X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fextra%2Fm_ldapauth.cpp;h=94c0df469386416028ab87f299dab45ebccb6b13;hb=24731c63b6320be22f7b3220236271fa7476b975;hp=de9dc3c6ca9dd0b9e7c4fed9b75bf9286592a54f;hpb=6fb9db23fb74c2b172fd628191cc3bcb7b22de55;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/extra/m_ldapauth.cpp b/src/modules/extra/m_ldapauth.cpp index de9dc3c6c..94c0df469 100644 --- a/src/modules/extra/m_ldapauth.cpp +++ b/src/modules/extra/m_ldapauth.cpp @@ -2,8 +2,8 @@ * | Inspire Internet Relay Chat Daemon | * +------------------------------------+ * - * InspIRCd: (C) 2002-2008 InspIRCd Development Team - * See: http://www.inspircd.org/wiki/index.php/Credits + * InspIRCd: (C) 2002-2009 InspIRCd Development Team + * See: http://wiki.inspircd.org/Credits * * This program is free but copyrighted software; see * the file COPYING for details. @@ -13,7 +13,7 @@ * Taken from the UnrealIRCd 4.0 SVN version, based on * InspIRCd 1.1.x. * - * UnrealIRCd 4.0 (C) 2007 Carsten Valdemar Munk + * UnrealIRCd 4.0 (C) 2007 Carsten Valdemar Munk * This program is free but copyrighted software; see * the file COPYING for details. * @@ -44,15 +44,15 @@ class ModuleLDAPAuth : public Module bool verbose; bool useusername; LDAP *conn; - + public: ModuleLDAPAuth(InspIRCd* Me) - : Module::Module(Me) + : Module(Me) { conn = NULL; Implementation eventlist[] = { I_OnUserDisconnect, I_OnCheckReady, I_OnRehash, I_OnUserRegister }; ServerInstance->Modules->Attach(eventlist, this, 4); - OnRehash(NULL,""); + OnRehash(NULL); } virtual ~ModuleLDAPAuth() @@ -61,12 +61,12 @@ public: ldap_unbind_ext(conn, NULL, NULL); } - virtual void OnRehash(User* user, const std::string ¶meter) + virtual void OnRehash(User* user) { ConfigReader Conf(ServerInstance); - + base = Conf.ReadValue("ldapauth", "baserdn", 0); - attribute = Conf.ReadValue("ldapauth", "attribute", 0); + attribute = Conf.ReadValue("ldapauth", "attribute", 0); ldapserver = Conf.ReadValue("ldapauth", "server", 0); allowpattern = Conf.ReadValue("ldapauth", "allowpattern", 0); killreason = Conf.ReadValue("ldapauth", "killreason", 0); @@ -75,13 +75,13 @@ public: password = Conf.ReadValue("ldapauth", "bindauth", 0); verbose = Conf.ReadFlag("ldapauth", "verbose", 0); /* Set to true if failed connects should be reported to operators */ useusername = Conf.ReadFlag("ldapauth", "userfield", 0); - + if (scope == "base") searchscope = LDAP_SCOPE_BASE; else if (scope == "onelevel") searchscope = LDAP_SCOPE_ONELEVEL; else searchscope = LDAP_SCOPE_SUBTREE; - + Connect(); } @@ -94,16 +94,16 @@ public: if (res != LDAP_SUCCESS) { if (verbose) - ServerInstance->SNO->WriteToSnoMask('A', "LDAP connection failed: %s", ldap_err2string(res)); + ServerInstance->SNO->WriteToSnoMask('c', "LDAP connection failed: %s", ldap_err2string(res)); conn = NULL; - return false; + return false; } - + res = ldap_set_option(conn, LDAP_OPT_PROTOCOL_VERSION, (void *)&v); if (res != LDAP_SUCCESS) { if (verbose) - ServerInstance->SNO->WriteToSnoMask('A', "LDAP set protocol to v3 failed: %s", ldap_err2string(res)); + ServerInstance->SNO->WriteToSnoMask('c', "LDAP set protocol to v3 failed: %s", ldap_err2string(res)); ldap_unbind_ext(conn, NULL, NULL); conn = NULL; return false; @@ -113,7 +113,7 @@ public: virtual int OnUserRegister(User* user) { - if ((!allowpattern.empty()) && (ServerInstance->MatchText(user->nick,allowpattern))) + if ((!allowpattern.empty()) && (InspIRCd::Match(user->nick,allowpattern))) { user->Extend("ldapauthed"); return 0; @@ -121,7 +121,7 @@ public: if (!CheckCredentials(user)) { - User::QuitUser(ServerInstance,user,killreason); + ServerInstance->Users->QuitUser(user, killreason); return 1; } return 0; @@ -142,12 +142,24 @@ public: if ((res = ldap_sasl_bind_s(conn, username.c_str(), LDAP_SASL_SIMPLE, &cred, NULL, NULL, NULL)) != LDAP_SUCCESS) { - free(authpass); - if (verbose) - ServerInstance->SNO->WriteToSnoMask('A', "Forbidden connection from %s!