From e4ce383f2ff6a4882f4bf1973dd973999f94720d Mon Sep 17 00:00:00 2001 From: Michael Vogel Date: Sat, 22 Jun 2013 17:34:52 +0200 Subject: [PATCH] It's now possible to authenticate an ejabberd server against friendica. See auth_ejabberd.php for details how to install. --- include/auth_ejabberd.php | 208 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 208 insertions(+) create mode 100755 include/auth_ejabberd.php diff --git a/include/auth_ejabberd.php b/include/auth_ejabberd.php new file mode 100755 index 0000000000..8b18a02c58 --- /dev/null +++ b/include/auth_ejabberd.php @@ -0,0 +1,208 @@ +#!/usr/bin/php + + * modified for Friendica by Michael Vogel + * published under GPL + * + * Latest version of the original script for joomla is available at: + * http://87.230.15.86/~dado/ejabberd/joomla-login + * + * Installation: + * + * - Change it's owner to whichever user is running the server, ie. ejabberd + * $ chown ejabberd:ejabberd /path/to/friendica/include/auth_ejabberd.php + * + * - Change the access mode so it is readable only to the user ejabberd and has exec + * $ chmod 700 /path/to/friendica/include/auth_ejabberd.php + * + * - Edit your ejabberd.cfg file, comment out your auth_method and add: + * {auth_method, external}. + * {extauth_program, "/path/to/friendica/include/auth_ejabberd.php"}. + * + * - Restart your ejabberd service, you should be able to login with your friendica auth info + * + * Other hints: + * - if your users have a space or a @ in their nickname, they'll run into trouble + * registering with any client so they should be instructed to replace these chars + * " " (space) is replaced with "%20" + * "@" is replaced with "(a)" + * + */ + +if (sizeof($_SERVER["argv"]) == 0) + die(); + +$directory = dirname($_SERVER["argv"][0]); + +if (substr($directory, 0, 1) != "/") + $directory = $_SERVER["PWD"]."/".$directory; + +$directory = realpath($directory."/.."); + +chdir($directory); +require_once("boot.php"); + +global $a, $db; + +if(is_null($a)) { + $a = new App; +} + +if(is_null($db)) { + @include(".htconfig.php"); + require_once("include/dba.php"); + $db = new dba($db_host, $db_user, $db_pass, $db_data); + unset($db_host, $db_user, $db_pass, $db_data); +}; + +// the logfile to which to write, should be writeable by the user which is running the server +$sLogFile = get_config('jabber','logfile'); + +// set true to debug if needed +$bDebug = get_config('jabber','debug'); + +$oAuth = new exAuth($sLogFile, $bDebug); + +class exAuth +{ + private $sLogFile; + private $bDebug; + + private $rLogFile; + + public function __construct($sLogFile, $bDebug) + { + global $db; + + // setter + $this->sLogFile = $sLogFile; + $this->bDebug = $bDebug; + + // ovo ne provjeravamo jer ako ne mozes kreirati log file, onda si u kvascu :) + if ($this->sLogFile != '') + $this->rLogFile = fopen($this->sLogFile, "a") or die("Error opening log file: ". $this->sLogFile); + + $this->writeLog("[exAuth] start"); + + // ovdje bi trebali biti spojeni na MySQL, imati otvoren log i zavrtit cekalicu + do { + $iHeader = fgets(STDIN, 3); + $aLength = unpack("n", $iHeader); + $iLength = $aLength["1"]; + if($iLength > 0) { + // ovo znaci da smo nesto dobili + $sData = fgets(STDIN, $iLength + 1); + $this->writeDebugLog("[debug] received data: ". $sData); + $aCommand = explode(":", $sData); + if (is_array($aCommand)){ + switch ($aCommand[0]){ + case "isuser": + // provjeravamo je li korisnik dobar + if (!isset($aCommand[1])){ + $this->writeLog("[exAuth] invalid isuser command, no username given"); + fwrite(STDOUT, pack("nn", 2, 0)); + } else { + // ovdje provjeri je li korisnik OK + $sUser = str_replace(array("%20", "(a)"), array(" ", "@"), $aCommand[1]); + $this->writeDebugLog("[debug] checking isuser for ". $sUser); + $sQuery = "select * from user where nickname='". $db->escape($sUser) ."'"; + $this->writeDebugLog("[debug] using query ". $sQuery); + if ($oResult = q($sQuery)){ + if ($oResult) { + // korisnik OK + $this->writeLog("[exAuth] valid user: ". $sUser); + fwrite(STDOUT, pack("nn", 2, 1)); + } else { + // korisnik nije OK + $this->writeLog("[exAuth] invalid user: ". $sUser); + fwrite(STDOUT, pack("nn", 2, 0)); + } + $oResult->close(); + } else { + $this->writeLog("[MySQL] invalid query: ". $sQuery); + fwrite(STDOUT, pack("nn", 2, 0)); + } + } + break; + case "auth": + // provjeravamo autentifikaciju korisnika + if (sizeof($aCommand) != 4){ + $this->writeLog("[exAuth] invalid auth command, data missing"); + fwrite(STDOUT, pack("nn", 2, 0)); + } else { + // ovdje provjeri prijavu + $sUser = str_replace(array("%20", "(a)"), array(" ", "@"), $aCommand[1]); + $this->writeDebugLog("[debug] doing auth for ". $sUser); + $sQuery = "select * from user where password='".hash('whirlpool',$aCommand[3])."' and nickname='". $db->escape($sUser) ."'"; + $this->writeDebugLog("[debug] using query ". $sQuery); + if ($oResult = q($sQuery)){ + if ($oResult) { + // korisnik OK + $this->writeLog("[exAuth] authentificated user ". $sUser ."@". $aCommand[2]); + fwrite(STDOUT, pack("nn", 2, 1)); + } else { + // korisnik nije OK + $this->writeLog("[exAuth] authentification failed for user ". $sUser ."@". $aCommand[2]); + fwrite(STDOUT, pack("nn", 2, 0)); + } + $oResult->close(); + } else { + $this->writeLog("[MySQL] invalid query: ". $sQuery); + fwrite(STDOUT, pack("nn", 2, 0)); + } + } + break; + case "setpass": + // postavljanje zaporke, onemoguceno + $this->writeLog("[exAuth] setpass command disabled"); + fwrite(STDOUT, pack("nn", 2, 0)); + break; + default: + // ako je uhvaceno ista drugo + $this->writeLog("[exAuth] unknown command ". $aCommand[0]); + fwrite(STDOUT, pack("nn", 2, 0)); + break; + } + } else { + $this->writeDebugLog("[debug] invalid command string"); + fwrite(STDOUT, pack("nn", 2, 0)); + } + } + unset ($iHeader); + unset ($aLength); + unset ($iLength); + unset($aCommand); + } while (true); + } + + public function __destruct() + { + // zatvori log file + $this->writeLog("[exAuth] stop"); + + if (is_resource($this->rLogFile)){ + fclose($this->rLogFile); + } + } + + private function writeLog($sMessage) + { + if (is_resource($this->rLogFile)) { + fwrite($this->rLogFile, date("r") ." ". $sMessage ."\n"); + } + } + + private function writeDebugLog($sMessage) + { + if ($this->bDebug){ + $this->writeLog($sMessage); + } + } + +} +?> + +