1
0
mirror of https://github.com/anope/anope.git synced 2026-07-04 08:23:12 +02:00

Added LDAP support

This commit is contained in:
Adam
2011-03-04 20:47:58 -05:00
parent d79e22bfaa
commit 90e5d0feaa
11 changed files with 1077 additions and 177 deletions
+241 -128
View File
@@ -596,13 +596,13 @@ log
*/
target = "services.log"
/* Log to both services.log and the channel #services */
//target = "services.log #services"
#target = "services.log #services"
/*
* The source(s) to only accept log messages from. Leave commented to allow all sources.
* This can be a users name, a channel name, one of our clients (eg, OperServ), or a server name.
*/
//source = ""
#source = ""
/*
* The number of days to keep logfiles, only useful if you are logging to a file.
@@ -656,7 +656,7 @@ log
override = "chanserv/* nickserv/* memoserv/set botserv/* ~botserv/set"
commands = "~operserv/* *"
servers = "*"
//channels = "~mode *"
#channels = "~mode *"
users = "connect disconnect nick"
other = "*"
rawio = no
@@ -795,7 +795,7 @@ opertype
oper
{
/* The nickname of this services oper */
//name = "nick1"
#name = "nick1"
/* The opertype this person will have */
type = "Services Root"
@@ -803,13 +803,13 @@ oper
oper
{
//name = "nick2"
#name = "nick2"
type = "Services Administrator"
}
oper
{
//name = "nick3"
#name = "nick3"
type = "Helper"
}
@@ -1769,59 +1769,38 @@ defcon
/*
* [OPTIONAL] Non-Core Modules
*
* The following single-line blocks are used to load all non-core modules, including 3rd-party modules.
* The following blocks are used to load all non-core modules, including 3rd-party modules.
* Modules can be prevented from loading by commenting out the line, other modules can be added by
* adding a module block. These modules will be loaded prior to Services connecting to your network.
*/
module { name = "hs_moo" }
module { name = "ircd_defizzer" }
module { name = "os_ignore" }
/*
* cs_appendtopic
*
* Adds the APPENDTOPIC command to ChanServ, which allows users to easially append text to
* the end of existing channel topics.
*/
module { name = "cs_appendtopic" }
/*
* cs_enforce
*
* Adds the ENFORCE commad to ChanServ, which allows enforcing various channel settings like
* SECUREOPS and RESTRICTED.
*/
module { name = "cs_enforce" }
module { name = "ns_maxemail" }
/*
* [OPTIONAL] Module-Specific Options
* cs_entrymsg
*
* The following blocks are used for options pertaining to modules and are not part of the core.
* Unless otherwise stated, most of the options are optional.
* Allows you to set entry messages on your channel, which are shown to anyone
* who joins.
*/
/*
* m_ssl
*
* This module uses SSL to connect to the uplink server(s)
*/
module { name = "m_ssl" }
/*
* m_mysql
*
* This module allows other modules (db_mysql) to use MySQL.
* Be sure you have imported the table schema with mydbgen before
* trying to use MySQL
*/
#module { name = "m_mysql" }
mysql
module { name = "cs_entrymsg" }
cs_entrymsg
{
database = "anope"
server = "127.0.0.1"
username = "anope"
password = "mypassword"
port = 3306
}
/*
* db_plain
*
* This is the default flatfile database format
*/
db_plain
{
/*
* The database db_plain should use
*/
database = "anope.db"
/* The maximum number of entrymsgs allowed per channel. If not set, defaults to 5. */
maxentries = 5
}
/*
@@ -1851,36 +1830,24 @@ cs_set_misc
desc = "Associate an EMail with the channel"
}
module { name = "ns_set_misc" }
ns_set_misc
{
name = "OINFO"
desc = "Associate oper only information to this nick"
privileged = yes
}
ns_set_misc
{
name = "URL"
desc = "Associate a URL with the nick"
}
ns_set_misc
{
name = "ICQ"
desc = "Associate an ICQ number with the nick"
}
#module { name = "m_helpchan" }
m_helpchan
/*
* db_plain
*
* This is the default flatfile database format
*/
db_plain
{
/*
* For the given channel, every user that has or gets op status of the channel
* will automatically receive the +h user mode.
*
* This directive is optional.
* The database db_plain should use
*/
helpchannel = "#help"
database = "anope.db"
}
/*
* hs_request
*
* Allows users to request vhosts which opers may then view, accept or deny
*/
module { name = "hs_request" }
hs_request
{
@@ -1896,16 +1863,67 @@ hs_request
#memooper = yes
}
ns_maxemail
/*
* m_alias
*
* Allows you to create custom command aliases.
*/
module { name = "m_alias" }
alias
{
/*
* The limit to how many registered nicks can use the same e-mail address. If set to 0 or left
* commented, there will be no limit enforced when registering new accounts or using
* /msg NickServ SET EMAIL.
/* Set to yes to make this alias triggerable by fantasy commands. */
fantasy = no
/* Set to yes to make this alias oper only */
operonly = no
/* Source client and command.
