X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;ds=sidebyside;f=src%2Fmodules%2Fm_ldapauth.cpp;h=7da63284a47a430074d1607f4add6728dc633090;hb=8236f2c376e8a76662da2126b2a1c4c9f90f7716;hp=9356b2dd1da7257628290d27d5f03b032acb2fae;hpb=dbbd3339564b774e5f136657dbc4da565149b852;p=user%2Fhenk%2Fcode%2Finspircd.git

diff --git a/src/modules/m_ldapauth.cpp b/src/modules/m_ldapauth.cpp
index 9356b2dd1..7da63284a 100644
--- a/src/modules/m_ldapauth.cpp
+++ b/src/modules/m_ldapauth.cpp
@@ -64,7 +64,7 @@ class BindInterface : public LDAPInterface
 				while (i < text.length() - 1 && isalpha(text[i + 1]))
 					++i;
 
-				std::string key = text.substr(start, (i - start) + 1);
+				std::string key(text, start, (i - start) + 1);
 				result.append(replacements[key]);
 			}
 			else
@@ -90,8 +90,8 @@ class BindInterface : public LDAPInterface
 				if (pos == std::string::npos) // malformed
 					continue;
 
-				std::string key = dnPart.substr(0, pos);
-				std::string value = dnPart.substr(pos + 1, dnPart.length() - pos + 1); // +1s to skip the = itself
+				std::string key(dnPart, 0, pos);
+				std::string value(dnPart, pos + 1, dnPart.length() - pos + 1); // +1s to skip the = itself
 				dnParts[key] = value;
 			}
 
@@ -232,8 +232,7 @@ class SearchInterface : public LDAPInterface
 			std::string bindDn = a.get("dn");
 			if (bindDn.empty())
 			{
-				if (user)
-					ServerInstance->Users->QuitUser(user, killreason);
+				ServerInstance->Users->QuitUser(user, killreason);
 				delete this;
 				return;
 			}
@@ -257,6 +256,43 @@ class SearchInterface : public LDAPInterface
 	}
 };
 
+class AdminBindInterface : public LDAPInterface
+{
+	const std::string provider;
+	const std::string uuid;
+	const std::string base;
+	const std::string what;
+
+ public:
+	AdminBindInterface(Module* c, const std::string& p, const std::string& u, const std::string& b, const std::string& w)
+		: LDAPInterface(c), provider(p), uuid(u), base(b), what(w)
+	{
+	}
+
+	void OnResult(const LDAPResult& r) CXX11_OVERRIDE
+	{
+		dynamic_reference<LDAPProvider> LDAP(me, provider);
+		if (LDAP)
+		{
+			try
+			{
+				LDAP->Search(new SearchInterface(this->creator, provider, uuid), base, what);
+			}
+			catch (LDAPException& ex)
+			{
+				ServerInstance->SNO->WriteToSnoMask('a', "Error searching LDAP server: " + ex.GetReason());
+			}
+		}
+		delete this;
+	}
+
+	void OnError(const LDAPResult& err) CXX11_OVERRIDE
+	{
+		ServerInstance->SNO->WriteToSnoMask('a', "Error binding as manager to LDAP server: " + err.getError());
+		delete this;
+	}
+};
+
 class ModuleLDAPAuth : public Module
 {
 	dynamic_reference<LDAPProvider> LDAP;
@@ -264,15 +300,15 @@ class ModuleLDAPAuth : public Module
 	LocalStringExt ldapVhost;
 	std::string base;
 	std::string attribute;
-	std::string allowpattern;
+	std::vector<std::string> allowpatterns;
 	std::vector<std::string> whitelistedcidrs;
 	bool useusername;
 
 public:
 	ModuleLDAPAuth()
 		: LDAP(this, "LDAP")
-		, ldapAuthed("ldapauth", this)
-		, ldapVhost("ldapauth_vhost", this)
+		, ldapAuthed("ldapauth", ExtensionItem::EXT_USER, this)
+		, ldapVhost("ldapauth_vhost", ExtensionItem::EXT_USER, this)
 	{
 		me = this;
 		authed = &ldapAuthed;
@@ -287,7 +323,6 @@ public:
 
 		base 			= tag->getString("baserdn");
 		attribute		= tag->getString("attribute");
-		allowpattern	= tag->getString("allowpattern");
 		killreason		= tag->getString("killreason");
 		vhost			= tag->getString("host");
 		// Set to true if failed connects should be reported to operators
@@ -316,6 +351,13 @@ public:
 			if (!attr.empty() && !val.empty())
 				requiredattributes.push_back(make_pair(attr, val));
 		}
+
+		std::string allowpattern = tag->getString("allowpattern");
+		irc::spacesepstream ss(allowpattern);
+		for (std::string more; ss.GetToken(more); )
+		{
+			allowpatterns.push_back(more);
+		}
 	}
 
 	void OnUserConnect(LocalUser *user) CXX11_OVERRIDE
@@ -323,17 +365,20 @@ public:
 		std::string* cc = ldapVhost.get(user);
 		if (cc)
 		{
-			user->ChangeDisplayedHost(cc->c_str());
+			user->ChangeDisplayedHost(*cc);
 			ldapVhost.unset(user);
 		}
 	}
 
 	ModResult OnUserRegister(LocalUser* user) CXX11_OVERRIDE
 	{
-		if ((!allowpattern.empty()) && (InspIRCd::Match(user->nick,allowpattern)))
+		for (std::vector<std::string>::const_iterator i = allowpatterns.begin(); i != allowpatterns.end(); ++i)
 		{
-			ldapAuthed.set(user,1);
-			return MOD_RES_PASSTHRU;
+			if (InspIRCd::Match(user->nick, *i))
+			{
+				ldapAuthed.set(user,1);
+				return MOD_RES_PASSTHRU;
+			}
 		}
 
 		for (std::vector<std::string>::iterator i = whitelistedcidrs.begin(); i != whitelistedcidrs.end(); i++)
@@ -363,10 +408,8 @@ public:
 
 		try
 		{
-			LDAP->BindAsManager(NULL);
-
 			std::string what = attribute + "=" + (useusername ? user->ident : user->nick);
-			LDAP->Search(new SearchInterface(this, LDAP.GetProvider(), user->uuid), base, what);
+			LDAP->BindAsManager(new AdminBindInterface(this, LDAP.GetProvider(), user->uuid, base, what));
 		}
 		catch (LDAPException &ex)
 		{