mirror of
https://github.com/anope/anope.git
synced 2026-07-04 08:23:12 +02:00
Added LDAP support
This commit is contained in:
+241
-128
@@ -596,13 +596,13 @@ log
|
||||
*/
|
||||
target = "services.log"
|
||||
/* Log to both services.log and the channel #services */
|
||||
//target = "services.log #services"
|
||||
#target = "services.log #services"
|
||||
|
||||
/*
|
||||
* The source(s) to only accept log messages from. Leave commented to allow all sources.
|
||||
* This can be a users name, a channel name, one of our clients (eg, OperServ), or a server name.
|
||||
*/
|
||||
//source = ""
|
||||
#source = ""
|
||||
|
||||
/*
|
||||
* The number of days to keep logfiles, only useful if you are logging to a file.
|
||||
@@ -656,7 +656,7 @@ log
|
||||
override = "chanserv/* nickserv/* memoserv/set botserv/* ~botserv/set"
|
||||
commands = "~operserv/* *"
|
||||
servers = "*"
|
||||
//channels = "~mode *"
|
||||
#channels = "~mode *"
|
||||
users = "connect disconnect nick"
|
||||
other = "*"
|
||||
rawio = no
|
||||
@@ -795,7 +795,7 @@ opertype
|
||||
oper
|
||||
{
|
||||
/* The nickname of this services oper */
|
||||
//name = "nick1"
|
||||
#name = "nick1"
|
||||
|
||||
/* The opertype this person will have */
|
||||
type = "Services Root"
|
||||
@@ -803,13 +803,13 @@ oper
|
||||
|
||||
oper
|
||||
{
|
||||
//name = "nick2"
|
||||
#name = "nick2"
|
||||
type = "Services Administrator"
|
||||
}
|
||||
|
||||
oper
|
||||
{
|
||||
//name = "nick3"
|
||||
#name = "nick3"
|
||||
type = "Helper"
|
||||
}
|
||||
|
||||
@@ -1769,59 +1769,38 @@ defcon
|
||||
/*
|
||||
* [OPTIONAL] Non-Core Modules
|
||||
*
|
||||
* The following single-line blocks are used to load all non-core modules, including 3rd-party modules.
|
||||
* The following blocks are used to load all non-core modules, including 3rd-party modules.
|
||||
* Modules can be prevented from loading by commenting out the line, other modules can be added by
|
||||
* adding a module block. These modules will be loaded prior to Services connecting to your network.
|
||||
*/
|
||||
module { name = "hs_moo" }
|
||||
module { name = "ircd_defizzer" }
|
||||
module { name = "os_ignore" }
|
||||
|
||||
/*
|
||||
* cs_appendtopic
|
||||
*
|
||||
* Adds the APPENDTOPIC command to ChanServ, which allows users to easially append text to
|
||||
* the end of existing channel topics.
|
||||
*/
|
||||
module { name = "cs_appendtopic" }
|
||||
|
||||
/*
|
||||
* cs_enforce
|
||||
*
|
||||
* Adds the ENFORCE commad to ChanServ, which allows enforcing various channel settings like
|
||||
* SECUREOPS and RESTRICTED.
|
||||
*/
|
||||
module { name = "cs_enforce" }
|
||||
module { name = "ns_maxemail" }
|
||||
|
||||
/*
|
||||
* [OPTIONAL] Module-Specific Options
|
||||
* cs_entrymsg
|
||||
*
|
||||
* The following blocks are used for options pertaining to modules and are not part of the core.
|
||||
* Unless otherwise stated, most of the options are optional.
|
||||
* Allows you to set entry messages on your channel, which are shown to anyone
|
||||
* who joins.
|
||||
*/
|
||||
|
||||
/*
|
||||
* m_ssl
|
||||
*
|
||||
* This module uses SSL to connect to the uplink server(s)
|
||||
*/
|
||||
module { name = "m_ssl" }
|
||||
|
||||
/*
|
||||
* m_mysql
|
||||
*
|
||||
* This module allows other modules (db_mysql) to use MySQL.
|
||||
* Be sure you have imported the table schema with mydbgen before
|
||||
* trying to use MySQL
|
||||
*/
|
||||
#module { name = "m_mysql" }
|
||||
mysql
|
||||
module { name = "cs_entrymsg" }
|
||||
cs_entrymsg
|
||||
{
|
||||
database = "anope"
|
||||
server = "127.0.0.1"
|
||||
username = "anope"
|
||||
password = "mypassword"
|
||||
port = 3306
|
||||
}
|
||||
|
||||
/*
|
||||
* db_plain
|
||||
*
|
||||
* This is the default flatfile database format
|
||||
*/
|
||||
db_plain
|
||||
{
|
||||
/*
|
||||
* The database db_plain should use
|
||||
*/
|
||||
database = "anope.db"
|
||||
/* The maximum number of entrymsgs allowed per channel. If not set, defaults to 5. */
|
||||
maxentries = 5
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -1851,36 +1830,24 @@ cs_set_misc
|
||||
desc = "Associate an EMail with the channel"
|
||||
}
|
||||
|
||||
module { name = "ns_set_misc" }
|
||||
ns_set_misc
|
||||
{
|
||||
name = "OINFO"
|
||||
desc = "Associate oper only information to this nick"
|
||||
privileged = yes
|
||||
}
|
||||
ns_set_misc
|
||||
{
|
||||
name = "URL"
|
||||
desc = "Associate a URL with the nick"
|
||||
}
|
||||
ns_set_misc
|
||||
{
|
||||
name = "ICQ"
|
||||
desc = "Associate an ICQ number with the nick"
|
||||
}
|
||||
|
||||
#module { name = "m_helpchan" }
|
||||
m_helpchan
|
||||
/*
|
||||
* db_plain
|
||||
*
|
||||
* This is the default flatfile database format
|
||||
*/
|
||||
db_plain
|
||||
{
|
||||
/*
|
||||
* For the given channel, every user that has or gets op status of the channel
|
||||
* will automatically receive the +h user mode.
|
||||
*
|
||||
* This directive is optional.
|
||||
* The database db_plain should use
|
||||
*/
|
||||
helpchannel = "#help"
|
||||
database = "anope.db"
|
||||
}
|
||||
|
||||
/*
|
||||
* hs_request
|
||||
*
|
||||
* Allows users to request vhosts which opers may then view, accept or deny
|
||||
*/
|
||||
module { name = "hs_request" }
|
||||
hs_request
|
||||
{
|
||||
@@ -1896,16 +1863,67 @@ hs_request
|
||||
#memooper = yes
|
||||
}
|
||||
|
||||
ns_maxemail
|
||||
/*
|
||||
* m_alias
|
||||
*
|
||||
* Allows you to create custom command aliases.
|
||||
*/
|
||||
module { name = "m_alias" }
|
||||
alias
|
||||
{
|
||||
/*
|
||||
* The limit to how many registered nicks can use the same e-mail address. If set to 0 or left
|
||||
* commented, there will be no limit enforced when registering new accounts or using
|
||||
* /msg NickServ SET EMAIL.
|
||||
/* Set to yes to make this alias triggerable by fantasy commands. */
|
||||
fantasy = no
|
||||
/* Set to yes to make this alias oper only */
|
||||
operonly = no
|
||||
|
||||
/* Source client and command.
