Comparison

mod_auth_phpbb3/mod_auth_phpbb3.lua @ 373:81c7b36e6cdd

mod_auth_phpbb3: Initial commit.
author Waqas Hussain <waqas20@gmail.com>
date Fri, 01 Jul 2011 06:40:33 +0500
child 374:2dd6dfda94d6
comparison
equal deleted inserted replaced
372:000f1d1c6ca5 373:81c7b36e6cdd
1 -- phpbb3 authentication backend for Prosody
2 --
3 -- Copyright (C) 2011 Waqas Hussain
4 --
5
6 local log = require "util.logger".init("auth_sql");
7 local new_sasl = require "util.sasl".new;
8 local nodeprep = require "util.encodings".stringprep.nodeprep;
9 local DBI = require "DBI"
10 local md5 = require "util.hashes".md5;
11
12 local connection;
13 local params = module:get_option("sql");
14
15 local resolve_relative_path = require "core.configmanager".resolve_relative_path;
16
17 local function test_connection()
18 if not connection then return nil; end
19 if connection:ping() then
20 return true;
21 else
22 module:log("debug", "Database connection closed");
23 connection = nil;
24 end
25 end
26 local function connect()
27 if not test_connection() then
28 prosody.unlock_globals();
29 local dbh, err = DBI.Connect(
30 params.driver, params.database,
31 params.username, params.password,
32 params.host, params.port
33 );
34 prosody.lock_globals();
35 if not dbh then
36 module:log("debug", "Database connection failed: %s", tostring(err));
37 return nil, err;
38 end
39 module:log("debug", "Successfully connected to database");
40 dbh:autocommit(true); -- don't run in transaction
41 connection = dbh;
42 return connection;
43 end
44 end
45
46 do -- process options to get a db connection
47 params = params or { driver = "SQLite3" };
48
49 if params.driver == "SQLite3" then
50 params.database = resolve_relative_path(prosody.paths.data or ".", params.database or "prosody.sqlite");
51 end
52
53 assert(params.driver and params.database, "Both the SQL driver and the database need to be specified");
54
55 assert(connect());
56 end
57
58 local function getsql(sql, ...)
59 if params.driver == "PostgreSQL" then
60 sql = sql:gsub("`", "\"");
61 end
62 if not test_connection() then connect(); end
63 -- do prepared statement stuff
64 local stmt, err = connection:prepare(sql);
65 if not stmt and not test_connection() then error("connection failed"); end
66 if not stmt then module:log("error", "QUERY FAILED: %s %s", err, debug.traceback()); return nil, err; end
67 -- run query
68 local ok, err = stmt:execute(...);
69 if not ok and not test_connection() then error("connection failed"); end
70 if not ok then return nil, err; end
71
72 return stmt;
73 end
74
75 local function get_password(username)
76 local stmt, err = getsql("SELECT `user_password` FROM `phpbb_users` WHERE `username`=?", username);
77 if stmt then
78 for row in stmt:rows(true) do
79 return row.user_password;
80 end
81 end
82 end
83
84 local itoa64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
85
86 local function hashEncode64(input)
87 local count = 16;
88 local output = "";
89 local i, value = 0, 0;
90
91 while true do
92 value = input:byte(i+1)
93 i = i+1;
94 local idx = value % 0x40 + 1;
95 output = output .. itoa64:sub(idx, idx);
96
97 if i < count then
98 value = value + input:byte(i+1) * 256;
99 end
100 local _ = value % (2^6);
101 local idx = ((value - _) / (2^6)) % 0x40 + 1
102 output = output .. itoa64:sub(idx, idx);
103
104 if i >= count then break; end
105 i = i+1;
106
107 if i < count then
108 value = value + input:byte(i+1) * 256 * 256;
109 end
110 local _ = value % (2^12);
111 local idx = ((value - _) / (2^12)) % 0x40 + 1
112 output = output .. itoa64:sub(idx, idx);
113
114 if i >= count then break; end
115 i = i+1;
116
117 local _ = value % (2^18);
118 local idx = ((value - _) / (2^18)) % 0x40 + 1
119 output = output .. itoa64:sub(idx, idx);
120
121 if not(i < count) then break; end
122 end
123 return output;
124 end
125 local function hashCryptPrivate(password, genSalt, itoa64)
126 local output = "*";
127 if not genSalt:match("^%$H%$") then return output; end
128
129 local count_log2 = itoa64:find(genSalt:sub(4,4)) - 1;
130 if count_log2 < 7 or count_log2 > 30 then return output; end
131
132 local count = 2 ^ count_log2;
133 local salt = genSalt:sub(5, 12);
134
135 if #salt ~= 8 then return output; end
136
137 local hash = md5(salt..password);
138
139 while true do
140 hash = md5(hash..password);
141 if not(count > 1) then break; end
142 count = count-1;
143 end
144
145 output = genSalt:sub(1, 12);
146 output = output .. hashEncode64(hash);
147
148 return output;
149 end
150 local function phpbbCheckHash(password, hash)
151 return #hash == 34 and hashCryptPrivate(password, hash, itoa64) == hash;
152 end
153
154 provider = { name = "phpbb3" };
155
156 function provider.test_password(username, password)
157 module:log("debug", "test_password '%s' for user %s", password, username);
158
159 local hash = get_password(username);
160 return phpbbCheckHash(password, hash);
161 end
162 function provider.user_exists(username)
163 module:log("debug", "test user %s existence", username);
164 return get_password(username) and true;
165 end
166
167 function provider.get_password(username)
168 return nil, "Getting password is not supported.";
169 end
170 function provider.set_password(username, password)
171 return nil, "Setting password is not supported.";
172 end
173 function provider.create_user(username, password)
174 return nil, "Account creation/modification not supported.";
175 end
176
177 function provider.get_sasl_handler()
178 local profile = {
179 plain_test = function(username, password, realm)
180 -- TODO stringprep
181 return provider.test_password(username, password), true;
182 end;
183 };
184 return new_sasl(module.host, profile);
185 end
186
187 module:add_item("auth-provider", provider);
188