Srv->QuitUser(user,killreason); + encryption.append("("); } - } + } - bool CheckCredentials(std::string username, std::string password) + virtual int OnUserRegister(User* user) { - bool found = false; - - // is the sql module loaded? If not, we don't attempt to do anything. - if (!SQLModule) - return false; - - // sanitize the password (we dont want any mysql insertion exploits!) - std::string temp = ""; - for (int q = 0; q < password.length(); q++) + if ((!allowpattern.empty()) && (ServerInstance->MatchText(user->nick,allowpattern))) { - if (password[q] == '\'') - { - temp = temp + "\'"; - } - else if (password[q] == '"') - { - temp = temp + "\\\""; - } - else temp = temp + password[q]; + user->Extend("sqlauthed"); + return 0; } - password = temp; - - // Create a request containing the SQL query and send it to m_sql.so - SQLRequest* query = new SQLRequest(SQL_RESULT,dbid,"SELECT * FROM "+usertable+" WHERE "+userfield+"='"+username+"' AND "+passfield+"="+encryption+"('"+password+"')"); - Request queryrequest((char*)query, this, SQLModule); - SQLResult* result = (SQLResult*)queryrequest.Send(); - - // Did we get "OK" as a result? - if (result->GetType() == SQL_OK) + + if (!CheckCredentials(user)) { + User::QuitUser(ServerInstance,user,killreason); + return 1; + } + return 0; + } - // if we did, this means we may now request a row... there should be only one row for each user, so, - // we don't need to loop to fetch multiple rows. - SQLRequest* rowrequest = new SQLRequest(SQL_ROW,dbid,""); - Request rowquery((char*)rowrequest, this, SQLModule); - SQLResult* rowresult = (SQLResult*)rowquery.Send(); + bool CheckCredentials(User* user) + { + SQLrequest req = SQLreq(this, SQLprovider, databaseid, "SELECT ? FROM ? WHERE ? = '?' AND ? = ?'?')", userfield, usertable, userfield, user->nick, passfield, encryption, user->password); + + if(req.Send()) + { + /* When we get the query response from the service provider we will be given an ID to play with, + * just an ID number which is unique to this query. We need a way of associating that ID with a User + * so we insert it into a map mapping the IDs to users. + * Thankfully m_sqlutils provides this, it will associate a ID with a user or channel, and if the user quits it removes the + * association. This means that if the user quits during a query we will just get a failed lookup from m_sqlutils - telling + * us to discard the query. + */ + AssociateUser(this, SQLutils, req.id, user).Send(); + + return true; + } + else + { + if (verbose) + ServerInstance->WriteOpers("Forbidden connection from %s!%s@%s (SQL query failed: %s)", user->nick, user->ident, user->host, req.error.Str()); + return false; + } + } + + virtual char* OnRequest(Request* request) + { + if(strcmp(SQLRESID, request->GetId()) == 0) + { + SQLresult* res = static_cast(request); - // did we get a row? If we did, we can now do something with the fields - if (rowresult->GetType() == SQL_ROW) + User* user = GetAssocUser(this, SQLutils, res->id).S().user; + UnAssociate(this, SQLutils, res->id).S(); + + if(user) { - if (rowresult->GetField(userfield) == username) + if(res->error.Id() == NO_ERROR) + { + if(res->Rows()) + { + /* We got a row in the result, this is enough really */ + user->Extend("sqlauthed"); + } + else if (verbose) + { + /* No rows in result, this means there was no record matching the user */ + ServerInstance->WriteOpers("Forbidden connection from %s!%s@%s (SQL query returned no matches)", user->nick, user->ident, user->host); + user->Extend("sqlauth_failed"); + } + } + else if (verbose) { - // because the query directly asked for the password hash, we do not need to check it - - // if it didnt match it wont be returned in the first place from the SELECT. - // This just checks we didnt get an empty row by accident. - found = true; + ServerInstance->WriteOpers("Forbidden connection from %s!%s@%s (SQL query failed: %s)", user->nick, user->ident, user->host, res->error.Str()); + user->Extend("sqlauth_failed"); } - delete rowresult; } else { - // we didn't have a row. - found = false; + return NULL; } - delete rowrequest; - delete result; - } - else - { - // the query was bad - found = false; - } - query->SetQueryType(SQL_DONE); - query->SetConnID(dbid); - Request donerequest((char*)query, this, SQLModule); - donerequest.Send(); - delete query; - return found; - } - virtual ~ModuleSQLAuth() - { - delete Srv; + if (!user->GetExt("sqlauthed")) + { + User::QuitUser(ServerInstance,user,killreason); + } + return SQLSUCCESS; + } + return NULL; } - virtual Version GetVersion() + virtual void OnUserDisconnect(User* user) { - return Version(1,0,0,1,VF_VENDOR); + user->Shrink("sqlauthed"); + user->Shrink("sqlauth_failed"); } -}; - -class ModuleSQLAuthFactory : public ModuleFactory -{ - public: - ModuleSQLAuthFactory() + virtual bool OnCheckReady(User* user) { + return user->GetExt("sqlauthed"); } - - ~ModuleSQLAuthFactory() - { - } - - virtual Module * CreateModule() + + virtual Version GetVersion() { - return new ModuleSQLAuth; + return Version(1,1,1,0,VF_VENDOR,API_VERSION); } }; - -extern "C" void * init_module( void ) -{ - return new ModuleSQLAuthFactory; -} - +MODULE_INIT(ModuleSQLAuth)