diff options
| author | Adam <Adam@anope.org> | 2011-03-04 20:47:58 -0500 |
|---|---|---|
| committer | Adam <Adam@anope.org> | 2011-03-04 20:47:58 -0500 |
| commit | 90e5d0feaa1646c28cfce45dbde1a914a6f1d62c (patch) | |
| tree | e81cf931c36401b418933aec264c7a260aa5a98a | |
| parent | d79e22bfaa089e32520d63f633ee499a36905366 (diff) | |
Added LDAP support
| -rw-r--r-- | data/example.conf | 355 | ||||
| -rw-r--r-- | modules/core/ns_identify.cpp | 5 | ||||
| -rw-r--r-- | modules/core/ns_register.cpp | 4 | ||||
| -rw-r--r-- | modules/extra/ldap.h | 99 | ||||
| -rw-r--r-- | modules/extra/m_async_commands.cpp | 3 | ||||
| -rw-r--r-- | modules/extra/m_ldap.cpp | 334 | ||||
| -rw-r--r-- | modules/extra/m_ldap_oper.cpp | 116 | ||||
| -rw-r--r-- | modules/extra/m_mysql.cpp | 67 | ||||
| -rw-r--r-- | modules/extra/ns_identify_ldap.cpp | 254 | ||||
| -rw-r--r-- | src/nickalias.cpp | 1 | ||||
| -rw-r--r-- | src/nickcore.cpp | 2 |
11 files changed, 1070 insertions, 170 deletions
diff --git a/data/example.conf b/data/example.conf index 4d5361b9e..243dcb725 100644 --- a/data/example.conf +++ b/data/example.conf @@ -596,13 +596,13 @@ log */ target = "services.log" /* Log to both services.log and the channel #services */ - //target = "services.log #services" + #target = "services.log #services" /* * The source(s) to only accept log messages from. Leave commented to allow all sources. * This can be a users name, a channel name, one of our clients (eg, OperServ), or a server name. */ - //source = "" + #source = "" /* * The number of days to keep logfiles, only useful if you are logging to a file. @@ -656,7 +656,7 @@ log override = "chanserv/* nickserv/* memoserv/set botserv/* ~botserv/set" commands = "~operserv/* *" servers = "*" - //channels = "~mode *" + #channels = "~mode *" users = "connect disconnect nick" other = "*" rawio = no @@ -795,7 +795,7 @@ opertype oper { /* The nickname of this services oper */ - //name = "nick1" + #name = "nick1" /* The opertype this person will have */ type = "Services Root" @@ -803,13 +803,13 @@ oper oper { - //name = "nick2" + #name = "nick2" type = "Services Administrator" } oper { - //name = "nick3" + #name = "nick3" type = "Helper" } @@ -1769,59 +1769,38 @@ defcon /* * [OPTIONAL] Non-Core Modules * - * The following single-line blocks are used to load all non-core modules, including 3rd-party modules. + * The following blocks are used to load all non-core modules, including 3rd-party modules. * Modules can be prevented from loading by commenting out the line, other modules can be added by * adding a module block. These modules will be loaded prior to Services connecting to your network. */ -module { name = "hs_moo" } -module { name = "ircd_defizzer" } -module { name = "os_ignore" } -module { name = "cs_appendtopic" } -module { name = "cs_enforce" } -module { name = "ns_maxemail" } /* - * [OPTIONAL] Module-Specific Options + * cs_appendtopic * - * The following blocks are used for options pertaining to modules and are not part of the core. - * Unless otherwise stated, most of the options are optional. - */ - -/* - * m_ssl - * - * This module uses SSL to connect to the uplink server(s) + * Adds the APPENDTOPIC command to ChanServ, which allows users to easially append text to + * the end of existing channel topics. */ -module { name = "m_ssl" } +module { name = "cs_appendtopic" } /* - * m_mysql + * cs_enforce * - * This module allows other modules (db_mysql) to use MySQL. - * Be sure you have imported the table schema with mydbgen before - * trying to use MySQL + * Adds the ENFORCE commad to ChanServ, which allows enforcing various channel settings like + * SECUREOPS and RESTRICTED. */ -#module { name = "m_mysql" } -mysql -{ - database = "anope" - server = "127.0.0.1" - username = "anope" - password = "mypassword" - port = 3306 -} +module { name = "cs_enforce" } /* - * db_plain + * cs_entrymsg * - * This is the default flatfile database format + * Allows you to set entry messages on your channel, which are shown to anyone + * who joins. */ -db_plain +module { name = "cs_entrymsg" } +cs_entrymsg { - /* - * The database db_plain should use - */ - database = "anope.db" + /* The maximum number of entrymsgs allowed per channel. If not set, defaults to 5. */ + maxentries = 5 } /* @@ -1851,36 +1830,24 @@ cs_set_misc desc = "Associate an EMail with the channel" } -module { name = "ns_set_misc" } -ns_set_misc -{ - name = "OINFO" - desc = "Associate oper only information to this nick" - privileged = yes -} -ns_set_misc -{ - name = "URL" - desc = "Associate a URL with the nick" -} -ns_set_misc -{ - name = "ICQ" - desc = "Associate an ICQ number with the nick" -} - -#module { name = "m_helpchan" } -m_helpchan +/* + * db_plain + * + * This is the default flatfile database format + */ +db_plain { /* - * For the given channel, every user that has or gets op status of the channel - * will automatically