X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fextra%2Fm_ldapoper.cpp;h=79ac13dd56b1a4d223675702b6537e8fe23eedbf;hb=4ab1c43c1eee708fc50a4808f714a731891b75e8;hp=69131f7bc4005807fb4120d388d4b98e6a42f580;hpb=c2549b040243e0fcaac0ec2e6d461980cda7f5f4;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/extra/m_ldapoper.cpp b/src/modules/extra/m_ldapoper.cpp index 69131f7bc..79ac13dd5 100644 --- a/src/modules/extra/m_ldapoper.cpp +++ b/src/modules/extra/m_ldapoper.cpp @@ -66,25 +66,52 @@ class ModuleLDAPAuth : public Module std::string ldapserver; std::string username; std::string password; + std::string attribute; int searchscope; LDAP *conn; + bool HandleOper(LocalUser* user, const std::string& opername, const std::string& inputpass) + { + OperIndex::iterator it = ServerInstance->Config->oper_blocks.find(opername); + if (it == ServerInstance->Config->oper_blocks.end()) + return false; + + ConfigTag* tag = it->second->oper_block; + if (!tag) + return false; + + std::string acceptedhosts = tag->getString("host"); + std::string hostname = user->ident + "@" + user->host; + if (!InspIRCd::MatchMask(acceptedhosts, hostname, user->GetIPString())) + return false; + + if (!LookupOper(opername, inputpass)) + return false; + + user->Oper(it->second); + return true; + } + public: - void init() + ModuleLDAPAuth() + : conn(NULL) + { + } + + void init() CXX11_OVERRIDE { - conn = NULL; - Implementation eventlist[] = { I_OnRehash, I_OnPassCompare }; + Implementation eventlist[] = { I_OnRehash, I_OnPreCommand }; ServerInstance->Modules->Attach(eventlist, this, sizeof(eventlist)/sizeof(Implementation)); OnRehash(NULL); } - virtual ~ModuleLDAPAuth() + ~ModuleLDAPAuth() { if (conn) ldap_unbind_ext(conn, NULL, NULL); } - virtual void OnRehash(User* user) + void OnRehash(User* user) CXX11_OVERRIDE { ConfigTag* tag = ServerInstance->Config->ConfValue("ldapoper"); @@ -93,6 +120,7 @@ public: std::string scope = tag->getString("searchscope"); username = tag->getString("binddn"); password = tag->getString("bindauth"); + attribute = tag->getString("attribute"); if (scope == "base") searchscope = LDAP_SCOPE_BASE; @@ -125,21 +153,17 @@ public: return true; } - virtual ModResult OnPassCompare(Extensible* ex, const std::string &data, const std::string &input, const std::string &hashtype) + ModResult OnPreCommand(std::string& command, std::vector& parameters, LocalUser* user, bool validated, const std::string& original_line) CXX11_OVERRIDE { - if (hashtype == "ldap") + if (validated && command == "OPER" && parameters.size() >= 2) { - if (LookupOper(data, input)) - /* This is an ldap oper and has been found, claim the OPER command */ - return MOD_RES_ALLOW; - else + if (HandleOper(user, parameters[0], parameters[1])) return MOD_RES_DENY; } - /* We don't know this oper! */ return MOD_RES_PASSTHRU; } - bool LookupOper(const std::string &what, const std::string &opassword) + bool LookupOper(const std::string& opername, const std::string& opassword) { if (conn == NULL) if (!Connect()) @@ -173,6 +197,7 @@ public: free(authpass); LDAPMessage *msg, *entry; + std::string what = attribute + "=" + opername; if ((res = ldap_search_ext_s(conn, base.c_str(), searchscope, what.c_str(), NULL, 0, NULL, NULL, NULL, 0, &msg)) != LDAP_SUCCESS) { return false; @@ -205,7 +230,7 @@ public: } } - virtual Version GetVersion() + Version GetVersion() CXX11_OVERRIDE { return Version("Adds the ability to authenticate opers via LDAP", VF_VENDOR); }