2 * InspIRCd -- Internet Relay Chat Daemon
4 * Copyright (C) 2019 linuxdaemon <linuxdaemon.irc@gmail.com>
5 * Copyright (C) 2019 Robby <robby@chatbelgie.be>
6 * Copyright (C) 2016-2019 Sadie Powell <sadie@witchery.services>
7 * Copyright (C) 2014, 2016 Attila Molnar <attilamolnar@hush.com>
8 * Copyright (C) 2013-2016 Adam <Adam@anope.org>
10 * This file is part of InspIRCd. InspIRCd is free software: you can
11 * redistribute it and/or modify it under the terms of the GNU General Public
12 * License as published by the Free Software Foundation, version 2.
14 * This program is distributed in the hope that it will be useful, but WITHOUT
15 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
16 * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
19 * You should have received a copy of the GNU General Public License
20 * along with this program. If not, see <http://www.gnu.org/licenses/>.
23 /// $LinkerFlags: -llber -lldap_r
25 /// $PackageInfo: require_system("arch") libldap
26 /// $PackageInfo: require_system("centos") openldap-devel
27 /// $PackageInfo: require_system("debian") libldap2-dev
28 /// $PackageInfo: require_system("ubuntu") libldap2-dev
31 #include "modules/ldap.h"
33 // Ignore OpenLDAP deprecation warnings on OS X Yosemite and newer.
35 # pragma GCC diagnostic push
36 # pragma GCC diagnostic ignored "-Wdeprecated-declarations"
42 # pragma GCC diagnostic pop
46 # pragma comment(lib, "libldap_r.lib")
47 # pragma comment(lib, "liblber.lib")
57 LDAPMessage* message; /* message returned by ldap_ */
58 LDAPResult* result; /* final result */
62 LDAPRequest(LDAPService* s, LDAPInterface* i)
73 virtual ~LDAPRequest()
77 ldap_msgfree(message);
80 virtual int run() = 0;
81 virtual std::string info() = 0;
84 class LDAPBind : public LDAPRequest
86 std::string who, pass;
89 LDAPBind(LDAPService* s, LDAPInterface* i, const std::string& w, const std::string& p)
97 int run() CXX11_OVERRIDE;
98 std::string info() CXX11_OVERRIDE;
101 class LDAPSearch : public LDAPRequest
108 LDAPSearch(LDAPService* s, LDAPInterface* i, const std::string& b, int se, const std::string& f)
117 int run() CXX11_OVERRIDE;
118 std::string info() CXX11_OVERRIDE;
121 class LDAPAdd : public LDAPRequest
127 LDAPAdd(LDAPService* s, LDAPInterface* i, const std::string& d, const LDAPMods& attr)
135 int run() CXX11_OVERRIDE;
136 std::string info() CXX11_OVERRIDE;
139 class LDAPDel : public LDAPRequest
144 LDAPDel(LDAPService* s, LDAPInterface* i, const std::string& d)
151 int run() CXX11_OVERRIDE;
152 std::string info() CXX11_OVERRIDE;
155 class LDAPModify : public LDAPRequest
161 LDAPModify(LDAPService* s, LDAPInterface* i, const std::string& b, const LDAPMods& attr)
169 int run() CXX11_OVERRIDE;
170 std::string info() CXX11_OVERRIDE;
173 class LDAPCompare : public LDAPRequest
175 std::string dn, attr, val;
178 LDAPCompare(LDAPService* s, LDAPInterface* i, const std::string& d, const std::string& a, const std::string& v)
184 type = QUERY_COMPARE;
187 int run() CXX11_OVERRIDE;
188 std::string info() CXX11_OVERRIDE;
191 class LDAPService : public LDAPProvider, public SocketThread
194 reference<ConfigTag> config;
200 static LDAPMod** BuildMods(const LDAPMods& attributes)
202 LDAPMod** mods = new LDAPMod*[attributes.size() + 1];
203 memset(mods, 0, sizeof(LDAPMod*) * (attributes.size() + 1));