%s@%s (LDAP bind failed: %s)", user->nick, user->ident, user->host, ldap_err2string(res)); - ldap_unbind_ext(conn, NULL, NULL); - conn = NULL; - return false; + if (res == LDAP_SERVER_DOWN) + { + // Attempt to reconnect if the connection dropped + if (verbose) + ServerInstance->SNO->WriteToSnoMask('a', "LDAP server has gone away - reconnecting..."); + Connect(); + res = ldap_sasl_bind_s(conn, username.c_str(), LDAP_SASL_SIMPLE, &cred, NULL, NULL, NULL); + } + + if (res != LDAP_SUCCESS) + { + if (verbose) + ServerInstance->SNO->WriteToSnoMask('c', "Forbidden connection from %s!%s@%s (LDAP bind failed: %s)", user->nick.c_str(), user->ident.c_str(), user->host.c_str(), ldap_err2string(res)); + free(authpass); + ldap_unbind_ext(conn, NULL, NULL); + conn = NULL; + return false; + } } free(authpass); @@ -156,25 +168,32 @@ public: if ((res = ldap_search_ext_s(conn, base.c_str(), searchscope, what.c_str(), NULL, 0, NULL, NULL, NULL, 0, &msg)) != LDAP_SUCCESS) { if (verbose) - ServerInstance->SNO->WriteToSnoMask('A', "Forbidden connection from %s!%s@%s (LDAP search failed: %s)", user->nick, user->ident, user->host, ldap_err2string(res)); + ServerInstance->SNO->WriteToSnoMask('c', "Forbidden connection from %s!%s@%s (LDAP search failed: %s)", user->nick.c_str(), user->ident.c_str(), user->host.c_str(), ldap_err2string(res)); return false; } if (ldap_count_entries(conn, msg) > 1) { if (verbose) - ServerInstance->SNO->WriteToSnoMask('A', "Forbidden connection from %s!%s@%s (LDAP search returned more than one result: %s)", user->nick, user->ident, user->host, ldap_err2string(res)); + ServerInstance->SNO->WriteToSnoMask('c', "Forbidden connection from %s!%s@%s (LDAP search returned more than one result: %s)", user->nick.c_str(), user->ident.c_str(), user->host.c_str(), ldap_err2string(res)); ldap_msgfree(msg); return false; } if ((entry = ldap_first_entry(conn, msg)) == NULL) { if (verbose) - ServerInstance->SNO->WriteToSnoMask('A', "Forbidden connection from %s!%s@%s (LDAP search returned no results: %s)", user->nick, user->ident, user->host, ldap_err2string(res)); + ServerInstance->SNO->WriteToSnoMask('c', "Forbidden connection from %s!%s@%s (LDAP search returned no results: %s)", user->nick.c_str(), user->ident.c_str(), user->host.c_str(), ldap_err2string(res)); ldap_msgfree(msg); return false; } - cred.bv_val = user->password; - cred.bv_len = strlen(user->password); + if (user->password.empty()) + { + if (verbose) + ServerInstance->SNO->WriteToSnoMask('c', "Forbidden connection from %s!%s@%s (No password provided)", user->nick.c_str(), user->ident.c_str(), user->host.c_str()); + user->Extend("ldapauth_failed"); + return false; + } + cred.bv_val = (char*)user->password.data(); + cred.bv_len = user->password.length(); if ((res = ldap_sasl_bind_s(conn, ldap_get_dn(conn, entry), LDAP_SASL_SIMPLE, &cred, NULL, NULL, NULL)) == LDAP_SUCCESS) { ldap_msgfree(msg); @@ -184,20 +203,20 @@ public: else { if (verbose) - ServerInstance->SNO->WriteToSnoMask('A', "Forbidden connection from %s!%s@%s (%s)", user->nick, user->ident, user->host, ldap_err2string(res)); + ServerInstance->SNO->WriteToSnoMask('c', "Forbidden connection from %s!%s@%s (%s)", user->nick.c_str(), user->ident.c_str(), user->host.c_str(), ldap_err2string(res)); ldap_msgfree(msg); user->Extend("ldapauth_failed"); return false; - } + } } - - + + virtual void OnUserDisconnect(User* user) { user->Shrink("ldapauthed"); - user->Shrink("ldapauth_failed"); + user->Shrink("ldapauth_failed"); } - + virtual bool OnCheckReady(User* user) { return user->GetExt("ldapauthed"); @@ -205,9 +224,9 @@ public: virtual Version GetVersion() { - return Version(1,2,0,0,VF_VENDOR,API_VERSION); + return Version("$Id$", VF_VENDOR, API_VERSION); } - + }; MODULE_INIT(ModuleLDAPAuth)