So Im running my emails with postfix and have postfix admin to manager my users and domains. But now it should be nice to have i jabber server running and to have the same user and password for both email and jabber.
Ejabber support custom auth plugins and with some python i now have a working plugin.
yum install MySQL-python yum install python-passlib
Add this script to you ejabber folder
#!/usr/bin/python
import os import datetime import sys, logging, struct, hashlib, MySQLdb from passlib.hash import * from passlib.hash import md5_crypt from struct import *
######################################################################## #DB Settings #Just put your settings here. ######################################################################## db_name="mail" db_user="root" db_pass="password" db_host="localhost" db_table="mailbox" db_username_field="username" db_password_field="password"
try: database=MySQLdb.connect(db_host, db_user, db_pass, db_name) except: logging.debug("Unable to initialize database, check settings!") dbcur=database.cursor()
def log(string): with open('/var/log/ejabberd/sso-auth.log', 'a') as f: f.write(str(datetime.datetime.now()) + ': ' + string + '\n')
def from_ejabberd(): input_length = sys.stdin.read(2) (size,) = unpack('>h', input_length) input = sys.stdin.read(size) return input.split(':')
def to_ejabberd(bool): answer = 0 if bool: answer = 1 token = pack('>hh', 2, answer) log('writing token ' + str(token) + ' to stdout') sys.stdout.write(token) sys.stdout.flush()
def auth(username, server, password): log('doing auth:' + username + ':' + server + ':' + "********") dbcur.execute("SELECT %s,%s FROM %s WHERE %s ='%s@%s'"%(db_username_field,db_password_field , db_table, db_username_field, username,server)) data=dbcur.fetchone() out=False #defaut to O preventing mistake if data==None: out=False #logging.debug("Wrong username: %s"%(in_user)) if username+"@"+server==data[0]: if md5_crypt.verify(password, data[1]): log("Inlogged") out=True else: log("Wrong password for user: %s"%(in_user)) out=False else: log("Sending false from auth") out=False return out
def isuser(username, server): dbcur.execute("SELECT %s,%s FROM %s WHERE %s ='%s@%s'"%(db_username_field,db_password_field , db_table, db_username_field, username,server)) data=dbcur.fetchone() out=False #defaut to O preventing mistake if data==None: out=False log("Wrong username: %s"%(in_user)) if username+"@"+server==data[0]: log("Is user") out=True return out
def setpass(username, server, password): return False
while True: data = from_ejabberd() success = False if data[0] == "auth": success = auth(data[1], data[2], data[3]) elif data[0] == "isuser": success = isuser(data[1], data[2]) elif data[0] == "setpass": success = setpass(data[1], data[2], data[3]) to_ejabberd(success)
Make your script user ejabberd user and group and execute
chown ejabberd:ejabberd /etc/ejabberd/auth/check_mysql_python.py chmod 775 /etc/ejabberd/auth/check_mysql_python.py
And at last the following to ejbber to use the script
{auth_method, external}. {extauth_program, "/etc/ejabberd/auth/check_mysql_python.py"}.
Links and readmore
http://pythonhosted.org/passlib/lib/passlib.hash.md5_crypt.html