Commit 3e994a81 authored by Michael Fürmann's avatar Michael Fürmann
Browse files

XMPP User and domain changes and Metronome SQL Auth scripts

parent d2ba6492
<?php
ini_set('display_errors', false);
$username = 'prosody';
$password = '23fm%4ks0';
/*
$soap_location = 'http://localhost:8080/ispconfig3/interface/web/remote/index.php';
$soap_uri = 'http://localhost:8080/ispconfig3/interface/web/remote/';
*/
$soap_location = 'https://tepin.spicyweb.de:8080/remote/index.php';
$soap_uri = 'https://tepin.spicyweb.de:8080/remote/';
$auth_keys = array(
'iplay-esports.de' => 'f47kmm5Yh5hJzSws2KTS',
'weirdempire.de' => 'scNDcU37gQ7MCMeBgaJX'
);
$arg_email = '';
$arg_password = '';
if(count($argv) == 4){
$arg_email = $argv[1].'@'.$argv[2];
$arg_password = $argv[3];
}
$client = new SoapClient(null, array('location' => $soap_location, 'uri' => $soap_uri));
try {
//* Login to the remote server
if($session_id = $client->login($username,$password)) {
//var_dump($client->mail_alias_get($session_id, array('source' => 'blablubb@divepage.net', 'type' => 'alias', 'active' => 'y')));
// Is Mail Alias?
$alias = $client->mail_alias_get($session_id, array('source' => $arg_email, 'type' => 'alias', 'active' => 'y'));
if(count($alias))
$arg_email = $alias[0]['destination'];
$mailbox = $client->mail_user_get($session_id, array('email' => $arg_email));
if(count($mailbox)){
$password = $mailbox[0]['password'];
echo checkAuth($argv[1], $argv[2], $arg_password, $password);//intval(crypt($arg_password, $password) == $password);
}
else
echo 0;
//* Logout
$client->logout($session_id);
}
else
echo 0;
} catch (SoapFault $e) {
echo 0;
}
function checkAuth($user, $domain, $pw, $pw_mailbox){
global $auth_keys;
if(crypt($pw, $pw_mailbox) == $pw_mailbox)
return intval(1);
if(array_key_exists($domain, $auth_keys)){
$datetime = new DateTime();
$datetime->setTimezone(new DateTimeZone("UTC"));
for($t = $datetime->getTimestamp(); $t >= $datetime->getTimestamp()-30; $t--){
$pw_api = md5($domain.'@'.$auth_keys[$domain].'@'.$user.'@'.$t);
if($pw_api == $pw)
return intval(1);
}
}
return intval(0);
}
?>
\ No newline at end of file
......@@ -12,7 +12,7 @@ while read ACTION USER HOST PASS ; do
case $ACTION in
"auth")
if [ `/usr/bin/php /usr/lib/metronome/spicy-modules/mod_auth_external/authenticate_isp.php $USER $HOST $PASS` == 1 ] ; then
if [ `/usr/bin/php /usr/lib/metronome/isp-modules/mod_auth_external/db_auth.php $USER $HOST $PASS 2>/dev/null` == 1 ] ; then
echo $AUTH_OK
[ $USELOG == true ] && { echo "AUTH OK" >> $LOGFILE; }
else
......@@ -21,17 +21,17 @@ while read ACTION USER HOST PASS ; do
fi
;;
"isuser")
if [ `/usr/bin/php /usr/lib/metronome/spicy-modules/mod_auth_external/isuser_isp.php $USER $HOST` == 1 ] ; then
if [ `/usr/bin/php /usr/lib/metronome/isp-modules/mod_auth_external/db_isuser.php $USER $HOST 2>/dev/null` == 1 ] ; then
echo $AUTH_OK
[ $USELOG == true ] && { echo "AUTH OK" >> $LOGFILE; }
[ $USELOG == true ] && { echo "ISUSER OK" >> $LOGFILE; }
else
echo $AUTH_FAILED
[ $USELOG == true ] && { echo "AUTH FAILED" >> $LOGFILE; }
[ $USELOG == true ] && { echo "ISUSER FAILED" >> $LOGFILE; }
fi
;;
*)
echo $AUTH_FAILED
[ $USELOG == true ] && { echo "NO ACTION GIVEN" >> $LOGFILE; }
[ $USELOG == true ] && { echo "UNKNOWN ACTION GIVEN: $ACTION" >> $LOGFILE; }
;;
esac
......