*/
#maxemails = 1
source_client = "NickServ"
source_command = "ID"
/* Target client and command.
*/
target_client = "NickServ"
target_command = "IDENTIFY"
}
/* Provides the !k fantasy command */
alias
{
fantasy = yes
source_command = "K"
target_client = "ChanServ"
target_command = "KICK"
}
/* Provides the !kb fantasy command */
alias
{
fantasy = yes
source_command = "KB"
target_client = "ChanServ"
target_command = "BAN"
}
/*
* m_async_commands
*
* Threads for each command executed by users. You should
* only load this if you are using a module designed to work with this.
*
* If this is loaded with db_mysql_live then Anope will support
* processing multiple commands at once which will negate the "lag"
* issues caused from the overhead of SQL queries by db_mysq_live.
*/
#module { name = "m_async_commands" }
/* m_dnsbl
*
* Allows configurable DNS blacklists to check connecting users against. If a user
* is found on the blacklist they will be immediately banned. This is a crucial module
* to prevent bot attacks.
*/
module { name = "m_dnsbl" }
m_dnsbl
{
@@ -1934,7 +1952,7 @@ blacklist
/* Name of the blacklist */
name = "rbl.efnetrbl.org"
/* How long to set the akill for */
/* How long to set the ban for */
time = 4h
/* Reason for akill.
@@ -1963,6 +1981,94 @@ blacklist
reason = "You have a host listed in the DroneBL. For more information, visit http://dronebl.org/lookup_branded.do?ip=%i&network=%N"
}
/* m_helpchan
*
* Gives users who are op in the specified help channel usermode +h (helpop).
*/
#module { name = "m_helpchan" }
m_helpchan
{
helpchannel = "#help"
}
/*
* m_ldap
*
* This module allows other modules to use LDAP.
*/
#module { name = "m_ldap" }
ldap
{
server = "ldap://127.0.0.1"
port = 389
binddn = "cn=Manager,dc=anope,dc=org"
password = "secret"
}
/*
* m_ldap_oper
*
* This module dynamically ties users to Anope opertypes when they identify
* via LDAP group membership.
*
* Note that this doesn't give the user privileges on the IRCd, only in Services.
*/
#module { name = "m_ldap_oper" }
m_ldap_oper
{
/*
* An optional binddn to use when searching for groups.
* %a is replaced with the account name of the user.
*/
#binddn = "cn=Manager,dc=anope,dc=org"
/*
* An optional password to bind with.
*/
#password = "secret"
/*
* The base DN where the groups are.
*/
basedn = "ou=groups,dc=anope,dc=org"
/*
* The filter to use when searching for users.
* %a is replaced with the account name of the user.
*/
filter = "(member=uid=%a,ou=users,dc=anope,dc=org)"
/*
* The attribute of the group that is the name of the opertype.
* The cn attribute should match a known opertype in the config.
*/
opertype_attribute = "cn"
}
/*
* m_mysql
*
* This module allows other modules (db_mysql/db_mysql_live) to use MySQL.
* Be sure you have imported the table schema with mydbgen before
* trying to use MySQL
*/
#module { name = "m_mysql" }
mysql
{
database = "anope"
server = "127.0.0.1"
username = "anope"
password = "mypassword"
port = 3306
}
/*
* m_ssl
*
* This module uses SSL to connect to the uplink server(s)
*/
module { name = "m_ssl" }
/*
* m_xmlrpc
*
@@ -1997,72 +2103,79 @@ m_xmlrpc
#module { name = "m_xmlrpc_main" }
/*
* m_alias
* ns_identify_ldap
*
* Allows you to create custom command aliases.
* Allows you to use a LDAP server for authentication of users.
*/
module { name = "m_alias" }
alias
#module { name = "ns_identify_ldap" }
ns_identify_ldap
{
/* Set to yes to make this alias triggerable by fantasy commands. */
fantasy = no
/* Set to yes to make this alias oper only */
operonly = no
/* Source client and command.
/*
* The distinguished name we should bind to when a user tries to identify.
*/
source_client = "NickServ"
source_command = "ID"
binddn = "ou=users,dc=anope,dc=org"
/* Target client and command.
/*
* The attribute value used for account names.
*/
target_client = "NickServ"
target_command = "IDENTIFY"
}
username_attribute = "uid"
/* Provides the !k fantasy command */
alias
{
fantasy = yes
source_command = "K"
/*
* The attribute value used for email addresses.
* This directive is optional.
*/
email_attribute = "email"
target_client = "ChanServ"
target_command = "KICK"
/*
* Enable to have this module disable /nickserv register.
*/
disable_ns_register = true
/*
* The reason to give the users who try to /ns register.
*/
disable_reason = "Registration has been disabled."
#disable_reason = "To register on this network visit http://some.misconfigured.site/register"
}
/*
* m_async_commands
* ns_maxemail
*
* Creates a thread for each command executed by a user. You should
* only load this if you are using a module designed to work with this.
