X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_sqlauth.cpp;h=29554b03176533756c3a062c041c7b6379a1700e;hb=a45254ff4c15ca23b03bb2dbd52a6cd3b30c2662;hp=256bf346a8698f610d267224f83efea366dffca2;hpb=83454575bcdc969e73fb9026dc3533dfb22c27a2;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/m_sqlauth.cpp b/src/modules/m_sqlauth.cpp index 256bf346a..29554b031 100644 --- a/src/modules/m_sqlauth.cpp +++ b/src/modules/m_sqlauth.cpp @@ -2,7 +2,7 @@ * | Inspire Internet Relay Chat Daemon | * +------------------------------------+ * - * InspIRCd: (C) 2002-2009 InspIRCd Development Team + * InspIRCd: (C) 2002-2010 InspIRCd Development Team * See: http://wiki.inspircd.org/Credits * * This program is free but copyrighted software; see @@ -12,192 +12,142 @@ */ #include "inspircd.h" -#include "m_sqlv2.h" -#include "m_sqlutils.h" -#include "m_hash.h" +#include "sql.h" +#include "hash.h" /* $ModDesc: Allow/Deny connections based upon an arbitary SQL table */ -/* $ModDep: m_sqlv2.h m_sqlutils.h m_hash.h */ + +enum AuthState { + AUTH_STATE_NONE = 0, + AUTH_STATE_BUSY = 1, + AUTH_STATE_FAIL = 2 +}; + +class AuthQuery : public SQLQuery +{ + public: + const std::string uid; + LocalIntExt& pendingExt; + bool verbose; + AuthQuery(Module* me, const std::string& u, LocalIntExt& e, bool v) + : SQLQuery(me), uid(u), pendingExt(e), verbose(v) + { + } + + void OnResult(SQLResult& res) + { + User* user = ServerInstance->FindNick(uid); + if (!user) + return; + if (res.Rows()) + { + pendingExt.set(user, AUTH_STATE_NONE); + } + else + { + if (verbose) + ServerInstance->SNO->WriteGlobalSno('a', "Forbidden connection from %s!%s@%s (SQL query returned no matches)", user->nick.c_str(), user->ident.c_str(), user->host.c_str()); + pendingExt.set(user, AUTH_STATE_FAIL); + } + } + + void OnError(SQLerror& error) + { + User* user = ServerInstance->FindNick(uid); + if (!user) + return; + pendingExt.set(user, AUTH_STATE_FAIL); + if (verbose) + ServerInstance->SNO->WriteGlobalSno('a', "Forbidden connection from %s!%s@%s (SQL query failed: %s)", user->nick.c_str(), user->ident.c_str(), user->host.c_str(), error.Str()); + } +}; class ModuleSQLAuth : public Module { - LocalIntExt sqlAuthed; - Module* SQLutils; - Module* SQLprovider; + LocalIntExt pendingExt; + dynamic_reference SQL; std::string freeformquery; std::string killreason; std::string allowpattern; - std::string databaseid; - bool verbose; -public: - ModuleSQLAuth() : sqlAuthed("sqlauth", this) + public: + ModuleSQLAuth() : pendingExt("sqlauth-wait", this), SQL(this, "SQL") { - ServerInstance->Modules->UseInterface("SQLutils"); - ServerInstance->Modules->UseInterface("SQL"); - - SQLutils = ServerInstance->Modules->Find("m_sqlutils.so"); - if (!SQLutils) - throw ModuleException("Can't find m_sqlutils.so. Please load m_sqlutils.so before m_sqlauth.so."); - - SQLprovider = ServerInstance->Modules->FindFeature("SQL"); - if (!SQLprovider) - throw ModuleException("Can't find an SQL provider module. Please load one before attempting to load m_sqlauth."); - - OnRehash(NULL); - Implementation eventlist[] = { I_OnUserDisconnect, I_OnCheckReady, I_OnRequest, I_OnRehash, I_OnUserRegister }; - ServerInstance->Modules->Attach(eventlist, this, 5); } - virtual ~ModuleSQLAuth() + void init() { - ServerInstance->Modules->DoneWithInterface("SQL"); - ServerInstance->Modules->DoneWithInterface("SQLutils"); + ServerInstance->Modules->AddService(pendingExt); + OnRehash(NULL); + Implementation eventlist[] = { I_OnUserDisconnect, I_OnCheckReady, I_OnRehash, I_OnUserRegister }; + ServerInstance->Modules->Attach(eventlist, this, 4); } - void OnRehash(User* user) { ConfigReader Conf; - databaseid = Conf.ReadValue("sqlauth", "dbid", 0); /* Database ID, given to the SQL service provider */ + SQL.SetProvider("SQL/" + Conf.ReadValue("sqlauth", "dbid", 0)); /* Database ID, given to the SQL service provider */ freeformquery = Conf.ReadValue("sqlauth", "query", 0); /* Field name where username can be found */ killreason = Conf.ReadValue("sqlauth", "killreason", 0); /* Reason to give when access is denied to a user (put your reg details here) */ allowpattern = Conf.ReadValue("sqlauth", "allowpattern",0 ); /* Allow nicks matching this pattern without requiring auth */ verbose = Conf.ReadFlag("sqlauth", "verbose", 0); /* Set to true if failed connects should be reported to operators */ + SQL.lookup(); } - ModResult OnUserRegister(User* user) + ModResult OnUserRegister(LocalUser* user) { - if ((!allowpattern.empty()) && (InspIRCd::Match(user->nick,allowpattern))) - { - sqlAuthed.set(user, 1); + // Note this is their initial (unresolved) connect block + ConfigTag* tag = user->MyClass->config; + if (!tag->getBool("usesqlauth", true)) return MOD_RES_PASSTHRU; - } - - if (!CheckCredentials(user)) - { - ServerInstance->Users->QuitUser(user, killreason); - return