From 841bcac241bac980d5e943793ffda3372d7f8f82 Mon Sep 17 00:00:00 2001
From: Christoph Burschka
Date: Thu, 16 Jan 2014 19:34:39 +0100
Subject: Big multiple-plugins patch (fixes #2).

---
 config.sample.php                 | 76 ++++++++++++++++++++++++++-------------
 core/EjabberdAuth.php             | 49 +++++++++++++++----------
 core/EjabberdAuthBridge.php       |  3 --
 main.php                          | 27 +++++++-------
 plugins/session/BridgeSession.php | 17 ---------
 plugins/session/config.sample.php | 17 +++++++++
 plugins/session/main.php          | 21 +++++------
 plugins/session/session.module    |  9 ++---
 8 files changed, 129 insertions(+), 90 deletions(-)
 create mode 100644 plugins/session/config.sample.php

diff --git a/config.sample.php b/config.sample.php
index 14c6153..59e0613 100644
--- a/config.sample.php
+++ b/config.sample.php
@@ -1,28 +1,54 @@
 <?php
 
-/* copy this file to config.php */
+/**
+ * config.php
+ *
+ * Configure the Bridge plugins used by this authentication system.
+ *
+ * Example 1: Use a Drupal 8 site for all hosts.
+ *
+ * $config['*'][0] = [
+ *   'plugin' => 'drupal8',
+ *   'config' => [
+ *     'root_path' => '/path/to/drupal8',
+ *     'site' => 'default',
+ *   ],
+ * ];
+ *
+ * Example 2: Add a phpBB and MediaWiki subdomain (exact match):
+ *
+ * $config['forum.example.com'][0] = [
+ *   'plugin' => 'phpbb30',
+ *   'config => ['root_path' => '/path/to/phpbb'],
+ * ];
+ * $config['wiki.example.com'][0] = [
+ *   'plugin' => 'mediawiki',
+ *   'config' => ['root_path' => '/path/to/mediawiki'],
+ * ];
+ *
+ * Example 3: Allow session authentication (see plugins/session/README.md)
+ *
+ * $config['*'][0] = [
+ *   'plugin' => 'phpbb30',
+ *   'config => ['root_path' => '/path/to/phpbb'],
+ * ];
+ * $config['*'][1] = [
+ *   'plugin' => 'session',
+ *   'config' => [
+ *     'mysql' => [
+ *       'dsn' => 'mysql:host=localhost;dbname=DATABASE;charset=utf8',
+ *       'username' => 'USER',
+ *       'password' => 'PASSWORD',
+ *       'table' => 'TABLE',
+ *     ],
+ *     'plugin' => 'phpbb30'
+ *   ],
+ * ];
+ */
 
-$config['plugin'] = '';
-$config['log_path'] = __DIR__ . '/logs/';
-
-$config['phpbb30'] = array(
-  'root_path' => '' /* path to your phpBB30 installation */,
-);
-
-$config['phpbb31'] = array(
-  'root_path' => '' /* path to your phpBB31 installation */,
-);
-
-$config['drupal7'] = array(
-  'root_path' => '' /* path to your Drupal 7 installation */,
-  'site' => 'default' /* site directory */,
-);
-
-$config['drupal8'] = array(
-  'root_path' => '' /* path to your Drupal 8 installation */,
-  'site' => 'default' /* site directory */,
-);
-
-$config['smf2'] = array(
-  'root_path' => '' /* path to your SMF 2.x installation */,
-);
+$config['*'][0] = [
+  'plugin' => '',
+  'config' => [
+    'root_path' => '',
+  ],
+];
diff --git a/core/EjabberdAuth.php b/core/EjabberdAuth.php
index 9160ec5..c3cdff8 100644
--- a/core/EjabberdAuth.php
+++ b/core/EjabberdAuth.php
@@ -7,17 +7,15 @@
 class EjabberdAuth {
   var $running;
 
-  function __construct($config, EjabberdAuthBridge $bridge) {
-    $this->bridge = $bridge;
-    $this->bridge->parent = $this;
-    if (!empty($config['log_path']) && is_dir($config['log_path']) && is_writable($config['log_path'])) {
-      $this->logfile = fopen($config['log_path'] . 'activity-' . date('Y-m-d') . '.log', 'a');
+  function __construct($meta, $bridges) {
+    $this->bridges = $bridges;
+    foreach ($bridges as $domain) foreach ($domain as $bridge) {
+      $bridge->parent = $this;
     }
-    else {
-      $this->logfile = STDERR;
-    }
-    $this->log('Starting...');
-    $this->running = TRUE;
+    if (!empty($meta['log_path']) && is_dir($meta['log_path']) && is_writable($meta['log_path']))
+      $this->logfile = fopen($meta['log_path'] . 'activity-' . date('Y-m-d') . '.log', 'a');
+    else $this->logfile = STDERR;
+    $this->log('Initialized.');
   }
 
