X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_ldapoper.cpp;h=4304ad8d5bf4caed4b61f359f37c72d606a5839b;hb=e2b0f3dc9ef4d56c71d7abda13e6139ca092e387;hp=cb81e7e189991301230ef6d6176ea7f529e8f639;hpb=dbbd3339564b774e5f136657dbc4da565149b852;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/m_ldapoper.cpp b/src/modules/m_ldapoper.cpp index cb81e7e18..4304ad8d5 100644 --- a/src/modules/m_ldapoper.cpp +++ b/src/modules/m_ldapoper.cpp @@ -1,11 +1,10 @@ /* * InspIRCd -- Internet Relay Chat Daemon * - * Copyright (C) 2013 Adam - * Copyright (C) 2009 Robin Burchell - * Copyright (C) 2008 Pippijn van Steenhoven - * Copyright (C) 2008 Craig Edwards - * Copyright (C) 2007 Carsten Valdemar Munk + * Copyright (C) 2020 Christos Triantafyllidis + * Copyright (C) 2018-2020 Sadie Powell + * Copyright (C) 2014, 2018 Attila Molnar + * Copyright (C) 2013-2014 Adam * * This file is part of InspIRCd. InspIRCd is free software: you can * redistribute it and/or modify it under the terms of the GNU General Public @@ -41,14 +40,15 @@ class LDAPOperBase : public LDAPInterface if (!user) return; - Command* oper_command = ServerInstance->Parser->GetHandler("OPER"); + Command* oper_command = ServerInstance->Parser.GetHandler("OPER"); if (!oper_command) return; - std::vector params; + CommandBase::Params params; params.push_back(opername); params.push_back(password); - oper_command->Handle(params, user); + ClientProtocol::TagMap tags; + oper_command->Handle(user, CommandBase::Params(params, tags)); } void Fallback() @@ -83,7 +83,7 @@ class BindInterface : public LDAPOperBase void OnResult(const LDAPResult& r) CXX11_OVERRIDE { User* user = ServerInstance->FindUUID(uid); - OperIndex::iterator iter = ServerInstance->Config->oper_blocks.find(opername); + ServerConfig::OperIndex::const_iterator iter = ServerInstance->Config->oper_blocks.find(opername); if (!user || iter == ServerInstance->Config->oper_blocks.end()) { @@ -126,8 +126,8 @@ class SearchInterface : public LDAPOperBase } public: - SearchInterface(Module* mod, const std::string& prov, User* user, const std::string& oper, const std::string& pass) - : LDAPOperBase(mod, user->uuid, oper, pass) + SearchInterface(Module* mod, const std::string& prov, const std::string &uuid, const std::string& oper, const std::string& pass) + : LDAPOperBase(mod, uuid, oper, pass) , provider(prov) { } @@ -140,14 +140,59 @@ class SearchInterface : public LDAPOperBase } }; -class ModuleLDAPAuth : public Module +class AdminBindInterface : public LDAPInterface +{ + const std::string provider; + const std::string user; + const std::string opername; + const std::string password; + const std::string base; + const std::string what; + + public: + AdminBindInterface(Module* c, const std::string& p, const std::string& u, const std::string& o, const std::string& pa, const std::string& b, const std::string& w) + : LDAPInterface(c) + , provider(p) + , user(u) + , opername(o) + , password(pa) + , base(b) + , what(w) + { + } + + void OnResult(const LDAPResult& r) CXX11_OVERRIDE + { + dynamic_reference LDAP(me, provider); + if (LDAP) + { + try + { + LDAP->Search(new SearchInterface(this->creator, provider, user, opername, password), base, what); + } + catch (LDAPException& ex) + { + ServerInstance->SNO->WriteToSnoMask('a', "Error searching LDAP server: " + ex.GetReason()); + } + } + delete this; + } + + void OnError(const LDAPResult& err) CXX11_OVERRIDE + { + ServerInstance->SNO->WriteToSnoMask('a', "Error binding as manager to LDAP server: " + err.getError()); + delete this; + } +}; + +class ModuleLDAPOper : public Module { dynamic_reference LDAP; std::string base; std::string attribute; public: - ModuleLDAPAuth() + ModuleLDAPOper() : LDAP(this, "LDAP") { me = this; @@ -162,14 +207,14 @@ class ModuleLDAPAuth : public Module attribute = tag->getString("attribute"); } - ModResult OnPreCommand(std::string& command, std::vector& parameters, LocalUser* user, bool validated, const std::string& original_line) CXX11_OVERRIDE + ModResult OnPreCommand(std::string& command, CommandBase::Params& parameters, LocalUser* user, bool validated) CXX11_OVERRIDE { if (validated && command == "OPER" && parameters.size() >= 2) { const std::string& opername = parameters[0]; const std::string& password = parameters[1]; - OperIndex::iterator it = ServerInstance->Config->oper_blocks.find(opername); + ServerConfig::OperIndex::const_iterator it = ServerInstance->Config->oper_blocks.find(opername); if (it == ServerInstance->Config->oper_blocks.end()) return MOD_RES_PASSTHRU; @@ -178,8 +223,7 @@ class ModuleLDAPAuth : public Module return MOD_RES_PASSTHRU; std::string acceptedhosts = tag->getString("host"); - std::string hostname = user->ident + "@" + user->host; - if (!InspIRCd::MatchMask(acceptedhosts, hostname, user->GetIPString())) + if (!InspIRCd::MatchMask(acceptedhosts, user->MakeHost(), user->MakeHostIP())) return MOD_RES_PASSTHRU; if (!LDAP) @@ -187,12 +231,8 @@ class ModuleLDAPAuth : public Module try { - // First, bind as the manager so the following search will go through - LDAP->BindAsManager(NULL); - - // Fire off the search std::string what = attribute + "=" + opername; - LDAP->Search(new SearchInterface(this, LDAP.GetProvider(), user, opername, password), base, what); + LDAP->BindAsManager(new AdminBindInterface(this, LDAP.GetProvider(), user->uuid, opername, password, base, what)); return MOD_RES_DENY; } catch (LDAPException& ex) @@ -206,8 +246,8 @@ class ModuleLDAPAuth : public Module Version GetVersion() CXX11_OVERRIDE { - return Version("Adds the ability to authenticate opers via LDAP", VF_VENDOR); + return Version("Allows server operators to be authenticated against an LDAP database.", VF_VENDOR); } }; -MODULE_INIT(ModuleLDAPAuth) +MODULE_INIT(ModuleLDAPOper)