204 for (unsigned int x = 0; x < attributes.size(); ++x)
206 const LDAPModification& l = attributes[x];
207 LDAPMod* mod = new LDAPMod;
210 if (l.op == LDAPModification::LDAP_ADD)
211 mod->mod_op = LDAP_MOD_ADD;
212 else if (l.op == LDAPModification::LDAP_DEL)
213 mod->mod_op = LDAP_MOD_DELETE;
214 else if (l.op == LDAPModification::LDAP_REPLACE)
215 mod->mod_op = LDAP_MOD_REPLACE;
219 throw LDAPException("Unknown LDAP operation");
221 mod->mod_type = strdup(l.name.c_str());
222 mod->mod_values = new char*[l.values.size() + 1];
223 memset(mod->mod_values, 0, sizeof(char*) * (l.values.size() + 1));
224 for (unsigned int j = 0, c = 0; j < l.values.size(); ++j)
225 if (!l.values[j].empty())
226 mod->mod_values[c++] = strdup(l.values[j].c_str());
231 static void FreeMods(LDAPMod** mods)
233 for (unsigned int i = 0; mods[i] != NULL; ++i)
235 LDAPMod* mod = mods[i];
236 if (mod->mod_type != NULL)
238 if (mod->mod_values != NULL)
240 for (unsigned int j = 0; mod->mod_values[j] != NULL; ++j)
241 free(mod->mod_values[j]);
242 delete[] mod->mod_values;
251 // Only try one connect a minute. It is an expensive blocking operation
252 if (last_connect > ServerInstance->Time() - 60)
253 throw LDAPException("Unable to connect to LDAP service " + this->name + ": reconnecting too fast");
254 last_connect = ServerInstance->Time();
256 ldap_unbind_ext(this->con, NULL, NULL);
260 int SetOption(int option, const void* value)
262 int ret = ldap_set_option(this->con, option, value);
263 if (ret != LDAP_OPT_SUCCESS)
265 ldap_unbind_ext(this->con, NULL, NULL);
271 void QueueRequest(LDAPRequest* r)
274 this->queries.push_back(r);
275 this->UnlockQueueWakeup();
279 typedef std::vector<LDAPRequest*> query_queue;
280 query_queue queries, results;
281 Mutex process_mutex; /* held when processing requests not in either queue */
283 LDAPService(Module* c, ConfigTag* tag)
284 : LDAPProvider(c, "LDAP/" + tag->getString("id"))
285 , con(NULL), config(tag), last_connect(0)
287 std::string scope = config->getString("searchscope");
288 if (stdalgo::string::equalsci(scope, "base"))
289 searchscope = LDAP_SCOPE_BASE;
290 else if (stdalgo::string::equalsci(scope, "onelevel"))
291 searchscope = LDAP_SCOPE_ONELEVEL;
293 searchscope = LDAP_SCOPE_SUBTREE;
294 timeout = config->getDuration("timeout", 5);
303 for (unsigned int i = 0; i < this->queries.size(); ++i)
305 LDAPRequest* req = this->queries[i];
307 /* queries have no results yet */
308 req->result = new LDAPResult();
309 req->result->type = req->type;
310 req->result->error = "LDAP Interface is going away";
311 req->inter->OnError(*req->result);
315 this->queries.clear();
317 for (unsigned int i = 0; i < this->results.size(); ++i)
319 LDAPRequest* req = this->results[i];
321 /* even though this may have already finished successfully we return that it didn't */
322 req->result->error = "LDAP Interface is going away";
323 req->inter->OnError(*req->result);
327 this->results.clear();
331 ldap_unbind_ext(this->con, NULL, NULL);
336 std::string server = config->getString("server");
337 int i = ldap_initialize(&this->con, server.c_str());
338 if (i != LDAP_SUCCESS)
339 throw LDAPException("Unable to connect to LDAP service " + this->name + ": " + ldap_err2string(i));
341 const int version = LDAP_VERSION3;
342 i = SetOption(LDAP_OPT_PROTOCOL_VERSION, &version);