   function stop() {
@@ -26,6 +24,8 @@ class EjabberdAuth {
   }
 
   function run() {
+    $this->log('Starting...');
+    $this->running = TRUE;
     while ($this->running) {
       $data = $this->read();
       if ($data) {
@@ -61,18 +61,19 @@ class EjabberdAuth {
   }
 
   function execute($data) {
-    $args = explode(':', $data);
-    $command = array_shift($args);
-    // Only log the username for security.
-    $this->log("Executing $command on {$args[0]}");
+    $args = explode(':', $data . ':::');
+    list($command, $username, $server, $password) = $args;
+
+    // Don't log the password, obviously.
+    $this->log("Executing $command on {$username}@{$server}");
+
+    $domain = array_key_exists($server, $this->bridges) ? $server : '*';
 
     switch ($command) {
       case 'isuser':
-        list($username, $server) = $args;
-        return $this->bridge->isuser($username, $server);
+        return $this->isuser($domain, $username, $server);
       case 'auth':
-        list($username, $server, $password) = $args;
-        return $this->bridge->auth($username, $server, $password);
+        return $this->auth($domain, $username, $server, $password);
       case 'setpass':
       case 'tryregister':
       case 'removeuser':
@@ -82,4 +83,16 @@ class EjabberdAuth {
         $this->stop();
     }
   }
+
+  function isuser($domain, $username, $server) {
+    foreach ($this->bridges[$domain] as $bridge)
+      if ($bridge->isuser($username, $server)) return TRUE;
+    return FALSE;
+  }
+
+  function auth($domain, $username, $server, $password) {
+    foreach ($this->bridges[$domain] as $bridge)
+      if ($bridge->auth($username, $server, $password)) return TRUE;
+    return FALSE;
+  }
 }
diff --git a/core/EjabberdAuthBridge.php b/core/EjabberdAuthBridge.php
index 68a9a25..e77a67d 100644
--- a/core/EjabberdAuthBridge.php
+++ b/core/EjabberdAuthBridge.php
@@ -6,7 +6,4 @@
 abstract class EjabberdAuthBridge {
   abstract function isuser($username, $server);
   abstract function auth($username, $server, $password);
-  abstract function setpass($username, $server, $password);
-  abstract function tryregister($username, $server, $password);
-  abstract function removeuser($username, $server);
 }
diff --git a/main.php b/main.php
index f9c5b83..57e20eb 100755
--- a/main.php
+++ b/main.php
@@ -9,19 +9,20 @@ main();
 
 function main() {
   require_once ROOT . 'config.php';
-  if (!empty($config['plugin']) && !empty($config[$config['plugin']])) {
-    $plugin_file = 'plugins/' . $config['plugin'] . '/' . $config['plugin'] . '.module';
-    if (file_exists(ROOT . $plugin_file)) {
-      require_once ROOT . $plugin_file;
-      $function = $config['plugin'] . '_init';
-      $auth = new EjabberdAuth($config, $function($config[$config['plugin']]));
-      $auth->run();
+  $bridges = [];
+  foreach ($config as $domain => $plugins) {
+    $bridges[$domain] = [];
+    foreach ($plugins as $settings) {
+      $plugin_file = 'plugins/' . $settings['plugin'] . '/' . $settings['plugin'] . '.module';
+      if (file_exists(ROOT . $plugin_file)) {
+        require_once ROOT . $plugin_file;
+        $function = $settings['plugin'] . '_init';
+        $bridges[$domain][] = $function($settings['config']);
+      }
+      else {
+        return fwrite(STDERR, "Plugin <{$plugin_file}> not found.\n");
+      }
     }
-    else {
-      fwrite(STDERR, "Plugin <{$plugin_file}> not found.\n");
-    }
-  }
-  else {
-    fwrite(STDERR, 'Incomplete configuration: $config[\'plugin\'] must be set to <name>, and $config[<name>] populated.' . "\n");
   }
+  (new EjabberdAuth($meta, $bridges))->run();
 }
diff --git a/plugins/session/BridgeSession.php b/plugins/session/BridgeSession.php
index 58e2208..d9c3afc 100644
--- a/plugins/session/BridgeSession.php
+++ b/plugins/session/BridgeSession.php
@@ -11,11 +11,6 @@ class BridgeSession extends EjabberdAuthBridge {
     $this->_isuser = $this->db->prepare(sprintf('SELECT COUNT(*) FROM `%s` WHERE `username` = :user AND `created` >= :limit;', $this->table));
     $this->_auth = $this->db->prepare(sprintf('DELETE FROM `%s` WHERE `username` = :user AND `secret` = :secret AND `created` >= :limit;', $this->table));
     $this->_prune = $this->db->prepare(sprintf('DELETE COUNT(*) FROM `%s` WHERE `created` < :limit;', $this->table));
-    $this->_create = $this->db->prepare(sprintf('INSERT INTO `%s` (`username`, `secret`, `created`) VALUES (:user, :secret, :time);', $this->table));
-  }
-
-  function create($entry) {
-    $this->_create->execute([':user' => $entry['user'], ':secret' => $entry['secret'], ':time' => $entry['time']]);
   }
 
