2 * InspIRCd -- Internet Relay Chat Daemon
4 * Copyright (C) 2013-2015 Adam <Adam@anope.org>
5 * Copyright (C) 2003-2015 Anope Team <team@anope.org>
7 * This file is part of InspIRCd. InspIRCd is free software: you can
8 * redistribute it and/or modify it under the terms of the GNU General Public
9 * License as published by the Free Software Foundation, version 2.
11 * This program is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
13 * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "modules/ldap.h"
26 # pragma comment(lib, "libldap_r.lib")
27 # pragma comment(lib, "liblber.lib")
30 /* $LinkerFlags: -lldap_r */
39 LDAPMessage* message; /* message returned by ldap_ */
40 LDAPResult* result; /* final result */
44 LDAPRequest(LDAPService* s, LDAPInterface* i)
55 virtual ~LDAPRequest()
59 ldap_msgfree(message);
62 virtual int run() = 0;
65 class LDAPBind : public LDAPRequest
67 std::string who, pass;
70 LDAPBind(LDAPService* s, LDAPInterface* i, const std::string& w, const std::string& p)
78 int run() CXX11_OVERRIDE;
81 class LDAPSearch : public LDAPRequest
88 LDAPSearch(LDAPService* s, LDAPInterface* i, const std::string& b, int se, const std::string& f)
97 int run() CXX11_OVERRIDE;
100 class LDAPAdd : public LDAPRequest
106 LDAPAdd(LDAPService* s, LDAPInterface* i, const std::string& d, const LDAPMods& attr)
114 int run() CXX11_OVERRIDE;
117 class LDAPDel : public LDAPRequest
122 LDAPDel(LDAPService* s, LDAPInterface* i, const std::string& d)
129 int run() CXX11_OVERRIDE;
132 class LDAPModify : public LDAPRequest
138 LDAPModify(LDAPService* s, LDAPInterface* i, const std::string& b, const LDAPMods& attr)
146 int run() CXX11_OVERRIDE;
149 class LDAPCompare : public LDAPRequest
151 std::string dn, attr, val;
154 LDAPCompare(LDAPService* s, LDAPInterface* i, const std::string& d, const std::string& a, const std::string& v)
160 type = QUERY_COMPARE;
163 int run() CXX11_OVERRIDE;
166 class LDAPService : public LDAPProvider, public SocketThread
169 reference<ConfigTag> config;
173 time_t last_timeout_check;
176 static LDAPMod** BuildMods(const LDAPMods& attributes)
178 LDAPMod** mods = new LDAPMod*[attributes.size() + 1];
179 memset(mods, 0, sizeof(LDAPMod*) * (attributes.size() + 1));
180 for (unsigned int x = 0; x < attributes.size(); ++x)
182 const LDAPModification& l = attributes[x];
183 LDAPMod* mod = new LDAPMod;
186 if (l.op == LDAPModification::LDAP_ADD)
187 mod->mod_op = LDAP_MOD_ADD;
188 else if (l.op == LDAPModification::LDAP_DEL)
189 mod->mod_op = LDAP_MOD_DELETE;
190 else if (l.op == LDAPModification::LDAP_REPLACE)
191 mod->mod_op = LDAP_MOD_REPLACE;
195 throw LDAPException("Unknown LDAP operation");
197 mod->mod_type = strdup(l.name.c_str());
198 mod->mod_values = new char*[l.values.size() + 1];
199 memset(mod->mod_values, 0, sizeof(char*) * (l.values.size() + 1));
200 for (unsigned int j = 0, c = 0; j < l.values.size(); ++j)
201 if (!l.values[j].empty())
202 mod->mod_values[c++] = strdup(l.values[j].c_str());
207 static void FreeMods(LDAPMod** mods)
209 for (unsigned int i = 0; mods[i] != NULL; ++i)
211 LDAPMod* mod = mods[i];
212 if (mod->mod_type != NULL)
214 if (mod->mod_values != NULL)
216 for (unsigned int j = 0; mod->mod_values[j] != NULL; ++j)
217 free(mod->mod_values[j]);
218 delete[] mod->mod_values;
227 // Only try one connect a minute. It is an expensive blocking operation
228 if (last_connect > ServerInstance->Time() - 60)
229 throw LDAPException("Unable to connect to LDAP service " + this->name + ": reconnecting too fast");
230 last_connect = ServerInstance->Time();
232 ldap_unbind_ext(this->con, NULL, NULL);
236 void QueueRequest(LDAPRequest* r)
239 this->queries.push_back(r);
240 this->UnlockQueueWakeup();
244 typedef std::vector<LDAPRequest*> query_queue;
245 query_queue queries, results;
246 Mutex process_mutex; /* held when processing requests not in either queue */