*
* If this is loaded with db_mysql_live then Anope will support
* processing multiple commands at once which will help very busy networks
* with lag issues caused from the overhead of SQL queries caused by db_mysq_live.
* Limits how many times the same email address may be used in Anope
* to register accounts.
*/
#module { name = "m_async_commands" }
/* Provides the !kb fantasy command */
alias
module { name = "ns_maxemail" }
ns_maxemail
{
fantasy = yes
source_command = "KB"
target_client = "ChanServ"
target_command = "BAN"
/*
* The limit to how many registered nicks can use the same e-mail address. If set to 0 or left
* commented, there will be no limit enforced when registering new accounts or using
* /msg NickServ SET EMAIL.
*/
#maxemails = 1
}
/*
* cs_entrymsg
* ns_set_misc
*
* Allows you to set entry messages on your channel, which are shown to anyone
* who joins.
* Allows you to create misc /nickserv set commands, and have the data
* show up in /nickserv info
*/
module { name = "cs_entrymsg" }
cs_entrymsg
module { name = "ns_set_misc" }
ns_set_misc
{
/* The maximum number of entrymsgs allowed per channel. If not set, defaults to 5. */
maxentries = 5
name = "OINFO"
desc = "Associate oper only information to this nick"
privileged = yes
}
ns_set_misc
{
name = "URL"
desc = "Associate a URL with the nick"
}
ns_set_misc
{
name = "ICQ"
desc = "Associate an ICQ number with the nick"
}
+2 -3
View File
@@ -63,7 +63,7 @@ class CommandNSIdentify : public Command
else
{
if (u->IsIdentified())
Log(LOG_COMMAND, "nickserv/identify") << "to log out of account " << u->Account()->display;
Log(LOG_COMMAND, u, this) << "to log out of account " << u->Account()->display;
na->last_realname = u->realname;
na->last_seen = Anope::CurTime;
@@ -96,8 +96,7 @@ class CommandNSIdentify : public Command
"any third-party person."), NickServ->nick.c_str());
}
if (u->IsIdentified())
check_memos(u);
check_memos(u);
}
}
return MOD_CONT;
-4
View File
@@ -26,8 +26,6 @@ class CommandNSConfirm : public Command
na->nc->pass = nr->password;
na->nc->memos.memomax = Config->MSMaxMemos;
if (force)
{
na->last_usermask = "*@*";
@@ -42,8 +40,6 @@ class CommandNSConfirm : public Command
na->nc->AddAccess(create_mask(u));
}
na->time_registered = na->last_seen = Anope::CurTime;
na->nc->language = Config->NSDefLanguage;
if (!nr->email.empty())
na->nc->email = nr->email;
+99
View File
@@ -0,0 +1,99 @@
typedef int LDAPQuery;
class LDAPException : public ModuleException
{
public:
LDAPException(const Anope::string &reason) : ModuleException(reason) { }
virtual ~LDAPException() throw() { }
};
struct LDAPAttributes : public std::map<Anope::string, std::vector<Anope::string> >
{
size_t size(const Anope::string &attr) const
{
const std::vector<Anope::string>& array = this->getArray(attr);
return array.size();
}
const std::vector<Anope::string> keys() const
{
std::vector<Anope::string> k;
for (const_iterator it = this->begin(), it_end = this->end(); it != it_end; ++it)
k.push_back(it->first);
return k;
}
const Anope::string &get(const Anope::string &attr) const
{
const std::vector<Anope::string>& array = this->getArray(attr);
if (array.empty())
throw LDAPException("Empty attribute " + attr + " in LDAPResult::get");
return array[0];
}
const std::vector<Anope::string>& getArray(const Anope::string &attr) const
{
const_iterator it = this->find(attr);
if (it == this->end())
throw LDAPException("Unknown attribute " + attr + " in LDAPResult::getArray");
return it->second;
}
};
struct LDAPResult
{
std::vector<LDAPAttributes> messages;
Anope::string error;
enum QueryType
{
QUERY_BIND,
QUERY_SEARCH
};
QueryType type;
LDAPQuery id;
size_t size() const
{
return this->messages.size();
}
const LDAPAttributes &get(size_t sz) const
{
if (sz >= this->messages.size())
throw LDAPException("Index out of range");
return this->messages[sz];
}
const Anope::string &getError() const
{
return this->error;
}
};
class LDAPInterface
{
public:
Module *owner;
LDAPInterface(Module *m) : owner(m) { }
virtual void OnResult(const LDAPResult &r) { }
virtual void OnError(const LDAPResult &err) { }
};
class LDAPProvider : public Service
{
public:
LDAPProvider(Module *c, const Anope::string &n) : Service(c, n) { }