|
||||
*/
|
||||
#maxemails = 1
|
||||
source_client = "NickServ"
|
||||
source_command = "ID"
|
||||
|
||||
/* Target client and command.
|
||||
*/
|
||||
target_client = "NickServ"
|
||||
target_command = "IDENTIFY"
|
||||
}
|
||||
/* Provides the !k fantasy command */
|
||||
alias
|
||||
{
|
||||
fantasy = yes
|
||||
source_command = "K"
|
||||
|
||||
target_client = "ChanServ"
|
||||
target_command = "KICK"
|
||||
|
||||
}
|
||||
/* Provides the !kb fantasy command */
|
||||
alias
|
||||
{
|
||||
fantasy = yes
|
||||
source_command = "KB"
|
||||
|
||||
target_client = "ChanServ"
|
||||
target_command = "BAN"
|
||||
}
|
||||
|
||||
/*
|
||||
* m_async_commands
|
||||
*
|
||||
* Threads for each command executed by users. You should
|
||||
* only load this if you are using a module designed to work with this.
|
||||
*
|
||||
* If this is loaded with db_mysql_live then Anope will support
|
||||
* processing multiple commands at once which will negate the "lag"
|
||||
* issues caused from the overhead of SQL queries by db_mysq_live.
|
||||
*/
|
||||
#module { name = "m_async_commands" }
|
||||
|
||||
/* m_dnsbl
|
||||
*
|
||||
* Allows configurable DNS blacklists to check connecting users against. If a user
|
||||
* is found on the blacklist they will be immediately banned. This is a crucial module
|
||||
* to prevent bot attacks.
|
||||
*/
|
||||
module { name = "m_dnsbl" }
|
||||
m_dnsbl
|
||||
{
|
||||
@@ -1934,7 +1952,7 @@ blacklist
|
||||
/* Name of the blacklist */
|
||||
name = "rbl.efnetrbl.org"
|
||||
|
||||
/* How long to set the akill for */
|
||||
/* How long to set the ban for */
|
||||
time = 4h
|
||||
|
||||
/* Reason for akill.
|
||||
@@ -1963,6 +1981,94 @@ blacklist
|
||||
reason = "You have a host listed in the DroneBL. For more information, visit http://dronebl.org/lookup_branded.do?ip=%i&network=%N"
|
||||
}
|
||||
|
||||
/* m_helpchan
|
||||
*
|
||||
* Gives users who are op in the specified help channel usermode +h (helpop).
|
||||
*/
|
||||
#module { name = "m_helpchan" }
|
||||
m_helpchan
|
||||
{
|
||||
helpchannel = "#help"
|
||||
}
|
||||
|
||||
/*
|
||||
* m_ldap
|
||||
*
|
||||
* This module allows other modules to use LDAP.
|
||||
*/
|
||||
#module { name = "m_ldap" }
|
||||
ldap
|
||||
{
|
||||
server = "ldap://127.0.0.1"
|
||||
port = 389
|
||||
binddn = "cn=Manager,dc=anope,dc=org"
|
||||
password = "secret"
|
||||
}
|
||||
|
||||
/*
|
||||
* m_ldap_oper
|
||||
*
|
||||
* This module dynamically ties users to Anope opertypes when they identify
|
||||
* via LDAP group membership.
|
||||
*
|
||||
* Note that this doesn't give the user privileges on the IRCd, only in Services.
|
||||
*/
|
||||
#module { name = "m_ldap_oper" }
|
||||
m_ldap_oper
|
||||
{
|
||||
/*
|
||||
* An optional binddn to use when searching for groups.
|
||||
* %a is replaced with the account name of the user.
|
||||
*/
|
||||
#binddn = "cn=Manager,dc=anope,dc=org"
|
||||
|
||||
/*
|
||||
* An optional password to bind with.
|
||||
*/
|
||||
#password = "secret"
|
||||
|
||||
/*
|
||||
* The base DN where the groups are.
|
||||
*/
|
||||
basedn = "ou=groups,dc=anope,dc=org"
|
||||
|
||||
/*
|
||||
* The filter to use when searching for users.
|
||||
* %a is replaced with the account name of the user.
|
||||
*/
|
||||
filter = "(member=uid=%a,ou=users,dc=anope,dc=org)"
|
||||
|
||||
/*
|
||||
* The attribute of the group that is the name of the opertype.
|
||||
* The cn attribute should match a known opertype in the config.
|
||||
*/
|
||||
opertype_attribute = "cn"
|
||||
}
|
||||
|
||||
/*
|
||||
* m_mysql
|
||||
*
|
||||
* This module allows other modules (db_mysql/db_mysql_live) to use MySQL.
|
||||
* Be sure you have imported the table schema with mydbgen before
|
||||
* trying to use MySQL
|
||||
*/
|
||||
#module { name = "m_mysql" }
|
||||
mysql
|
||||
{
|
||||
database = "anope"
|
||||
server = "127.0.0.1"
|
||||
username = "anope"
|
||||
password = "mypassword"
|
||||
port = 3306
|
||||
}
|
||||
|
||||
/*
|
||||
* m_ssl
|
||||
*
|
||||
* This module uses SSL to connect to the uplink server(s)
|
||||
*/
|
||||
module { name = "m_ssl" }
|
||||
|
||||
/*
|
||||
* m_xmlrpc
|
||||
*
|
||||
@@ -1997,72 +2103,79 @@ m_xmlrpc
|
||||
#module { name = "m_xmlrpc_main" }
|
||||
|
||||
/*
|
||||
* m_alias
|
||||
* ns_identify_ldap
|
||||
*
|
||||
* Allows you to create custom command aliases.
|
||||
* Allows you to use a LDAP server for authentication of users.
|
||||
*/
|
||||
module { name = "m_alias" }
|
||||
alias
|
||||
#module { name = "ns_identify_ldap" }
|
||||
ns_identify_ldap
|
||||
{
|
||||
/* Set to yes to make this alias triggerable by fantasy commands. */
|
||||
fantasy = no
|
||||
/* Set to yes to make this alias oper only */
|
||||
operonly = no
|
||||
|
||||
/* Source client and command.
|
||||
/*
|
||||
* The distinguished name we should bind to when a user tries to identify.
|
||||
*/
|
||||
source_client = "NickServ"
|
||||
source_command = "ID"
|
||||
binddn = "ou=users,dc=anope,dc=org"
|
||||
|
||||
/* Target client and command.
|
||||
/*
|
||||
* The attribute value used for account names.
|
||||
*/
|
||||
target_client = "NickServ"
|
||||
target_command = "IDENTIFY"
|
||||
}
|
||||
username_attribute = "uid"
|
||||
|
||||
/* Provides the !k fantasy command */
|
||||
alias
|
||||
{
|
||||
fantasy = yes
|
||||
source_command = "K"
|
||||
/*
|
||||
* The attribute value used for email addresses.
|
||||
* This directive is optional.
|
||||
*/
|
||||
email_attribute = "email"
|
||||
|
||||
target_client = "ChanServ"
|
||||
target_command = "KICK"
|
||||
|
||||
/*
|
||||
* Enable to have this module disable /nickserv register.
