X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_ldapauth.cpp;h=8d4b956e71390277d01bfb3c7edf15206acc330f;hb=b4a174ee9c32d62ea6bf010e837e8c5b1c3d36a3;hp=7da63284a47a430074d1607f4add6728dc633090;hpb=5267fb9d362aeb326c9e64f7171c957f76776f90;p=user%2Fhenk%2Fcode%2Finspircd.git

diff --git a/src/modules/m_ldapauth.cpp b/src/modules/m_ldapauth.cpp
index 7da63284a..8d4b956e7 100644
--- a/src/modules/m_ldapauth.cpp
+++ b/src/modules/m_ldapauth.cpp
@@ -1,14 +1,12 @@
 /*
  * InspIRCd -- Internet Relay Chat Daemon
  *
- *   Copyright (C) 2013 Adam <Adam@anope.org>
- *   Copyright (C) 2011 Pierre Carrier <pierre@spotify.com>
- *   Copyright (C) 2009-2010 Robin Burchell <robin+git@viroteck.net>
- *   Copyright (C) 2009 Daniel De Graaf <danieldg@inspircd.org>
- *   Copyright (C) 2008 Pippijn van Steenhoven <pip88nl@gmail.com>
- *   Copyright (C) 2008 Craig Edwards <craigedwards@brainbox.cc>
- *   Copyright (C) 2008 Dennis Friis <peavey@inspircd.org>
- *   Copyright (C) 2007 Carsten Valdemar Munk <carsten.munk+inspircd@gmail.com>
+ *   Copyright (C) 2020 Joel Sing <joel@sing.id.au>
+ *   Copyright (C) 2019 Sadie Powell <sadie@witchery.services>
+ *   Copyright (C) 2019 Robby <robby@chatbelgie.be>
+ *   Copyright (C) 2014-2015 Attila Molnar <attilamolnar@hush.com>
+ *   Copyright (C) 2014 Thiago Crepaldi <thiago@thiagocrepaldi.com>
+ *   Copyright (C) 2013-2014, 2017 Adam <Adam@anope.org>
  *
  * This file is part of InspIRCd.  InspIRCd is free software: you can
  * redistribute it and/or modify it under the terms of the GNU General Public
@@ -121,6 +119,9 @@ class BindInterface : public LDAPInterface
 
 		if (!checkingAttributes && requiredattributes.empty())
 		{
+			if (verbose)
+				ServerInstance->SNO->WriteToSnoMask('c', "Successful connection from %s (dn=%s)", user->GetFullRealHost().c_str(), DN.c_str());
+
 			// We're done, there are no attributes to check
 			SetVHost(user, DN);
 			authed->set(user, 1);
@@ -137,6 +138,9 @@ class BindInterface : public LDAPInterface
 				// Only one has to pass
 				passed = true;
 
+				if (verbose)
+					ServerInstance->SNO->WriteToSnoMask('c', "Successful connection from %s (dn=%s)", user->GetFullRealHost().c_str(), DN.c_str());
+
 				SetVHost(user, DN);
 				authed->set(user, 1);
 			}
@@ -174,7 +178,7 @@ class BindInterface : public LDAPInterface
 		if (!attrCount)
 		{
 			if (verbose)
-				ServerInstance->SNO->WriteToSnoMask('c', "Forbidden connection from %s (unable to validate attributes)", user->GetFullRealHost().c_str());
+				ServerInstance->SNO->WriteToSnoMask('c', "Forbidden connection from %s (dn=%s) (unable to validate attributes)", user->GetFullRealHost().c_str(), DN.c_str());
 			ServerInstance->Users->QuitUser(user, killreason);
 			delete this;
 		}
@@ -216,7 +220,7 @@ class SearchInterface : public LDAPInterface
 
 	void OnResult(const LDAPResult& r) CXX11_OVERRIDE
 	{
-		LocalUser* user = static_cast<LocalUser*>(ServerInstance->FindUUID(uid));
+		LocalUser* user = IS_LOCAL(ServerInstance->FindUUID(uid));
 		dynamic_reference<LDAPProvider> LDAP(me, provider);
 		if (!LDAP || r.empty() || !user)
 		{
@@ -321,13 +325,13 @@ public:
 		whitelistedcidrs.clear();
 		requiredattributes.clear();
 
-		base 			= tag->getString("baserdn");
+		base			= tag->getString("baserdn");
 		attribute		= tag->getString("attribute");
 		killreason		= tag->getString("killreason");
 		vhost			= tag->getString("host");
 		// Set to true if failed connects should be reported to operators
 		verbose			= tag->getBool("verbose");
-		useusername		= tag->getBool("userfield");
+		useusername		= tag->getBool("useusername", tag->getBool("userfield"));
 
 		LDAP.SetProvider("LDAP/" + tag->getString("dbid"));
 
@@ -393,7 +397,7 @@ public:
 		if (user->password.empty())
 		{
 			if (verbose)
-				ServerInstance->SNO->WriteToSnoMask('c', "Forbidden connection from %s (No password provided)", user->GetFullRealHost().c_str());
+				ServerInstance->SNO->WriteToSnoMask('c', "Forbidden connection from %s (no password provided)", user->GetFullRealHost().c_str());
 			ServerInstance->Users->QuitUser(user, killreason);
 			return MOD_RES_DENY;
 		}
@@ -401,14 +405,27 @@ public:
 		if (!LDAP)
 		{
 			if (verbose)
-				ServerInstance->SNO->WriteToSnoMask('c', "Forbidden connection from %s (Unable to find LDAP provider)", user->GetFullRealHost().c_str());
+				ServerInstance->SNO->WriteToSnoMask('c', "Forbidden connection from %s (unable to find LDAP provider)", user->GetFullRealHost().c_str());
 			ServerInstance->Users->QuitUser(user, killreason);
 			return MOD_RES_DENY;
 		}
 
+		std::string what;
+		std::string::size_type pos = user->password.find(':');
+		if (pos != std::string::npos)
+		{
+			what = attribute + "=" + user->password.substr(0, pos);
+
+			// Trim the user: prefix, leaving just 'pass' for later password check
+			user->password = user->password.substr(pos + 1);
+		}
+		else
+		{
+			what = attribute + "=" + (useusername ? user->ident : user->nick);
+		}
+
 		try
 		{
-			std::string what = attribute + "=" + (useusername ? user->ident : user->nick);
 			LDAP->BindAsManager(new AdminBindInterface(this, LDAP.GetProvider(), user->uuid, base, what));
 		}
 		catch (LDAPException &ex)
@@ -427,7 +444,7 @@ public:
 
 	Version GetVersion() CXX11_OVERRIDE
 	{
-		return Version("Allow/Deny connections based upon answer from LDAP server", VF_VENDOR);
+		return Version("Allows connecting users to be authenticated against an LDAP database.", VF_VENDOR);
 	}
 };