virtual LDAPQuery Bind(LDAPInterface *i, const Anope::string &who, const Anope::string &pass) = 0;
virtual LDAPQuery Search(LDAPInterface *i, const Anope::string &base, const Anope::string &filter) = 0;
};
+3
View File
@@ -41,7 +41,10 @@ class AsynchCommandMutex : public CommandMutex
EventReturn MOD_RESULT;
FOREACH_RESULT(I_OnPreCommand, OnPreCommand(source, command, params));
if (MOD_RESULT == EVENT_STOP)
{
source.DoReply();
return;
}
if (!command->permission.empty() && !u->Account()->HasCommand(command->permission))
{
+334
View File
@@ -0,0 +1,334 @@
/* RequiredLibraries: ldap */
#include "module.h"
#include "ldap.h"
#include <ldap.h>
static Pipe *me;
class LDAPService : public LDAPProvider, public Thread, public Condition
{
Anope::string server;
int port;
Anope::string binddn;
Anope::string password;
LDAP *con;
public:
typedef std::map<int, LDAPInterface *> query_queue;
typedef std::vector<std::pair<LDAPInterface *, LDAPResult *> > result_queue;
query_queue queries;
result_queue results;
LDAPService(Module *o, const Anope::string &n, const Anope::string &s, int po, const Anope::string &b, const Anope::string &p) : LDAPProvider(o, "ldap/" + n), server(s), port(po), binddn(b), password(p)
{
if (ldap_initialize(&this->con, this->server.c_str()) != LDAP_SUCCESS)
throw LDAPException("Unable to connect to LDAP service " + this->name + ": " + Anope::LastError());
static const int version = LDAP_VERSION3;
if (ldap_set_option(this->con, LDAP_OPT_PROTOCOL_VERSION, &version) != LDAP_OPT_SUCCESS)
throw LDAPException("Unable to set protocol version for " + this->name + ": " + Anope::LastError());
threadEngine.Start(this);
}
~LDAPService()
{
this->Lock();
for (query_queue::iterator it = this->queries.begin(), it_end = this->queries.end(); it != it_end; ++it)
{
ldap_abandon_ext(this->con, it->first, NULL, NULL);
delete it->second;
}
this->queries.clear();
for (result_queue::iterator it = this->results.begin(), it_end = this->results.end(); it != it_end; ++it)
{
it->second->error = "LDAP Interface is going away";
it->first->OnError(*it->second);
}
this->results.clear();
this->Unlock();
ldap_unbind_ext(this->con, NULL, NULL);
}
LDAPQuery Bind(LDAPInterface *i, const Anope::string &who, const Anope::string &pass)
{
berval cred;
cred.bv_val = strdup(pass.c_str());
cred.bv_len = pass.length();
LDAPQuery msgid;
int ret = ldap_sasl_bind(con, who.c_str(), LDAP_SASL_SIMPLE, &cred, NULL, NULL, &msgid);
free(cred.bv_val);
if (ret != LDAP_SUCCESS)
throw LDAPException(ldap_err2string(ret));
if (i != NULL)
{
this->Lock();
this->queries[msgid] = i;
this->Unlock();
}
this->Wakeup();
return msgid;
}
LDAPQuery Search(LDAPInterface *i, const Anope::string &base, const Anope::string &filter)
{
if (i == NULL)
throw LDAPException("No interface");
LDAPQuery msgid;
int ret = ldap_search_ext(this->con, base.c_str(), LDAP_SCOPE_SUBTREE, filter.c_str(), NULL, 0, NULL, NULL, NULL, 0, &msgid);
if (ret != LDAP_SUCCESS)
throw LDAPException(ldap_err2string(ret));
this->Lock();
this->queries[msgid] = i;
this->Unlock();
this->Wakeup();
return msgid;
}
void Run()
{
while (!this->GetExitState())
{
if (this->queries.empty())
{
this->Lock();
this->Wait();
this->Unlock();
if (this->GetExitState())
break;
}
static struct timeval tv = { 1, 0 };
LDAPMessage *result;
int type = ldap_result(this->con, LDAP_RES_ANY, 1, &tv, &result);
if (type <= 0 || this->GetExitState())
continue;
bool notify = false;
int cur_id = ldap_msgid(result);
this->Lock();
query_queue::iterator it = this->queries.find(cur_id);
if (it == this->queries.end())
{
this->Unlock();
continue;
}
LDAPInterface *i = it->second;
this->queries.erase(it);
this->Unlock();
LDAPResult *ldap_result = new LDAPResult();
ldap_result->id = cur_id;
for (LDAPMessage *cur = ldap_first_message(this->con, result); cur; cur = ldap_next_message(this->con, cur))
{
int cur_type = ldap_msgtype(cur);
LDAPAttributes attributes;
switch (cur_type)
{
case LDAP_RES_BIND:
{
ldap_result->type = LDAPResult::QUERY_BIND;
int errcode = -1;
int parse_result = ldap_parse_result(this->con, cur, &errcode, NULL, NULL, NULL, NULL, 0);
if (parse_result != LDAP_SUCCESS)
ldap_result->error = ldap_err2string(parse_result);
