Howdy All,
I have a Pipe Auth Problem. Because I have a database that has login information, I'm using a modified version of the example perl script to auth. I've got the script set up so that it supports the user_exists and check_password commands.
I have it temporarily set up to return "YES" for all queries, so that I could test SSL. SSL works fine now.
Jabber clients appear to log in, but they really aren't logged in. I put some logging in the pipe-auth.pl script; it looks like the c2s is running the "check user exists" command, but it never runs the "check user password" command.
How can I figure out what the problem is? Logfile and pipe-auth.pl file is attached.
Cheers, -J
#!/usr/bin/perl -w
#
# Sample pipe authenticator module. You can use this as a basis for your
# own auth/reg module. See docs/dev/c2s-pipe-authenticator for details
# about the protocol.
#
# This code is hereby placed into the public domain.
#
# JPK: Adding support for Postgres and MD5 Hashed passwords.
use vars qw($gh_auth_db_name $gh_auth_db $gh_auth_table $gh_auth_username_field
$gh_auth_userpass_field $gh_auth_realm $gh_auth_db_dbuser
$gh_auth_db_dbpass $gh_auth_db_dbserver $testing $dbh);
$gh_auth_db_name = 'auth_db';
$gh_auth_table = 'auth_users';
$gh_auth_username_field = 'username';
$gh_auth_userpass_field = 'password';
$gh_auth_realm = 'mynetwork.net';
$gh_auth_db_dbuser = 'auth_db_user';
$gh_auth_db_dbpass = 'mypass';
$gh_auth_db_dbserver = '192.168.2.150';
$testing = 'NO';
use strict;
use warnings;
use MIME::Base64;
use Digest::MD5;
use DBD::Pg;
# Flush output immediately.
$| = 1;
# On startup, we have to inform c2s of the functions we can deal with.
USER-EXISTS is not optional.
# print "OK USER-EXISTS GET-PASSWORD CHECK-PASSWORD SET-PASSWORD CREATE-USER
DESTROY-USER FREE\n";
# We do this after the database connection is or isn't defined.
# Initialize the database connection:
$gh_auth_db =
DBI->connect("dbi:Pg:dbname=$gh_auth_db_name;host=$gh_auth_db_dbserver",
$gh_auth_db_dbuser, $gh_auth_db_dbpass);
if (!defined $gh_auth_db)
{
die;
}
if ($testing eq "YES")
{
my $result;
print "Command user exists: ";
$result = _cmd_user_exists("my_user", "mynetwork.net");
print $result . "\n";
my $encoded_pass = encode_base64("");
print "Command check password: ";
$result = _cmd_check_password("my_user", $encoded_pass, "mynetwork.net");
print $result . "\n\n";
exit(0);
}
print "OK USER-EXISTS CHECK-PASSWORD FREE\n";
# Our main loop
my $buf;
while(sysread (STDIN, $buf, 1024) > 0)
{
my ($cmd, @args) = split ' ', $buf;
$cmd =~ tr/[A-Z]/[a-z]/;
$cmd =~ tr/-/_/;
eval "print _cmd_$cmd([EMAIL PROTECTED]), '\n'";
}
sub log_error
{
my $Text = shift;
open ERROR, ">>perl_errors.log";
print ERROR "Perl Pipe Auth: " . $Text . "\n";
close ERROR;
}
# Determine if the requested user exists.
sub _cmd_user_exists
{
my ($user, $realm) = @_;
log_error("Does user exist: " . $user . ", " . $realm);
return "YES";
# !!! return "OK" if user exists;
# JPK: Does user exist in database?
if ($realm ne "mynetwork.net")
{
return "NO";
}
my $query = "SELECT $gh_auth_userpass_field FROM $gh_auth_table WHERE
$gh_auth_username_field = ?";
my $sth = $gh_auth_db->prepare($query);
$sth->execute($user);
if ($sth->rows > 0)
{
return "YES";
}
return "NO";
}
# Retrieve the user's password.
sub _cmd_get_password
{
my ($user, $realm) = @_;
# !!! $pass = [password in database];
# return "NO" if not $pass;
# $encoded_pass = encode_base64($pass);
# return "OK $encoded_pass" if $encoded_pass;
log_error("Tried to get_password!");
return "NO";
}
# Compare the given password with the stored password.
sub _cmd_check_password
{
my ($user, $encoded_pass, $realm) = @_;
log_error("Check password: " . $user . ", " . $encoded_pass, ", " . $realm);
return "YES";
# !!! $pass = decode_base64($encoded_pass);
# return "NO" if not $pass;
# $spass = [password in database];
# return "OK" if $pass eq $spass;
if ($realm ne "mynetwork.net")
{
return "NO";
}
my $pass = decode_base64($encoded_pass);
# At this point, $pass ought to be the pass we have
# to md5-encode and compare to the db.
my $query = "SELECT $gh_auth_userpass_field FROM $gh_auth_table WHERE
$gh_auth_username_field = ? AND $gh_auth_userpass_field = md5(?)";
my $sth = $gh_auth_db->prepare($query);
$sth->execute($user, $pass);
if ($sth->rows > 0)
{
return "YES";
}
return "NO";
}
# Store the password in the database.
sub _cmd_set_password
{
my ($user, $encoded_pass, $realm) = @_;
# !!! $pass = decode_base64($encoded_pass);
# return "NO" if not $pass;
# $fail = [store $pass in database];
# return "OK" if not $fail;
return "NO";
}
# Create a user in the database (with no auth credentials).
sub _cmd_create_user
{
my ($user, $realm) = @_;
# !!! $fail = [create user in database]
# return "OK" if not $fail;
return "NO";
}
# Delete a user and associated credentials.
sub _cmd_delete_user
{
my ($user, $realm) = @_;
# !!! $fail = [delete user in database]
# return "OK" if not $fail;
return "NO";
}
# c2s shutting down, do the same.
sub _cmd_free
{
# !!! free data
# close database handles
$gh_auth_db->close();
exit(0);
}
errors.log.gz
Description: GNU Zip compressed data
_______________________________________________ Jabberd2 mailing list [email protected] http://lists.xiaoka.com/listinfo.cgi/jabberd2-xiaoka.com