<?php
ini_set('display_errors', false);
require_once('db_conf.inc.php');
try{
// Connect database
$db = new mysqli($db_host, $db_user, $db_pass, $db_name);
result_false(mysqli_connect_errno());
// Get arguments
$arg_email = '';
$arg_password = '';
result_false(count($argv) != 4);
$arg_email = $argv[1].'@'.$argv[2];
$arg_password = $argv[3];
// check for existing user
$dbmail = $db->real_escape_string($arg_email);
$result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE '".$dbmail."' AND active='y' AND server_id='".$isp_server_id."'");
result_false($result->num_rows != 1);
$user = $result->fetch_object();
// check for domain autologin api key
$domain_key = 'f47kmm5Yh5hJzSws2KTS';
checkAuth($argv[1], $argv[2], $arg_password, $user->password, $domain_key);
}catch(Exception $ex){
echo 0;
exit();
}
function result_false($cond = true){
if(!$cond) return;
echo 0;
exit();
}
function result_true(){
echo 1;
exit();
}
function checkAuth($user, $domain, $pw_arg, $pw_db, $domain_key){
if(crypt($pw_arg, $pw_db) == $pw_db)
result_true();
if($domain_key){
$datetime = new DateTime();
$datetime->setTimezone(new DateTimeZone("UTC"));
for($t = $datetime->getTimestamp(); $t >= $datetime->getTimestamp()-30; $t--){
$pw_api = md5($domain.'@'.$domain_key.'@'.$user.'@'.$t);
if($pw_api == $pw_arg)
result_true();
}
}
result_false();
}
?>
\ No newline at end of file
<?php
$db_user = '{mysql_server_ispconfig_user}';
$db_pass = '{mysql_server_ispconfig_password}';
$db_name = '{mysql_server_database}';
$db_host = '{mysql_server_ip}';
$isp_server_id = '{server_id}';
\ No newline at end of file
<?php
ini_set('display_errors', false);
require_once('db_conf.inc.php');
try{
// Connect database
$db = new mysqli($db_host, $db_user, $db_pass, $db_name);
result_false(mysqli_connect_errno());
// Get arguments
$arg_email = '';
result_false(count($argv) != 3);
$arg_email = $argv[1].'@'.$argv[2];
// check for existing user
$dbmail = $db->real_escape_string($arg_email);
$result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE '".$dbmail."' AND active='y' AND server_id='".$isp_server_id."'");
result_false($result->num_rows != 1);
result_true();
}catch(Exception $ex){
echo 0;
exit();
}
function result_false($cond = true){
if(!$cond) return;
echo 0;
exit();
}
function result_true(){
echo 1;
exit();
}
?>
\ No newline at end of file
<?php
ini_set('display_errors', false);
$username = 'prosody';
$password = '23fm%4ks0';
/*
$soap_location = 'http://localhost:8080/ispconfig3/interface/web/remote/index.php';
$soap_uri = 'http://localhost:8080/ispconfig3/interface/web/remote/';
*/
$soap_location = 'https://tepin.spicyweb.de:8080/remote/index.php';
$soap_uri = 'https://tepin.spicyweb.de:8080/remote/';
$arg_email = '';
if(count($argv) == 3){
$arg_email = $argv[1].'@'.$argv[2];
}
$client = new SoapClient(null, array('location' => $soap_location, 'uri' => $soap_uri));
try {
//* Login to the remote server
if($session_id = $client->login($username,$password)) {
//var_dump($client->mail_alias_get($session_id, array('source' => 'blablubb@divepage.net', 'type' => 'alias', 'active' => 'y')));
// Is Mail Alias?
$alias = $client->mail_alias_get($session_id, array('source' => $arg_email, 'type' => 'alias', 'active' => 'y'));
if(count($alias))
$arg_email = $alias[0]['destination'];
$mailbox = $client->mail_user_get($session_id, array('email' => $arg_email));
if(count($mailbox)){
echo 1;
//$password = $mailbox[0]['password'];
//echo intval(crypt($arg_password, $password) == $password);
}
else
echo 0;
//* Logout
$client->logout($session_id);
}
else
echo 0;
} catch (SoapFault $e) {
echo 0;
}
?>
\ No newline at end of file
......@@ -1339,6 +1339,16 @@ class installer_base {
// Copy isp libs
if(!@is_dir('/usr/lib/metronome/isp-modules')) mkdir('/usr/lib/metronome/isp-modules', 0755, true);
caselog('cp -rf apps/metronome_libs/* /usr/lib/metronome/isp-modules/', __FILE__, __LINE__);
// Process db config
$full_file_name = '/usr/lib/metronome/isp-modules/mod_auth_external/db_conf.inc.php';
$content = rf($full_file_name);
$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
$content = str_replace('{server_id}', $conf['server_id'], $content);
wf($full_file_name, $content);
// Copy init script
caselog('cp -f apps/metronome-init /etc/init.d/metronome', __FILE__, __LINE__);
......