else if (errcode != LDAP_SUCCESS)
ldap_result->error = ldap_err2string(errcode);
notify = true;
break;
}
case LDAP_RES_SEARCH_ENTRY:
{
ldap_result->type = LDAPResult::QUERY_SEARCH;
BerElement *ber = NULL;
for (char *attr = ldap_first_attribute(this->con, cur, &ber); attr; attr = ldap_next_attribute(this->con, cur, ber))
{
berval **vals = ldap_get_values_len(this->con, cur, attr);
int count = ldap_count_values_len(vals);
std::vector<Anope::string> attrs;
for (int j = 0; j < count; ++j)
attrs.push_back(vals[j]->bv_val);
attributes[attr] = attrs;
ldap_memfree(attr);
}
if (ber != NULL)
ber_free(ber, 0);
notify = true;
break;
}
default:
Log(LOG_DEBUG) << "m_ldap: Unknown msg type " << cur_type;
continue;
}
ldap_result->messages.push_back(attributes);
}
ldap_msgfree(result);
this->Lock();
this->results.push_back(std::make_pair(i, ldap_result));
this->Unlock();
if (notify)
me->Notify();
}
}
void SetExitState()
{
ModuleManager::UnregisterService(this);
Thread::SetExitState();
}
};
class ModuleLDAP : public Module, public Pipe
{
std::map<Anope::string, LDAPService *> LDAPServices;
public:
ModuleLDAP(const Anope::string &modname, const Anope::string &creator) : Module(modname, creator)
{
me = this;
Implementation i[] = { I_OnReload, I_OnModuleUnload };
ModuleManager::Attach(i, this, 2);
OnReload(true);
}
~ModuleLDAP()
{
for (std::map<Anope::string, LDAPService *>::iterator it = this->LDAPServices.begin(); it != this->LDAPServices.end(); ++it)
it->second->SetExitState();
LDAPServices.clear();
}
void OnReload(bool startup)
{
ConfigReader config;
int i, num;
for (std::map<Anope::string, LDAPService *>::iterator it = this->LDAPServices.begin(); it != this->LDAPServices.end();)
{
const Anope::string &cname = it->first;
LDAPService *s = it->second;
++it;
for (i = 0, num = config.Enumerate("ldap"); i < num; ++i)
{
if (config.ReadValue("ldap", "name", "", i) == cname)
{
break;
}
}
if (i == num)
{
Log(LOG_NORMAL, "ldap") << "LDAP: Removing server connection " << cname;
s->SetExitState();
this->LDAPServices.erase(cname);
}
}
for (i = 0, num = config.Enumerate("ldap"); i < num; ++i)
{
Anope::string connname = config.ReadValue("ldap", "name", "main", i);
if (this->LDAPServices.find(connname) == this->LDAPServices.end())
{
Anope::string server = config.ReadValue("ldap", "server", "127.0.0.1", i);
int port = config.ReadInteger("ldap", "port", "389", i, true);
Anope::string binddn = config.ReadValue("ldap", "binddn", "", i);
Anope::string password = config.ReadValue("ldap", "password", "", i);
try
{
LDAPService *ss = new LDAPService(this, connname, server, port, binddn, password);
this->LDAPServices.insert(std::make_pair(connname, ss));
ModuleManager::RegisterService(ss);
Log(LOG_NORMAL, "ldap") << "LDAP: Successfully connected to server " << connname << " (" << server << ")";
}
catch (const LDAPException &ex)
{
Log(LOG_NORMAL, "ldap") << "LDAP: " << ex.GetReason();
}
}
}
}
void OnModuleUnload(User *, Module *m)
{
for (std::map<Anope::string, LDAPService *>::iterator it = this->LDAPServices.begin(); it != this->LDAPServices.end(); ++it)
{
LDAPService *s = it->second;
s->Lock();
for (LDAPService::query_queue::iterator it2 = s->queries.begin(); it2 != s->queries.end();)
{
int msgid = it2->first;
LDAPInterface *i = it2->second;
++it2;
if (i->owner == m)
s->queries.erase(msgid);
}
for (unsigned i = s->results.size(); i > 0; --i)
{
LDAPInterface *li = s->results[i - 1].first;
if (li->owner == m)
s->results.erase(s->results.begin() + i - 1);
}
s->Unlock();
}
}
void OnNotify()
{
for (std::map<Anope::string, LDAPService *>::iterator it = this->LDAPServices.begin(); it != this->LDAPServices.end(); ++it)
{
LDAPService *s = it->second;
s->Lock();
LDAPService::result_queue results = s->results;
s->results.clear();
s->Unlock();
for (unsigned i = 0; i < results.size(); ++i)
{
LDAPInterface *li = results[i].first;
LDAPResult *r = results[i].second;
if (!r->error.empty())
li->OnError(*r);
else
li->OnResult(*r);
}
}
}
};
MODULE_INIT(ModuleLDAP)
+116
View File
@@ -0,0 +1,116 @@
#include "module.h"
#include "ldap.h"
static Anope::string opertype_attribute;
class IdentifyInterface : public LDAPInterface
{
std::map<LDAPQuery, Anope::string> requests;
public:
