X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_sqlauth.cpp;h=df97145be95d51744ae1588b127e0bd38a521e6e;hb=4c751dbbe8945e5efc230a59b0ed51c2ba10cf92;hp=6763e82145d512736be922873d565dc08d34b6fb;hpb=67a4a9b62355ea57a2f4521ca5fc53bd4eac3a1f;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/m_sqlauth.cpp b/src/modules/m_sqlauth.cpp index 6763e8214..df97145be 100644 --- a/src/modules/m_sqlauth.cpp +++ b/src/modules/m_sqlauth.cpp @@ -1,191 +1,168 @@ -/* +------------------------------------+ - * | Inspire Internet Relay Chat Daemon | - * +------------------------------------+ +/* + * InspIRCd -- Internet Relay Chat Daemon * - * InspIRCd: (C) 2002-2009 InspIRCd Development Team - * See: http://wiki.inspircd.org/Credits + * Copyright (C) 2009-2010 Daniel De Graaf * - * This program is free but copyrighted software; see - * the file COPYING for details. + * This file is part of InspIRCd. InspIRCd is free software: you can + * redistribute it and/or modify it under the terms of the GNU General Public + * License as published by the Free Software Foundation, version 2. * - * --------------------------------------------------- + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . */ + #include "inspircd.h" -#include "m_sqlv2.h" -#include "m_sqlutils.h" -#include "m_hash.h" +#include "sql.h" +#include "hash.h" + +/* $ModDesc: Allow/Deny connections based upon an arbitrary SQL table */ + +enum AuthState { + AUTH_STATE_NONE = 0, + AUTH_STATE_BUSY = 1, + AUTH_STATE_FAIL = 2 +}; + +class AuthQuery : public SQLQuery +{ + public: + const std::string uid; + LocalIntExt& pendingExt; + bool verbose; + AuthQuery(Module* me, const std::string& u, LocalIntExt& e, bool v) + : SQLQuery(me), uid(u), pendingExt(e), verbose(v) + { + } + + void OnResult(SQLResult& res) + { + User* user = ServerInstance->FindNick(uid); + if (!user) + return; + if (res.Rows()) + { + pendingExt.set(user, AUTH_STATE_NONE); + } + else + { + if (verbose) + ServerInstance->SNO->WriteGlobalSno('a', "Forbidden connection from %s (SQL query returned no matches)", user->GetFullRealHost().c_str()); + pendingExt.set(user, AUTH_STATE_FAIL); + } + } -/* $ModDesc: Allow/Deny connections based upon an arbitary SQL table */ -/* $ModDep: m_sqlv2.h m_sqlutils.h m_hash.h */ + void OnError(SQLerror& error) + { + User* user = ServerInstance->FindNick(uid); + if (!user) + return; + pendingExt.set(user, AUTH_STATE_FAIL); + if (verbose) + ServerInstance->SNO->WriteGlobalSno('a', "Forbidden connection from %s (SQL query failed: %s)", user->GetFullRealHost().c_str(), error.Str()); + } +}; class ModuleSQLAuth : public Module { - LocalIntExt sqlAuthed; - Module* SQLutils; - Module* SQLprovider; + LocalIntExt pendingExt; + dynamic_reference SQL; std::string freeformquery; std::string killreason; std::string allowpattern; - std::string databaseid; - bool verbose; -public: - ModuleSQLAuth() : sqlAuthed("sqlauth", this) + public: + ModuleSQLAuth() : pendingExt("sqlauth-wait", this), SQL(this, "SQL") { - ServerInstance->Modules->UseInterface("SQLutils"); - ServerInstance->Modules->UseInterface("SQL"); - - SQLutils = ServerInstance->Modules->Find("m_sqlutils.so"); - if (!SQLutils) - throw ModuleException("Can't find m_sqlutils.so. Please load m_sqlutils.so before m_sqlauth.so."); - - SQLprovider = ServerInstance->Modules->FindFeature("SQL"); - if (!SQLprovider) - throw ModuleException("Can't find an SQL