|
||||
*/
|
||||
disable_ns_register = true
|
||||
|
||||
/*
|
||||
* The reason to give the users who try to /ns register.
|
||||
*/
|
||||
disable_reason = "Registration has been disabled."
|
||||
#disable_reason = "To register on this network visit http://some.misconfigured.site/register"
|
||||
}
|
||||
|
||||
/*
|
||||
* m_async_commands
|
||||
* ns_maxemail
|
||||
*
|
||||
* Creates a thread for each command executed by a user. You should
|
||||
* only load this if you are using a module designed to work with this.
|
||||
*
|
||||
* If this is loaded with db_mysql_live then Anope will support
|
||||
* processing multiple commands at once which will help very busy networks
|
||||
* with lag issues caused from the overhead of SQL queries caused by db_mysq_live.
|
||||
* Limits how many times the same email address may be used in Anope
|
||||
* to register accounts.
|
||||
*/
|
||||
#module { name = "m_async_commands" }
|
||||
|
||||
/* Provides the !kb fantasy command */
|
||||
alias
|
||||
module { name = "ns_maxemail" }
|
||||
ns_maxemail
|
||||
{
|
||||
fantasy = yes
|
||||
source_command = "KB"
|
||||
|
||||
target_client = "ChanServ"
|
||||
target_command = "BAN"
|
||||
/*
|
||||
* The limit to how many registered nicks can use the same e-mail address. If set to 0 or left
|
||||
* commented, there will be no limit enforced when registering new accounts or using
|
||||
* /msg NickServ SET EMAIL.
|
||||
*/
|
||||
#maxemails = 1
|
||||
}
|
||||
|
||||
/*
|
||||
* cs_entrymsg
|
||||
* ns_set_misc
|
||||
*
|
||||
* Allows you to set entry messages on your channel, which are shown to anyone
|
||||
* who joins.
|
||||
* Allows you to create misc /nickserv set commands, and have the data
|
||||
* show up in /nickserv info
|
||||
*/
|
||||
module { name = "cs_entrymsg" }
|
||||
cs_entrymsg
|
||||
module { name = "ns_set_misc" }
|
||||
ns_set_misc
|
||||
{
|
||||
/* The maximum number of entrymsgs allowed per channel. If not set, defaults to 5. */
|
||||
maxentries = 5
|
||||
name = "OINFO"
|
||||
desc = "Associate oper only information to this nick"
|
||||
privileged = yes
|
||||
}
|
||||
ns_set_misc
|
||||
{
|
||||
name = "URL"
|
||||
desc = "Associate a URL with the nick"
|
||||
}
|
||||
ns_set_misc
|
||||
{
|
||||
name = "ICQ"
|
||||
desc = "Associate an ICQ number with the nick"
|
||||
}
|
||||
|
||||
|
||||
@@ -63,7 +63,7 @@ class CommandNSIdentify : public Command
|
||||
else
|
||||
{
|
||||
if (u->IsIdentified())
|
||||
Log(LOG_COMMAND, "nickserv/identify") << "to log out of account " << u->Account()->display;
|
||||
Log(LOG_COMMAND, u, this) << "to log out of account " << u->Account()->display;
|
||||
|
||||
na->last_realname = u->realname;
|
||||
na->last_seen = Anope::CurTime;
|
||||
@@ -96,8 +96,7 @@ class CommandNSIdentify : public Command
|
||||
"any third-party person."), NickServ->nick.c_str());
|
||||
}
|
||||
|
||||
if (u->IsIdentified())
|
||||
check_memos(u);
|
||||
check_memos(u);
|
||||
}
|
||||
}
|
||||
return MOD_CONT;
|
||||
|
||||
@@ -26,8 +26,6 @@ class CommandNSConfirm : public Command
|
||||
|
||||
na->nc->pass = nr->password;
|
||||
|
||||
na->nc->memos.memomax = Config->MSMaxMemos;
|
||||
|
||||
if (force)
|
||||
{
|
||||
na->last_usermask = "*@*";
|
||||
@@ -42,8 +40,6 @@ class CommandNSConfirm : public Command
|
||||
na->nc->AddAccess(create_mask(u));
|
||||
}
|
||||
|
||||
na->time_registered = na->last_seen = Anope::CurTime;
|
||||
na->nc->language = Config->NSDefLanguage;
|
||||
if (!nr->email.empty())
|
||||
na->nc->email = nr->email;
|
||||
|
||||
|
||||
@@ -0,0 +1,99 @@
|
||||
|
||||
typedef int LDAPQuery;
|
||||
|
||||
class LDAPException : public ModuleException
|
||||
{
|
||||
public:
|
||||
LDAPException(const Anope::string &reason) : ModuleException(reason) { }
|
||||
|
||||
virtual ~LDAPException() throw() { }
|
||||
};
|
||||
|
||||
struct LDAPAttributes : public std::map<Anope::string, std::vector<Anope::string> >
|
||||
{
|
||||
size_t size(const Anope::string &attr) const
|
||||
{
|
||||
const std::vector<Anope::string>& array = this->getArray(attr);
|
||||
return array.size();
|
||||
}
|
||||
|
||||
const std::vector<Anope::string> keys() const
|
||||
{
|
||||
std::vector<Anope::string> k;
|
||||
for (const_iterator it = this->begin(), it_end = this->end(); it != it_end; ++it)
|
||||
k.push_back(it->first);
|
||||
return k;
|
||||
}
|
||||
|
||||
const Anope::string &get(const Anope::string &attr) const
|
||||
{
|
||||
const std::vector<Anope::string>& array = this->getArray(attr);
|
||||
if (array.empty())
|
||||
throw LDAPException("Empty attribute " + attr + " in LDAPResult::get");
|
||||
return array[0];
|
||||
}
|
||||
|
||||
const std::vector<Anope::string>& getArray(const Anope::string &attr) const
|
||||
{
|
||||
const_iterator it = this->find(attr);
|
||||
if (it == this->end())
|
||||
throw LDAPException("Unknown attribute " + attr + " in LDAPResult::getArray");
|
||||
return it->second;
|
||||
}
|
||||
};
|
||||
|
||||
struct LDAPResult
|
||||
{
|
||||
std::vector<LDAPAttributes> messages;
|
||||
Anope::string error;
|
||||
|
||||
enum QueryType
|
||||
{
|
||||
QUERY_BIND,
|
||||
QUERY_SEARCH
|
||||
};
|
||||
|
||||
QueryType type;
|
||||
LDAPQuery id;
|
||||
|
||||
size_t size() const
|
||||
{
|
||||
return this->messages.size();
|
||||
}
|
||||
|
||||
const LDAPAttributes &get(size_t sz) const
|
||||
{
|
||||
if (sz >= this->messages.size())
|
||||
throw LDAPException("Index out of range");
|
||||
return this->messages[sz];
|
||||
}
|
||||
|
