X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;ds=sidebyside;f=src%2Fmodules%2Fextra%2Fm_ldapauth.cpp;h=af676de44d27bede5fcbc6dd60c567c902d1c52b;hb=ff3eef491aa9e107d09d9dd9560ef7715b37b3b3;hp=1bc0925da5dae3b2e8f17d417bd93d7a0307774d;hpb=60a68720211304bb62936be68e8ad40f58ca8a85;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/extra/m_ldapauth.cpp b/src/modules/extra/m_ldapauth.cpp index 1bc0925da..af676de44 100644 --- a/src/modules/extra/m_ldapauth.cpp +++ b/src/modules/extra/m_ldapauth.cpp @@ -33,6 +33,7 @@ class ModuleLDAPAuth : public Module { + LocalIntExt ldapAuthed; std::string base; std::string attribute; std::string ldapserver; @@ -46,24 +47,23 @@ class ModuleLDAPAuth : public Module LDAP *conn; public: - ModuleLDAPAuth(InspIRCd* Me) - : Module(Me) + ModuleLDAPAuth() : ldapAuthed("ldapauth", this) { conn = NULL; - Implementation eventlist[] = { I_OnUserDisconnect, I_OnCheckReady, I_OnRehash, I_OnUserRegister }; + Implementation eventlist[] = { I_OnCheckReady, I_OnRehash, I_OnUserRegister }; ServerInstance->Modules->Attach(eventlist, this, 4); OnRehash(NULL); } - virtual ~ModuleLDAPAuth() + ~ModuleLDAPAuth() { if (conn) ldap_unbind_ext(conn, NULL, NULL); } - virtual void OnRehash(User* user) + void OnRehash(User* user) { - ConfigReader Conf(ServerInstance); + ConfigReader Conf; base = Conf.ReadValue("ldapauth", "baserdn", 0); attribute = Conf.ReadValue("ldapauth", "attribute", 0); @@ -111,33 +111,32 @@ public: return true; } - virtual int OnUserRegister(User* user) + ModResult OnUserRegister(LocalUser* user) { if ((!allowpattern.empty()) && (InspIRCd::Match(user->nick,allowpattern))) { - user->Extend("ldapauthed"); - return 0; + ldapAuthed.set(user,1); + return MOD_RES_PASSTHRU; } if (!CheckCredentials(user)) { ServerInstance->Users->QuitUser(user, killreason); - return 1; + return MOD_RES_DENY; } - return 0; + return MOD_RES_PASSTHRU; } - bool CheckCredentials(User* user) + bool CheckCredentials(LocalUser* user) { if (conn == NULL) if (!Connect()) return false; int res; - char* authpass = strdup(password.c_str()); // bind anonymously if no bind DN and authentication are given in the config struct berval cred; - cred.bv_val = authpass; + cred.bv_val = const_cast(password.c_str()); cred.bv_len = password.length(); if ((res = ldap_sasl_bind_s(conn, username.c_str(), LDAP_SASL_SIMPLE, &cred, NULL, NULL, NULL)) != LDAP_SUCCESS) @@ -146,7 +145,7 @@ public: { // Attempt to reconnect if the connection dropped if (verbose) - ServerInstance->SNO->WriteToSnomask('a', "LDAP server has gone away - reconnecting..."); + ServerInstance->SNO->WriteToSnoMask('a', "LDAP server has gone away - reconnecting..."); Connect(); res = ldap_sasl_bind_s(conn, username.c_str(), LDAP_SASL_SIMPLE, &cred, NULL, NULL, NULL); } @@ -155,13 +154,11 @@ public: { if (verbose) ServerInstance->SNO->WriteToSnoMask('c', "Forbidden connection from %s!%s@%s (LDAP bind failed: %s)", user->nick.c_str(), user->ident.c_str(), user->host.c_str(), ldap_err2string(res)); - free(authpass); ldap_unbind_ext(conn, NULL, NULL); conn = NULL; return false; } } - free(authpass); LDAPMessage *msg, *entry; std::string what = (attribute + "=" + (useusername ? user->ident : user->nick)); @@ -189,7 +186,6 @@ public: { if (verbose) ServerInstance->SNO->WriteToSnoMask('c', "Forbidden connection from %s!%s@%s (No password provided)", user->nick.c_str(), user->ident.c_str(), user->host.c_str()); - user->Extend("ldapauth_failed"); return false; } cred.bv_val = (char*)user->password.data(); @@ -197,7 +193,7 @@ public: if ((res = ldap_sasl_bind_s(conn, ldap_get_dn(conn, entry), LDAP_SASL_SIMPLE, &cred, NULL, NULL, NULL)) == LDAP_SUCCESS) { ldap_msgfree(msg); - user->Extend("ldapauthed"); + ldapAuthed.set(user,1); return true; } else @@ -205,26 +201,18 @@ public: if (verbose) ServerInstance->SNO->WriteToSnoMask('c', "Forbidden connection from %s!%s@%s (%s)", user->nick.c_str(), user->ident.c_str(), user->host.c_str(), ldap_err2string(res)); ldap_msgfree(msg); - user->Extend("ldapauth_failed"); return false; } } - - virtual void OnUserDisconnect(User* user) - { - user->Shrink("ldapauthed"); - user->Shrink("ldapauth_failed"); - } - - virtual bool OnCheckReady(User* user) + ModResult OnCheckReady(LocalUser* user) { - return user->GetExt("ldapauthed"); + return ldapAuthed.get(user) ? MOD_RES_PASSTHRU : MOD_RES_DENY; } - virtual Version GetVersion() + Version GetVersion() { - return Version("$Id$", VF_VENDOR, API_VERSION); + return Version("Allow/Deny connections based upon answer from LDAP server", VF_VENDOR); } };