receive the +h user mode. - * - * This directive is optional. + * The database db_plain should use */ - helpchannel = "#help" + database = "anope.db" } +/* + * hs_request + * + * Allows users to request vhosts which opers may then view, accept or deny + */ module { name = "hs_request" } hs_request { @@ -1896,16 +1863,67 @@ hs_request #memooper = yes } -ns_maxemail +/* + * m_alias + * + * Allows you to create custom command aliases. + */ +module { name = "m_alias" } +alias { - /* - * The limit to how many registered nicks can use the same e-mail address. If set to 0 or left - * commented, there will be no limit enforced when registering new accounts or using - * /msg NickServ SET EMAIL. + /* Set to yes to make this alias triggerable by fantasy commands. */ + fantasy = no + /* Set to yes to make this alias oper only */ + operonly = no + + /* Source client and command. */ - #maxemails = 1 + source_client = "NickServ" + source_command = "ID" + + /* Target client and command. + */ + target_client = "NickServ" + target_command = "IDENTIFY" } +/* Provides the !k fantasy command */ +alias +{ + fantasy = yes + source_command = "K" + + target_client = "ChanServ" + target_command = "KICK" + +} +/* Provides the !kb fantasy command */ +alias +{ + fantasy = yes + source_command = "KB" + + target_client = "ChanServ" + target_command = "BAN" +} + +/* + * m_async_commands + * + * Threads for each command executed by users. You should + * only load this if you are using a module designed to work with this. + * + * If this is loaded with db_mysql_live then Anope will support + * processing multiple commands at once which will negate the "lag" + * issues caused from the overhead of SQL queries by db_mysq_live. + */ +#module { name = "m_async_commands" } +/* m_dnsbl + * + * Allows configurable DNS blacklists to check connecting users against. If a user + * is found on the blacklist they will be immediately banned. This is a crucial module + * to prevent bot attacks. + */ module { name = "m_dnsbl" } m_dnsbl { @@ -1934,7 +1952,7 @@ blacklist /* Name of the blacklist */ name = "rbl.efnetrbl.org" - /* How long to set the akill for */ + /* How long to set the ban for */ time = 4h /* Reason for akill. @@ -1963,6 +1981,94 @@ blacklist reason = "You have a host listed in the DroneBL. For more information, visit http://dronebl.org/lookup_branded.do?ip=%i&network=%N" } +/* m_helpchan + * + * Gives users who are op in the specified help channel usermode +h (helpop). + */ +#module { name = "m_helpchan" } +m_helpchan +{ + helpchannel = "#help" +} + +/* + * m_ldap + * + * This module allows other modules to use LDAP. + */ +#module { name = "m_ldap" } +ldap +{ + server = "ldap://127.0.0.1" + port = 389 + binddn = "cn=Manager,dc=anope,dc=org" + password = "secret" +} + +/* + * m_ldap_oper + * + * This module dynamically ties users to Anope opertypes when they identify + * via LDAP group membership. + * + * Note that this doesn't give the user privileges on the IRCd, only in Services. + */ +#module { name = "m_ldap_oper" } +m_ldap_oper +{ + /* + * An optional binddn to use when searching for groups. + * %a is replaced with the account name of the user. + */ + #binddn = "cn=Manager,dc=anope,dc=org" + + /* + * An optional password to bind with. + */ + #password = "secret" + + /* + * The base DN where the groups are. + */ + basedn = "ou=groups,dc=anope,dc=org" + + /* + * The filter to use when searching for users. + * %a is replaced with the account name of the user. + */ + filter = "(member=uid=%a,ou=users,dc=anope,dc=org)" + + /* + * The attribute of the group that is the name of the opertype. + * The cn attribute should match a known opertype in the config. + */ + opertype_attribute = "cn" +} + +/* + * m_mysql + * + * This module allows other modules (db_mysql/db_mysql_live) to use MySQL. + * Be sure you have imported the table schema with mydbgen before + * trying to use MySQL + */ +#module { name = "m_mysql" } +mysql +{ + database = "anope" + server = "127.0.0.1" + username = "anope" + password = "mypassword" + port = 3306 +} + +/* + * m_ssl + * + * This module uses SSL to connect to the uplink server(s) + */ +module { name = "m_ssl" } + /* * m_xmlrpc * @@ -1997,72 +2103,79 @@ m_xmlrpc #module { name = "m_xmlrpc_main" } /* - * m_alias + * ns_identify_ldap * - * Allows you to create custom command aliases. + * Allows you to use a LDAP server for authentication of users. */ -module { name = "m_alias" } -alias +#module { name = "ns_identify_ldap" } +ns_identify_ldap { - /* Set to yes to make this alias triggerable by fantasy commands. */ - fantasy = no - /* Set to yes to make this alias oper only */ - operonly = no + /* + * The distinguished name we should bind to when a user tries to identify. + */ + binddn = "ou=users,dc=anope,dc=org" - /* Source client and command. + /* + * The attribute value used for account names. */ - source_client = "NickServ" - source_command = "ID" + username_attribute = "uid" - /* Target client and command. + /* + * The attribute value used for email addresses. + * This directive is optional. */ - target_client = "NickServ" - target_command = "IDENTIFY" -} + email_attribute = "email" -/* Provides the !k fantasy command */ -alias -{ - fantasy = yes - source_command = "K" + /* + * Enable to have this module disable /nickserv register. + */ + disable_ns_register = true - target_client = "ChanServ" - target_command = "KICK" - + /* + * The reason to give the users who try to /ns register. + */ + disable_reason = "Registration has been disabled." + #disable_reason = "To register on this network visit http://some.misconfigured.site/register" } /* - * m_async_commands - * - * Creates a thread for each command executed by a user. You should - * only load this if you are using a module designed to work with this. + * ns_maxemail * - * If this is loaded with db_mysql_live then Anope will support - * processing multiple commands at once which will help very busy networks - * with lag issues caused from the overhead of SQL queries caused by db_mysq_live. + * Limits how many times the same email address may be used in Anope + * to register accounts. */ -#module { name = "m_async_commands" } - -/* Provides the !kb fantasy command */ -alias +module { name = "ns_maxemail" } +ns_maxemail { - fantasy = yes - source_command = "KB" - - target_client = "ChanServ" - target_command = "BAN" + /* + * The limit to how many registered nicks can use the same e-mail address. If set to 0 or left + * commented, there will be no limit enforced when registering new accounts or using + * /msg NickServ SET EMAIL. + */ + #maxemails = 1 } /* - * cs_entrymsg + * ns_set_misc * - * Allows you to set entry messages on your channel, which are shown to anyone - * who joins. + * Allows you to create misc /nickserv set commands, and have the data + * show up in /nickserv info */ -module { name = "cs_entrymsg" } -cs_entrymsg +module { name = "ns_set_misc" } +ns_set_misc { - /* The maximum number of entrymsgs allowed per channel. If not set, defaults to 5. */ - maxentries = 5 + name = "OINFO" + desc = "Associate oper only information to this nick" + privileged = yes +} +ns_set_misc +{ + name = "URL" + desc = "Associate a URL with the nick" +} +ns_set_misc +{ + name = "ICQ" + desc = "Associate an ICQ number with the nick" } diff --git a/modules/core/ns_identify.cpp b/modules/core/ns_identify.cpp index f48f5e388..45b189ca6 100644 --- a/modules/core/ns_identify.cpp +++ b/modules/core/ns_identify.cpp @@ -63,7 +63,7 @@ class CommandNSIdentify : public Command else { if (u->IsIdentified()) - Log(LOG_COMMAND, "nickserv/identify") << "to log out of account " << u->Account()->display; + Log(LOG_COMMAND, u, this) << "to log out of account " << u->Account()->display; na->last_realname = u->realname; na->last_seen = Anope::CurTime; @@ -96,8 +96,7 @@ class CommandNSIdentify : public Command "any third-party person."), NickServ->nick.c_str()); } - if (u->IsIdentified()) - check_memos(u); + check_memos(u); } } return MOD_CONT; diff --git a/modules/core/ns_register.cpp b/modules/core/ns_register.cpp index 80dc92488..d7867896c 100644 --- a/modules/core/ns_register.cpp +++ b/modules/core/ns_register.cpp @@ -26,8 +26,6 @@ class CommandNSConfirm : public Command na->nc->pass = nr->password; - na->nc->memos.memomax = Config->MSMaxMemos; - if (force) { na->last_usermask = "*@*"; @@ -42,8 +40,6 @@ class CommandNSConfirm : public Command na->nc->AddAccess(create_mask(u)); } - na->time_registered = na->last_seen = Anope::CurTime; - na->nc->language = Config->NSDefLanguage; if (!nr->email.empty()) na->nc->email = nr->email; diff --git a/modules/extra/ldap.h b/modules/extra/ldap.h new file mode 100644 index 000000000..acb9d8f53 --- /dev/null +++ b/modules/extra/ldap.h @@ -0,0 +1,99 @@ + +typedef int LDAPQuery; + +class LDAPException : public ModuleException +{ + public: + LDAPException(const Anope::string &reason) : ModuleException(reason) { } + + virtual ~LDAPException() throw() { } +}; + +struct LDAPAttributes : public std::map<Anope::string, std::vector<Anope::string> > +{ + size_t size(const Anope::string &attr) const + { + const std::vector<Anope::string>& array = this->getArray(attr); + return array.size(); + } + + const std::vector<Anope::string> keys() const + { + std::vector<Anope::string> k; + for (const_iterator it = this->begin(), it_end = this->end(); it != it_end; ++it) + k.push_back(it->first); + return k; + } + + const Anope::string &get(const Anope::string &attr) const + { + const std::vector<Anope::string>& array = this->getArray(attr); + if (array.empty()) + throw LDAPException("Empty attribute " + attr + " in LDAPResult::get"); + return array[0]; + } + + const std::vector<Anope::string>& getArray(const Anope::string &attr) const + { + const_iterator