||||
const Anope::string &getError() const
|
||||
{
|
||||
return this->error;
|
||||
}
|
||||
};
|
||||
|
||||
class LDAPInterface
|
||||
{
|
||||
public:
|
||||
Module *owner;
|
||||
|
||||
LDAPInterface(Module *m) : owner(m) { }
|
||||
|
||||
virtual void OnResult(const LDAPResult &r) { }
|
||||
|
||||
virtual void OnError(const LDAPResult &err) { }
|
||||
};
|
||||
|
||||
|
||||
class LDAPProvider : public Service
|
||||
{
|
||||
public:
|
||||
LDAPProvider(Module *c, const Anope::string &n) : Service(c, n) { }
|
||||
|
||||
virtual LDAPQuery Bind(LDAPInterface *i, const Anope::string &who, const Anope::string &pass) = 0;
|
||||
|
||||
virtual LDAPQuery Search(LDAPInterface *i, const Anope::string &base, const Anope::string &filter) = 0;
|
||||
};
|
||||
|
||||
@@ -41,7 +41,10 @@ class AsynchCommandMutex : public CommandMutex
|
||||
EventReturn MOD_RESULT;
|
||||
FOREACH_RESULT(I_OnPreCommand, OnPreCommand(source, command, params));
|
||||
if (MOD_RESULT == EVENT_STOP)
|
||||
{
|
||||
source.DoReply();
|
||||
return;
|
||||
}
|
||||
|
||||
if (!command->permission.empty() && !u->Account()->HasCommand(command->permission))
|
||||
{
|
||||
|
||||
@@ -0,0 +1,334 @@
|
||||
/* RequiredLibraries: ldap */
|
||||
|
||||
#include "module.h"
|
||||
#include "ldap.h"
|
||||
#include <ldap.h>
|
||||
|
||||
static Pipe *me;
|
||||
|
||||
class LDAPService : public LDAPProvider, public Thread, public Condition
|
||||
{
|
||||
Anope::string server;
|
||||
int port;
|
||||
Anope::string binddn;
|
||||
Anope::string password;
|
||||
|
||||
LDAP *con;
|
||||
|
||||
public:
|
||||
typedef std::map<int, LDAPInterface *> query_queue;
|
||||
typedef std::vector<std::pair<LDAPInterface *, LDAPResult *> > result_queue;
|
||||
query_queue queries;
|
||||
result_queue results;
|
||||
|
||||
LDAPService(Module *o, const Anope::string &n, const Anope::string &s, int po, const Anope::string &b, const Anope::string &p) : LDAPProvider(o, "ldap/" + n), server(s), port(po), binddn(b), password(p)
|
||||
{
|
||||
if (ldap_initialize(&this->con, this->server.c_str()) != LDAP_SUCCESS)
|
||||
throw LDAPException("Unable to connect to LDAP service " + this->name + ": " + Anope::LastError());
|
||||
static const int version = LDAP_VERSION3;
|
||||
if (ldap_set_option(this->con, LDAP_OPT_PROTOCOL_VERSION, &version) != LDAP_OPT_SUCCESS)
|
||||
throw LDAPException("Unable to set protocol version for " + this->name + ": " + Anope::LastError());
|
||||
|
||||
threadEngine.Start(this);
|
||||
}
|
||||
|
||||
~LDAPService()
|
||||
{
|
||||
this->Lock();
|
||||
|
||||
for (query_queue::iterator it = this->queries.begin(), it_end = this->queries.end(); it != it_end; ++it)
|
||||
{
|
||||
ldap_abandon_ext(this->con, it->first, NULL, NULL);
|
||||
delete it->second;
|
||||
}
|
||||
this->queries.clear();
|
||||
|
||||
for (result_queue::iterator it = this->results.begin(), it_end = this->results.end(); it != it_end; ++it)
|
||||
{
|
||||
it->second->error = "LDAP Interface is going away";
|
||||
it->first->OnError(*it->second);
|
||||
}
|
||||
this->results.clear();
|
||||
|
||||
this->Unlock();
|
||||
|
||||
ldap_unbind_ext(this->con, NULL, NULL);
|
||||
}
|
||||
|
||||
LDAPQuery Bind(LDAPInterface *i, const Anope::string &who, const Anope::string &pass)
|
||||
{
|
||||
berval cred;
|
||||
cred.bv_val = strdup(pass.c_str());
|
||||
cred.bv_len = pass.length();
|
||||
|
||||
LDAPQuery msgid;
|
||||
int ret = ldap_sasl_bind(con, who.c_str(), LDAP_SASL_SIMPLE, &cred, NULL, NULL, &msgid);
|
||||
free(cred.bv_val);
|
||||
if (ret != LDAP_SUCCESS)
|
||||
throw LDAPException(ldap_err2string(ret));
|
||||
|
||||
if (i != NULL)
|
||||
{
|
||||
this->Lock();
|
||||
this->queries[msgid] = i;
|
||||
this->Unlock();
|
||||
}
|
||||
this->Wakeup();
|
||||
|
||||
return msgid;
|
||||
}
|
||||
|
||||
LDAPQuery Search(LDAPInterface *i, const Anope::string &base, const Anope::string &filter)
|
||||
{
|
||||
if (i == NULL)
|
||||
throw LDAPException("No interface");
|
||||
|
||||
LDAPQuery msgid;
|
||||
int ret = ldap_search_ext(this->con, base.c_str(), LDAP_SCOPE_SUBTREE, filter.c_str(), NULL, 0, NULL, NULL, NULL, 0, &msgid);
|
||||
if (ret != LDAP_SUCCESS)
|
||||
throw LDAPException(ldap_err2string(ret));
|
||||
|
||||
this->Lock();
|
||||
this->queries[msgid] = i;
|
||||
this->Unlock();
|
||||
this->Wakeup();
|
||||
|
||||
return msgid;
|
||||
}
|
||||
|
||||
void Run()
|
||||
{
|
||||
while (!this->GetExitState())
|
||||
{
|
||||
if (this->queries.empty())
|
||||
{
|
||||
this->Lock();
|
||||
this->Wait();
|
||||
this->Unlock();
|
||||
if (this->GetExitState())
|
||||
break;
|
||||
}
|
||||
|
||||
static struct timeval tv = { 1, 0 };
|
||||
LDAPMessage *result;
|
||||
int type = ldap_result(this->con, LDAP_RES_ANY, 1, &tv, &result);
|
||||
if (type <= 0 || this->GetExitState())
|
||||
continue;
|
||||
|
||||
bool notify = false;
|
||||
int cur_id = ldap_msgid(result);
|
||||
|
||||
this->Lock();
|
||||
|
||||
query_queue::iterator it = this->queries.find(cur_id);
|
||||
if (it == this->queries.end())
|
||||
{
|
||||
this->Unlock();
|
||||
continue;
|
||||
}
|
||||
LDAPInterface *i = it->second;
|
||||
this->queries.erase(it);
|
||||
|
||||
this->Unlock();
|
||||
|
||||
LDAPResult *ldap_result = new LDAPResult();
|
||||
ldap_result->id = cur_id;
|
||||
|
||||
for (LDAPMessage *cur = ldap_first_message(this->con, result); cur; cur = ldap_next_message(this->con, cur))
|
||||
{
|
||||
int cur_type = ldap_msgtype(cur);
|
||||
|
||||
LDAPAttributes attributes;
|
||||
