Extraction de la requête SQL. Doc' d'installation et de test.
[progfou.git] / ejabberd / auth-mysql.py
CommitLineData
42b8c4c3
P
1#!/usr/bin/env python
2# -*- coding: UTF-8 -*-
3# Depends: python-mysqldb
4a082535
P
4# install -o root -g ejabberd -m 0750 -c auth-mysql.py /etc/ejabberd/
5# install -o ejabberd -g adm -m 0640 -c /dev/null /var/log/ejabberd/auth-mysql.log
6# Test: printf '\000\031isuser:moussa.nombre:test' | ./auth-mysql.py | hd
7
42b8c4c3
P
8import sys
9import traceback
10import struct
11import time
12import MySQLdb
13import crypt
14
15# TODO: transformer toute la partie gestion de BdD en une classe
16# TODO: connexion persistente et gérer les coupures de service MySQL
17
18_host = 'nss'
19_user = 'jabber'
20_passwd = 'password'
4a082535
P
21_db = 'mail'
22_timeout = 2
23_query = "SELECT * FROM auforg_virtual WHERE source=%s AND LENGTH(password)>1"
42b8c4c3 24
4a082535 25def find_user(user, host):
42b8c4c3
P
26 global _host, _user, _passwd, _db
27 db = MySQLdb.connect(host=_host, user=_user, passwd=_passwd,
4a082535 28 db=_db, connect_timeout=_timeout)
42b8c4c3 29 cur = db.cursor(MySQLdb.cursors.DictCursor)
4a082535 30 nrows = cur.execute(_query, ('%s@%s' % (user,host), ))
42b8c4c3
P
31 del cur, db
32 return (nrows > 0)
33
4a082535 34def authenticate_user(user, host, password):
42b8c4c3
P
35 global _host, _user, _passwd, _db
36 db = MySQLdb.connect(host=_host, user=_user, passwd=_passwd,
4a082535 37 db=_db, connect_timeout=_timeout)
42b8c4c3 38 cur = db.cursor(MySQLdb.cursors.DictCursor)
4a082535 39 nrows = cur.execute(_query, ('%s@%s' % (user,host), ))
42b8c4c3
P
40 users = cur.fetchall()
41 del cur, db
42 if nrows < 1:
43 return False
44 for user in users:
45 if crypt.crypt(password, user['password']) == user['password']:
46 return True
47 return False
48
49def main():
50 log_file = open('/var/log/ejabberd/auth-mysql.log', 'a')
51 while True:
52 try:
53 nread = sys.stdin.read(2)
54 if len(nread) == 0:
55 time.sleep(0.25)
56 continue
57 now = time.strftime('%Y/%m/%d %H:%M:%S', time.localtime())
58 if len(nread) < 2:
59 log_file.write('%s bytes_read=%d\n' % (now, len(nread)))
60 log_file.flush()
61 continue
62 size = struct.unpack('>h', nread)[0]
63 data = sys.stdin.read(size)
64 (operation, data) = data.split(':', 1)
65 if operation == 'auth':
66 (user, host, password) = data.split(':', 2)
67 log_file.write('%s operation=%s user=%s host=%s\n'
68 % (now, operation, user, host))
69 log_file.flush()
4a082535 70 result = authenticate_user(user, host, password)
42b8c4c3
P
71 elif operation == 'isuser':
72 (user, host) = data.split(':', 1)
73 log_file.write('%s operation=%s user=%s host=%s\n'
74 % (now, operation, user, host))
75 log_file.flush()
4a082535 76 result = find_user(user, host)
42b8c4c3
P
77 elif operation == 'setpass':
78 (user, host, password) = data.split(':', 2)
79 log_file.write('%s operation=%s user=%s host=%s\n'
80 % (now, operation, user, host))
81 log_file.flush()
4a082535 82 #result = set_user_password(user, host, password)
42b8c4c3
P
83 result = False
84 else:
85 result = False
86 log_file.write('%s => result=%s\n' % (now, result))
87 log_file.flush()
88 sys.stdout.write(struct.pack('>hh', 2, result and 1 or 0))
89 sys.stdout.flush()
90 except:
91 traceback.print_exc(file=log_file)
92 #sys.exit()
93
94if __name__ == '__main__':
95 main()