IdentifyInterface(Module *m) : LDAPInterface(m)
{
}
void Add(LDAPQuery id, const Anope::string &nick)
{
std::map<LDAPQuery, Anope::string>::iterator it = this->requests.find(id);
this->requests[id] = nick;
}
void OnResult(const LDAPResult &r)
{
std::map<LDAPQuery, Anope::string>::iterator it = this->requests.find(r.id);
if (it == this->requests.end())
return;
User *u = finduser(it->second);
this->requests.erase(it);
if (!u || !u->Account())
return;
try
{
const LDAPAttributes &attr = r.get(0);
const Anope::string &opertype = attr.get(opertype_attribute);
for (std::list<OperType *>::iterator oit = Config->MyOperTypes.begin(), oit_end = Config->MyOperTypes.end(); oit != oit_end; ++oit)
{
OperType *ot = *oit;
if (ot->GetName() == opertype && ot != u->Account()->ot)
{
u->Account()->ot = ot;
Log() << "m_ldap_oper: Tied " << u->nick << " (" << u->Account()->display << ") to opertype " << ot->GetName();
break;
}
}
}
catch (const LDAPException &ex)
{
Log() << "m_ldap_oper: " << ex.GetReason();
}
}
void OnError(const LDAPResult &r)
{
this->requests.erase(r.id);
}
};
class LDAPOper : public Module
{
service_reference<LDAPProvider> ldap;
IdentifyInterface iinterface;
Anope::string binddn;
Anope::string password;
Anope::string basedn;
Anope::string filter;
public:
LDAPOper(const Anope::string &modname, const Anope::string &creator) :
Module(modname, creator), ldap("ldap/main"), iinterface(this)
{
this->SetAuthor("Anope");
this->SetType(SUPPORTED);
Implementation i[] = { I_OnReload, I_OnNickIdentify };
ModuleManager::Attach(i, this, 2);
OnReload(false);
}
void OnReload(bool)
{
ConfigReader config;
this->binddn = config.ReadValue("m_ldap_oper", "binddn", "", 0);
this->password = config.ReadValue("m_ldap_oper", "password", "", 0);
this->basedn = config.ReadValue("m_ldap_oper", "basedn", "", 0);
this->filter = config.ReadValue("m_ldap_oper", "filter", "", 0);
opertype_attribute = config.ReadValue("m_ldap_oper", "opertype_attribute", "", 0);
}
void OnNickIdentify(User *u)
{
try
{
if (!this->ldap)
throw LDAPException("No LDAP interface. Is m_ldap loaded and configured correctly?");
else if (this->basedn.empty() || this->filter.empty() || opertype_attribute.empty())
throw LDAPException("Could not search LDAP for opertype settings, invalid configuration.");
if (!this->binddn.empty())
this->ldap->Bind(NULL, this->binddn.replace_all_cs("%a", u->Account()->display), this->password.c_str());
LDAPQuery id = this->ldap->Search(&this->iinterface, this->basedn, this->filter.replace_all_cs("%a", u->Account()->display));
this->iinterface.Add(id, u->nick);
}
catch (const LDAPException &ex)
{
Log() << "m_ldapoper: " << ex.GetReason();
}
}
};
MODULE_INIT(LDAPOper)
+26 -41
View File
@@ -134,30 +134,19 @@ class DispatcherThread : public Thread, public Condition
void Run();
};
/** The pipe used by the SocketEngine to notify the main thread when
* we have results from queries
*/
class MySQLPipe : public Pipe
{
public:
void OnNotify();
};
class ModuleSQL;
static ModuleSQL *me;
class ModuleSQL : public Module
class ModuleSQL : public Module, public Pipe
{
public:
/* SQL connections */
std::map<Anope::string, MySQLService *> MySQLServices;
public:
/* Pending query requests */
std::deque<QueryRequest> QueryRequests;
/* Pending finished requests with results */
std::deque<QueryResult> FinishedRequests;
/* The thread used to execute queries */
DispatcherThread *DThread;
/* Notify pipe */
MySQLPipe *SQLPipe;
ModuleSQL(const Anope::string &modname, const Anope::string &creator) : Module(modname, creator)
{
@@ -166,8 +155,6 @@ class ModuleSQL : public Module
Implementation i[] = { I_OnReload, I_OnModuleUnload };
ModuleManager::Attach(i, this, 2);
SQLPipe = new MySQLPipe();
DThread = new DispatcherThread();
threadEngine.Start(DThread);
@@ -184,8 +171,6 @@ class ModuleSQL : public Module
DThread->Wakeup();
DThread->Join();
delete DThread;
delete SQLPipe;
}
void OnReload(bool startup)
@@ -195,7 +180,7 @@ class ModuleSQL : public Module
for (std::map<Anope::string, MySQLService *>::iterator it = this->MySQLServices.begin(); it != this->MySQLServices.end();)
{
const Anope::string cname = it->first;
const Anope::string &cname = it->first;
MySQLService *s = it->second;
