1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
|
/* +------------------------------------+
* | Inspire Internet Relay Chat Daemon |
* +------------------------------------+
*
* InspIRCd is copyright (C) 2002-2004 ChatSpike-Dev.
* E-mail:
* <brain@chatspike.net>
* <Craig@chatspike.net>
* <omster@gmail.com>
*
* Written by Craig Edwards, Craig McLure, and others.
* This program is free but copyrighted software; see
* the file COPYING for details.
*
* ---------------------------------------------------
*/
#include <string>
#include <map>
#include "users.h"
#include "channels.h"
#include "modules.h"
#include "inspircd.h"
#include "helperfuncs.h"
#include "m_sqlv2.h"
/* $ModDesc: Allow/Deny connections based upon an arbitary SQL table */
typedef std::map<unsigned int, userrec*> QueryUserMap;
class ModuleSQLAuth : public Module
{
Server* Srv;
std::string usertable;
std::string userfield;
std::string passfield;
std::string encryption;
std::string killreason;
std::string allowpattern;
std::string databaseid;
bool verbose;
QueryUserMap qumap;
public:
ModuleSQLAuth(Server* Me)
: Module::Module(Me)
{
Srv = Me;
OnRehash("");
}
void Implements(char* List)
{
List[I_OnUserDisconnect] = List[I_OnCheckReady] = List[I_OnRequest] = List[I_OnRehash] = List[I_OnUserRegister] = 1;
}
virtual void OnRehash(const std::string ¶meter)
{
ConfigReader Conf;
usertable = Conf.ReadValue("sqlauth", "usertable", 0); /* User table name */
databaseid = Conf.ReadValue("sqlauth", "dbid", 0); /* Database ID, given to the SQL service provider */
userfield = Conf.ReadValue("sqlauth", "userfield", 0); /* Field name where username can be found */
passfield = Conf.ReadValue("sqlauth", "passfield", 0); /* Field name where password can be found */
killreason = Conf.ReadValue("sqlauth", "killreason", 0); /* Reason to give when access is denied to a user (put your reg details here) */
allowpattern= Conf.ReadValue("sqlauth", "allowpattern",0 ); /* Allow nicks matching this pattern without requiring auth */
encryption = Conf.ReadValue("sqlauth", "encryption", 0); /* Name of sql function used to encrypt password, e.g. "md5" or "passwd".
* define, but leave blank if no encryption is to be used.
*/
verbose = Conf.ReadFlag("sqlauth", "verbose", 0); /* Set to true if failed connects should be reported to operators */
if (encryption.find("(") == std::string::npos)
{
encryption.append("(");
}
}
virtual void OnUserRegister(userrec* user)
{
if ((allowpattern != "") && (Srv->MatchText(user->nick,allowpattern)))
return;
if (!CheckCredentials(user))
{
Srv->QuitUser(user,killreason);
}
}
bool CheckCredentials(userrec* user)
{
bool found;
Module* target;
found = false;
target = Srv->FindFeature("SQL");
if(target)
{
SQLrequest req = SQLreq(this, target, databaseid, "SELECT ? FROM ? WHERE ? = '?' AND ? = ?'?')", userfield, usertable, userfield, user->nick, passfield, encryption, user->password);
if(req.Send())
{
/* When we get the query response from the service provider we will be given an ID to play with,
* just an ID number which is unique to this query. We need a way of associating that ID with a userrec
* so we insert it into a map mapping the IDs to users.
* This isn't quite enough though, as if the user quit while the query was in progress then when the result
* came to be processed we'd get an invalid userrec* out of the map. Now we *could* solve this by watching
* OnUserDisconnect() and iterating the map every time someone quits to make sure they didn't have any queries
* in progress, but that would be relatively slow and inefficient. Instead (thanks to w00t ;p) we attach a list
* of query IDs associated with it to the userrec, so in OnUserDisconnect() we can remove it immediately.
