API tools faq
paste
Guest User

Untitled

a guest
Nov 18th, 2016
80
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.20 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/python
  2.  
  3. import bcrypt
  4. import sys
  5. import psycopg2
  6. import logging
  7. import struct
  8. from struct import *
  9.  
  10. db_name = "my_db"
  11. db_user = "my_id"
  12. db_pass = "my_pass"
  13. db_host = "localhost"
  14. db_table = "my_table"
  15. db_username_field = "name"
  16. db_password_field = "pass"
  17. domain_suffix = "@example.net"
  18.  
  19. sys.stderr = open('/tmp/pg_auth_err.log', 'w')
  20. logging.basicConfig(level=logging.DEBUG,
  21. format='%(asctime)s %(levelname)s %(message)s',
  22. filename='/tmp/pg_auth_extauth.log',
  23. filemode='w')
  24.  
  25. logging.info('extauth script started, waiting for ejabberd requests')
  26.  
  27.  
  28. def hash_password(password, salt=None):
  29. if not salt:
  30. salt = bcrypt.gensalt()
  31. return bcrypt.hashpw(password, salt)
  32.  
  33.  
  34. def get_connection():
  35. return psycopg2.connect(
  36. "dbname='%s' user='%s' host='%s' password='%s'" % (
  37. db_name, db_user, db_host, db_pass
  38. ))
  39.  
  40.  
  41. def ejabberd_in():
  42. logging.debug("trying to read 2 bytes from ejabberd:")
  43. try:
  44. input_length = sys.stdin.read(2)
  45. except IOError:
  46. logging.debug("ioerror")
  47. if len(input_length) != 2:
  48. logging.debug("ejabberd sent us wrong things!")
  49. raise Exception('Wrong input from ejabberd!')
  50.  
  51. logging.debug('got 2 bytes via stdin: %s' % input_length)
  52. (size, ) = unpack('>h', input_length)
  53. logging.debug('size of data: %i' % size)
  54. income = sys.stdin.read(size).split(':')
  55. logging.debug("incoming data: %s" % income)
  56. return income
  57.  
  58.  
  59. def genanswer(bool):
  60. answer = 0
  61. if bool:
  62. answer = 1
  63. token = pack('>hh', 2, answer)
  64. return token
  65.  
  66.  
  67. def ejabberd_out(bool):
  68. logging.debug("Ejabberd gets: %s" % bool)
  69. token = genanswer(bool)
  70. logging.debug("sent bytes: %#x %#x %#x %#x" % (
  71. ord(token[0]), ord(token[1]), ord(token[2]), ord(token[3])))
  72. sys.stdout.write(token)
  73. sys.stdout.flush()
  74.  
  75.  
  76. def db_entry(in_user):
  77. con = get_connection()
  78. cur = con.cursor()
  79. cur.execute("SELECT %s,%s FROM %s WHERE %s ='%s'" % (
  80. db_username_field, db_password_field, db_table,
  81. db_username_field, in_user))
  82. return cur.fetchone()
  83.  
  84.  
  85. def isuser(in_user, in_host):
  86. data = db_entry(in_user)
  87. out = False
  88. if data == None or data[0] == None:
  89. out = False
  90. logging.debug("Wrong username: %s" % (in_user))
  91. name = "%s@%s" % (in_user, in_host)
  92. try:
  93. resultname = "%s%s" % (data[0], domain_suffix)
  94. except:
  95. return False
  96.  
  97. if name == resultname:
  98. out = True
  99. return out
  100.  
  101.  
  102. def tryregister(username, domain, password):
  103. if isuser(username, domain):
  104. return False
  105.  
  106. query = "INSERT INTO USERS (username, password) values ('%s', '%s');" % (
  107. username, hash_password(password))
  108.  
  109. con = get_connection()
  110. cur = con.cursor()
  111. cur.execute(query)
  112. try:
  113. con.commit()
  114. return True
  115. except:
  116. return False
  117.  
  118.  
  119. def setpass(username, domain, password):
  120. if not isuser(username, domain):
  121. logging.info("Trying to change password for invalid user %s@%s" % (
  122. username, domain))
  123. return False
  124.  
  125. query = "UPDATE USERS set password='%s' where username='%s';" % (
  126. hash_password(password), username)
  127.  
  128. con = get_connection()
  129. cur = con.cursor()
  130. cur.execute(query)
  131. try:
  132. con.commit()
  133. return True
  134. except:
  135. import traceback
  136. traceback.print_exc()
  137. sys.stderr.write(traceback.format_exc())
  138. sys.stderr.flush()
  139. return False
  140.  
  141.  
  142. def removeuser(username):
  143. query = "DELETE FROM USERS where username='%s';" % (
  144. username)
  145.  
  146. con = get_connection()
  147. cur = con.cursor()
  148. cur.execute(query)
  149. try:
  150. con.commit()
  151. return True
  152. except:
  153. return False
  154.  
  155.  
  156. def auth(in_user, in_host, password):
  157. data = db_entry(in_user)
  158. out = False
  159. if data == None:
  160. logging.debug("Wrong username: %s" % (in_user))
  161. return False
  162.  
  163. name = "%s@%s" % (in_user, in_host)
  164. resultname = "%s%s" % (data[0], domain_suffix)
  165. if name == resultname:
  166. if hash_password(password, data[1]) == data[1]:
  167. out = True
  168. else:
  169. logging.debug("Wrong password for user: %s" % (in_user))
  170. out = False
  171. else:
  172. out = False
  173.  
  174. return out
  175.  
  176.  
  177. def log_result(op, in_user, bool):
  178. if bool:
  179. logging.info("%s successful for %s\n" % (op, in_user))
  180. else:
  181. logging.info("%s unsuccessful for %s\n" % (op, in_user))
  182.  
  183.  
  184. if __name__ == '__main__':
  185. while True:
  186. logging.debug("start of processing loop")
  187. try:
  188. ejab_request = ejabberd_in()
  189. except Exception, inst:
  190. logging.info("Exception occured: %s", inst)
  191. continue
  192.  
  193. logging.debug('operation: %s' % (ejab_request[0]))
  194. op_result = False
  195. if ejab_request[0] == "auth":
  196. op_result = auth(ejab_request[1], ejab_request[2], ejab_request[3])
  197. ejabberd_out(op_result)
  198. log_result(ejab_request[0], ejab_request[1], op_result)
  199. elif ejab_request[0] == "isuser":
  200. op_result = isuser(ejab_request[1], ejab_request[2])
  201. ejabberd_out(op_result)
  202. log_result(ejab_request[0], ejab_request[1], op_result)
  203. elif ejab_request[0] == "setpass":
  204. op_result = setpass(ejab_request[1],
  205. ejab_request[2], ejab_request[3])
  206. ejabberd_out(op_result)
  207. log_result(ejab_request[0], ejab_request[1], op_result)
  208. elif ejab_request[0] == 'tryregister':
  209. op_result = tryregister(ejab_request[1], ejab_request[2],
  210. ejab_request[3])
  211. ejabberd_out(op_result)
  212. log_result(ejab_request[0], ejab_request[1], op_result)
  213. elif ejab_request[0] == 'removeuser':
  214. op_result = removeuser(ejab_request[1])
  215. ejabberd_out(op_result)
  216. log_result(ejab_request[0], ejab_request[1], op_result)
  217. elif ejab_request[0] == 'removeuser3':
  218. op_result = removeuser(ejab_request[1])
  219. ejabberd_out(op_result)
  220. log_result(ejab_request[0], ejab_request[1], op_result)
  221.  
  222. logging.debug("end of infinite loop")
  223. logging.info('extauth script terminating')
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!