343 if (i != LDAP_OPT_SUCCESS)
344 throw LDAPException("Unable to set protocol version for " + this->name + ": " + ldap_err2string(i));
346 const struct timeval tv = { 0, 0 };
347 i = SetOption(LDAP_OPT_NETWORK_TIMEOUT, &tv);
348 if (i != LDAP_OPT_SUCCESS)
349 throw LDAPException("Unable to set timeout for " + this->name + ": " + ldap_err2string(i));
352 void BindAsManager(LDAPInterface* i) CXX11_OVERRIDE
354 std::string binddn = config->getString("binddn");
355 std::string bindauth = config->getString("bindauth");
356 this->Bind(i, binddn, bindauth);
359 void Bind(LDAPInterface* i, const std::string& who, const std::string& pass) CXX11_OVERRIDE
361 LDAPBind* b = new LDAPBind(this, i, who, pass);
365 void Search(LDAPInterface* i, const std::string& base, const std::string& filter) CXX11_OVERRIDE
368 throw LDAPException("No interface");
370 LDAPSearch* s = new LDAPSearch(this, i, base, searchscope, filter);
374 void Add(LDAPInterface* i, const std::string& dn, LDAPMods& attributes) CXX11_OVERRIDE
376 LDAPAdd* add = new LDAPAdd(this, i, dn, attributes);
380 void Del(LDAPInterface* i, const std::string& dn) CXX11_OVERRIDE
382 LDAPDel* del = new LDAPDel(this, i, dn);
386 void Modify(LDAPInterface* i, const std::string& base, LDAPMods& attributes) CXX11_OVERRIDE
388 LDAPModify* mod = new LDAPModify(this, i, base, attributes);
392 void Compare(LDAPInterface* i, const std::string& dn, const std::string& attr, const std::string& val) CXX11_OVERRIDE
394 LDAPCompare* comp = new LDAPCompare(this, i, dn, attr, val);
399 void BuildReply(int res, LDAPRequest* req)
401 LDAPResult* ldap_result = req->result = new LDAPResult();
402 req->result->type = req->type;
404 if (res != LDAP_SUCCESS)
406 ldap_result->error = InspIRCd::Format("%s (%s)", ldap_err2string(res), req->info().c_str());
410 if (req->message == NULL)
415 /* a search result */
417 for (LDAPMessage* cur = ldap_first_message(this->con, req->message); cur; cur = ldap_next_message(this->con, cur))
419 LDAPAttributes attributes;
421 char* dn = ldap_get_dn(this->con, cur);
424 attributes["dn"].push_back(dn);
429 BerElement* ber = NULL;
431 for (char* attr = ldap_first_attribute(this->con, cur, &ber); attr; attr = ldap_next_attribute(this->con, cur, ber))
433 berval** vals = ldap_get_values_len(this->con, cur, attr);
434 int count = ldap_count_values_len(vals);
436 std::vector<std::string> attrs;
437 for (int j = 0; j < count; ++j)
438 attrs.push_back(vals[j]->bv_val);
439 attributes[attr] = attrs;
441 ldap_value_free_len(vals);
447 ldap_result->messages.push_back(attributes);
453 process_mutex.Lock();
462 process_mutex.Unlock();
466 for (unsigned int i = 0; i < q.size(); ++i)
468 LDAPRequest* req = q[i];
469 int ret = req->run();
471 if (ret == LDAP_SERVER_DOWN || ret == LDAP_TIMEOUT)
478 catch (const LDAPException &)
485 BuildReply(ret, req);
488 this->results.push_back(req);
492 this->NotifyParent();
494 process_mutex.Unlock();
498 void Run() CXX11_OVERRIDE
500 while (!this->GetExitFlag())
503 if (this->queries.empty())
504 this->WaitForQueue();
511 void OnNotify() CXX11_OVERRIDE
516 this->results.swap(r);
519 for (unsigned int i = 0; i < r.size(); ++i)
521 LDAPRequest* req = r[i];
522 LDAPInterface* li = req->inter;
523 LDAPResult* res = req->result;
525 if (!res->error.empty())
534 LDAP* GetConnection()