provider module. Please load one before attempting to load m_sqlauth."); - - OnRehash(NULL); - Implementation eventlist[] = { I_OnUserDisconnect, I_OnCheckReady, I_OnRehash, I_OnUserRegister }; - ServerInstance->Modules->Attach(eventlist, this, 4); } - virtual ~ModuleSQLAuth() + void init() { - ServerInstance->Modules->DoneWithInterface("SQL"); - ServerInstance->Modules->DoneWithInterface("SQLutils"); + ServerInstance->Modules->AddService(pendingExt); + OnRehash(NULL); + Implementation eventlist[] = { I_OnCheckReady, I_OnRehash, I_OnUserRegister }; + ServerInstance->Modules->Attach(eventlist, this, sizeof(eventlist)/sizeof(Implementation)); } - void OnRehash(User* user) { - ConfigReader Conf; - - databaseid = Conf.ReadValue("sqlauth", "dbid", 0); /* Database ID, given to the SQL service provider */ - freeformquery = Conf.ReadValue("sqlauth", "query", 0); /* Field name where username can be found */ - killreason = Conf.ReadValue("sqlauth", "killreason", 0); /* Reason to give when access is denied to a user (put your reg details here) */ - allowpattern = Conf.ReadValue("sqlauth", "allowpattern",0 ); /* Allow nicks matching this pattern without requiring auth */ - verbose = Conf.ReadFlag("sqlauth", "verbose", 0); /* Set to true if failed connects should be reported to operators */ + ConfigTag* conf = ServerInstance->Config->ConfValue("sqlauth"); + std::string dbid = conf->getString("dbid"); + if (dbid.empty()) + SQL.SetProvider("SQL"); + else + SQL.SetProvider("SQL/" + dbid); + freeformquery = conf->getString("query"); + killreason = conf->getString("killreason"); + allowpattern = conf->getString("allowpattern"); + verbose = conf->getBool("verbose"); } - ModResult OnUserRegister(User* user) + ModResult OnUserRegister(LocalUser* user) { - if ((!allowpattern.empty()) && (InspIRCd::Match(user->nick,allowpattern))) - { - sqlAuthed.set(user, 1); + // Note this is their initial (unresolved) connect block + ConfigTag* tag = user->MyClass->config; + if (!tag->getBool("usesqlauth", true)) return MOD_RES_PASSTHRU; - } - - if (!CheckCredentials(user)) - { - ServerInstance->Users->QuitUser(user, killreason); - return MOD_RES_DENY; - } - return MOD_RES_PASSTHRU; - } - - bool CheckCredentials(User* user) - { - std::string thisquery = freeformquery; - std::string safepass = user->password; - std::string safegecos = user->fullname; - - /* Search and replace the escaped nick and escaped pass into the query */ - - SearchAndReplace(safepass, std::string("\""), std::string("\\\"")); - SearchAndReplace(safegecos, std::string("\""), std::string("\\\"")); - SearchAndReplace(thisquery, std::string("$nick"), user->nick); - SearchAndReplace(thisquery, std::string("$pass"), safepass); - SearchAndReplace(thisquery, std::string("$host"), user->host); - SearchAndReplace(thisquery, std::string("$ip"), std::string(user->GetIPString())); - SearchAndReplace(thisquery, std::string("$gecos"), safegecos); - SearchAndReplace(thisquery, std::string("$ident"), user->ident); - SearchAndReplace(thisquery, std::string("$server"), std::string(user->server)); - SearchAndReplace(thisquery, std::string("$uuid"), user->uuid); + if (!allowpattern.empty() && InspIRCd::Match(user->nick,allowpattern)) + return MOD_RES_PASSTHRU; - Module* HashMod = ServerInstance->Modules->Find("m_md5.so"); + if (pendingExt.get(user)) + return MOD_RES_PASSTHRU; - if (HashMod) + if (!SQL) { - SearchAndReplace(thisquery, std::string("$md5pass"), HashRequest(this, HashMod, user->password).hex()); + ServerInstance->SNO->WriteGlobalSno('a', "Forbiding connection from %s (SQL database not present)", user->GetFullRealHost().c_str()); + ServerInstance->Users->QuitUser(user, killreason); + return MOD_RES_PASSTHRU; } - HashMod = ServerInstance->Modules->Find("m_sha256.so"); + pendingExt.set(user, AUTH_STATE_BUSY); - if (HashMod) - { - SearchAndReplace(thisquery, std::string("$sha256pass"), HashRequest(this, HashMod, user->password).hex()); - } + ParamM userinfo; + SQL->PopulateUserInfo(user, userinfo); + userinfo["pass"] = user->password; + + HashProvider* md5 = ServerInstance->Modules->FindDataService("hash/md5"); + if (md5) + userinfo["md5pass"] = md5->hexsum(user->password); - /* Build the query */ - SQLrequest req = SQLrequest(this, SQLprovider, databaseid, SQLquery(thisquery)); + HashProvider* sha256 = ServerInstance->Modules->FindDataService("hash/sha256"); + if (sha256) + userinfo["sha256pass"] = sha256->hexsum(user->password); - req.Send(); - /* When we get the query response from the service provider we will be given an ID to play with, - * just an ID number which is unique to this query. We need a way of associating that ID with a User - * so we insert it into a map mapping the IDs to users. - * Thankfully m_sqlutils provides this, it will associate a ID with a user or channel, and if the user quits it removes the - * association. This means that if the user quits during a query we will just get a failed lookup from m_sqlutils - telling - * us to discard the query. - */ - AssociateUser(this, SQLutils, req.id, user).Send(); + SQL->submit(new AuthQuery(this, user->uuid, pendingExt, verbose), freeformquery, userinfo); - return true; + return MOD_RES_PASSTHRU; } - void OnRequest(Request& request) + ModResult OnCheckReady(LocalUser* user) { - if(strcmp(SQLRESID, request.id) == 0) + switch (pendingExt.get(user)) { - SQLresult* res = static_cast(&request); - - User* user = GetAssocUser(this, SQLutils, res->id).S().user; - UnAssociate(this, SQLutils, res->id).S(); - - if(user) - { - if(res->error.Id() == SQL_NO_ERROR) - { - if(res->Rows()) - { - /* We got a row in the result, this is enough really */ - sqlAuthed.set(user, 1); - } - else if (verbose) - { - /* No rows in result, this means there was no record matching the user */ - ServerInstance->SNO->WriteGlobalSno('a', "Forbidden connection from %s!%s@%s (SQL query returned no matches)", user->nick.c_str(), user->ident.c_str(), user->host.c_str()); - } - } - else if (verbose) - { - ServerInstance->SNO->WriteGlobalSno('a', "Forbidden connection from %s!%s@%s (SQL query failed: %s)", user->nick.c_str(), user->ident.c_str(), user->host.c_str(), res->error.Str()); - } - } - else - { - return; - } - - if (!sqlAuthed.get(user)) - { + case AUTH_STATE_NONE: + return MOD_RES_PASSTHRU; + case AUTH_STATE_BUSY: + return MOD_RES_DENY; + case AUTH_STATE_FAIL: ServerInstance->Users->QuitUser(user, killreason); - } + return MOD_RES_DENY; } - } - - ModResult OnCheckReady(User* user) - { - return sqlAuthed.get(user) ? MOD_RES_PASSTHRU : MOD_RES_DENY; + return MOD_RES_PASSTHRU; } Version GetVersion() { - return Version("Allow/Deny connections based upon an arbitary SQL table", VF_VENDOR); + return Version("Allow/Deny connections based upon an arbitrary SQL table", VF_VENDOR); } - }; MODULE_INIT(ModuleSQLAuth)