From 938136c1c79005509b8ff44681d08f98d87defca Mon Sep 17 00:00:00 2001 From: Humorhenker Date: Sat, 18 Sep 2021 14:25:05 +0200 Subject: [PATCH] . --- main.py | 136 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 136 insertions(+) create mode 100644 main.py diff --git a/main.py b/main.py new file mode 100644 index 0000000..d9fbdb7 --- /dev/null +++ b/main.py @@ -0,0 +1,136 @@ +#!/usr/bin/python +# +#External auth script for ejabberd that enable auth against MySQL db with +#use of custom fields and table. It works with argon2i hashed passwords. Python 3 +#Based on iltl. Contact: iltl@free.fr script. +#Released under GNU GPLv3 +#Author: Humorhenker paul@roteserver.de + +######################################################################## +#DB Settings +######################################################################## +db_name="my_db" +db_user="my_id" +db_pass="my_pass" +db_host="localhost" +db_table="my_table" +db_username_field="name" +db_password_field="pass" +db_domain_field="" +######################################################################## +#Setup +######################################################################## +import sys, logging, struct +import mysql.connector +from passlib.hash import argon2 +import config as cfg +from struct import * + +sys.stderr = open('/var/log/ejabberd/extauth_err.log', 'a') +logging.basicConfig(level=logging.INFO, + format='%(asctime)s %(levelname)s %(message)s', + filename='/var/log/ejabberd/extauth.log', + filemode='a') +try: + mysqlcnx = mysql.connector.connect(user=cfg.mysql['user'], password=cfg.mysql['password'], host='127.0.0.1', database=cfg.mysql['db']) +except: + logging.debug("Unable to initialize database, check settings!") +cursor = mysqlcnx.cursor() +logging.info('extauth script started, waiting for ejabberd requests') +class EjabberdInputError(Exception): + def __init__(self, value): + self.value = value + def __str__(self): + return repr(self.value) +######################################################################## +#Declarations +######################################################################## +def ejabberd_in(): + logging.debug("trying to read 2 bytes from ejabberd:") + try: + input_length = sys.stdin.read(2) + except IOError: + logging.debug("ioerror") + if len(input_length) is not 2: + logging.debug("ejabberd sent us wrong things!") + raise EjabberdInputError('Wrong input from ejabberd!') + logging.debug('got 2 bytes via stdin: %s'%input_length) + (size,) = unpack('>h', input_length) + logging.debug('size of data: %i'%size) + income=sys.stdin.read(size).split(':') + logging.debug("incoming data: %s"%income) + return income +def ejabberd_out(bool): + logging.debug("Ejabberd gets: %s" % bool) + token = genanswer(bool) + logging.debug("sent bytes: %#x %#x %#x %#x" % (ord(token[0]), ord(token[1]), ord(token[2]), ord(token[3]))) + sys.stdout.write(token) + sys.stdout.flush() +def genanswer(bool): + answer = 0 + if bool: + answer = 1 + token = pack('>hh', 2, answer) + return token +def db_entry(in_user, in_host): + ls=[None, None] + abfrage = "SELECT %(db_username_field)s, %(db_domain_field)s, %(db_password_field)s FROM %(db_table)s WHERE %(db_username_field)s LIKE %(in_user)s AND %(db_domain_field)s LIKE %(in_host)s" + abfrage_data = {'db_username_field': db_username_field, 'db_domain_field': db_domain_field, 'db_password_field': db_password_field, 'db_table': db_table,'db_username_field': db_username_field, 'in_user': in_user, 'db_domain_field': db_domain_field, 'in_host': in_host} + cursor.execute(abfrage, abfrage_data) + return cursor.fetchone()[0] +def isuser(in_user, in_host): + data=db_entry(in_user, in_host) + out=False #defaut to O preventing mistake + if data==None: + out=False + logging.debug("Wrong username: %s"%(in_user)) + if in_user+"@"+in_host==data[0]+"@"+data[1]: + out=True + return out +def auth(in_user, in_host, password): + data=db_entry(in_user, in_host) + out=False #defaut to O preventing mistake + if data==None: + out=False + logging.debug("Wrong username: %s"%(in_user)) + if in_user+"@"+in_host==data[0]+"@"+data[1]: + if argon2.verify(password, data[2]) + out=True + else: + logging.debug("Wrong password for user: %s"%(in_user)) + out=False + else: + out=False + return out +def log_result(op, in_user, bool): + if bool: + logging.info("%s successful for %s"%(op, in_user)) + else: + logging.info("%s unsuccessful for %s"%(op, in_user)) +######################################################################## +#Main Loop +######################################################################## +while True: + logging.debug("start of infinite loop") + try: + ejab_request = ejabberd_in() + except EjabberdInputError as inst: + logging.info("Exception occured: %s", inst) + break + logging.debug('operation: %s'%(ejab_request[0])) + op_result = False + if ejab_request[0] == "auth": + op_result = auth(ejab_request[1], ejab_request[2], ejab_request[3]) + ejabberd_out(op_result) + log_result(ejab_request[0], ejab_request[1], op_result) + elif ejab_request[0] == "isuser": + op_result = isuser(ejab_request[1], ejab_request[2]) + ejabberd_out(op_result) + log_result(ejab_request[0], ejab_request[1], op_result) + elif ejab_request[0] == "setpass": + op_result=False + ejabberd_out(op_result) + log_result(ejab_request[0], ejab_request[1], op_result) +logging.debug("end of infinite loop") +logging.info('extauth script terminating') +database.close() \ No newline at end of file