X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_sqlauth.cpp;h=4e8b178b94e65ea67855e1d8ca451a33172a362f;hb=f2cdf27dd9c45f91f4184b81ea3b9be7c5d88173;hp=3a446148036a9c8ea30b63c3e9dfee22cc869d08;hpb=ff3eef491aa9e107d09d9dd9560ef7715b37b3b3;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/m_sqlauth.cpp b/src/modules/m_sqlauth.cpp index 3a4461480..4e8b178b9 100644 --- a/src/modules/m_sqlauth.cpp +++ b/src/modules/m_sqlauth.cpp @@ -1,191 +1,168 @@ -/* +------------------------------------+ - * | Inspire Internet Relay Chat Daemon | - * +------------------------------------+ +/* + * InspIRCd -- Internet Relay Chat Daemon * - * InspIRCd: (C) 2002-2009 InspIRCd Development Team - * See: http://wiki.inspircd.org/Credits + * Copyright (C) 2009-2010 Daniel De Graaf * - * This program is free but copyrighted software; see - * the file COPYING for details. + * This file is part of InspIRCd. InspIRCd is free software: you can + * redistribute it and/or modify it under the terms of the GNU General Public + * License as published by the Free Software Foundation, version 2. * - * --------------------------------------------------- + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . */ + #include "inspircd.h" -#include "m_sqlv2.h" -#include "m_sqlutils.h" -#include "m_hash.h" +#include "modules/sql.h" +#include "modules/hash.h" + +/* $ModDesc: Allow/Deny connections based upon an arbitrary SQL table */ + +enum AuthState { + AUTH_STATE_NONE = 0, + AUTH_STATE_BUSY = 1, + AUTH_STATE_FAIL = 2 +}; + +class AuthQuery : public SQLQuery +{ + public: + const std::string uid; + LocalIntExt& pendingExt; + bool verbose; + AuthQuery(Module* me, const std::string& u, LocalIntExt& e, bool v) + : SQLQuery(me), uid(u), pendingExt(e), verbose(v) + { + } + + void OnResult(SQLResult& res) CXX11_OVERRIDE + { + User* user = ServerInstance->FindNick(uid); + if (!user) + return; + if (res.Rows()) + { + pendingExt.set(user, AUTH_STATE_NONE); + } + else + { + if (verbose) + ServerInstance->SNO->WriteGlobalSno('a', "Forbidden connection from %s (SQL query returned no matches)", user->GetFullRealHost().c_str()); + pendingExt.set(user, AUTH_STATE_FAIL); + } + } -/* $ModDesc: Allow/Deny connections based upon an arbitary SQL table */ -/* $ModDep: m_sqlv2.h m_sqlutils.h m_hash.h */ + void OnError(SQLerror& error) CXX11_OVERRIDE + { + User* user = ServerInstance->FindNick(uid); + if (!user) + return; + pendingExt.set(user, AUTH_STATE_FAIL); + if (verbose) + ServerInstance->SNO->WriteGlobalSno('a', "Forbidden connection from %s (SQL query failed: %s)", user->GetFullRealHost().c_str(), error.Str()); + } +}; class ModuleSQLAuth : public Module { - LocalIntExt sqlAuthed; - Module* SQLutils; - Module* SQLprovider; + LocalIntExt pendingExt; + dynamic_reference SQL; std::string freeformquery; std::string killreason; std::string allowpattern; - std::string databaseid; - bool verbose; -public: - ModuleSQLAuth() : sqlAuthed("sqlauth", this) + public: + ModuleSQLAuth() : pendingExt("sqlauth-wait", this), SQL(this, "SQL") { - ServerInstance->Modules->UseInterface("SQLutils"); - ServerInstance->Modules->UseInterface("SQL"); - - SQLutils = ServerInstance->Modules->Find("m_sqlutils.so"); - if (!SQLutils) - throw ModuleException("Can't find m_sqlutils.so. Please load m_sqlutils.so before m_sqlauth.so."); - - SQLprovider = ServerInstance->Modules->FindFeature("SQL"); - if (!SQLprovider) - throw ModuleException("Can't find an