X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_ldapauth.cpp;h=8d4b956e71390277d01bfb3c7edf15206acc330f;hb=b4a174ee9c32d62ea6bf010e837e8c5b1c3d36a3;hp=b77193e9d202148c7a022b94fef932fa8e744625;hpb=a4f222ee1b05e2fdb2744c1694f9140f8099b009;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/m_ldapauth.cpp b/src/modules/m_ldapauth.cpp index b77193e9d..8d4b956e7 100644 --- a/src/modules/m_ldapauth.cpp +++ b/src/modules/m_ldapauth.cpp @@ -1,14 +1,12 @@ /* * InspIRCd -- Internet Relay Chat Daemon * - * Copyright (C) 2013 Adam - * Copyright (C) 2011 Pierre Carrier - * Copyright (C) 2009-2010 Robin Burchell - * Copyright (C) 2009 Daniel De Graaf - * Copyright (C) 2008 Pippijn van Steenhoven - * Copyright (C) 2008 Craig Edwards - * Copyright (C) 2008 Dennis Friis - * Copyright (C) 2007 Carsten Valdemar Munk + * Copyright (C) 2020 Joel Sing + * Copyright (C) 2019 Sadie Powell + * Copyright (C) 2019 Robby + * Copyright (C) 2014-2015 Attila Molnar + * Copyright (C) 2014 Thiago Crepaldi + * Copyright (C) 2013-2014, 2017 Adam * * This file is part of InspIRCd. InspIRCd is free software: you can * redistribute it and/or modify it under the terms of the GNU General Public @@ -64,7 +62,7 @@ class BindInterface : public LDAPInterface while (i < text.length() - 1 && isalpha(text[i + 1])) ++i; - std::string key = text.substr(start, (i - start) + 1); + std::string key(text, start, (i - start) + 1); result.append(replacements[key]); } else @@ -90,8 +88,8 @@ class BindInterface : public LDAPInterface if (pos == std::string::npos) // malformed continue; - std::string key = dnPart.substr(0, pos); - std::string value = dnPart.substr(pos + 1, dnPart.length() - pos + 1); // +1s to skip the = itself + std::string key(dnPart, 0, pos); + std::string value(dnPart, pos + 1, dnPart.length() - pos + 1); // +1s to skip the = itself dnParts[key] = value; } @@ -121,6 +119,9 @@ class BindInterface : public LDAPInterface if (!checkingAttributes && requiredattributes.empty()) { + if (verbose) + ServerInstance->SNO->WriteToSnoMask('c', "Successful connection from %s (dn=%s)", user->GetFullRealHost().c_str(), DN.c_str()); + // We're done, there are no attributes to check SetVHost(user, DN); authed->set(user, 1); @@ -137,6 +138,9 @@ class BindInterface : public LDAPInterface // Only one has to pass passed = true; + if (verbose) + ServerInstance->SNO->WriteToSnoMask('c', "Successful connection from %s (dn=%s)", user->GetFullRealHost().c_str(), DN.c_str()); + SetVHost(user, DN); authed->set(user, 1); } @@ -174,7 +178,7 @@ class BindInterface : public LDAPInterface if (!attrCount) { if (verbose) - ServerInstance->SNO->WriteToSnoMask('c', "Forbidden connection from %s (unable to validate attributes)", user->GetFullRealHost().c_str()); + ServerInstance->SNO->WriteToSnoMask('c', "Forbidden connection from %s (dn=%s) (unable to validate attributes)", user->GetFullRealHost().c_str(), DN.c_str()); ServerInstance->Users->QuitUser(user, killreason); delete this; } @@ -216,7 +220,7 @@ class SearchInterface : public LDAPInterface void OnResult(const LDAPResult& r) CXX11_OVERRIDE { - LocalUser* user = static_cast(ServerInstance->FindUUID(uid)); + LocalUser* user = IS_LOCAL(ServerInstance->FindUUID(uid)); dynamic_reference LDAP(me, provider); if (!LDAP || r.empty() || !user) { @@ -232,8 +236,7 @@ class SearchInterface : public LDAPInterface std::string bindDn = a.get("dn"); if (bindDn.empty()) { - if (user) - ServerInstance->Users->QuitUser(user, killreason); + ServerInstance->Users->QuitUser(user, killreason); delete this; return; } @@ -308,8 +311,8 @@ class ModuleLDAPAuth : public Module public: ModuleLDAPAuth() : LDAP(this, "LDAP") - , ldapAuthed("ldapauth", this) - , ldapVhost("ldapauth_vhost", this) + , ldapAuthed("ldapauth", ExtensionItem::EXT_USER, this) + , ldapVhost("ldapauth_vhost", ExtensionItem::EXT_USER, this) { me = this; authed = &ldapAuthed; @@ -322,13 +325,13 @@ public: whitelistedcidrs.clear(); requiredattributes.clear(); - base = tag->getString("baserdn"); + base = tag->getString("baserdn"); attribute = tag->getString("attribute"); killreason = tag->getString("killreason"); vhost = tag->getString("host"); // Set to true if failed connects should be reported to operators verbose = tag->getBool("verbose"); - useusername = tag->getBool("userfield"); + useusername = tag->getBool("useusername", tag->getBool("userfield")); LDAP.SetProvider("LDAP/" + tag->getString("dbid")); @@ -394,7 +397,7 @@ public: if (user->password.empty()) { if (verbose) - ServerInstance->SNO->WriteToSnoMask('c', "Forbidden connection from %s (No password provided)", user->GetFullRealHost().c_str()); + ServerInstance->SNO->WriteToSnoMask('c', "Forbidden connection from %s (no password provided)", user->GetFullRealHost().c_str()); ServerInstance->Users->QuitUser(user, killreason); return MOD_RES_DENY; } @@ -402,14 +405,27 @@ public: if (!LDAP) { if (verbose) - ServerInstance->SNO->WriteToSnoMask('c', "Forbidden connection from %s (Unable to find LDAP provider)", user->GetFullRealHost().c_str()); + ServerInstance->SNO->WriteToSnoMask('c', "Forbidden connection from %s (unable to find LDAP provider)", user->GetFullRealHost().c_str()); ServerInstance->Users->QuitUser(user, killreason); return MOD_RES_DENY; } + std::string what; + std::string::size_type pos = user->password.find(':'); + if (pos != std::string::npos) + { + what = attribute + "=" + user->password.substr(0, pos); + + // Trim the user: prefix, leaving just 'pass' for later password check + user->password = user->password.substr(pos + 1); + } + else + { + what = attribute + "=" + (useusername ? user->ident : user->nick); + } + try { - std::string what = attribute + "=" + (useusername ? user->ident : user->nick); LDAP->BindAsManager(new AdminBindInterface(this, LDAP.GetProvider(), user->uuid, base, what)); } catch (LDAPException &ex) @@ -428,7 +444,7 @@ public: Version GetVersion() CXX11_OVERRIDE { - return Version("Allow/Deny connections based upon answer from LDAP server", VF_VENDOR); + return Version("Allows connecting users to be authenticated against an LDAP database.", VF_VENDOR); } };