++it;
@@ -266,7 +251,28 @@ class ModuleSQL : public Module
this->DThread->Unlock();
this->SQLPipe->OnNotify();
this->OnNotify();
}
void OnNotify()
{
this->DThread->Lock();
std::deque<QueryResult> finishedRequests = this->FinishedRequests;
this->FinishedRequests.clear();
this->DThread->Unlock();
for (std::deque<QueryResult>::const_iterator it = finishedRequests.begin(), it_end = finishedRequests.end(); it != it_end; ++it)
{
const QueryResult &qr = *it;
if (!qr.sqlinterface)
throw SQLException("NULL qr.sqlinterface in MySQLPipe::OnNotify() ?");
if (qr.result.GetError().empty())
qr.sqlinterface->OnResult(qr.result);
else
qr.sqlinterface->OnError(qr.result);
}
}
};
@@ -386,7 +392,7 @@ void DispatcherThread::Run()
else
{
if (!me->FinishedRequests.empty())
me->SQLPipe->Notify();
me->Notify();
this->Wait();
}
}
@@ -394,26 +400,5 @@ void DispatcherThread::Run()
this->Unlock();
}
void MySQLPipe::OnNotify()
{
me->DThread->Lock();
std::deque<QueryResult> finishedRequests = me->FinishedRequests;
me->FinishedRequests.clear();
me->DThread->Unlock();
for (std::deque<QueryResult>::const_iterator it = finishedRequests.begin(), it_end = finishedRequests.end(); it != it_end; ++it)
{
const QueryResult &qr = *it;
if (!qr.sqlinterface)
throw SQLException("NULL qr.sqlinterface in MySQLPipe::OnNotify() ?");
if (qr.result.GetError().empty())
qr.sqlinterface->OnResult(qr.result);
else
qr.sqlinterface->OnError(qr.result);
}
}
MODULE_INIT(ModuleSQL)
+254
View File
@@ -0,0 +1,254 @@
#include "module.h"
#include "ldap.h"
static Anope::string email_attribute;
struct IdentifyInfo
{
dynamic_reference<User> user;
Anope::string account;
Anope::string pass;
IdentifyInfo(User *u, const Anope::string &a, const Anope::string &p) : user(u), account(a), pass(p) { }
};
class IdentifyInterface : public LDAPInterface, public Command
{
std::map<LDAPQuery, IdentifyInfo *> requests;
public:
IdentifyInterface(Module *m) : LDAPInterface(m), Command("IDENTIFY", 0, 0)
{
this->service = NickServ;
}
CommandReturn Execute(CommandSource &, const std::vector<Anope::string> &) { return MOD_STOP; }
void Add(LDAPQuery id, IdentifyInfo *ii)
{
std::map<LDAPQuery, IdentifyInfo *>::iterator it = this->requests.find(id);
if (it != this->requests.end())
delete it->second;
this->requests[id] = ii;
}
void OnResult(const LDAPResult &r)
{
std::map<LDAPQuery, IdentifyInfo *>::iterator it = this->requests.find(r.id);
if (it == this->requests.end())
return;
IdentifyInfo *ii = it->second;
this->requests.erase(it);
User *u = *ii->user;
NickAlias *this_na = findnick(u->nick), *na = findnick(ii->account);
if (!na)
{
na = new NickAlias(ii->account, new NickCore(ii->account));
enc_encrypt(ii->pass, na->nc->pass);
Anope::string last_usermask = u->GetIdent() + "@" + u->GetDisplayedHost();
na->last_usermask = last_usermask;
na->last_realname = u->realname;
if (Config->NSAddAccessOnReg)
na->nc->AddAccess(create_mask(u));
u->SendMessage(NickServ, _("Your account \002%s\002 has been successfully created."), ii->account.c_str());
}
if (u->Account())
Log(LOG_COMMAND, u, this) << "to log out of account " << u->Account()->display;
na->last_realname = u->realname;
na->last_seen = Anope::CurTime;
u->Login(na->nc);
ircdproto->SendAccountLogin(u, u->Account());
ircdproto->SetAutoIdentificationToken(u);
if (this_na && this_na->nc == na->nc)
u->SetMode(NickServ, UMODE_REGISTERED);
u->UpdateHost();
Log(LOG_COMMAND, u, this) << "and identified for account " << u->Account()->display << " using LDAP";
u->SendMessage(NickServ, _("Password accepted - you are now recognized."));
if (ircd->vhost)
do_on_id(u);
if (Config->NSModeOnID)
do_setmodes(u);
FOREACH_MOD(I_OnNickIdentify, OnNickIdentify(u));
delete ii;
}
void OnError(const LDAPResult &r)
{
std::map<LDAPQuery, IdentifyInfo *>::iterator it = this->requests.find(r.id);
if (it == this->requests.end())
return;
IdentifyInfo *ii = it->second;
this->requests.erase(it);
if (!ii->user)
{
delete this;
return;
}
User *u = *ii->user;
Log(LOG_COMMAND, u, this) << "and failed to identify for account " << ii->account << ". LDAP error: " << r.getError();
u->SendMessage(NickServ, _(PASSWORD_INCORRECT));
bad_password(u);
delete ii;
}
};