*/
log(DEBUG, "Sent query, got given ID %lu", req.id);
qumap.insert(std::make_pair(req.id, user));
if(!user->Extend("sqlauth_queryid", new unsigned long(req.id)))
{
log(DEBUG, "BUG: user being sqlauth'd already extended with 'sqlauth_queryid' :/");
}
return true;
}
else
{
log(DEBUG, "SQLrequest failed: %s", req.error.Str());
if (verbose)
WriteOpers("Forbidden connection from %s!%s@%s (SQL query failed: %s)", user->nick, user->ident, user->host, req.error.Str());
return false;
}
}
else
{
log(SPARSE, "WARNING: Couldn't find SQL provider module. NOBODY will be allowed to connect until it comes back unless they match an exception");
return false;
}
}
virtual char* OnRequest(Request* request)
{
if(strcmp(SQLRESID, request->GetData()) == 0)
{
SQLresult* res;
QueryUserMap::iterator iter;
res = static_cast<SQLresult*>(request);
log(DEBUG, "Got SQL result (%s) with ID %lu", res->GetData(), res->id);
iter = qumap.find(res->id);
if(iter != qumap.end())
{
userrec* user;
unsigned long* id;
user = iter->second;
/* Remove our ID from the lookup table to keep it as small and neat as possible */
qumap.erase(iter);
/* Cleanup the userrec, no point leaving this here */
if(user->GetExt("sqlauth_queryid", id))
{
user->Shrink("sqlauth_queryid");
delete id;
}
if(res->error.Id() == NO_ERROR)
{
log(DEBUG, "Associated query ID %lu with user %s", res->id, user->nick);
log(DEBUG, "Got result with %d rows and %d columns", res->Rows(), res->Cols());
if(res->Rows())
{
/* We got a row in the result, this is enough really */
user->Extend("sqlauthed");
}
else if (verbose)
{
/* No rows in result, this means there was no record matching the user */
WriteOpers("Forbidden connection from %s!%s@%s (SQL query returned no matches)", user->nick, user->ident, user->host);
user->Extend("sqlauth_failed");
}
}
else if (verbose)
{
log(DEBUG, "Query failed: %s", res->error.Str());
WriteOpers("Forbidden connection from %s!%s@%s (SQL query failed: %s)", user->nick, user->ident, user->host, res->error.Str());
user->Extend("sqlauth_failed");
}
}
else
{
log(DEBUG, "Got query with unknown ID, this probably means the user quit while the query was in progress");
}
return SQLSUCCESS;
}
log(DEBUG, "Got unsupported API version string: %s", request->GetData());
return NULL;
}
virtual void OnUserDisconnect(userrec* user)
{
unsigned long* id;
if(user->GetExt("sqlauth_queryid", id))
{
QueryUserMap::iterator iter;
iter = qumap.find(*id);
if(iter != qumap.end())
{
if(iter->second == user)
{
qumap.erase(iter);
log(DEBUG, "Erased query from map associated with quitting user %s", user->nick);
}
else
{
log(DEBUG, "BUG: ID associated with user %s doesn't have the same userrec* associated with it in the map");
}
}
else
{
log(DEBUG, "BUG: user %s was extended with sqlauth_queryid but there was nothing matching in the map", user->nick);
}
user->Shrink("sqlauth_queryid");
delete id;
}
user->Shrink("sqlauthed");
user->Shrink("sqlauth_failed");
}
virtual bool OnCheckReady(userrec* user)
{
if(user->GetExt("sqlauth_failed"))
{
Srv->QuitUser(user,killreason);
}
return user->GetExt("sqlauthed");
}
virtual ~ModuleSQLAuth()
{
}
virtual Version GetVersion()
{
return Version(1,0,1,0,VF_VENDOR);
}
};
class ModuleSQLAuthFactory : public ModuleFactory
{
public:
ModuleSQLAuthFactory()
{
}
~ModuleSQLAuthFactory()
{
}
virtual Module * CreateModule(Server* Me)
{
return new ModuleSQLAuth(Me);
}
};
extern "C" void * init_module( void )
{
return new ModuleSQLAuthFactory;
}
|
