From e3afa2fe2dadb0450e723a94e30043a03ce9148e Mon Sep 17 00:00:00 2001 From: Andrew Engelbrecht Date: Tue, 25 Oct 2016 17:18:34 -0400 Subject: [PATCH 1/3] various whitespace cleanups --- auth_mysql.py | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/auth_mysql.py b/auth_mysql.py index ca44a07..1cc112c 100755 --- a/auth_mysql.py +++ b/auth_mysql.py @@ -77,7 +77,7 @@ def ejabberd_in(): logging.debug("trying to read 2 bytes from ejabberd:") input_length = sys.stdin.read(2) - + if len(input_length) is not 2: logging.debug("ejabberd sent us wrong things!") raise EjabberdInputError('Wrong input from ejabberd!') @@ -95,11 +95,11 @@ def ejabberd_in(): def ejabberd_out(bool): logging.debug("Ejabberd gets: %s" % bool) - + token = genanswer(bool) - + logging.debug("sent bytes: %#x %#x %#x %#x" % (ord(token[0]), ord(token[1]), ord(token[2]), ord(token[3]))) - + sys.stdout.write(token) sys.stdout.flush() @@ -154,7 +154,7 @@ def auth(user, host, password): def setpass(user, host, password): if db_query_setpass == "": return False - + database.ping(True) with database as dbcur: dbcur.execute(db_query_setpass, {"user": user, "host": host, "password": password_hash(password)}) @@ -168,11 +168,11 @@ def setpass(user, host, password): def tryregister(user, host, password): if db_query_register == "": return False - + if isuser(user, host): logging.info("Could not register user %s@%s as it already exists." % (user, host)) return False - + database.ping(True) with database as dbcur: dbcur.execute(db_query_register, {"user": user, "host": host, "password": password_hash(password)}) @@ -196,7 +196,7 @@ def removeuser(user, host): def removeuser3(user, host, password): if db_query_unregister == "": return False - + return auth(user, host, password) and removeuser(user, host) @@ -208,17 +208,17 @@ def removeuser3(user, host, password): while True: logging.debug("start of infinite loop") - - try: + + try: ejab_request = ejabberd_in() except EOFError: break except Exception as e: logging.exception("Exception occured while reading stdin") raise - + logging.debug('operation: %s' % (":".join(ejab_request))) - + op_result = False try: if ejab_request[0] == "auth": @@ -235,11 +235,11 @@ def removeuser3(user, host, password): op_result = removeuser3(ejab_request[1], ejab_request[2], ejab_request[3]) except Exception: logging.exception("Exception occured") - + ejabberd_out(op_result) logging.debug("successful" if op_result else "unsuccessful") - + logging.debug("end of infinite loop") logging.info('extauth script terminating') database.close() -sys.exit(exitcode) \ No newline at end of file +sys.exit(exitcode) From 3bf855f635b056cdbcacfcf252df45697d42ebbe Mon Sep 17 00:00:00 2001 From: Andrew Engelbrecht Date: Sun, 18 Dec 2016 19:26:55 -0500 Subject: [PATCH 2/3] Don't hammer db when the connection fails This should avoid accidental DoSing of the MySQL database server. --- auth_mysql.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/auth_mysql.py b/auth_mysql.py index 1cc112c..9a65917 100755 --- a/auth_mysql.py +++ b/auth_mysql.py @@ -40,7 +40,7 @@ #Setup ######################################################################## -import sys, logging, struct, hashlib, MySQLdb, crypt, random, atexit +import sys, logging, struct, hashlib, MySQLdb, crypt, random, atexit, time sys.stderr = open('/var/log/ejabberd/extauth_err.log', 'a') logging.basicConfig(level=logging.INFO, @@ -54,6 +54,7 @@ database=MySQLdb.connect(db_host, db_user, db_pass, db_name) except: logging.debug("Unable to initialize database, check settings!") + time.sleep(10) sys.exit(1) @atexit.register From 1028ecf7bcb7d4e1cd05d8ab8480d916d1dfbe5c Mon Sep 17 00:00:00 2001 From: Andrew Engelbrecht Date: Sun, 18 Dec 2016 19:28:55 -0500 Subject: [PATCH 3/3] Don't filter db connection failure in quiet logs The user should know about the connection error even if they don't want "debug" or "info" level information in their extauth log. --- auth_mysql.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth_mysql.py b/auth_mysql.py index 9a65917..a22d37d 100755 --- a/auth_mysql.py +++ b/auth_mysql.py @@ -53,7 +53,7 @@ try: database=MySQLdb.connect(db_host, db_user, db_pass, db_name) except: - logging.debug("Unable to initialize database, check settings!") + logging.error("Unable to initialize database, check settings!") time.sleep(10) sys.exit(1)