class OnIdentifyInterface : public LDAPInterface
{
std::map<LDAPQuery, Anope::string> requests;
public:
OnIdentifyInterface(Module *m) : LDAPInterface(m) { }
void Add(LDAPQuery id, const Anope::string &nick)
{
this->requests[id] = nick;
}
void OnResult(const LDAPResult &r)
{
std::map<LDAPQuery, Anope::string>::iterator it = this->requests.find(r.id);
if (it == this->requests.end())
return;
User *u = finduser(it->second);
this->requests.erase(it);
if (!u || !u->Account())
return;
try
{
const LDAPAttributes &attr = r.get(0);
Anope::string email = attr.get(email_attribute);
if (!email.equals_ci(u->Account()->email))
{
u->Account()->email = email;
u->SendMessage(NickServ, "Your email has been updated to \002%s\002", email.c_str());
Log() << "ns_identify_ldap: Updated email address for " << u->nick << " (" << u->Account()->display << ") to " << email;
}
}
catch (const LDAPException &ex)
{
Log() << "ns_identify_ldap: " << ex.GetReason();
}
}
void OnError(const LDAPResult &r)
{
this->requests.erase(r.id);
Log() << "ns_identify_ldap: " << r.error;
}
};
class NSIdentifyLDAP : public Module
{
service_reference<LDAPProvider> ldap;
IdentifyInterface iinterface;
OnIdentifyInterface oninterface;
Anope::string binddn;
Anope::string username_attribute;
bool disable_register;
Anope::string disable_reason;
public:
NSIdentifyLDAP(const Anope::string &modname, const Anope::string &creator) :
Module(modname, creator), ldap("ldap/main"), iinterface(this), oninterface(this)
{
this->SetAuthor("Anope");
this->SetType(SUPPORTED);
Implementation i[] = { I_OnReload, I_OnPreCommand, I_OnNickIdentify };
ModuleManager::Attach(i, this, 3);
OnReload(false);
}
void OnReload(bool)
{
ConfigReader config;
this->binddn = config.ReadValue("ns_identify_ldap", "binddn", "", 0);
this->username_attribute = config.ReadValue("ns_identify_ldap", "username_attribute", "", 0);
email_attribute = config.ReadValue("ns_identify_ldap", "email_attribute", "", 0);
this->disable_register = config.ReadFlag("ns_identify_ldap", "disable_ns_register", "false", 0);
this->disable_reason = config.ReadValue("ns_identify_ldap", "disable_reason", "", 0);
}
EventReturn OnPreCommand(CommandSource &source, Command *command, const std::vector<Anope::string> &params)
{
if (command->service == NickServ)
{
if (this->disable_register && command->name == "REGISTER")
{
source.Reply(_(this->disable_reason.c_str()));
return EVENT_STOP;
}
else if (command->name == "IDENTIFY" && !params.empty() && this->ldap)
{
Anope::string account = params.size() > 1 ? params[0] : source.u->nick;
Anope::string pass = params.size() > 1 ? params[1] : params[0];
NickAlias *na = findnick(account);
if (na)
{
account = na->nc->display;
if (na->HasFlag(NS_FORBIDDEN) || na->nc->HasFlag(NI_SUSPENDED) || source.u->Account() == na->nc)
return EVENT_CONTINUE;
}
IdentifyInfo *ii = new IdentifyInfo(source.u, account, pass);
try
{
Anope::string full_binddn = this->username_attribute + "=" + account + "," + this->binddn;
LDAPQuery id = this->ldap->Bind(&this->iinterface, full_binddn, pass);
this->iinterface.Add(id, ii);
}
catch (const LDAPException &ex)
{
delete ii;
Log() << "ns_identify_ldap: " << ex.GetReason();
return EVENT_CONTINUE;
}
return EVENT_STOP;
}
}
return EVENT_CONTINUE;
}
void OnNickIdentify(User *u)
{
if (email_attribute.empty())
return;
try
{
LDAPQuery id = this->ldap->Search(&this->oninterface, this->binddn, "(" + this->username_attribute + "=" + u->Account()->display + ")");
this->oninterface.Add(id, u->nick);
}
catch (const LDAPException &ex)
{
Log() << "ns_identify_ldap: " << ex.GetReason();
}
}
};
MODULE_INIT(NSIdentifyLDAP)
-1
View File
@@ -32,7 +32,6 @@ NickAlias::NickAlias(const Anope::string &nickname, NickCore *nickcore) : Flags<
throw CoreException("Empty nickcore passed to NickAlias constructor");
this->time_registered = this->last_seen = Anope::CurTime;
this->nick = nickname;
this->nc = nickcore;
this->nc->aliases.push_back(this);
+2
View File
@@ -12,6 +12,8 @@ NickCore::NickCore(const Anope::string &coredisplay) : Flags<NickCoreFlag, NI_EN
this->ot = NULL;
this->channelcount = 0;
this->lastmail = 0;
this->memos.memomax = Config->MSMaxMemos;
this->language = Config->NSDefLanguage;
this->display = coredisplay;