X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_ldapauth.cpp;h=e89ce494981c02ff69fa3296536ec469e57f08f7;hb=0e5fb98a6b82af738f6d5c3093d9597d470be3a6;hp=9356b2dd1da7257628290d27d5f03b032acb2fae;hpb=dbbd3339564b774e5f136657dbc4da565149b852;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/m_ldapauth.cpp b/src/modules/m_ldapauth.cpp index 9356b2dd1..e89ce4949 100644 --- a/src/modules/m_ldapauth.cpp +++ b/src/modules/m_ldapauth.cpp @@ -232,8 +232,7 @@ class SearchInterface : public LDAPInterface std::string bindDn = a.get("dn"); if (bindDn.empty()) { - if (user) - ServerInstance->Users->QuitUser(user, killreason); + ServerInstance->Users->QuitUser(user, killreason); delete this; return; } @@ -257,6 +256,43 @@ class SearchInterface : public LDAPInterface } }; +class AdminBindInterface : public LDAPInterface +{ + const std::string provider; + const std::string uuid; + const std::string base; + const std::string what; + + public: + AdminBindInterface(Module* c, const std::string& p, const std::string& u, const std::string& b, const std::string& w) + : LDAPInterface(c), provider(p), uuid(u), base(b), what(w) + { + } + + void OnResult(const LDAPResult& r) CXX11_OVERRIDE + { + dynamic_reference LDAP(me, provider); + if (LDAP) + { + try + { + LDAP->Search(new SearchInterface(this->creator, provider, uuid), base, what); + } + catch (LDAPException& ex) + { + ServerInstance->SNO->WriteToSnoMask('a', "Error searching LDAP server: " + ex.GetReason()); + } + } + delete this; + } + + void OnError(const LDAPResult& err) CXX11_OVERRIDE + { + ServerInstance->SNO->WriteToSnoMask('a', "Error binding as manager to LDAP server: " + err.getError()); + delete this; + } +}; + class ModuleLDAPAuth : public Module { dynamic_reference LDAP; @@ -264,7 +300,7 @@ class ModuleLDAPAuth : public Module LocalStringExt ldapVhost; std::string base; std::string attribute; - std::string allowpattern; + std::vector allowpatterns; std::vector whitelistedcidrs; bool useusername; @@ -287,7 +323,6 @@ public: base = tag->getString("baserdn"); attribute = tag->getString("attribute"); - allowpattern = tag->getString("allowpattern"); killreason = tag->getString("killreason"); vhost = tag->getString("host"); // Set to true if failed connects should be reported to operators @@ -316,6 +351,13 @@ public: if (!attr.empty() && !val.empty()) requiredattributes.push_back(make_pair(attr, val)); } + + std::string allowpattern = tag->getString("allowpattern"); + irc::spacesepstream ss(allowpattern); + for (std::string more; ss.GetToken(more); ) + { + allowpatterns.push_back(more); + } } void OnUserConnect(LocalUser *user) CXX11_OVERRIDE @@ -323,17 +365,20 @@ public: std::string* cc = ldapVhost.get(user); if (cc) { - user->ChangeDisplayedHost(cc->c_str()); + user->ChangeDisplayedHost(*cc); ldapVhost.unset(user); } } ModResult OnUserRegister(LocalUser* user) CXX11_OVERRIDE { - if ((!allowpattern.empty()) && (InspIRCd::Match(user->nick,allowpattern))) + for (std::vector::const_iterator i = allowpatterns.begin(); i != allowpatterns.end(); ++i) { - ldapAuthed.set(user,1); - return MOD_RES_PASSTHRU; + if (InspIRCd::Match(user->nick, *i)) + { + ldapAuthed.set(user,1); + return MOD_RES_PASSTHRU; + } } for (std::vector::iterator i = whitelistedcidrs.begin(); i != whitelistedcidrs.end(); i++) @@ -363,10 +408,8 @@ public: try { - LDAP->BindAsManager(NULL); - std::string what = attribute + "=" + (useusername ? user->ident : user->nick); - LDAP->Search(new SearchInterface(this, LDAP.GetProvider(), user->uuid), base, what); + LDAP->BindAsManager(new AdminBindInterface(this, LDAP.GetProvider(), user->uuid, base, what)); } catch (LDAPException &ex) {