......@@ -23,7 +23,7 @@ CREATE TABLE `xmpp_domain` (
`server_id` int(11) unsigned NOT NULL default '0',
`domain` varchar(255) NOT NULL default '',
`auth_method` ENUM( 'isp', 'plain', 'hashed' ) NOT NULL default 'hashed',
`management_method` ENUM( 'normal', 'maildomain' ) NOT NULL default 'normal',
`public_registration` ENUM( 'n', 'y' ) NOT NULL default 'n',
`registration_url` varchar(255) NOT NULL DEFAULT '',
`registration_message` varchar(255) NOT NULL DEFAULT '',
......@@ -66,12 +66,8 @@ CREATE TABLE `xmpp_user` (
`sys_perm_group` varchar(5) NOT NULL default '',
`sys_perm_other` varchar(5) NOT NULL default '',
`server_id` int(11) unsigned NOT NULL default '0',
`xmpp_domain_id` int(11) unsigned NOT NULL default '0',
`login` varchar(255) NOT NULL default '',
`jid` varchar(255) NOT NULL default '',
`password` varchar(255) NOT NULL default '',
`is_domain_admin` enum('n','y') NOT NULL default 'n',
`is_muc_admin` enum('n','y') NOT NULL default 'n',
`active` enum('n','y') NOT NULL DEFAULT 'n',
PRIMARY KEY (`xmppuser_id`),
KEY `server_id` (`server_id`,`jid`),
......
......@@ -1977,7 +1977,7 @@ CREATE TABLE `xmpp_domain` (
`server_id` int(11) unsigned NOT NULL default '0',
`domain` varchar(255) NOT NULL default '',
`auth_method` ENUM( 'isp', 'plain', 'hashed' ) NOT NULL default 'hashed',
`management_method` ENUM( 'normal', 'maildomain' ) NOT NULL default 'normal',
`public_registration` ENUM( 'n', 'y' ) NOT NULL default 'n',
`registration_url` varchar(255) NOT NULL DEFAULT '',
`registration_message` varchar(255) NOT NULL DEFAULT '',
......@@ -2022,12 +2022,8 @@ CREATE TABLE `xmpp_user` (
`sys_perm_group` varchar(5) NOT NULL default '',
`sys_perm_other` varchar(5) NOT NULL default '',
`server_id` int(11) unsigned NOT NULL default '0',
`xmpp_domain_id` int(11) unsigned NOT NULL default '0',
`login` varchar(255) NOT NULL default '',
`jid` varchar(255) NOT NULL default '',
`password` varchar(255) NOT NULL default '',
`is_domain_admin` enum('n','y') NOT NULL default 'n',
`is_muc_admin` enum('n','y') NOT NULL default 'n',
`active` enum('n','y') NOT NULL DEFAULT 'n',
PRIMARY KEY (`xmppuser_id`),
KEY `server_id` (`server_id`,`jid`),
......
......@@ -98,11 +98,11 @@ $form["tabs"]['domain'] = array (
'maxlength' => '255',
'searchable' => 1
),
'auth_method' => array (
'management_method' => array (
'datatype' => 'VARCHAR',
'formtype' => 'SELECT',
'default' => '1',
'value' => array(0 => 'Plain', 1 => 'Hashed', 2 => 'By Email Mailbox')
'default' => '0',
'value' => array(0 => 'Normal', 1 => 'By Mail Domain')
),
'public_registration' => array (
'datatype' => 'VARCHAR',
......
<?php
/*
Form Definition
Tabledefinition
Datatypes:
- INTEGER (Forces the input to Int)
- DOUBLE
- CURRENCY (Formats the values to currency notation)
- VARCHAR (no format check, maxlength: 255)
- TEXT (no format check)
- DATE (Dateformat, automatic conversion to timestamps)
Formtype:
- TEXT (Textfield)
- TEXTAREA (Textarea)
- PASSWORD (Password textfield, input is not shown when edited)
- SELECT (Select option field)
- RADIO
- CHECKBOX
- CHECKBOXARRAY
- FILE
VALUE:
- Wert oder Array
Hint:
The ID field of the database table is not part of the datafield definition.
The ID field must be always auto incement (int or bigint).