|
||||
switch (cur_type)
|
||||
{
|
||||
case LDAP_RES_BIND:
|
||||
{
|
||||
ldap_result->type = LDAPResult::QUERY_BIND;
|
||||
|
||||
int errcode = -1;
|
||||
int parse_result = ldap_parse_result(this->con, cur, &errcode, NULL, NULL, NULL, NULL, 0);
|
||||
if (parse_result != LDAP_SUCCESS)
|
||||
ldap_result->error = ldap_err2string(parse_result);
|
||||
else if (errcode != LDAP_SUCCESS)
|
||||
ldap_result->error = ldap_err2string(errcode);
|
||||
notify = true;
|
||||
break;
|
||||
}
|
||||
case LDAP_RES_SEARCH_ENTRY:
|
||||
{
|
||||
ldap_result->type = LDAPResult::QUERY_SEARCH;
|
||||
|
||||
BerElement *ber = NULL;
|
||||
for (char *attr = ldap_first_attribute(this->con, cur, &ber); attr; attr = ldap_next_attribute(this->con, cur, ber))
|
||||
{
|
||||
berval **vals = ldap_get_values_len(this->con, cur, attr);
|
||||
int count = ldap_count_values_len(vals);
|
||||
|
||||
std::vector<Anope::string> attrs;
|
||||
for (int j = 0; j < count; ++j)
|
||||
attrs.push_back(vals[j]->bv_val);
|
||||
attributes[attr] = attrs;
|
||||
|
||||
ldap_memfree(attr);
|
||||
}
|
||||
if (ber != NULL)
|
||||
ber_free(ber, 0);
|
||||
|
||||
notify = true;
|
||||
break;
|
||||
}
|
||||
default:
|
||||
Log(LOG_DEBUG) << "m_ldap: Unknown msg type " << cur_type;
|
||||
continue;
|
||||
}
|
||||
|
||||
ldap_result->messages.push_back(attributes);
|
||||
}
|
||||
|
||||
ldap_msgfree(result);
|
||||
|
||||
this->Lock();
|
||||
this->results.push_back(std::make_pair(i, ldap_result));
|
||||
this->Unlock();
|
||||
|
||||
if (notify)
|
||||
me->Notify();
|
||||
}
|
||||
}
|
||||
|
||||
void SetExitState()
|
||||
{
|
||||
ModuleManager::UnregisterService(this);
|
||||
Thread::SetExitState();
|
||||
}
|
||||
};
|
||||
|
||||
class ModuleLDAP : public Module, public Pipe
|
||||
{
|
||||
std::map<Anope::string, LDAPService *> LDAPServices;
|
||||
public:
|
||||
|
||||
ModuleLDAP(const Anope::string &modname, const Anope::string &creator) : Module(modname, creator)
|
||||
{
|
||||
me = this;
|
||||
|
||||
Implementation i[] = { I_OnReload, I_OnModuleUnload };
|
||||
ModuleManager::Attach(i, this, 2);
|
||||
|
||||
OnReload(true);
|
||||
}
|
||||
|
||||
~ModuleLDAP()
|
||||
{
|
||||
for (std::map<Anope::string, LDAPService *>::iterator it = this->LDAPServices.begin(); it != this->LDAPServices.end(); ++it)
|
||||
it->second->SetExitState();
|
||||
LDAPServices.clear();
|
||||
}
|
||||
|
||||
void OnReload(bool startup)
|
||||
{
|
||||
ConfigReader config;
|
||||
int i, num;
|
||||
|
||||
for (std::map<Anope::string, LDAPService *>::iterator it = this->LDAPServices.begin(); it != this->LDAPServices.end();)
|
||||
{
|
||||
const Anope::string &cname = it->first;
|
||||
LDAPService *s = it->second;
|
||||
++it;
|
||||
|
||||
for (i = 0, num = config.Enumerate("ldap"); i < num; ++i)
|
||||
{
|
||||
if (config.ReadValue("ldap", "name", "", i) == cname)
|
||||
{
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (i == num)
|
||||
{
|
||||
Log(LOG_NORMAL, "ldap") << "LDAP: Removing server connection " << cname;
|
||||
|
||||
s->SetExitState();
|
||||
this->LDAPServices.erase(cname);
|
||||
}
|
||||
}
|
||||
|
||||
for (i = 0, num = config.Enumerate("ldap"); i < num; ++i)
|
||||
{
|
||||
Anope::string connname = config.ReadValue("ldap", "name", "main", i);
|
||||
|
||||
if (this->LDAPServices.find(connname) == this->LDAPServices.end())
|
||||
{
|
||||
Anope::string server = config.ReadValue("ldap", "server", "127.0.0.1", i);
|
||||
int port = config.ReadInteger("ldap", "port", "389", i, true);
|
||||
Anope::string binddn = config.ReadValue("ldap", "binddn", "", i);
|
||||
Anope::string password = config.ReadValue("ldap", "password", "", i);
|
||||
|
||||
try
|
||||
{
|
||||
LDAPService *ss = new LDAPService(this, connname, server, port, binddn, password);
|
||||
this->LDAPServices.insert(std::make_pair(connname, ss));
|
||||
ModuleManager::RegisterService(ss);
|
||||
|
||||
Log(LOG_NORMAL, "ldap") << "LDAP: Successfully connected to server " << connname << " (" << server << ")";
|
||||
}
|
||||
catch (const LDAPException &ex)
|
||||
{
|
||||
Log(LOG_NORMAL, "ldap") << "LDAP: " << ex.GetReason();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void OnModuleUnload(User *, Module *m)
|
||||
{
|
||||
for (std::map<Anope::string, LDAPService *>::iterator it = this->LDAPServices.begin(); it != this->LDAPServices.end(); ++it)
|
||||
{
|
||||
LDAPService *s = it->second;
|
||||
s->Lock();
|
||||
for (LDAPService::query_queue::iterator it2 = s->queries.begin(); it2 != s->queries.end();)
|
||||
{
|
||||
int msgid = it2->first;
|
||||
LDAPInterface *i = it2->second;
|
||||
++it2;
|
||||
if (i->owner == m)
|
||||
s->queries.erase(msgid);
|
||||
}
|
||||
for (unsigned i = s->results.size(); i > 0; --i)
|
||||
{
|
||||
LDAPInterface *li = s->results[i - 1].first;
|
||||
if (li->owner == m)
|
||||
s->results.erase(s->results.begin() + i - 1);
|
||||
}
|
||||
s->Unlock();
|
||||
}
|
||||
}
|
||||
|
||||
void OnNotify()
|
||||
{
|
||||
for (std::map<Anope::string, LDAPService *>::iterator it = this->LDAPServices.begin(); it != this->LDAPServices.end(); ++it)
|
||||
{
|
||||
LDAPService *s = it->second;
|
||||
|
||||
s->Lock();
|
||||
LDAPService::result_queue results = s->results;
|
||||
s->results.clear();
|
||||
s->Unlock();
|
||||
|
||||
for (unsigned i = 0; i < results.size(); ++i)
|
||||
{
|
||||
LDAPInterface *li = results[i].first;
|
||||
LDAPResult *r = results[i].second;
|
||||
|
||||
if (!r->error.empty())
|
||||
li->OnError(*r);
|
||||
else
|
||||