it = this->find(attr); + if (it == this->end()) + throw LDAPException("Unknown attribute " + attr + " in LDAPResult::getArray"); + return it->second; + } +}; + +struct LDAPResult +{ + std::vector<LDAPAttributes> messages; + Anope::string error; + + enum QueryType + { + QUERY_BIND, + QUERY_SEARCH + }; + + QueryType type; + LDAPQuery id; + + size_t size() const + { + return this->messages.size(); + } + + const LDAPAttributes &get(size_t sz) const + { + if (sz >= this->messages.size()) + throw LDAPException("Index out of range"); + return this->messages[sz]; + } + + const Anope::string &getError() const + { + return this->error; + } +}; + +class LDAPInterface +{ + public: + Module *owner; + + LDAPInterface(Module *m) : owner(m) { } + + virtual void OnResult(const LDAPResult &r) { } + + virtual void OnError(const LDAPResult &err) { } +}; + + +class LDAPProvider : public Service +{ + public: + LDAPProvider(Module *c, const Anope::string &n) : Service(c, n) { } + + virtual LDAPQuery Bind(LDAPInterface *i, const Anope::string &who, const Anope::string &pass) = 0; + + virtual LDAPQuery Search(LDAPInterface *i, const Anope::string &base, const Anope::string &filter) = 0; +}; + diff --git a/modules/extra/m_async_commands.cpp b/modules/extra/m_async_commands.cpp index d4bbaaf6d..e7aa37ff0 100644 --- a/modules/extra/m_async_commands.cpp +++ b/modules/extra/m_async_commands.cpp @@ -41,7 +41,10 @@ class AsynchCommandMutex : public CommandMutex EventReturn MOD_RESULT; FOREACH_RESULT(I_OnPreCommand, OnPreCommand(source, command, params)); if (MOD_RESULT == EVENT_STOP) + { + source.DoReply(); return; + } if (!command->permission.empty() && !u->Account()->HasCommand(command->permission)) { diff --git a/modules/extra/m_ldap.cpp b/modules/extra/m_ldap.cpp new file mode 100644 index 000000000..0d198e27d --- /dev/null +++ b/modules/extra/m_ldap.cpp @@ -0,0 +1,334 @@ +/* RequiredLibraries: ldap */ + +#include "module.h" +#include "ldap.h" +#include <ldap.h> + +static Pipe *me; + +class LDAPService : public LDAPProvider, public Thread, public Condition +{ + Anope::string server; + int port; + Anope::string binddn; + Anope::string password; + + LDAP *con; + + public: + typedef std::map<int, LDAPInterface *> query_queue; + typedef std::vector<std::pair<LDAPInterface *, LDAPResult *> > result_queue; + query_queue queries; + result_queue results; + + LDAPService(Module *o, const Anope::string &n, const Anope::string &s, int po, const Anope::string &b, const Anope::string &p) : LDAPProvider(o, "ldap/" + n), server(s), port(po), binddn(b), password(p) + { + if (ldap_initialize(&this->con, this->server.c_str()) != LDAP_SUCCESS) + throw LDAPException("Unable to connect to LDAP service " + this->name + ": " + Anope::LastError()); + static const int version = LDAP_VERSION3; + if (ldap_set_option(this->con, LDAP_OPT_PROTOCOL_VERSION, &version) != LDAP_OPT_SUCCESS) + throw LDAPException("Unable to set protocol version for " + this->name + ": " + Anope::LastError()); + + threadEngine.Start(this); + } + + ~LDAPService() + { + this->Lock(); + + for (query_queue::iterator it = this->queries.begin(), it_end = this->queries.end(); it != it_end; ++it) + { + ldap_abandon_ext(this->con, it->first, NULL, NULL); + delete it->second; + } + this->queries.clear(); + + for (result_queue::iterator it = this->results.begin(), it_end = this->results.end(); it != it_end; ++it) + { + it->second->error = "LDAP Interface is going away"; + it->first->OnError(*it->second); + } + this->results.clear(); + + this->Unlock(); + + ldap_unbind_ext(this->con, NULL, NULL); + } + + LDAPQuery Bind(LDAPInterface *i, const Anope::string &who, const Anope::string &pass) + { + berval cred; + cred.bv_val = strdup(pass.c_str()); + cred.bv_len = pass.length(); + + LDAPQuery msgid; + int ret = ldap_sasl_bind(con, who.c_str(), LDAP_SASL_SIMPLE, &cred, NULL, NULL, &msgid); + free(cred.bv_val); + if (ret != LDAP_SUCCESS) + throw LDAPException(ldap_err2string(ret)); + + if (i != NULL) + { + this->Lock(); + this->queries[msgid] = i; + this->Unlock(); + } + this->Wakeup(); + + return msgid; + } + + LDAPQuery Search(LDAPInterface *i, const Anope::string &base, const Anope::string &filter) + { + if (i == NULL) + throw LDAPException("No interface"); + + LDAPQuery msgid; + int ret = ldap_search_ext(this->con, base.c_str(), LDAP_SCOPE_SUBTREE, filter.c_str(), NULL, 0, NULL, NULL, NULL, 0, &msgid); + if (ret != LDAP_SUCCESS) + throw LDAPException(ldap_err2string(ret)); + + this->Lock(); + this->queries[msgid] = i; + this->Unlock(); + this->Wakeup(); + + return msgid; + } + + void Run() + { + while (!this->GetExitState()) + { + if (this->queries.empty()) + { + this->Lock(); + this->Wait(); + this->Unlock(); + if (this->GetExitState()) + break; + } + + static struct timeval tv = { 1, 0 }; + LDAPMessage *result; + int type = ldap_result(this->con, LDAP_RES_ANY, 1, &tv, &result); + if (type <= 0 || this->GetExitState()) + continue; + + bool notify = false; + int cur_id = ldap_msgid(result); + + this->Lock(); + + query_queue::iterator it = this->queries.find(cur_id); + if (it == this->queries.end()) + { + this->Unlock(); + continue; + } + LDAPInterface *i = it->second; + this->queries.erase(it); + + this->Unlock(); + + LDAPResult *ldap_result = new LDAPResult(); + ldap_result->id = cur_id; + + for (LDAPMessage *cur = ldap_first_message(this->con, result); cur; cur = ldap_next_message(this->con, cur)) + { + int cur_type = ldap_msgtype(cur); + + LDAPAttributes attributes; + + switch (cur_type) + { + case LDAP_RES_BIND: + { + ldap_result->type = LDAPResult::QUERY_BIND; + + int errcode = -1; + int parse_result = ldap_parse_result(this->con, cur, &errcode, NULL, NULL, NULL, NULL, 0); + if (parse_result != LDAP_SUCCESS) + ldap_result->error = ldap_err2string(parse_result); + else if (errcode != LDAP_SUCCESS) + ldap_result->error = ldap_err2string(errcode); + notify = true; + break; + } + case LDAP_RES_SEARCH_ENTRY: + { + ldap_result->type = LDAPResult::QUERY_SEARCH; + + BerElement *ber = NULL; + for (char *attr = ldap_first_attribute(this->con, cur, &ber); attr; attr = ldap_next_attribute(this->con, cur, ber)) + { + berval **vals = ldap_get_values_len(this->con, cur, attr); + int count = ldap_count_values_len(vals); + + std::vector<Anope::string> attrs; + for (int j = 0; j < count; ++j) + attrs.push_back(vals[j]->bv_val); + attributes[attr] = attrs; + + ldap_memfree(attr); + } + if (ber != NULL) + ber_free(ber, 0); + + notify = true; + break; + } + default: + Log(LOG_DEBUG) << "m_ldap: Unknown msg type " << cur_type; + continue; + } + + ldap_result->messages.push_back(attributes); + } + + ldap_msgfree(result); + + this->Lock(); + this->results.push_back(std::make_pair(i, ldap_result)); + this->Unlock(); + + if (notify) + me->Notify(); + } + } + + void SetExitState() + { + ModuleManager::UnregisterService(this); + Thread::SetExitState(); + } +}; + +class ModuleLDAP : public Module, public Pipe +{ + std::map<Anope::string, LDAPService *> LDAPServices; + public: + + ModuleLDAP(const Anope::string &modname, const Anope::string &creator) : Module(modname, creator) + { + me = this; + + Implementation i[] = { I_OnReload, I_OnModuleUnload }; + ModuleManager::Attach(i, this, 2); + + OnReload(true); + } + + ~ModuleLDAP() + { + for (std::map<Anope::string, LDAPService *>::iterator it = this->LDAPServices.begin(); it != this->LDAPServices.end(); ++it) + it->second->SetExitState(); + LDAPServices.clear(); + } + + void OnReload(bool startup) + { + ConfigReader config; + int i, num; + + for (std::map<Anope::string, LDAPService *>::iterator it = this->LDAPServices.begin(); it != this->LDAPServices.end();) + { + const Anope::string &cname = it->first; + LDAPService *s = it->second; + ++it; + + for (i = 0, num = config.Enumerate("ldap"); i < num; ++i) + { + if (config.ReadValue("ldap", "name", "", i) == cname) + { + break; + } + } + + if (i == num) + { + Log(LOG_NORMAL, "ldap") << "LDAP: Removing server connection " << cname; + + s->SetExitState(); + this->LDAPServices.erase(cname); + } + } + + for (i = 0, num = config.Enumerate("ldap"); i < num; ++i) + { + Anope::string connname = config.ReadValue("ldap", "name", "main", i); + + if (this->LDAPServices.find(connname) == this->LDAPServices.end()) + { + Anope::string server = config.ReadValue("ldap", "server", "127.0.0.1", i); + int port = config.ReadInteger("ldap", "port", "389", i, true); + Anope::string binddn = config.ReadValue("ldap", "binddn", "", i); + Anope::string password = config.ReadValue("ldap", "password", "", i); + + try + { + LDAPService *ss = new LDAPService(this, connname, server, port, binddn, password); + this->LDAPServices.insert(std::make_pair(connname, ss)); + ModuleManager::RegisterService(ss); + + Log(LOG_NORMAL, "ldap") << "LDAP: Successfully connected to server " << connname << " (" << server << ")"; + } + catch (const LDAPException &ex) + { + Log(LOG_NORMAL, "ldap") << "LDAP: " << ex.GetReason(); + } + } + } + } + + void OnModuleUnload(User *, Module *m) + { + for (std::map<Anope::string, LDAPService *>::iterator it = this->LDAPServices.begin(); it != this->LDAPServices.end(); ++it) + { + LDAPService *s = it->second; + s->Lock(); + for (LDAPService::query_queue::iterator it2 = s->queries.begin(); it2 != s->queries.end();) + { + int msgid = it2->first; + LDAPInterface *i = it2->second; + ++it2; + if (i->owner == m) + s->queries.erase(msgid); + } + for (unsigned i = s->results.size(); i > 0; --i) + { + LDAPInterface *li = s->results[i - 1].first; + if (li->owner == m) + s->results.erase(s->results.begin() + i - 1); + } + s->Unlock(); + } + } + + void OnNotify() + { + for (std::map<Anope::string, LDAPService *>::iterator it = this->LDAPServices.begin(); it != this->LDAPServices.end(); ++it) + { + LDAPService *s = it->second; + + s->Lock(); + LDAPService::result_queue results = s->results; + s->results.clear(); + s->Unlock(); + + for (unsigned i = 0; i < results.size(); ++i) + { + LDAPInterface *li = results[i].first; + LDAPResult *r = results[i].second; + + if (!r->error.empty()) + li->OnError(*r); + else + li->OnResult(*r); + } + } + } +}; + +MODULE_INIT(ModuleLDAP) + diff --git a/modules/extra/m_ldap_oper.cpp b/modules/extra/m_ldap_oper.cpp new file mode 100644 index 000000000..8e08587d2 --- /dev/null +++ b/modules/extra/m_ldap_oper.cpp @@ -0,0 +1,116 @@ +#include "module.h" +#include "ldap.h" + +static Anope::string opertype_attribute; + +class IdentifyInterface : public LDAPInterface +{ + std::map<LDAPQuery, Anope::string> requests; + + public: + IdentifyInterface(Module *m) : LDAPInterface(m) + { + } + + void Add(LDAPQuery id, const Anope::string &nick) + { + std::map<LDAPQuery, Anope::string>::iterator it = this->requests.find(id); + this->requests[id] = nick; + } + + void OnResult(const LDAPResult &r) + { + std::map<LDAPQuery, Anope::string>::iterator it = this->requests.find(r.id); + if (it == this->requests.end()) + return; + User *u = finduser(it->second); + this->requests.erase(it); + + + if (!u || !u->Account()) + return; + + try + { + const LDAPAttributes &attr = r.get(0); + + const Anope::string &opertype = attr.get(opertype_attribute); + + for (std::list<OperType *>::iterator oit = Config->MyOperTypes.begin(), oit_end = Config->MyOperTypes.end(); oit != oit_end; ++oit) + { + OperType *ot = *oit; + if (ot->GetName() == opertype && ot != u->Account()->ot) + { + u->Account()->ot = ot; + Log() << "m_ldap_oper: Tied " << u->nick << " (" << u->Account()->display << ") to opertype " << ot->GetName(); + break; + } + } + } + catch (const LDAPException &ex) + { + Log() << "m_ldap_oper: " << ex.GetReason(); + } + } + + void OnError(const LDAPResult &r) + { + this->requests.erase(r.id); + } +}; + +class LDAPOper : public Module +{ + service_reference<LDAPProvider> ldap; + IdentifyInterface iinterface; + + Anope::string binddn; + Anope::string password; + Anope::string basedn; + Anope::string filter; + public: + LDAPOper(const Anope::string &modname, const Anope::string &creator) : + Module(modname, creator), ldap("ldap/main"), iinterface(this) + { + this->SetAuthor("Anope"); + this->SetType(SUPPORTED); + + Implementation i[] = { I_OnReload, I_OnNickIdentify }; + ModuleManager::Attach(i, this, 2); + + OnReload(false); + } + + void OnReload(bool) + { + ConfigReader config; + + this->binddn = config.ReadValue("m_ldap_oper", "binddn", "", 0); + this->password = config.ReadValue("m_ldap_oper", "password", "", 0); + this->basedn = config.ReadValue("m_ldap_oper", "basedn", "", 0); + this->filter = config.ReadValue("m_ldap_oper", "filter", "", 0); + opertype_attribute = config.ReadValue("m_ldap_oper", "opertype_attribute", "", 0); + } + + void OnNickIdentify(User *u) + { + try + { + if (!this->ldap) + throw LDAPException("No LDAP interface. Is m_ldap loaded and configured correctly?"); + else if (this->basedn.empty() || this->filter.empty() || opertype_attribute.empty()) + throw LDAPException("Could not search LDAP for opertype settings, invalid configuration."); + + if (!this->binddn.empty()) + this->ldap->Bind(NULL, this->binddn.replace_all_cs("%a", u->Account()->display), this->password.c_str()); + LDAPQuery id = this->ldap->Search(&this->iinterface, this->basedn, this->filter.replace_all_cs("%a", u->Account()->display)); + this->iinterface.Add(id, u->nick); + } + catch (const LDAPException &ex) + { + Log() << "m_ldapoper: " << ex.GetReason(); + } + } +}; + +MODULE_INIT(LDAPOper) diff --git a/modules/extra/m_mysql.cpp b/modules/extra/m_mysql.cpp index 7ef4243e6..e26d13b6a 100644 --- a/modules/extra/m_mysql.cpp +++ b/modules/extra/m_mysql.cpp @@ -134,30 +134,19 @@ class DispatcherThread : public Thread, public Condition void Run(); }; -/** The pipe used by the SocketEngine to notify the main thread when - * we have results from queries - */ -class MySQLPipe : public Pipe -{ - public: - void OnNotify(); -}; - class ModuleSQL; static ModuleSQL *me; -class ModuleSQL : public Module +class ModuleSQL : public Module, public Pipe { - public: /* SQL connections */ std::map<Anope::string, MySQLService *> MySQLServices; + public: /* Pending query requests */ std::deque<QueryRequest> QueryRequests; /* Pending finished requests with results */ std::deque<QueryResult> FinishedRequests; /* The thread used to execute queries */ DispatcherThread *DThread; - /* Notify pipe */ - MySQLPipe *SQLPipe; ModuleSQL(const Anope::string &modname, const Anope::string &creator) : Module(modname, creator) { @@ -166,8 +155,6 @@ class ModuleSQL : public Module Implementation i[] = { I_OnReload, I_OnModuleUnload }; ModuleManager::Attach(i, this, 2); - SQLPipe = new MySQLPipe(); - DThread = new DispatcherThread(); threadEngine.Start(DThread); @@ -184,8 +171,6 @@ class ModuleSQL : public Module DThread->Wakeup(); DThread->Join(); delete DThread; - - delete SQLPipe; } void OnReload(bool startup) @@ -195,7 +180,7 @@ class ModuleSQL : public Module for (std::map<Anope::string, MySQLService *>::iterator it = this->MySQLServices.begin(); it != this->MySQLServices.end();) { - const Anope::string cname = it->first; + const Anope::string &cname = it->first; MySQLService *s = it->second; ++it; @@ -266,7 +251,28 @@ class ModuleSQL : public Module this->DThread->Unlock(); - this->SQLPipe->OnNotify(); + this->OnNotify(); + } + + void OnNotify() + { + this->DThread->Lock(); + std::deque<QueryResult> finishedRequests = this->FinishedRequests; + this->FinishedRequests.clear(); + this->DThread->Unlock(); + + for (std::deque<QueryResult>::const_iterator it = finishedRequests.begin(), it_end = finishedRequests.end(); it != it_end; ++it) + { + const QueryResult &qr = *it; + + if (!qr.sqlinterface) + throw SQLException("NULL qr.sqlinterface in MySQLPipe::OnNotify() ?"); + + if (qr.result.GetError().empty()) + qr.sqlinterface->OnResult(qr.result); + else + qr.sqlinterface->OnError(qr.result); + } } }; @@ -386,7 +392,7 @@ void DispatcherThread::Run() else { if (!me->FinishedRequests.empty()) - me->SQLPipe->Notify(); + me->Notify(); this->Wait(); } } @@ -394,26 +400,5 @@ void DispatcherThread::Run() this->Unlock(); } -void MySQLPipe::OnNotify() -{ - me->DThread->Lock(); - std::deque<QueryResult> finishedRequests = me->FinishedRequests; - me->FinishedRequests.clear(); - me->DThread->Unlock(); - - for (std::deque<QueryResult>::const_iterator it = finishedRequests.begin(), it_end = finishedRequests.end(); it != it_end; ++it) - { - const QueryResult &qr = *it; - - if (!qr.sqlinterface) - throw SQLException("NULL qr.sqlinterface in MySQLPipe::OnNotify() ?"); - - if (qr.result.GetError().empty()) - qr.sqlinterface->OnResult(qr.result); - else - qr.sqlinterface->OnError(qr.result); - } -} - MODULE_INIT(ModuleSQL) diff --git a/modules/extra/ns_identify_ldap.cpp b/modules/extra/ns_identify_ldap.cpp new file mode 100644 index 000000000..7bc237289 --- /dev/null +++ b/modules/extra/ns_identify_ldap.cpp @@ -0,0 +1,254 @@ +#include "module.h" +#include "ldap.h" + +static Anope::string email_attribute; + +struct IdentifyInfo +{ + dynamic_reference<User> user; + Anope::string account; + Anope::string pass; + + IdentifyInfo(User *u, const Anope::string &a, const Anope::string &p) : user(u), account(a), pass(p) { } +}; + + +class IdentifyInterface : public LDAPInterface, public Command +{ + std::map<LDAPQuery, IdentifyInfo *> requests; + + public: + IdentifyInterface(Module *m) : LDAPInterface(m), Command("IDENTIFY", 0, 0) + { + this->service = NickServ; + } + + CommandReturn Execute(CommandSource &, const std::vector<Anope::string> &) { return MOD_STOP; } + + void Add(LDAPQuery id, IdentifyInfo *ii) + { + std::map<LDAPQuery, IdentifyInfo *>::iterator it = this->requests.find(id); + if (it != this->requests.end()) + delete it->second; + this->requests[id] = ii; + } + + void OnResult(const LDAPResult &r) + { + std::map<LDAPQuery, IdentifyInfo *>::iterator it = this->requests.find(r.id); + if (it == this->requests.end()) + return; + IdentifyInfo *ii = it->second; + this->requests.erase(it); + + User *u = *ii->user; + NickAlias *this_na = findnick(u->nick), *na = findnick(ii->account); + + if (!na) + { + na = new NickAlias(ii->account, new NickCore(ii->account)); + enc_encrypt(ii->pass, na->nc->pass); + + Anope::string last_usermask = u->GetIdent() + "@" + u->GetDisplayedHost(); + na->last_usermask = last_usermask; + na->last_realname = u->realname; + if (Config->NSAddAccessOnReg) + na->nc->AddAccess(create_mask(u)); + + u->SendMessage(NickServ, _("Your account \002%s\002 has been successfully created."), ii->account.c_str()); + } + + if (u->Account()) + Log(LOG_COMMAND, u, this) << "to log out of account " << u->Account()->display; + + na->last_realname = u->realname; + na->last_seen = Anope::CurTime; + + u->Login(na->nc); + ircdproto->SendAccountLogin(u, u->Account()); + ircdproto->SetAutoIdentificationToken(u); + + if (this_na && this_na->nc == na->nc) + u->SetMode(NickServ, UMODE_REGISTERED); + + u->UpdateHost(); + + Log(LOG_COMMAND, u, this) << "and identified for account " << u->Account()->display << " using LDAP"; + u->SendMessage(NickServ, _("Password accepted - you are now recognized.")); + if (ircd->vhost) + do_on_id(u); + if (Config->NSModeOnID) + do_setmodes(u); + + FOREACH_MOD(I_OnNickIdentify, OnNickIdentify(u)); + + delete ii; + } + + void OnError(const LDAPResult &r) + { + std::map<LDAPQuery, IdentifyInfo *>::iterator it = this->requests.find(r.id); + if (it == this->requests.end()) + return; + IdentifyInfo *ii = it->second; + this->requests.erase(it); + + if (!ii->user) + { + delete this; + return; + } + + User *u = *ii->user; + + Log(LOG_COMMAND, u, this) << "and failed to identify