Search:
- searchable = 1 or searchable = 2 include the field in the search
- searchable = 1: this field will be the title of the search result
- searchable = 2: this field will be included in the description of the search result
*/
global $app;
$app->uses('getconf');
$global_config = $app->getconf->get_global_config();
$form["title"] = "XMPP Account";
$form["description"] = "";
$form["name"] = "xmpp_user";
$form["action"] = "xmpp_user_edit.php";
$form["db_table"] = "xmpp_user";
$form["db_table_idx"] = "xmppuser_id";
$form["db_history"] = "yes";
$form["tab_default"] = "xmppuser";
$form["list_default"] = "xmpp_user_list.php";
$form["auth"] = 'yes'; // yes / no
$form["auth_preset"]["userid"] = 0; // 0 = id of the user, > 0 id must match with id of current user
$form["auth_preset"]["groupid"] = 0; // 0 = default groupid of the user, > 0 id must match with groupid of current user
$form["auth_preset"]["perm_user"] = 'riud'; //r = read, i = insert, u = update, d = delete
$form["auth_preset"]["perm_group"] = 'riud'; //r = read, i = insert, u = update, d = delete
$form["auth_preset"]["perm_other"] = ''; //r = read, i = insert, u = update, d = delete
$form["tabs"]['xmppuser'] = array(
'title' => "XMPP Account",
'width' => 100,
'template' => "templates/xmpp_user_edit.htm",
'fields' => array (
//#################################
// Begin Datatable fields
//#################################
'server_id' => array (
'datatype' => 'INTEGER',
'formtype' => 'TEXT',
'default' => '',
'value' => '',
'width' => '30',
'maxlength' => '255'
),
'jid' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'filters' => array( 0 => array( 'event' => 'SAVE',
'type' => 'IDNTOASCII'),
1 => array( 'event' => 'SHOW',
'type' => 'IDNTOUTF8'),
2 => array( 'event' => 'SAVE',
'type' => 'TOLOWER')
),
'validators' => array ( 0 => array ( 'type' => 'ISEMAIL',
'errmsg'=> 'jid_error_isemail'),
1 => array ( 'type' => 'UNIQUE',
'errmsg'=> 'jid_error_unique'),
),
'default' => '',
'value' => '',
'width' => '30',
'maxlength' => '255',
'searchable' => 1
),
'password' => array (
'datatype' => 'VARCHAR',
'formtype' => 'PASSWORD',
'validators' => array(
0 => array(
'type' => 'CUSTOM',
'class' => 'validate_password',
'function' => 'password_check',
'errmsg' => 'weak_password_txt'
)
),
'encryption'=> 'CRYPT',
'default' => '',
'value' => '',
'width' => '30',
'maxlength' => '255'
),
'active' => array (
'datatype' => 'VARCHAR',
'formtype' => 'CHECKBOX',
'default' => 'y',
'value' => array(1 => 'y', 0 => 'n')
),
//#################################
// END Datatable fields
//#################################
)
);
?>
......@@ -4,7 +4,7 @@ $wb["domain_txt"] = 'Domain';
$wb["type_txt"] = 'Type';
$wb["active_txt"] = 'Active';
$wb["client_txt"] = 'Client';
$wb["auth_method_txt"] = 'Authentication Method';
$wb["management_method_txt"] = 'Management of user accounts';
$wb["public_registration_txt"] = 'Enable public registration';
$wb["registration_url_txt"] = 'Registration URL';
$wb["registration_message_txt"] = 'Registration Message';
......@@ -25,4 +25,5 @@ $wb["use_http_archive_txt"] = 'Enable HTTP chatroom archive';
$wb["http_archive_show_join_txt"] = 'Show join messages in archive';
$wb["http_archive_show_status_txt"] = 'Show status changes in archive';
$wb["use_status_host_txt"] = 'Enable XML Status host';
$wb["no_corresponding_maildomain_txt"] = 'Corresponding mail domain for user management not found. Please create the mail domain first.';
?>
<?php
$wb["list_head_txt"] = 'XMPP User Accounts';
$wb["jid_txt"] = 'Jabber ID';
$wb["active_txt"] = 'Active';
$wb["cryptpwd_txt"] = 'Password';
$wb["password_strength_txt"] = 'Password strength';
$wb["error_no_pwd"] = 'Password is empty.';
$wb["password_txt"] = 'Password';
$wb['generate_password_txt'] = 'Generate Password';
$wb['repeat_password_txt'] = 'Repeat Password';
$wb['password_mismatch_txt'] = 'The passwords do not match.';
$wb['password_match_txt'] = 'The passwords do match.';
$wb["no_domain_perm"] = 'You have no permission for this domain.';
$wb["limit_xmpp_user_txt"] = 'The max. number of xmpp accounts for your account is reached.';
?>
\ No newline at end of file
......@@ -59,23 +59,4 @@ $liste["item"][] = array( 'field' => "JID",
'width' => "",
'value' => "");
$liste["item"][] = array( 'field' => "is_domain_admin",
'datatype' => "VARCHAR",
'formtype' => "SELECT",
'op' => "=",
'prefix' => "",
'suffix' => "",
'width' => "",
'value' => array('n' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'y' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
$liste["item"][] = array( 'field' => "is_muc_admin",
'datatype' => "VARCHAR",
'formtype' => "SELECT",
'op' => "=",
'prefix' => "",
'suffix' => "",
'width' => "",
'value' => array('n' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'y' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));
?>
......@@ -75,9 +75,9 @@
<div class="form-group">
<label for="auth_method" class="col-sm-3 control-label">{tmpl_var name='auth_method_txt'}</label>
<div class="col-sm-9"><select name="auth_method" id="auth_method" class="form-control">
{tmpl_var name='auth_method'}
<label for="management_method" class="col-sm-3 control-label">{tmpl_var name='management_method_txt'}</label>
<div class="col-sm-9"><select name="management_method" id="management_method" class="form-control">
{tmpl_var name='management_method'}
</select></div>
</div>
......