li->OnResult(*r);
|
||||
}
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
MODULE_INIT(ModuleLDAP)
|
||||
|
||||
@@ -0,0 +1,116 @@
|
||||
#include "module.h"
|
||||
#include "ldap.h"
|
||||
|
||||
static Anope::string opertype_attribute;
|
||||
|
||||
class IdentifyInterface : public LDAPInterface
|
||||
{
|
||||
std::map<LDAPQuery, Anope::string> requests;
|
||||
|
||||
public:
|
||||
IdentifyInterface(Module *m) : LDAPInterface(m)
|
||||
{
|
||||
}
|
||||
|
||||
void Add(LDAPQuery id, const Anope::string &nick)
|
||||
{
|
||||
std::map<LDAPQuery, Anope::string>::iterator it = this->requests.find(id);
|
||||
this->requests[id] = nick;
|
||||
}
|
||||
|
||||
void OnResult(const LDAPResult &r)
|
||||
{
|
||||
std::map<LDAPQuery, Anope::string>::iterator it = this->requests.find(r.id);
|
||||
if (it == this->requests.end())
|
||||
return;
|
||||
User *u = finduser(it->second);
|
||||
this->requests.erase(it);
|
||||
|
||||
|
||||
if (!u || !u->Account())
|
||||
return;
|
||||
|
||||
try
|
||||
{
|
||||
const LDAPAttributes &attr = r.get(0);
|
||||
|
||||
const Anope::string &opertype = attr.get(opertype_attribute);
|
||||
|
||||
for (std::list<OperType *>::iterator oit = Config->MyOperTypes.begin(), oit_end = Config->MyOperTypes.end(); oit != oit_end; ++oit)
|
||||
{
|
||||
OperType *ot = *oit;
|
||||
if (ot->GetName() == opertype && ot != u->Account()->ot)
|
||||
{
|
||||
u->Account()->ot = ot;
|
||||
Log() << "m_ldap_oper: Tied " << u->nick << " (" << u->Account()->display << ") to opertype " << ot->GetName();
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
catch (const LDAPException &ex)
|
||||
{
|
||||
Log() << "m_ldap_oper: " << ex.GetReason();
|
||||
}
|
||||
}
|
||||
|
||||
void OnError(const LDAPResult &r)
|
||||
{
|
||||
this->requests.erase(r.id);
|
||||
}
|
||||
};
|
||||
|
||||
class LDAPOper : public Module
|
||||
{
|
||||
service_reference<LDAPProvider> ldap;
|
||||
IdentifyInterface iinterface;
|
||||
|
||||
Anope::string binddn;
|
||||
Anope::string password;
|
||||
Anope::string basedn;
|
||||
Anope::string filter;
|
||||
public:
|
||||
LDAPOper(const Anope::string &modname, const Anope::string &creator) :
|
||||
Module(modname, creator), ldap("ldap/main"), iinterface(this)
|
||||
{
|
||||
this->SetAuthor("Anope");
|
||||
this->SetType(SUPPORTED);
|
||||
|
||||
Implementation i[] = { I_OnReload, I_OnNickIdentify };
|
||||
ModuleManager::Attach(i, this, 2);
|
||||
|
||||
OnReload(false);
|
||||
}
|
||||
|
||||
void OnReload(bool)
|
||||
{
|
||||
ConfigReader config;
|
||||
|
||||
this->binddn = config.ReadValue("m_ldap_oper", "binddn", "", 0);
|
||||
this->password = config.ReadValue("m_ldap_oper", "password", "", 0);
|
||||
this->basedn = config.ReadValue("m_ldap_oper", "basedn", "", 0);
|
||||
this->filter = config.ReadValue("m_ldap_oper", "filter", "", 0);
|
||||
opertype_attribute = config.ReadValue("m_ldap_oper", "opertype_attribute", "", 0);
|
||||
}
|
||||
|
||||
void OnNickIdentify(User *u)
|
||||
{
|
||||
try
|
||||
{
|
||||
if (!this->ldap)
|
||||
throw LDAPException("No LDAP interface. Is m_ldap loaded and configured correctly?");
|
||||
else if (this->basedn.empty() || this->filter.empty() || opertype_attribute.empty())
|
||||
throw LDAPException("Could not search LDAP for opertype settings, invalid configuration.");
|
||||
|
||||
if (!this->binddn.empty())
|
||||
this->ldap->Bind(NULL, this->binddn.replace_all_cs("%a", u->Account()->display), this->password.c_str());
|
||||
LDAPQuery id = this->ldap->Search(&this->iinterface, this->basedn, this->filter.replace_all_cs("%a", u->Account()->display));
|
||||
this->iinterface.Add(id, u->nick);
|
||||
}
|
||||
catch (const LDAPException &ex)
|
||||
{
|
||||
Log() << "m_ldapoper: " << ex.GetReason();
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
MODULE_INIT(LDAPOper)
|
||||
+26
-41
@@ -134,30 +134,19 @@ class DispatcherThread : public Thread, public Condition
|
||||
void Run();
|
||||
};
|
||||
|
||||
/** The pipe used by the SocketEngine to notify the main thread when
|
||||
* we have results from queries
|
||||
*/
|
||||
class MySQLPipe : public Pipe
|
||||
{
|
||||
public:
|
||||
void OnNotify();
|
||||
};
|
||||
|
||||
class ModuleSQL;
|
||||
static ModuleSQL *me;
|
||||
class ModuleSQL : public Module
|
||||
class ModuleSQL : public Module, public Pipe
|
||||
{
|
||||
public:
|
||||
/* SQL connections */
|
||||
std::map<Anope::string, MySQLService *> MySQLServices;
|
||||
public:
|
||||
/* Pending query requests */
|
||||
std::deque<QueryRequest> QueryRequests;
|
||||
/* Pending finished requests with results */
|
||||
std::deque<QueryResult> FinishedRequests;
|
||||
/* The thread used to execute queries */
|
||||
DispatcherThread *DThread;
|
||||
/* Notify pipe */
|
||||
MySQLPipe *SQLPipe;
|
||||
|
||||
ModuleSQL(const Anope::string &modname, const Anope::string &creator) : Module(modname, creator)
|
||||
{
|
||||
@@ -166,8 +155,6 @@ class ModuleSQL : public Module
|
||||
Implementation i[] = { I_OnReload, I_OnModuleUnload };
|
||||
ModuleManager::Attach(i, this, 2);
|
||||
|
||||
SQLPipe = new MySQLPipe();
|
||||
|
||||
DThread = new DispatcherThread();
|
||||
threadEngine.Start(DThread);
|
||||
|
||||
@@ -184,8 +171,6 @@ class ModuleSQL : public Module
|
||||
DThread->Wakeup();
|
||||
DThread->Join();
|
||||
delete DThread;
|
||||
|
||||
delete SQLPipe;
|
||||
}
|
||||
|
||||
void OnReload(bool startup)
|
||||
@@ -195,7 +180,7 @@ class ModuleSQL : public Module
|
||||
|
||||