540 class ModuleLDAP : public Module
542 typedef insp::flat_map<std::string, LDAPService*> ServiceMap;
543 ServiceMap LDAPServices;
546 void ReadConfig(ConfigStatus& status) CXX11_OVERRIDE
550 ConfigTagList tags = ServerInstance->Config->ConfTags("database");
551 for (ConfigIter i = tags.first; i != tags.second; i++)
553 const reference<ConfigTag>& tag = i->second;
555 if (!stdalgo::string::equalsci(tag->getString("module"), "ldap"))
558 std::string id = tag->getString("id");
560 ServiceMap::iterator curr = LDAPServices.find(id);
561 if (curr == LDAPServices.end())
563 LDAPService* conn = new LDAPService(this, tag);
566 ServerInstance->Modules->AddService(*conn);
567 ServerInstance->Threads.Start(conn);
572 LDAPServices.erase(curr);
576 for (ServiceMap::iterator i = LDAPServices.begin(); i != LDAPServices.end(); ++i)
578 LDAPService* conn = i->second;
579 ServerInstance->Modules->DelService(*conn);
585 LDAPServices.swap(conns);
588 void OnUnloadModule(Module* m) CXX11_OVERRIDE
590 for (ServiceMap::iterator it = this->LDAPServices.begin(); it != this->LDAPServices.end(); ++it)
592 LDAPService* s = it->second;
594 s->process_mutex.Lock();
597 for (unsigned int i = s->queries.size(); i > 0; --i)
599 LDAPRequest* req = s->queries[i - 1];
600 LDAPInterface* li = req->inter;
602 if (li->creator == m)
604 s->queries.erase(s->queries.begin() + i - 1);
609 for (unsigned int i = s->results.size(); i > 0; --i)
611 LDAPRequest* req = s->results[i - 1];
612 LDAPInterface* li = req->inter;
614 if (li->creator == m)
616 s->results.erase(s->results.begin() + i - 1);
622 s->process_mutex.Unlock();
628 for (ServiceMap::iterator i = LDAPServices.begin(); i != LDAPServices.end(); ++i)
630 LDAPService* conn = i->second;
637 Version GetVersion() CXX11_OVERRIDE
639 return Version("Provides the ability for LDAP modules to query a LDAP directory.", VF_VENDOR);
646 cred.bv_val = strdup(pass.c_str());
647 cred.bv_len = pass.length();
649 int i = ldap_sasl_bind_s(service->GetConnection(), who.c_str(), LDAP_SASL_SIMPLE, &cred, NULL, NULL, NULL);
656 std::string LDAPBind::info()
658 return "bind dn=" + who;
661 int LDAPSearch::run()
663 return ldap_search_ext_s(service->GetConnection(), base.c_str(), searchscope, filter.c_str(), NULL, 0, NULL, NULL, &tv, 0, &message);
666 std::string LDAPSearch::info()
668 return "search base=" + base + " filter=" + filter;
673 LDAPMod** mods = LDAPService::BuildMods(attributes);
674 int i = ldap_add_ext_s(service->GetConnection(), dn.c_str(), mods, NULL, NULL);
675 LDAPService::FreeMods(mods);
679 std::string LDAPAdd::info()
681 return "add dn=" + dn;
686 return ldap_delete_ext_s(service->GetConnection(), dn.c_str(), NULL, NULL);
689 std::string LDAPDel::info()
691 return "del dn=" + dn;
694 int LDAPModify::run()
696 LDAPMod** mods = LDAPService::BuildMods(attributes);
697 int i = ldap_modify_ext_s(service->GetConnection(), base.c_str(), mods, NULL, NULL);
698 LDAPService::FreeMods(mods);
702 std::string LDAPModify::info()
704 return "modify base=" + base;
707 int LDAPCompare::run()
710 cred.bv_val = strdup(val.c_str());
711 cred.bv_len = val.length();
713 int ret = ldap_compare_ext_s(service->GetConnection(), dn.c_str(), attr.c_str(), &cred, NULL, NULL);
720 std::string LDAPCompare::info()
722 return "compare dn=" + dn + " attr=" + attr;
725 MODULE_INIT(ModuleLDAP)