#!/usr/bin/python##External auth script for ejabberd that enable auth agains

1. #!/usr/bin/python
2. #
3. #External auth script for ejabberd that enable auth against MySQL db with
4. #use of custom fields and table. It works with hashed passwords.
5. #Inspired by Lukas Kolbe script.
6. #Released under GNU GPLv3
7. #Author: iltl. Contact: iltl@free.fr
8. #Version: 27 July 2009
9.  
10. ########################################################################
11. #DB Settings
12. #Just put your settings here.
13. ########################################################################
14. db_name="my_db"
15. db_user="my_id"
16. db_pass="my_pass"
17. db_host="localhost"
18. db_table="my_table"
19. db_username_field="name"
20. db_password_field="pass"
21. domain_suffix="@exemple.net" #JID= user+domain_suffix
22. ########################################################################
23. #Setup
24. ########################################################################
25. import sys, logging, struct, hashlib, MySQLdb
26. from struct import *
27. sys.stderr = open('/var/log/ejabberd/extauth_err.log', 'a')
28. logging.basicConfig(level=logging.INFO,
29.                     format='%(asctime)s %(levelname)s %(message)s',
30.                     filename='/var/log/ejabberd/extauth.log',
31.                     filemode='a')
32. try:
33.     database=MySQLdb.connect(db_host, db_user, db_pass, db_name)
34. except:
35.     logging.debug("Unable to initialize database, check settings!")
36. dbcur=database.cursor()
37. logging.info('extauth script started, waiting for ejabberd requests')
38. class EjabberdInputError(Exception):
39.     def __init__(self, value):
40.         self.value = value
41.     def __str__(self):
42.         return repr(self.value)
43. ########################################################################
44. #Declarations
45. ########################################################################
46. def ejabberd_in():
47.         logging.debug("trying to read 2 bytes from ejabberd:")
48.         try:
49.             input_length = sys.stdin.read(2)
50.         except IOError:
51.             logging.debug("ioerror")
52.         if len(input_length) is not 2:
53.             logging.debug("ejabberd sent us wrong things!")
54.             raise EjabberdInputError('Wrong input from ejabberd!')
55.         logging.debug('got 2 bytes via stdin: %s'%input_length)
56.         (size,) = unpack('>h', input_length)
57.         logging.debug('size of data: %i'%size)
58.         income=sys.stdin.read(size).split(':')
59.         logging.debug("incoming data: %s"%income)
60.         return income
61. def ejabberd_out(bool):
62.         logging.debug("Ejabberd gets: %s" % bool)
63.         token = genanswer(bool)
64.         logging.debug("sent bytes: %#x %#x %#x %#x" % (ord(token[0]), ord(token[1]), ord(token[2]), ord(token[3])))
65.         sys.stdout.write(token)
66.         sys.stdout.flush()
67. def genanswer(bool):
68.         answer = 0
69.         if bool:
70.             answer = 1
71.         token = pack('>hh', 2, answer)
72.         return token
73. def db_entry(in_user):
74.     ls=[None, None]
75.     dbcur.execute("SELECT %s,%s FROM %s WHERE %s ='%s'"%(db_username_field,db_password_field , db_table, db_username_field, in_user))
76.     return dbcur.fetchone()
77. def isuser(in_user, in_host):
78.     data=db_entry(in_user)
79.     out=False #defaut to O preventing mistake
80.     if data==None:
81.         out=False
82.         logging.debug("Wrong username: %s"%(in_user))
83.     if in_user+"@"+in_host==data[0]+domain_suffix:
84.         out=True
85.     return out
86. def auth(in_user, in_host, password):
87.     data=db_entry(in_user)
88.     out=False #defaut to O preventing mistake
89.     if data==None:
90.         out=False
91.         logging.debug("Wrong username: %s"%(in_user))
92.     if in_user+"@"+in_host==data[0]+domain_suffix:
93.         if hashlib.md5(password).hexdigest()==data[1]:
94.             out=True
95.         else:
96.             logging.debug("Wrong password for user: %s"%(in_user))
97.             out=False
98.     else:
99.         out=False
100.     return out
101. def log_result(op, in_user, bool):
102.     if bool:
103.         logging.info("%s successful for %s"%(op, in_user))
104.     else:
105.         logging.info("%s unsuccessful for %s"%(op, in_user))
106. ########################################################################
107. #Main Loop
108. ########################################################################
109. while True:
110.     logging.debug("start of infinite loop")
111.     try:
112.         ejab_request = ejabberd_in()
113.     except EjabberdInputError, inst:
114.         logging.info("Exception occured: %s", inst)
115.         break
116.     logging.debug('operation: %s'%(ejab_request[0]))
117.     op_result = False
118.     if ejab_request[0] == "auth":
119.         op_result = auth(ejab_request[1], ejab_request[2], ejab_request[3])
120.         ejabberd_out(op_result)
121.         log_result(ejab_request[0], ejab_request[1], op_result)
122.     elif ejab_request[0] == "isuser":
123.         op_result = isuser(ejab_request[1], ejab_request[2])
124.         ejabberd_out(op_result)
125.         log_result(ejab_request[0], ejab_request[1], op_result)
126.     elif ejab_request[0] == "setpass":
127.         op_result=False
128.         ejabberd_out(op_result)
129.         log_result(ejab_request[0], ejab_request[1], op_result)
130. logging.debug("end of infinite loop")
131. logging.info('extauth script terminating')
132. database.close()