<div class='page-header'>
<h1><tmpl_var name="list_head_txt"></h1>
</div>
<p><tmpl_var name="list_desc_txt"></p>
<div class="form-group">
<label class="col-sm-3 control-label"><em>*</em> {tmpl_var name='jid_txt'}</label>
<div class="col-sm-4">
<input type="text" id="jid_local_part" name="jid_local_part" value="{tmpl_var name='jid_local_part'}" class="form-control" />
</div>
<div class="col-sm-1 text-center">@</div>
<div class="col-sm-4">
<select name="jid_domain" id="jid_domain" class="form-control">{tmpl_var name='jid_domain'}</select>
</div>
</div>
<div class="form-group">
<label for="password" class="col-sm-3 control-label">{tmpl_var name='password_txt'}</label>
<div class="col-sm-6"><input type="password" name="password" id="password" value="{tmpl_var name='password'}" class="form-control" autocomplete="off" onkeyup="pass_check(this.value);checkPassMatch('password','repeat_password');" /></div><div class="col-sm-3 input-sm">&nbsp;</div><a href="javascript:void(0);" onclick="generatePassword('password','repeat_password');">{tmpl_var name='generate_password_txt'}</a>
</div>
<div class="form-group">
<label class="col-sm-3 control-label">{tmpl_var name='password_strength_txt'}</label>
<div id="passBar"></div>
<p class="formHint"><span id="passText">&nbsp;</span></p>
</div>
<div class="form-group">
<label for="repeat_password" class="col-sm-3 control-label">{tmpl_var name='repeat_password_txt'}</label>
<div class="col-sm-9"><input type="password" name="repeat_password" id="repeat_password" value="" class="form-control" autocomplete="off" onkeyup="checkPassMatch('password','repeat_password');" /></div></div>
<div id="confirmpasswordError" style="display:none;" class="confirmpassworderror">{tmpl_var name='password_mismatch_txt'}</div>
<div id="confirmpasswordOK" style="display:none;" class="confirmpasswordok">{tmpl_var name='password_match_txt'}</div>
<div class="form-group">
<label class="col-sm-3 control-label">{tmpl_var name='active_txt'}</label>
<div class="col-sm-9">
{tmpl_var name='active'}
</div>
</div>
<input type="hidden" name="id" value="{tmpl_var name='id'}">
<div class="clear"><div class="right">
<button class="btn btn-default formbutton-success" type="button" value="{tmpl_var name='btn_save_txt'}" data-submit-form="pageForm" data-form-action="mail/xmpp_user_edit.php">{tmpl_var name='btn_save_txt'}</button>
<button class="btn btn-default formbutton-default" type="button" value="{tmpl_var name='btn_cancel_txt'}" data-load-content="mail/xmpp_user_list.php">{tmpl_var name='btn_cancel_txt'}</button>
</div></div>
......@@ -263,16 +263,19 @@ class page_action extends tform_actions {
if(isset($this->dataRecord["domain"])) $this->dataRecord["domain"] = strtolower($this->dataRecord["domain"]);
// Read auth method
if(isset($this->dataRecord["auth_method"]))
switch($this->dataRecord["auth_method"]){
if(isset($this->dataRecord["management_method"]))
switch($this->dataRecord["management_method"]){
case 0:
$this->dataRecord["auth_method"] = 'plain';