.

main.py

@@ -0,0 +1,136 @@
+#!/usr/bin/python
+#
+#External auth script for ejabberd that enable auth against MySQL db with
+#use of custom fields and table. It works with argon2i hashed passwords. Python 3
+#Based on iltl. Contact: iltl@free.fr script.
+#Released under GNU GPLv3
+#Author: Humorhenker paul@roteserver.de
+
+########################################################################
+#DB Settings
+########################################################################
+db_name="my_db"
+db_user="my_id"
+db_pass="my_pass"
+db_host="localhost"
+db_table="my_table"
+db_username_field="name"
+db_password_field="pass"
+db_domain_field=""
+########################################################################
+#Setup
+########################################################################
+import sys, logging, struct
+import mysql.connector
+from passlib.hash import argon2
+import config as cfg
+from struct import *
+
+sys.stderr = open('/var/log/ejabberd/extauth_err.log', 'a')
+logging.basicConfig(level=logging.INFO,
+                    format='%(asctime)s %(levelname)s %(message)s',
+                    filename='/var/log/ejabberd/extauth.log',
+                    filemode='a')
+try:
+    mysqlcnx = mysql.connector.connect(user=cfg.mysql['user'], password=cfg.mysql['password'], host='127.0.0.1', database=cfg.mysql['db'])
+except:
+    logging.debug("Unable to initialize database, check settings!")
+cursor = mysqlcnx.cursor()
+logging.info('extauth script started, waiting for ejabberd requests')
+class EjabberdInputError(Exception):
+    def __init__(self, value):
+        self.value = value
+    def __str__(self):
+        return repr(self.value)
+########################################################################
+#Declarations
+########################################################################
+def ejabberd_in():
+		logging.debug("trying to read 2 bytes from ejabberd:")
+		try:
+			input_length = sys.stdin.read(2)
+		except IOError:
+			logging.debug("ioerror")
+		if len(input_length) is not 2:
+			logging.debug("ejabberd sent us wrong things!")
+			raise EjabberdInputError('Wrong input from ejabberd!')
+		logging.debug('got 2 bytes via stdin: %s'%input_length)
+		(size,) = unpack('>h', input_length)
+		logging.debug('size of data: %i'%size)
+		income=sys.stdin.read(size).split(':')
+		logging.debug("incoming data: %s"%income)
+		return income
+def ejabberd_out(bool):
+		logging.debug("Ejabberd gets: %s" % bool)
+		token = genanswer(bool)
+		logging.debug("sent bytes: %#x %#x %#x %#x" % (ord(token[0]), ord(token[1]), ord(token[2]), ord(token[3])))
+		sys.stdout.write(token)
+		sys.stdout.flush()
+def genanswer(bool):
+		answer = 0
+		if bool:
+			answer = 1
+		token = pack('>hh', 2, answer)
+		return token
+def db_entry(in_user, in_host):
+	ls=[None, None]
+    abfrage = "SELECT %(db_username_field)s, %(db_domain_field)s, %(db_password_field)s FROM %(db_table)s WHERE %(db_username_field)s LIKE %(in_user)s AND %(db_domain_field)s LIKE %(in_host)s"
+    abfrage_data = {'db_username_field': db_username_field, 'db_domain_field': db_domain_field, 'db_password_field': db_password_field, 'db_table': db_table,'db_username_field': db_username_field, 'in_user': in_user, 'db_domain_field': db_domain_field, 'in_host': in_host}
+    cursor.execute(abfrage, abfrage_data)
+	return cursor.fetchone()[0]
+def isuser(in_user, in_host):
+	data=db_entry(in_user, in_host)
+	out=False #defaut to O preventing mistake
+	if data==None:
+		out=False
+		logging.debug("Wrong username: %s"%(in_user))
+	if in_user+"@"+in_host==data[0]+"@"+data[1]:
+		out=True
+	return out
+def auth(in_user, in_host, password):
+	data=db_entry(in_user, in_host)
+	out=False #defaut to O preventing mistake
+	if data==None:
+		out=False
+		logging.debug("Wrong username: %s"%(in_user))
+	if in_user+"@"+in_host==data[0]+"@"+data[1]:
+		if argon2.verify(password, data[2])
+			out=True
+		else:
+			logging.debug("Wrong password for user: %s"%(in_user))
+			out=False
+	else:
+		out=False
+	return out
+def log_result(op, in_user, bool):
+	if bool:
+		logging.info("%s successful for %s"%(op, in_user))
+	else:
+		logging.info("%s unsuccessful for %s"%(op, in_user))
+########################################################################
+#Main Loop
+########################################################################
+while True:
+	logging.debug("start of infinite loop")
+	try: 
+		ejab_request = ejabberd_in()
+	except EjabberdInputError as inst:
+		logging.info("Exception occured: %s", inst)
+		break
+	logging.debug('operation: %s'%(ejab_request[0]))
+	op_result = False
+	if ejab_request[0] == "auth":
+		op_result = auth(ejab_request[1], ejab_request[2], ejab_request[3])
+		ejabberd_out(op_result)
+		log_result(ejab_request[0], ejab_request[1], op_result)
+	elif ejab_request[0] == "isuser":
+		op_result = isuser(ejab_request[1], ejab_request[2])
+		ejabberd_out(op_result)
+		log_result(ejab_request[0], ejab_request[1], op_result)
+	elif ejab_request[0] == "setpass":
+		op_result=False
+		ejabberd_out(op_result)
+		log_result(ejab_request[0], ejab_request[1], op_result)
+logging.debug("end of infinite loop")
+logging.info('extauth script terminating')
+database.close()