SQL provider module. Please load one before attempting to load m_sqlauth."); + } + void init() CXX11_OVERRIDE + { + ServerInstance->Modules->AddService(pendingExt); OnRehash(NULL); - Implementation eventlist[] = { I_OnUserDisconnect, I_OnCheckReady, I_OnRehash, I_OnUserRegister }; - ServerInstance->Modules->Attach(eventlist, this, 4); + Implementation eventlist[] = { I_OnCheckReady, I_OnRehash, I_OnUserRegister }; + ServerInstance->Modules->Attach(eventlist, this, sizeof(eventlist)/sizeof(Implementation)); } - virtual ~ModuleSQLAuth() + void OnRehash(User* user) CXX11_OVERRIDE { - ServerInstance->Modules->DoneWithInterface("SQL"); - ServerInstance->Modules->DoneWithInterface("SQLutils"); + ConfigTag* conf = ServerInstance->Config->ConfValue("sqlauth"); + std::string dbid = conf->getString("dbid"); + if (dbid.empty()) + SQL.SetProvider("SQL"); + else + SQL.SetProvider("SQL/" + dbid); + freeformquery = conf->getString("query"); + killreason = conf->getString("killreason"); + allowpattern = conf->getString("allowpattern"); + verbose = conf->getBool("verbose"); } - - void OnRehash(User* user) + ModResult OnUserRegister(LocalUser* user) CXX11_OVERRIDE { - ConfigReader Conf; + // Note this is their initial (unresolved) connect block + ConfigTag* tag = user->MyClass->config; + if (!tag->getBool("usesqlauth", true)) + return MOD_RES_PASSTHRU; - databaseid = Conf.ReadValue("sqlauth", "dbid", 0); /* Database ID, given to the SQL service provider */ - freeformquery = Conf.ReadValue("sqlauth", "query", 0); /* Field name where username can be found */ - killreason = Conf.ReadValue("sqlauth", "killreason", 0); /* Reason to give when access is denied to a user (put your reg details here) */ - allowpattern = Conf.ReadValue("sqlauth", "allowpattern",0 ); /* Allow nicks matching this pattern without requiring auth */ - verbose = Conf.ReadFlag("sqlauth", "verbose", 0); /* Set to true if failed connects should be reported to operators */ - } + if (!allowpattern.empty() && InspIRCd::Match(user->nick,allowpattern)) + return MOD_RES_PASSTHRU; - ModResult OnUserRegister(LocalUser* user) - { - if ((!allowpattern.empty()) && (InspIRCd::Match(user->nick,allowpattern))) - { - sqlAuthed.set(user, 1); + if (pendingExt.get(user)) return MOD_RES_PASSTHRU; - } - if (!CheckCredentials(user)) + if (!SQL) { + ServerInstance->SNO->WriteGlobalSno('a', "Forbiding connection from %s (SQL database not present)", user->GetFullRealHost().c_str()); ServerInstance->Users->QuitUser(user, killreason); - return MOD_RES_DENY; + return MOD_RES_PASSTHRU; } - return MOD_RES_PASSTHRU; - } - - bool CheckCredentials(LocalUser* user) - { - std::string thisquery = freeformquery; - std::string safepass = user->password; - std::string safegecos = user->fullname; - /* Search and replace the escaped nick and escaped pass into the query */ + pendingExt.set(user, AUTH_STATE_BUSY); - SearchAndReplace(safepass, std::string("\""), std::string("\\\"")); - SearchAndReplace(safegecos, std::string("\""), std::string("\\\"")); + ParamM userinfo; + SQL->PopulateUserInfo(user, userinfo); + userinfo["pass"] = user->password; - SearchAndReplace(thisquery, std::string("$nick"), user->nick); - SearchAndReplace(thisquery, std::string("$pass"), safepass); - SearchAndReplace(thisquery, std::string("$host"), user->host); - SearchAndReplace(thisquery, std::string("$ip"), std::string(user->GetIPString())); - SearchAndReplace(thisquery, std::string("$gecos"), safegecos); - SearchAndReplace(thisquery, std::string("$ident"), user->ident); - SearchAndReplace(thisquery, std::string("$server"), std::string(user->server)); - SearchAndReplace(thisquery, std::string("$uuid"), user->uuid); + HashProvider* md5 = ServerInstance->Modules->FindDataService("hash/md5"); + if (md5) + userinfo["md5pass"] = md5->hexsum(user->password); - Module* HashMod = ServerInstance->Modules->Find("m_md5.so"); + HashProvider* sha256 = ServerInstance->Modules->FindDataService("hash/sha256"); + if (sha256) + userinfo["sha256pass"] = sha256->hexsum(user->password); - if (HashMod) - { - SearchAndReplace(thisquery, std::string("$md5pass"), HashRequest(this, HashMod, user->password).hex()); - } + SQL->submit(new AuthQuery(this, user->uuid, pendingExt, verbose), freeformquery, userinfo); - HashMod = ServerInstance->Modules->Find("m_sha256.so"); - - if (HashMod) - { - SearchAndReplace(thisquery, std::string("$sha256pass"), HashRequest(this, HashMod, user->password).hex()); - } - - /* Build the query */ - SQLrequest req = SQLrequest(this, SQLprovider, databaseid, SQLquery(thisquery)); - - req.Send(); - /* When we get the query response from the service provider we will be given an ID to play with, - * just an ID number which is unique to this query. We need a way of associating that ID with a User - * so we insert it into a map mapping the IDs to users. - * Thankfully m_sqlutils provides this, it will associate a ID with a user or channel, and if the user quits it removes the - * association. This means that if the user quits during a query we will just get a failed lookup from m_sqlutils - telling - * us to discard the query. - */ - AssociateUser(this, SQLutils, req.id, user).Send(); - - return true; + return MOD_RES_PASSTHRU; } - void OnRequest(Request& request) + ModResult OnCheckReady(LocalUser* user) CXX11_OVERRIDE { - if(strcmp(SQLRESID, request.id) == 0) + switch (pendingExt.get(user)) { - SQLresult* res = static_cast(&request); - - User* user = GetAssocUser(this, SQLutils, res->id).S().user; - UnAssociate(this, SQLutils, res->id).S(); - - if(user) - { - if(res->error.Id() == SQL_NO_ERROR) - { - if(res->Rows()) - { - /* We got a row in the result, this is enough really */ - sqlAuthed.set(user, 1); - } - else if (verbose) - { - /* No rows in result, this means there was no record matching the user */ - ServerInstance->SNO->WriteGlobalSno('a', "Forbidden connection from %s!%s@%s (SQL query returned no matches)", user->nick.c_str(), user->ident.c_str(), user->host.c_str()); - } - } - else if (verbose) - { - ServerInstance->SNO->WriteGlobalSno('a', "Forbidden connection from %s!%s@%s (SQL query failed: %s)", user->nick.c_str(), user->ident.c_str(), user->host.c_str(), res->error.Str()); - } - } - else - { - return; - } - - if (!sqlAuthed.get(user)) - { + case AUTH_STATE_NONE: + return MOD_RES_PASSTHRU; + case AUTH_STATE_BUSY: + return MOD_RES_DENY; + case AUTH_STATE_FAIL: ServerInstance->Users->QuitUser(user, killreason); - } + return MOD_RES_DENY; } + return MOD_RES_PASSTHRU; } - ModResult OnCheckReady(LocalUser* user) - { - return sqlAuthed.get(user) ? MOD_RES_PASSTHRU : MOD_RES_DENY; - } - - Version GetVersion() + Version GetVersion() CXX11_OVERRIDE { - return Version("Allow/Deny connections based upon an arbitary SQL table", VF_VENDOR); + return Version("Allow/Deny connections based upon an arbitrary SQL table", VF_VENDOR); } - }; MODULE_INIT(ModuleSQLAuth)