#!/usr/bin/env python
# -*- coding: UTF-8 -*-
# Depends: python-mysqldb
+# install -o root -g ejabberd -m 0750 -c auth-mysql.py /etc/ejabberd/
+# install -o ejabberd -g adm -m 0640 -c /dev/null /var/log/ejabberd/auth-mysql.log
+# Test: printf '\000\031isuser:moussa.nombre:test' | ./auth-mysql.py | hd
+
import sys
import traceback
import struct
_host = 'nss'
_user = 'jabber'
_passwd = 'password'
-_db = 'auth'
+_db = 'mail'
+_timeout = 2
+_query = "SELECT * FROM auforg_virtual WHERE source=%s AND LENGTH(password)>1"
-def find_user(user):
+def find_user(user, host):
global _host, _user, _passwd, _db
db = MySQLdb.connect(host=_host, user=_user, passwd=_passwd,
- db=_db, connect_timeout=1)
+ db=_db, connect_timeout=_timeout)
cur = db.cursor(MySQLdb.cursors.DictCursor)
- nrows = cur.execute(
- """SELECT uid FROM users WHERE source=0 AND username=%s""", (user, ))
+ nrows = cur.execute(_query, ('%s@%s' % (user,host), ))
del cur, db
return (nrows > 0)
-def authenticate_user(user, password):
+def authenticate_user(user, host, password):
global _host, _user, _passwd, _db
db = MySQLdb.connect(host=_host, user=_user, passwd=_passwd,
- db=_db, connect_timeout=1)
+ db=_db, connect_timeout=_timeout)
cur = db.cursor(MySQLdb.cursors.DictCursor)
- nrows = cur.execute(
- """SELECT password FROM users WHERE source=0 AND username=%s"""
- """ AND LENGTH(password)>1""", (user, ))
+ nrows = cur.execute(_query, ('%s@%s' % (user,host), ))
users = cur.fetchall()
del cur, db
if nrows < 1:
log_file.write('%s operation=%s user=%s host=%s\n'
% (now, operation, user, host))
log_file.flush()
- result = authenticate_user(user, password)
+ result = authenticate_user(user, host, password)
elif operation == 'isuser':
(user, host) = data.split(':', 1)
log_file.write('%s operation=%s user=%s host=%s\n'
% (now, operation, user, host))
log_file.flush()
- result = find_user(user)
+ result = find_user(user, host)
elif operation == 'setpass':
(user, host, password) = data.split(':', 2)
log_file.write('%s operation=%s user=%s host=%s\n'
% (now, operation, user, host))
log_file.flush()
- #result = set_user_password(user, password)
+ #result = set_user_password(user, host, password)
result = False
else:
result = False