   function prune() {
@@ -33,16 +28,4 @@ class BridgeSession extends EjabberdAuthBridge {
     $this->_auth->execute([':user' => $username, ':secret' => $password, ':limit' => time() - $this->timeout]);
     return $this->_auth->rowCount() > 0;
   }
-
-  function setpass($username, $server, $password) {
-    return FALSE;
-  }
-
-  function tryregister($username, $server, $password) {
-    return FALSE;
-  }
-
-  function removeuser($username, $server) {
-    return FALSE;
-  }
 }
diff --git a/plugins/session/config.sample.php b/plugins/session/config.sample.php
new file mode 100644
index 0000000..8677cf3
--- /dev/null
+++ b/plugins/session/config.sample.php
@@ -0,0 +1,17 @@
+<?php
+
+/**
+ * This configuration file is used only by the RPC script.
+ */
+
+$config = [
+  'plugin' => ''
+  'config' => ['root_path' => '/path/to/site'],
+    'mysql' => [
+      'dsn' => 'mysql:host=localhost;dbname=DATABASE;charset=utf8',
+      'username' => 'USER',
+      'password' => 'PASSWORD',
+      'table' => 'TABLE',
+    ],
+  ],
+];
diff --git a/plugins/session/main.php b/plugins/session/main.php
index 8bd6f74..18bacd8 100644
--- a/plugins/session/main.php
+++ b/plugins/session/main.php
@@ -1,21 +1,22 @@
 <?php
 
 define('ROOT', __DIR__ . '/../../');
-require_once ROOT . 'core/EjabberdAuthBridge.php';
+
+require_once ROOT . 'plugins/session/session.module';
 
 function create_key($salt) {
-  require_once ROOT . 'config.php';
-  require_once ROOT . 'plugins/session/session.module';
-  $bridge = session_init($config['session']);
-  $plugin = $config['session']['plugin'];
-  $plugin_conf = $config[$plugin];
-  $plugin_id = $plugin;
-  require_once ROOT . 'plugins/' . $plugin_id . '/' . $plugin_id . '.module';
-  $function = $plugin_id . '_session';
+  require_once __DIR__ . '/config.php';
+  $db = session_db($config['mysql']);
+  $plugin = $config['plugin'];
+  $plugin_conf = $config['config'];
+  require_once ROOT . 'plugins/' . $plugin . '/' . $plugin . '.module';
+  $function = $plugin . '_session';
+
   $username = function_exists($function) ? $function($plugin_conf) : NULL;
   if ($username) {
     $entry = ['user' => $username, 'secret' => sha1($salt . time() . mt_rand()), 'time' => time()];
-    $bridge->create($entry);
+    $query = $db->prepare(sprintf('INSERT INTO `%s` (`username`, `secret`, `created`) VALUES (:user, :secret, :time);', $config['mysql']['tablename']));
+    $query->execute([':user' => $entry['user'], ':secret' => $entry['secret'], ':time' => $entry['time']]);
     return $entry;
   }
   return FALSE;
diff --git a/plugins/session/session.module b/plugins/session/session.module
index ed1771c..c979a8a 100644
--- a/plugins/session/session.module
+++ b/plugins/session/session.module
@@ -1,10 +1,11 @@
 <?php
 
-function session_init($config) {
-  $v = $config['mysql'];
+function session_db($mysql) {
   $options = [PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'];
-  $pdo = new PDO($v['dsn'], $v['username'], $v['password'], $options);
+  return new PDO($mysql['dsn'], $mysql['username'], $mysql['password'], $options);
+}
 
+function session_init($config) {
   require_once __DIR__ . '/BridgeSession.php';
-  return new BridgeSession($pdo, $config);
+  return new BridgeSession(session_db($config['mysql']), $config);
 }
-- 
cgit v1.1