MOD_RES_DENY; - } - return MOD_RES_PASSTHRU; - } - - bool CheckCredentials(User* user) - { - std::string thisquery = freeformquery; - std::string safepass = user->password; - std::string safegecos = user->fullname; - /* Search and replace the escaped nick and escaped pass into the query */ + if (!allowpattern.empty() && InspIRCd::Match(user->nick,allowpattern)) + return MOD_RES_PASSTHRU; - SearchAndReplace(safepass, std::string("\""), std::string("\\\"")); - SearchAndReplace(safegecos, std::string("\""), std::string("\\\"")); + if (pendingExt.get(user)) + return MOD_RES_PASSTHRU; - SearchAndReplace(thisquery, std::string("$nick"), user->nick); - SearchAndReplace(thisquery, std::string("$pass"), safepass); - SearchAndReplace(thisquery, std::string("$host"), user->host); - SearchAndReplace(thisquery, std::string("$ip"), std::string(user->GetIPString())); - SearchAndReplace(thisquery, std::string("$gecos"), safegecos); - SearchAndReplace(thisquery, std::string("$ident"), user->ident); - SearchAndReplace(thisquery, std::string("$server"), std::string(user->server)); - SearchAndReplace(thisquery, std::string("$uuid"), user->uuid); + pendingExt.set(user, AUTH_STATE_BUSY); - Module* HashMod = ServerInstance->Modules->Find("m_md5.so"); + ParamM userinfo; + SQL->PopulateUserInfo(user, userinfo); + userinfo["pass"] = user->password; - if (HashMod) - { - HashResetRequest(this, HashMod).Send(); - SearchAndReplace(thisquery, std::string("$md5pass"), std::string(HashSumRequest(this, HashMod, user->password).Send())); - } + HashProvider* md5 = ServerInstance->Modules->FindDataService("hash/md5"); + if (md5) + userinfo["md5pass"] = md5->hexsum(user->password); - HashMod = ServerInstance->Modules->Find("m_sha256.so"); + HashProvider* sha256 = ServerInstance->Modules->FindDataService("hash/sha256"); + if (sha256) + userinfo["sha256pass"] = sha256->hexsum(user->password); - if (HashMod) - { - HashResetRequest(this, HashMod).Send(); - SearchAndReplace(thisquery, std::string("$sha256pass"), std::string(HashSumRequest(this, HashMod, user->password).Send())); - } + SQL->submit(new AuthQuery(this, user->uuid, pendingExt, verbose), freeformquery, userinfo); - /* Build the query */ - SQLrequest req = SQLrequest(this, SQLprovider, databaseid, SQLquery(thisquery)); - - if(req.Send()) - { - /* When we get the query response from the service provider we will be given an ID to play with, - * just an ID number which is unique to this query. We need a way of associating that ID with a User - * so we insert it into a map mapping the IDs to users. - * Thankfully m_sqlutils provides this, it will associate a ID with a user or channel, and if the user quits it removes the - * association. This means that if the user quits during a query we will just get a failed lookup from m_sqlutils - telling - * us to discard the query. - */ - AssociateUser(this, SQLutils, req.id, user).Send(); - - return true; - } - else - { - if (verbose) - ServerInstance->SNO->WriteGlobalSno('a', "Forbidden connection from %s!%s@%s (SQL query failed: %s)", user->nick.c_str(), user->ident.c_str(), user->host.c_str(), req.error.Str()); - return false; - } + return MOD_RES_PASSTHRU; } - virtual const char* OnRequest(Request* request) + ModResult OnCheckReady(LocalUser* user) { - if(strcmp(SQLRESID, request->GetId()) == 0) + switch (pendingExt.get(user)) { - SQLresult* res = static_cast(request); - - User* user = GetAssocUser(this, SQLutils, res->id).S().user; - UnAssociate(this, SQLutils, res->id).S(); - - if(user) - { - if(res->error.Id() == SQL_NO_ERROR) - { - if(res->Rows()) - { - /* We got a row in the result, this is enough really */ - sqlAuthed.set(user, 1); - } - else if (verbose) - { - /* No rows in result, this means there was no record matching the user */ - ServerInstance->SNO->WriteGlobalSno('a', "Forbidden connection from %s!%s@%s (SQL query returned no matches)", user->nick.c_str(), user->ident.c_str(), user->host.c_str()); - } - } - else if (verbose) - { - ServerInstance->SNO->WriteGlobalSno('a', "Forbidden connection from %s!%s@%s (SQL query failed: %s)", user->nick.c_str(), user->ident.c_str(), user->host.c_str(), res->error.Str()); - } - } - else - { - return NULL; - } - - if (!sqlAuthed.get(user)) - { + case AUTH_STATE_NONE: + return MOD_RES_PASSTHRU; + case AUTH_STATE_BUSY: + return MOD_RES_DENY; + case AUTH_STATE_FAIL: ServerInstance->Users->QuitUser(user, killreason); - } - return SQLSUCCESS; + return MOD_RES_DENY; } - return NULL; - } - - ModResult OnCheckReady(User* user) - { - return sqlAuthed.get(user) ? MOD_RES_PASSTHRU : MOD_RES_DENY; + return MOD_RES_PASSTHRU; } Version GetVersion() { - return Version("Allow/Deny connections based upon an arbitary SQL table", VF_VENDOR, API_VERSION); + return Version("Allow/Deny connections based upon an arbitary SQL table", VF_VENDOR); } - }; MODULE_INIT(ModuleSQLAuth)