ejabber users from postfixadmin (python,mysql,md5crypt)

So Im running my emails with postfix and have postfix admin to manager my users and domains. But now it should be nice to have i jabber server running and to have the same user and password for both email and jabber.

Ejabber support custom auth plugins and with some python i now have a working plugin.

 

First install python packages

yum install MySQL-python
yum install python-passlib

 

Add this script to you ejabber folder

#!/usr/bin/python
import os 
import datetime
import sys, logging, struct, hashlib, MySQLdb
from passlib.hash import *
from passlib.hash import md5_crypt
from struct import *
########################################################################
#DB Settings
#Just put your settings here.
########################################################################
db_name="mail"
db_user="root"
db_pass="password"
db_host="localhost"
db_table="mailbox"
db_username_field="username"
db_password_field="password"
try:
database=MySQLdb.connect(db_host, db_user, db_pass, db_name)
except:
logging.debug("Unable to initialize database, check settings!")
dbcur=database.cursor()
def log(string):
with open('/var/log/ejabberd/sso-auth.log', 'a') as f:
f.write(str(datetime.datetime.now()) + ': ' + string + '\n')
def from_ejabberd():
input_length = sys.stdin.read(2)
(size,) = unpack('>h', input_length)
input = sys.stdin.read(size)
return input.split(':')
def to_ejabberd(bool):
answer = 0
if bool:
answer = 1
token = pack('>hh', 2, answer)
log('writing token ' + str(token) + ' to stdout')
sys.stdout.write(token)
sys.stdout.flush()
def auth(username, server, password):
log('doing auth:' + username + ':' + server + ':' + "********")
dbcur.execute("SELECT %s,%s FROM %s WHERE %s ='%s@%s'"%(db_username_field,db_password_field , db_table, db_username_field, username,server))
data=dbcur.fetchone()
out=False #defaut to O preventing mistake
if data==None:
out=False
#logging.debug("Wrong username: %s"%(in_user))
if username+"@"+server==data[0]:
if md5_crypt.verify(password, data[1]):
log("Inlogged")
out=True
else:
log("Wrong password for user: %s"%(in_user))
out=False
else:
log("Sending false from auth")
out=False
return out
def isuser(username, server):
dbcur.execute("SELECT %s,%s FROM %s WHERE %s ='%s@%s'"%(db_username_field,db_password_field , db_table, db_username_field, username,server))
data=dbcur.fetchone() 
out=False #defaut to O preventing mistake
if data==None:
out=False
log("Wrong username: %s"%(in_user))
if username+"@"+server==data[0]:
log("Is user")
out=True
return out
def setpass(username, server, password):
return False
while True:
data = from_ejabberd()
success = False
if data[0] == "auth":
success = auth(data[1], data[2], data[3])
elif data[0] == "isuser":
success = isuser(data[1], data[2])
elif data[0] == "setpass":
success = setpass(data[1], data[2], data[3])
to_ejabberd(success)

 

Make your script user ejabberd user and group and execute

chown ejabberd:ejabberd /etc/ejabberd/auth/check_mysql_python.py
chmod 775 /etc/ejabberd/auth/check_mysql_python.py

And at last the following to ejbber to use the script

{auth_method, external}.
{extauth_program, "/etc/ejabberd/auth/check_mysql_python.py"}.

Links and readmore

http://pythonhosted.org/passlib/lib/passlib.hash.md5_crypt.html

http://stackoverflow.com/questions/4070601/use-python-to-create-compatible-ldap-password-md5crypt-on-windows

http://www.ejabberd.im/check_mysql_python

http://www.ejabberd.im/extauth

Leave a Reply

%d bloggers like this: