www.GunnarD.se » Authenticate eJabberd against MySQL with Perl

Home > Tips&Trix > Authenticate eJabberd against MySQL with Perl

Authenticate eJabberd against MySQL with Perl

March 8th, 2009 Leave a comment Go to comments

I have modified Alejandro Grijalba perl script check_mysql.pl so i does not spawn other program when it needs to communicate with mysql, now i use DBI::MySQL instedd.


#!/usr/bin/perl
# Mysql external auth script
# Features: auth and isUser work, but setPass doesn't.
# Restrictions: Username or passwords may not contain some special characters: $'"`
#nor line breaks

# 2005-1-24 Modified by Alejandro Grijalba (SuD) http://www.latinsud.com
# Based on check_pass_null.pl script
# 2009-3-6 Modified by Gunnar Dahlström http://www.gunnard.se
# Based on check_mysql.pl

my $dbHost="localhost";
my $dbUser="username";
my $dbPass="password";
my $dbName="database";
my $dbTable="Users";
my $fieldUser="username";
my $fieldPass="password";

use Unix::Syslog qw(:macros :subs);
use DBI;

my $domain = $ARGV[0] || "localhost";

while(1) {
my $buf = "";
syslog LOG_INFO,"waiting for packet";
my $nread = sysread STDIN,$buf,2;
do { syslog LOG_INFO,"port closed"; exit; } unless $nread == 2;
my $len = unpack "n",$buf;
my $nread = sysread STDIN,$buf,$len;
my ($op,$user,$host,$password) = split /:/,$buf;

# Filter dangerous characters
$user =~ s/[."\n\r'\$`]//g;
$password =~ s/[."\n\r'\$`]//g;

my $jid = "$user\@$domain";
my $result;

syslog(LOG_INFO,"request (%s)", $op);

SWITCH: {
$op eq 'auth' and do {
$result = 0;
$dbh = DBI->connect("DBI:mysql:database=$dbName;host=$dbHost", $dbUser, $dbPass);
$sql = "SELECT COUNT(*) AS nr FROM $dbTable WHERE  $fieldUser='$user' AND $fieldPass=Password('$password')";
$sth = $dbh->prepare($sql);
$sth->execute();
$row = $sth->fetchrow_hashref();
$orden=$row->{'nr'};
$sth->finish();
$result = $orden;
},last SWITCH;

$op eq 'setpass' and do {
$result = 0;
},last SWITCH;

$op eq 'isuser' and do {
# password is null. Return 1 if the user $user\@$domain exitst.
$result = 0;
$dbh = DBI->connect("DBI:mysql:database=$dbName;host=$dbHost", $dbUser, $dbPass);
$sql = "SELECT COUNT(*) AS nr FROM $dbTable WHERE  $fieldUser='$user'";
$sth = $dbh->prepare($sql);
$sth->execute();
$row = $sth->fetchrow_hashref();
$orden=$row->{'nr'};
$sth->finish();
$result = $orden;
},last SWITCH;
};
my $out = pack "nn",2,$result ? 1 : 0;
syswrite STDOUT,$out;
}

closelog;

Categories: Tips&Trix Tags: ejabberd, Tips&Trix

Comments (0) Trackbacks (0) Leave a comment Trackback

No comments yet.

No trackbacks yet.

A True Australian Ghost Story … Maybe Great Truths That Children Have Learned