for account " << ii->account << ". LDAP error: " << r.getError(); + u->SendMessage(NickServ, _(PASSWORD_INCORRECT)); + bad_password(u); + delete ii; + } +}; + +class OnIdentifyInterface : public LDAPInterface +{ + std::map<LDAPQuery, Anope::string> requests; + + public: + OnIdentifyInterface(Module *m) : LDAPInterface(m) { } + + void Add(LDAPQuery id, const Anope::string &nick) + { + this->requests[id] = nick; + } + + void OnResult(const LDAPResult &r) + { + std::map<LDAPQuery, Anope::string>::iterator it = this->requests.find(r.id); + if (it == this->requests.end()) + return; + User *u = finduser(it->second); + this->requests.erase(it); + + if (!u || !u->Account()) + return; + + try + { + const LDAPAttributes &attr = r.get(0); + Anope::string email = attr.get(email_attribute); + + if (!email.equals_ci(u->Account()->email)) + { + u->Account()->email = email; + u->SendMessage(NickServ, "Your email has been updated to \002%s\002", email.c_str()); + Log() << "ns_identify_ldap: Updated email address for " << u->nick << " (" << u->Account()->display << ") to " << email; + } + } + catch (const LDAPException &ex) + { + Log() << "ns_identify_ldap: " << ex.GetReason(); + } + } + + void OnError(const LDAPResult &r) + { + this->requests.erase(r.id); + Log() << "ns_identify_ldap: " << r.error; + } +}; + +class NSIdentifyLDAP : public Module +{ + service_reference<LDAPProvider> ldap; + IdentifyInterface iinterface; + OnIdentifyInterface oninterface; + + Anope::string binddn; + Anope::string username_attribute; + bool disable_register; + Anope::string disable_reason; + public: + NSIdentifyLDAP(const Anope::string &modname, const Anope::string &creator) : + Module(modname, creator), ldap("ldap/main"), iinterface(this), oninterface(this) + { + this->SetAuthor("Anope"); + this->SetType(SUPPORTED); + + Implementation i[] = { I_OnReload, I_OnPreCommand, I_OnNickIdentify }; + ModuleManager::Attach(i, this, 3); + + OnReload(false); + } + + void OnReload(bool) + { + ConfigReader config; + + this->binddn = config.ReadValue("ns_identify_ldap", "binddn", "", 0); + this->username_attribute = config.ReadValue("ns_identify_ldap", "username_attribute", "", 0); + email_attribute = config.ReadValue("ns_identify_ldap", "email_attribute", "", 0); + this->disable_register = config.ReadFlag("ns_identify_ldap", "disable_ns_register", "false", 0); + this->disable_reason = config.ReadValue("ns_identify_ldap", "disable_reason", "", 0); + } + + EventReturn OnPreCommand(CommandSource &source, Command *command, const std::vector<Anope::string> ¶ms) + { + if (command->service == NickServ) + { + if (this->disable_register && command->name == "REGISTER") + { + source.Reply(_(this->disable_reason.c_str())); + return EVENT_STOP; + } + else if (command->name == "IDENTIFY" && !params.empty() && this->ldap) + { + Anope::string account = params.size() > 1 ? params[0] : source.u->nick; + Anope::string pass = params.size() > 1 ? params[1] : params[0]; + + NickAlias *na = findnick(account); + if (na) + { + account = na->nc->display; + + if (na->HasFlag(NS_FORBIDDEN) || na->nc->HasFlag(NI_SUSPENDED) || source.u->Account() == na->nc) + return EVENT_CONTINUE; + } + + IdentifyInfo *ii = new IdentifyInfo(source.u, account, pass); + try + { + Anope::string full_binddn = this->username_attribute + "=" + account + "," + this->binddn; + LDAPQuery id = this->ldap->Bind(&this->iinterface, full_binddn, pass); + this->iinterface.Add(id, ii); + } + catch (const LDAPException &ex) + { + delete ii; + Log() << "ns_identify_ldap: " << ex.GetReason(); + return EVENT_CONTINUE; + } + + return EVENT_STOP; + } + } + + return EVENT_CONTINUE; + } + + void OnNickIdentify(User *u) + { + if (email_attribute.empty()) + return; + + try + { + LDAPQuery id = this->ldap->Search(&this->oninterface, this->binddn, "(" + this->username_attribute + "=" + u->Account()->display + ")"); + this->oninterface.Add(id, u->nick); + } + catch (const LDAPException &ex) + { + Log() << "ns_identify_ldap: " << ex.GetReason(); + } + } +}; + +MODULE_INIT(NSIdentifyLDAP) diff --git a/src/nickalias.cpp b/src/nickalias.cpp index 532eb76ba..258e46a07 100644 --- a/src/nickalias.cpp +++ b/src/nickalias.cpp @@ -32,7 +32,6 @@ NickAlias::NickAlias(const Anope::string &nickname, NickCore *nickcore) : Flags< throw CoreException("Empty nickcore passed to NickAlias constructor"); this->time_registered = this->last_seen = Anope::CurTime; - this->nick = nickname; this->nc = nickcore; this->nc->aliases.push_back(this); diff --git a/src/nickcore.cpp b/src/nickcore.cpp index aa8202c51..4863d3244 100644 --- a/src/nickcore.cpp +++ b/src/nickcore.cpp @@ -12,6 +12,8 @@ NickCore::NickCore(const Anope::string &coredisplay) : Flags<NickCoreFlag, NI_EN this->ot = NULL; this->channelcount = 0; this->lastmail = 0; + this->memos.memomax = Config->MSMaxMemos; + this->language = Config->NSDefLanguage; this->display = coredisplay; |