class ModuleLDAPAuth : public Module
{
+ LocalIntExt ldapAuthed;
std::string base;
std::string attribute;
std::string ldapserver;
LDAP *conn;
public:
- ModuleLDAPAuth(InspIRCd* Me)
- : Module(Me)
+ ModuleLDAPAuth() : ldapAuthed("ldapauth", this)
{
conn = NULL;
- Implementation eventlist[] = { I_OnUserDisconnect, I_OnCheckReady, I_OnRehash, I_OnUserRegister };
+ Implementation eventlist[] = { I_OnCheckReady, I_OnRehash, I_OnUserRegister };
ServerInstance->Modules->Attach(eventlist, this, 4);
OnRehash(NULL);
}
- virtual ~ModuleLDAPAuth()
+ ~ModuleLDAPAuth()
{
if (conn)
ldap_unbind_ext(conn, NULL, NULL);
}
- virtual void OnRehash(User* user)
+ void OnRehash(User* user)
{
- ConfigReader Conf(ServerInstance);
+ ConfigReader Conf;
base = Conf.ReadValue("ldapauth", "baserdn", 0);
attribute = Conf.ReadValue("ldapauth", "attribute", 0);
return true;
}
- virtual int OnUserRegister(User* user)
+ ModResult OnUserRegister(LocalUser* user)
{
if ((!allowpattern.empty()) && (InspIRCd::Match(user->nick,allowpattern)))
{
- user->Extend("ldapauthed");
- return 0;
+ ldapAuthed.set(user,1);
+ return MOD_RES_PASSTHRU;
}
if (!CheckCredentials(user))
{
ServerInstance->Users->QuitUser(user, killreason);
- return 1;
+ return MOD_RES_DENY;
}
- return 0;
+ return MOD_RES_PASSTHRU;
}
- bool CheckCredentials(User* user)
+ bool CheckCredentials(LocalUser* user)
{
if (conn == NULL)
if (!Connect())
return false;
int res;
- char* authpass = strdup(password.c_str());
// bind anonymously if no bind DN and authentication are given in the config
struct berval cred;
- cred.bv_val = authpass;
+ cred.bv_val = const_cast<char*>(password.c_str());
cred.bv_len = password.length();
if ((res = ldap_sasl_bind_s(conn, username.c_str(), LDAP_SASL_SIMPLE, &cred, NULL, NULL, NULL)) != LDAP_SUCCESS)
{
// Attempt to reconnect if the connection dropped
if (verbose)
- ServerInstance->SNO->WriteToSnomask('a', "LDAP server has gone away - reconnecting...");
+ ServerInstance->SNO->WriteToSnoMask('a', "LDAP server has gone away - reconnecting...");
Connect();
res = ldap_sasl_bind_s(conn, username.c_str(), LDAP_SASL_SIMPLE, &cred, NULL, NULL, NULL);
}
{
if (verbose)
ServerInstance->SNO->WriteToSnoMask('c', "Forbidden connection from %s!%s@%s (LDAP bind failed: %s)", user->nick.c_str(), user->ident.c_str(), user->host.c_str(), ldap_err2string(res));
- free(authpass);
ldap_unbind_ext(conn, NULL, NULL);
conn = NULL;
return false;
}
}
- free(authpass);
LDAPMessage *msg, *entry;
std::string what = (attribute + "=" + (useusername ? user->ident : user->nick));
{
if (verbose)
ServerInstance->SNO->WriteToSnoMask('c', "Forbidden connection from %s!%s@%s (No password provided)", user->nick.c_str(), user->ident.c_str(), user->host.c_str());
- user->Extend("ldapauth_failed");
return false;
}
cred.bv_val = (char*)user->password.data();
if ((res = ldap_sasl_bind_s(conn, ldap_get_dn(conn, entry), LDAP_SASL_SIMPLE, &cred, NULL, NULL, NULL)) == LDAP_SUCCESS)
{
ldap_msgfree(msg);
- user->Extend("ldapauthed");
+ ldapAuthed.set(user,1);
return true;
}
else
if (verbose)
ServerInstance->SNO->WriteToSnoMask('c', "Forbidden connection from %s!%s@%s (%s)", user->nick.c_str(), user->ident.c_str(), user->host.c_str(), ldap_err2string(res));
ldap_msgfree(msg);
- user->Extend("ldapauth_failed");
return false;
}
}
-
- virtual void OnUserDisconnect(User* user)
- {
- user->Shrink("ldapauthed");
- user->Shrink("ldapauth_failed");
- }
-
- virtual bool OnCheckReady(User* user)
+ ModResult OnCheckReady(LocalUser* user)
{
- return user->GetExt("ldapauthed");
+ return ldapAuthed.get(user) ? MOD_RES_PASSTHRU : MOD_RES_DENY;
}
- virtual Version GetVersion()
+ Version GetVersion()
{
- return Version("$Id$", VF_VENDOR, API_VERSION);
+ return Version("Allow/Deny connections based upon answer from LDAP server", VF_VENDOR);
}
};