for (std::map<Anope::string, MySQLService *>::iterator it = this->MySQLServices.begin(); it != this->MySQLServices.end();)
|
||||
{
|
||||
const Anope::string cname = it->first;
|
||||
const Anope::string &cname = it->first;
|
||||
MySQLService *s = it->second;
|
||||
++it;
|
||||
|
||||
@@ -266,7 +251,28 @@ class ModuleSQL : public Module
|
||||
|
||||
this->DThread->Unlock();
|
||||
|
||||
this->SQLPipe->OnNotify();
|
||||
this->OnNotify();
|
||||
}
|
||||
|
||||
void OnNotify()
|
||||
{
|
||||
this->DThread->Lock();
|
||||
std::deque<QueryResult> finishedRequests = this->FinishedRequests;
|
||||
this->FinishedRequests.clear();
|
||||
this->DThread->Unlock();
|
||||
|
||||
for (std::deque<QueryResult>::const_iterator it = finishedRequests.begin(), it_end = finishedRequests.end(); it != it_end; ++it)
|
||||
{
|
||||
const QueryResult &qr = *it;
|
||||
|
||||
if (!qr.sqlinterface)
|
||||
throw SQLException("NULL qr.sqlinterface in MySQLPipe::OnNotify() ?");
|
||||
|
||||
if (qr.result.GetError().empty())
|
||||
qr.sqlinterface->OnResult(qr.result);
|
||||
else
|
||||
qr.sqlinterface->OnError(qr.result);
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
@@ -386,7 +392,7 @@ void DispatcherThread::Run()
|
||||
else
|
||||
{
|
||||
if (!me->FinishedRequests.empty())
|
||||
me->SQLPipe->Notify();
|
||||
me->Notify();
|
||||
this->Wait();
|
||||
}
|
||||
}
|
||||
@@ -394,26 +400,5 @@ void DispatcherThread::Run()
|
||||
this->Unlock();
|
||||
}
|
||||
|
||||
void MySQLPipe::OnNotify()
|
||||
{
|
||||
me->DThread->Lock();
|
||||
std::deque<QueryResult> finishedRequests = me->FinishedRequests;
|
||||
me->FinishedRequests.clear();
|
||||
me->DThread->Unlock();
|
||||
|
||||
for (std::deque<QueryResult>::const_iterator it = finishedRequests.begin(), it_end = finishedRequests.end(); it != it_end; ++it)
|
||||
{
|
||||
const QueryResult &qr = *it;
|
||||
|
||||
if (!qr.sqlinterface)
|
||||
throw SQLException("NULL qr.sqlinterface in MySQLPipe::OnNotify() ?");
|
||||
|
||||
if (qr.result.GetError().empty())
|
||||
qr.sqlinterface->OnResult(qr.result);
|
||||
else
|
||||
qr.sqlinterface->OnError(qr.result);
|
||||
}
|
||||
}
|
||||
|
||||
MODULE_INIT(ModuleSQL)
|
||||
|
||||
|
||||
@@ -0,0 +1,254 @@
|
||||
#include "module.h"
|
||||
#include "ldap.h"
|
||||
|
||||
static Anope::string email_attribute;
|
||||
|
||||
struct IdentifyInfo
|
||||
{
|
||||
dynamic_reference<User> user;
|
||||
Anope::string account;
|
||||
Anope::string pass;
|
||||
|
||||
IdentifyInfo(User *u, const Anope::string &a, const Anope::string &p) : user(u), account(a), pass(p) { }
|
||||
};
|
||||
|
||||
|
||||
class IdentifyInterface : public LDAPInterface, public Command
|
||||
{
|
||||
std::map<LDAPQuery, IdentifyInfo *> requests;
|
||||
|
||||
public:
|
||||
IdentifyInterface(Module *m) : LDAPInterface(m), Command("IDENTIFY", 0, 0)
|
||||
{
|
||||
this->service = NickServ;
|
||||
}
|
||||
|
||||
CommandReturn Execute(CommandSource &, const std::vector<Anope::string> &) { return MOD_STOP; }
|
||||
|
||||
void Add(LDAPQuery id, IdentifyInfo *ii)
|
||||
{
|
||||
std::map<LDAPQuery, IdentifyInfo *>::iterator it = this->requests.find(id);
|
||||
if (it != this->requests.end())
|
||||
delete it->second;
|
||||
this->requests[id] = ii;
|
||||
}
|
||||
|
||||
void OnResult(const LDAPResult &r)
|
||||
{
|
||||
std::map<LDAPQuery, IdentifyInfo *>::iterator it = this->requests.find(r.id);
|
||||
if (it == this->requests.end())
|
||||
return;
|
||||
IdentifyInfo *ii = it->second;
|
||||
this->requests.erase(it);
|
||||
|
||||
User *u = *ii->user;
|
||||
NickAlias *this_na = findnick(u->nick), *na = findnick(ii->account);
|
||||
|
||||
if (!na)
|
||||
{
|
||||
na = new NickAlias(ii->account, new NickCore(ii->account));
|
||||
enc_encrypt(ii->pass, na->nc->pass);
|
||||
|
||||
Anope::string last_usermask = u->GetIdent() + "@" + u->GetDisplayedHost();
|
||||
na->last_usermask = last_usermask;
|
||||
na->last_realname = u->realname;
|
||||
if (Config->NSAddAccessOnReg)
|
||||
na->nc->AddAccess(create_mask(u));
|
||||
|
||||
u->SendMessage(NickServ, _("Your account \002%s\002 has been successfully created."), ii->account.c_str());
|
||||
}
|
||||
|
||||
if (u->Account())
|
||||
Log(LOG_COMMAND, u, this) << "to log out of account " << u->Account()->display;
|
||||
|
||||
na->last_realname = u->realname;
|
||||
na->last_seen = Anope::CurTime;
|
||||
|
||||
u->Login(na->nc);
|
||||
ircdproto->SendAccountLogin(u, u->Account());
|
||||
ircdproto->SetAutoIdentificationToken(u);
|
||||
|
||||
if (this_na && this_na->nc == na->nc)
|
||||
u->SetMode(NickServ, UMODE_REGISTERED);
|
||||
|
||||
u->UpdateHost();
|
||||
|
||||
Log(LOG_COMMAND, u, this) << "and identified for account " << u->Account()->display << " using LDAP";
|
||||
u->SendMessage(NickServ, _("Password accepted - you are now recognized."));
|
||||
if (ircd->vhost)
|
||||
do_on_id(u);
|
||||
if (Config->NSModeOnID)
|
||||
do_setmodes(u);
|
||||
|
||||
FOREACH_MOD(I_OnNickIdentify, OnNickIdentify(u));
|
||||
|
||||
delete ii;
|
||||
}
|
||||
|
||||
void OnError(const LDAPResult &r)
|
||||
{
|
||||
std::map<LDAPQuery, IdentifyInfo *>::iterator it = this->requests.find(r.id);
|
||||
if (it == this->requests.end())
|
||||
return;
|
||||
IdentifyInfo *ii = it->second;
|
||||
this->requests.erase(it);
|
||||
|
||||
if (!ii->user)
|
||||
{
|
||||
delete this;
|
||||
return;
|
||||
}
|
||||
|
||||
User *u = *ii->user;
|
||||
|
||||
Log(LOG_COMMAND, u, this) << "and failed to identify for account " << ii->account << ". LDAP error: " << r.getError();