248 LDAPService(Module* c, ConfigTag* tag)
249 : LDAPProvider(c, "LDAP/" + tag->getString("id"))
250 , con(NULL), config(tag), last_connect(0), last_timeout_check(0)
252 std::string scope = config->getString("searchscope");
254 searchscope = LDAP_SCOPE_BASE;
255 else if (scope == "onelevel")
256 searchscope = LDAP_SCOPE_ONELEVEL;
258 searchscope = LDAP_SCOPE_SUBTREE;
259 timeout = config->getInt("timeout", 5);
268 for (unsigned int i = 0; i < this->queries.size(); ++i)
270 LDAPRequest* req = this->queries[i];
272 /* queries have no results yet */
273 req->result = new LDAPResult();
274 req->result->type = req->type;
275 req->result->error = "LDAP Interface is going away";
276 req->inter->OnError(*req->result);
280 this->queries.clear();
282 for (unsigned int i = 0; i < this->results.size(); ++i)
284 LDAPRequest* req = this->results[i];
286 /* even though this may have already finished successfully we return that it didn't */
287 req->result->error = "LDAP Interface is going away";
288 req->inter->OnError(*req->result);
292 this->results.clear();
296 ldap_unbind_ext(this->con, NULL, NULL);
301 std::string server = config->getString("server");
302 int i = ldap_initialize(&this->con, server.c_str());
303 if (i != LDAP_SUCCESS)
304 throw LDAPException("Unable to connect to LDAP service " + this->name + ": " + ldap_err2string(i));
306 const int version = LDAP_VERSION3;
307 i = ldap_set_option(this->con, LDAP_OPT_PROTOCOL_VERSION, &version);
308 if (i != LDAP_OPT_SUCCESS)
310 ldap_unbind_ext(this->con, NULL, NULL);
312 throw LDAPException("Unable to set protocol version for " + this->name + ": " + ldap_err2string(i));
315 const struct timeval tv = { 0, 0 };
316 i = ldap_set_option(this->con, LDAP_OPT_NETWORK_TIMEOUT, &tv);
317 if (i != LDAP_OPT_SUCCESS)
319 ldap_unbind_ext(this->con, NULL, NULL);
321 throw LDAPException("Unable to set timeout for " + this->name + ": " + ldap_err2string(i));
325 void BindAsManager(LDAPInterface* i) CXX11_OVERRIDE
327 std::string binddn = config->getString("binddn");
328 std::string bindauth = config->getString("bindauth");
329 this->Bind(i, binddn, bindauth);
332 void Bind(LDAPInterface* i, const std::string& who, const std::string& pass) CXX11_OVERRIDE
334 LDAPBind* b = new LDAPBind(this, i, who, pass);
338 void Search(LDAPInterface* i, const std::string& base, const std::string& filter) CXX11_OVERRIDE
341 throw LDAPException("No interface");
343 LDAPSearch* s = new LDAPSearch(this, i, base, searchscope, filter);
347 void Add(LDAPInterface* i, const std::string& dn, LDAPMods& attributes) CXX11_OVERRIDE
349 LDAPAdd* add = new LDAPAdd(this, i, dn, attributes);
353 void Del(LDAPInterface* i, const std::string& dn) CXX11_OVERRIDE
355 LDAPDel* del = new LDAPDel(this, i, dn);
359 void Modify(LDAPInterface* i, const std::string& base, LDAPMods& attributes) CXX11_OVERRIDE
361 LDAPModify* mod = new LDAPModify(this, i, base, attributes);
365 void Compare(LDAPInterface* i, const std::string& dn, const std::string& attr, const std::string& val) CXX11_OVERRIDE
367 LDAPCompare* comp = new LDAPCompare(this, i, dn, attr, val);
372 void BuildReply(int res, LDAPRequest* req)
374 LDAPResult* ldap_result = req->result = new LDAPResult();
375 req->result->type = req->type;
377 if (res != LDAP_SUCCESS)
379 ldap_result->error = ldap_err2string(res);
383 if (req->message == NULL)
388 /* a search result */
390 for (LDAPMessage* cur = ldap_first_message(this->con, req->message); cur; cur = ldap_next_message(this->con, cur))
392 LDAPAttributes attributes;
394 char* dn = ldap_get_dn(this->con, cur);
397 attributes["dn"].push_back(dn);
402 BerElement* ber = NULL;
404 for (char* attr = ldap_first_attribute(this->con, cur, &ber); attr; attr = ldap_next_attribute(this->con, cur, ber))
406 berval** vals = ldap_get_values_len(this->con, cur, attr);