|
||||
u->SendMessage(NickServ, _(PASSWORD_INCORRECT));
|
||||
bad_password(u);
|
||||
delete ii;
|
||||
}
|
||||
};
|
||||
|
||||
class OnIdentifyInterface : public LDAPInterface
|
||||
{
|
||||
std::map<LDAPQuery, Anope::string> requests;
|
||||
|
||||
public:
|
||||
OnIdentifyInterface(Module *m) : LDAPInterface(m) { }
|
||||
|
||||
void Add(LDAPQuery id, const Anope::string &nick)
|
||||
{
|
||||
this->requests[id] = nick;
|
||||
}
|
||||
|
||||
void OnResult(const LDAPResult &r)
|
||||
{
|
||||
std::map<LDAPQuery, Anope::string>::iterator it = this->requests.find(r.id);
|
||||
if (it == this->requests.end())
|
||||
return;
|
||||
User *u = finduser(it->second);
|
||||
this->requests.erase(it);
|
||||
|
||||
if (!u || !u->Account())
|
||||
return;
|
||||
|
||||
try
|
||||
{
|
||||
const LDAPAttributes &attr = r.get(0);
|
||||
Anope::string email = attr.get(email_attribute);
|
||||
|
||||
if (!email.equals_ci(u->Account()->email))
|
||||
{
|
||||
u->Account()->email = email;
|
||||
u->SendMessage(NickServ, "Your email has been updated to \002%s\002", email.c_str());
|
||||
Log() << "ns_identify_ldap: Updated email address for " << u->nick << " (" << u->Account()->display << ") to " << email;
|
||||
}
|
||||
}
|
||||
catch (const LDAPException &ex)
|
||||
{
|
||||
Log() << "ns_identify_ldap: " << ex.GetReason();
|
||||
}
|
||||
}
|
||||
|
||||
void OnError(const LDAPResult &r)
|
||||
{
|
||||
this->requests.erase(r.id);
|
||||
Log() << "ns_identify_ldap: " << r.error;
|
||||
}
|
||||
};
|
||||
|
||||
class NSIdentifyLDAP : public Module
|
||||
{
|
||||
service_reference<LDAPProvider> ldap;
|
||||
IdentifyInterface iinterface;
|
||||
OnIdentifyInterface oninterface;
|
||||
|
||||
Anope::string binddn;
|
||||
Anope::string username_attribute;
|
||||
bool disable_register;
|
||||
Anope::string disable_reason;
|
||||
public:
|
||||
NSIdentifyLDAP(const Anope::string &modname, const Anope::string &creator) :
|
||||
Module(modname, creator), ldap("ldap/main"), iinterface(this), oninterface(this)
|
||||
{
|
||||
this->SetAuthor("Anope");
|
||||
this->SetType(SUPPORTED);
|
||||
|
||||
Implementation i[] = { I_OnReload, I_OnPreCommand, I_OnNickIdentify };
|
||||
ModuleManager::Attach(i, this, 3);
|
||||
|
||||
OnReload(false);
|
||||
}
|
||||
|
||||
void OnReload(bool)
|
||||
{
|
||||
ConfigReader config;
|
||||
|
||||
this->binddn = config.ReadValue("ns_identify_ldap", "binddn", "", 0);
|
||||
this->username_attribute = config.ReadValue("ns_identify_ldap", "username_attribute", "", 0);
|
||||
email_attribute = config.ReadValue("ns_identify_ldap", "email_attribute", "", 0);
|
||||
this->disable_register = config.ReadFlag("ns_identify_ldap", "disable_ns_register", "false", 0);
|
||||
this->disable_reason = config.ReadValue("ns_identify_ldap", "disable_reason", "", 0);
|
||||
}
|
||||
|
||||
EventReturn OnPreCommand(CommandSource &source, Command *command, const std::vector<Anope::string> ¶ms)
|
||||
{
|
||||
if (command->service == NickServ)
|
||||
{
|
||||
if (this->disable_register && command->name == "REGISTER")
|
||||
{
|
||||
source.Reply(_(this->disable_reason.c_str()));
|
||||
return EVENT_STOP;
|
||||
}
|
||||
else if (command->name == "IDENTIFY" && !params.empty() && this->ldap)
|
||||
{
|
||||
Anope::string account = params.size() > 1 ? params[0] : source.u->nick;
|
||||
Anope::string pass = params.size() > 1 ? params[1] : params[0];
|
||||
|
||||
NickAlias *na = findnick(account);
|
||||
if (na)
|
||||
{
|
||||
account = na->nc->display;
|
||||
|
||||
if (na->HasFlag(NS_FORBIDDEN) || na->nc->HasFlag(NI_SUSPENDED) || source.u->Account() == na->nc)
|
||||
return EVENT_CONTINUE;
|
||||
}
|
||||
|
||||
IdentifyInfo *ii = new IdentifyInfo(source.u, account, pass);
|
||||
try
|
||||
{
|
||||
Anope::string full_binddn = this->username_attribute + "=" + account + "," + this->binddn;
|
||||
LDAPQuery id = this->ldap->Bind(&this->iinterface, full_binddn, pass);
|
||||
this->iinterface.Add(id, ii);
|
||||
}
|
||||
catch (const LDAPException &ex)
|
||||
{
|
||||
delete ii;
|
||||
Log() << "ns_identify_ldap: " << ex.GetReason();
|
||||
return EVENT_CONTINUE;
|
||||
}
|
||||
|
||||
return EVENT_STOP;
|
||||
}
|
||||
}
|
||||
|
||||
return EVENT_CONTINUE;
|
||||
}
|
||||
|
||||
void OnNickIdentify(User *u)
|
||||
{
|
||||
if (email_attribute.empty())
|
||||
return;
|
||||
|
||||
try
|
||||
{
|
||||
LDAPQuery id = this->ldap->Search(&this->oninterface, this->binddn, "(" + this->username_attribute + "=" + u->Account()->display + ")");
|
||||
this->oninterface.Add(id, u->nick);
|
||||
}
|
||||
catch (const LDAPException &ex)
|
||||
{
|
||||
Log() << "ns_identify_ldap: " << ex.GetReason();
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
MODULE_INIT(NSIdentifyLDAP)
|
||||
@@ -32,7 +32,6 @@ NickAlias::NickAlias(const Anope::string &nickname, NickCore *nickcore) : Flags<
|
||||
throw CoreException("Empty nickcore passed to NickAlias constructor");
|
||||
|
||||
this->time_registered = this->last_seen = Anope::CurTime;
|
||||
|
||||
this->nick = nickname;
|
||||
this->nc = nickcore;
|
||||
this->nc->aliases.push_back(this);
|
||||
|
||||
@@ -12,6 +12,8 @@ NickCore::NickCore(const Anope::string &coredisplay) : Flags<NickCoreFlag, NI_EN
|
||||
this->ot = NULL;
|
||||
this->channelcount = 0;
|
||||
this->lastmail = 0;
|
||||
this->memos.memomax = Config->MSMaxMemos;
|
||||
this->language = Config->NSDefLanguage;
|
||||
|
||||
this->display = coredisplay;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user