407 int count = ldap_count_values_len(vals);
409 std::vector<std::string> attrs;
410 for (int j = 0; j < count; ++j)
411 attrs.push_back(vals[j]->bv_val);
412 attributes[attr] = attrs;
414 ldap_value_free_len(vals);
420 ldap_result->messages.push_back(attributes);
426 process_mutex.Lock();
435 process_mutex.Unlock();
439 for (unsigned int i = 0; i < q.size(); ++i)
441 LDAPRequest* req = q[i];
442 int ret = req->run();
444 if (ret == LDAP_SERVER_DOWN || ret == LDAP_TIMEOUT)
451 catch (const LDAPException &)
458 BuildReply(ret, req);
461 this->results.push_back(req);
465 this->NotifyParent();
467 process_mutex.Unlock();
471 void Run() CXX11_OVERRIDE
473 while (!this->GetExitFlag())
476 if (this->queries.empty())
477 this->WaitForQueue();
484 void OnNotify() CXX11_OVERRIDE
489 this->results.swap(r);
492 for (unsigned int i = 0; i < r.size(); ++i)
494 LDAPRequest* req = r[i];
495 LDAPInterface* li = req->inter;
496 LDAPResult* res = req->result;
498 if (!res->error.empty())
507 LDAP* GetConnection()
513 class ModuleLDAP : public Module
515 typedef insp::flat_map<std::string, LDAPService*> ServiceMap;
516 ServiceMap LDAPServices;
519 void ReadConfig(ConfigStatus& status) CXX11_OVERRIDE
523 ConfigTagList tags = ServerInstance->Config->ConfTags("database");
524 for (ConfigIter i = tags.first; i != tags.second; i++)
526 const reference<ConfigTag>& tag = i->second;
528 if (tag->getString("module") != "ldap")
531 std::string id = tag->getString("id");
533 ServiceMap::iterator curr = LDAPServices.find(id);
534 if (curr == LDAPServices.end())
536 LDAPService* conn = new LDAPService(this, tag);
539 ServerInstance->Modules->AddService(*conn);
540 ServerInstance->Threads.Start(conn);
545 LDAPServices.erase(curr);
549 for (ServiceMap::iterator i = LDAPServices.begin(); i != LDAPServices.end(); ++i)
551 LDAPService* conn = i->second;
552 ServerInstance->Modules->DelService(*conn);
558 LDAPServices.swap(conns);
561 void OnUnloadModule(Module* m) CXX11_OVERRIDE
563 for (ServiceMap::iterator it = this->LDAPServices.begin(); it != this->LDAPServices.end(); ++it)
565 LDAPService* s = it->second;
567 s->process_mutex.Lock();
570 for (unsigned int i = s->queries.size(); i > 0; --i)
572 LDAPRequest* req = s->queries[i - 1];
573 LDAPInterface* li = req->inter;
575 if (li->creator == m)
577 s->queries.erase(s->queries.begin() + i - 1);
582 for (unsigned int i = s->results.size(); i > 0; --i)
584 LDAPRequest* req = s->results[i - 1];
585 LDAPInterface* li = req->inter;
587 if (li->creator == m)
589 s->results.erase(s->results.begin() + i - 1);
595 s->process_mutex.Unlock();
601 for (ServiceMap::iterator i = LDAPServices.begin(); i != LDAPServices.end(); ++i)
603 LDAPService* conn = i->second;
610 Version GetVersion() CXX11_OVERRIDE
612 return Version("LDAP support", VF_VENDOR);
619 cred.bv_val = strdup(pass.c_str());
620 cred.bv_len = pass.length();
622 int i = ldap_sasl_bind_s(service->GetConnection(), who.c_str(), LDAP_SASL_SIMPLE, &cred, NULL, NULL, NULL);
629 int LDAPSearch::run()
631 return ldap_search_ext_s(service->GetConnection(), base.c_str(), searchscope, filter.c_str(), NULL, 0, NULL, NULL, &tv, 0, &message);
636 LDAPMod** mods = LDAPService::BuildMods(attributes);
637 int i = ldap_add_ext_s(service->GetConnection(), dn.c_str(), mods, NULL, NULL);
638 LDAPService::FreeMods(mods);
644 return ldap_delete_ext_s(service->GetConnection(), dn.c_str(), NULL, NULL);
647 int LDAPModify::run()
649 LDAPMod** mods = LDAPService::BuildMods(attributes);
650 int i = ldap_modify_ext_s(service->GetConnection(), base.c_str(), mods, NULL, NULL);
651 LDAPService::FreeMods(mods);
655 int LDAPCompare::run()
658 cred.bv_val = strdup(val.c_str());
659 cred.bv_len = val.length();
661 int ret = ldap_compare_ext_s(service->GetConnection(), dn.c_str(), attr.c_str(), &cred, NULL, NULL);
669 MODULE_INIT(ModuleLDAP)