diff options
Diffstat (limited to 'modules/extra/ns_identify_ldap.cpp')
| -rw-r--r-- | modules/extra/ns_identify_ldap.cpp | 254 |
1 files changed, 254 insertions, 0 deletions
diff --git a/modules/extra/ns_identify_ldap.cpp b/modules/extra/ns_identify_ldap.cpp new file mode 100644 index 000000000..7bc237289 --- /dev/null +++ b/modules/extra/ns_identify_ldap.cpp @@ -0,0 +1,254 @@ +#include "module.h" +#include "ldap.h" + +static Anope::string email_attribute; + +struct IdentifyInfo +{ + dynamic_reference<User> user; + Anope::string account; + Anope::string pass; + + IdentifyInfo(User *u, const Anope::string &a, const Anope::string &p) : user(u), account(a), pass(p) { } +}; + + +class IdentifyInterface : public LDAPInterface, public Command +{ + std::map<LDAPQuery, IdentifyInfo *> requests; + + public: + IdentifyInterface(Module *m) : LDAPInterface(m), Command("IDENTIFY", 0, 0) + { + this->service = NickServ; + } + + CommandReturn Execute(CommandSource &, const std::vector<Anope::string> &) { return MOD_STOP; } + + void Add(LDAPQuery id, IdentifyInfo *ii) + { + std::map<LDAPQuery, IdentifyInfo *>::iterator it = this->requests.find(id); + if (it != this->requests.end()) + delete it->second; + this->requests[id] = ii; + } + + void OnResult(const LDAPResult &r) + { + std::map<LDAPQuery, IdentifyInfo *>::iterator it = this->requests.find(r.id); + if (it == this->requests.end()) + return; + IdentifyInfo *ii = it->second; + this->requests.erase(it); + + User *u = *ii->user; + NickAlias *this_na = findnick(u->nick), *na = findnick(ii->account); + + if (!na) + { + na = new NickAlias(ii->account, new NickCore(ii->account)); + enc_encrypt(ii->pass, na->nc->pass); + + Anope::string last_usermask = u->GetIdent() + "@" + u->GetDisplayedHost(); + na->last_usermask = last_usermask; + na->last_realname = u->realname; + if (Config->NSAddAccessOnReg) + na->nc->AddAccess(create_mask(u)); + + u->SendMessage(NickServ, _("Your account \002%s\002 has been successfully created."), ii->account.c_str()); + } + + if (u->Account()) + Log(LOG_COMMAND, u, this) << "to log out of account " << u->Account()->display; + + na->last_realname = u->realname; + na->last_seen = Anope::CurTime; + + u->Login(na->nc); + ircdproto->SendAccountLogin(u, u->Account()); + ircdproto->SetAutoIdentificationToken(u); + + if (this_na && this_na->nc == na->nc) + u->SetMode(NickServ, UMODE_REGISTERED); + + u->UpdateHost(); + + Log(LOG_COMMAND, u, this) << "and identified for account " << u->Account()->display << " using LDAP"; + u->SendMessage(NickServ, _("Password accepted - you are now recognized.")); + if (ircd->vhost) + do_on_id(u); + if (Config->NSModeOnID) + do_setmodes(u); + + FOREACH_MOD(I_OnNickIdentify, OnNickIdentify(u)); + + delete ii; + } + + void OnError(const LDAPResult &r) + { + std::map<LDAPQuery, IdentifyInfo *>::iterator it = this->requests.find(r.id); + if (it == this->requests.end()) + return; + IdentifyInfo *ii = it->second; + this->requests.erase(it); + + if (!ii->user) + { + delete this; + return; + } + + User *u = *ii->user; + + Log(LOG_COMMAND, u, this) << "and failed to identify for account " << ii->account << ". LDAP error: " << r.getError(); + u->SendMessage(NickServ, _(PASSWORD_INCORRECT)); + bad_password(u); + delete ii; + } +}; + +class OnIdentifyInterface : public LDAPInterface +{ + std::map<LDAPQuery, Anope::string> requests; + + public: + OnIdentifyInterface(Module *m) : LDAPInterface(m) { } + + void Add(LDAPQuery id, const Anope::string &nick) + { + this->requests[id] = nick; + } + + void OnResult(const LDAPResult &r) + { + std::map<LDAPQuery, Anope::string>::iterator it = this->requests.find(r.id); + if (it == this->requests.end()) + return; + User *u = finduser(it->second); + this->requests.erase(it); + + if (!u || !u->Account()) + return; + + try + { + const LDAPAttributes &attr = r.get(0); + Anope::string email = attr.get(email_attribute); + + if (!email.equals_ci(u->Account()->email)) + { + u->Account()->email = email; + u->SendMessage(NickServ, "Your email has been updated to \002%s\002", email.c_str()); + Log() << "ns_identify_ldap: Updated email address for " << u->nick << " (" << u->Account()->display << ") to " << email; + } + } + catch (const LDAPException &ex) + { + Log() << "ns_identify_ldap: " << ex.GetReason(); + } + } + + void OnError(const LDAPResult &r) + { + this->requests.erase(r.id); + Log() << "ns_identify_ldap: " << r.error; + } +}; + +class NSIdentifyLDAP : public Module +{ + service_reference<LDAPProvider> ldap; + IdentifyInterface iinterface; + OnIdentifyInterface oninterface; + + Anope::string binddn; + Anope::string username_attribute; + bool disable_register; + Anope::string disable_reason; + public: + NSIdentifyLDAP(const Anope::string &modname, const Anope::string &creator) : + Module(modname, creator), ldap("ldap/main"), iinterface(this), oninterface(this) + { + this->SetAuthor("Anope"); + this->SetType(SUPPORTED); + + Implementation i[] = { I_OnReload, I_OnPreCommand, I_OnNickIdentify }; + ModuleManager::Attach(i, this, 3); + + OnReload(false); + } + + void OnReload(bool) + { + ConfigReader config; + + this->binddn = config.ReadValue("ns_identify_ldap", "binddn", "", 0); + this->username_attribute = config.ReadValue("ns_identify_ldap", "username_attribute", "", 0); + email_attribute = config.ReadValue("ns_identify_ldap", "email_attribute", "", 0); + this->disable_register = config.ReadFlag("ns_identify_ldap", "disable_ns_register", "false", 0); + this->disable_reason = config.ReadValue("ns_identify_ldap", "disable_reason", "", 0); + } + + EventReturn OnPreCommand(CommandSource &source, Command *command, const std::vector<Anope::string> ¶ms) + { + if (command->service == NickServ) + { + if (this->disable_register && command->name == "REGISTER") + { + source.Reply(_(this->disable_reason.c_str())); + return EVENT_STOP; + } + else if (command->name == "IDENTIFY" && !params.empty() && this->ldap) + { + Anope::string account = params.size() > 1 ? params[0] : source.u->nick; + Anope::string pass = params.size() > 1 ? params[1] : params[0]; + + NickAlias *na = findnick(account); + if (na) + { + account = na->nc->display; + + if (na->HasFlag(NS_FORBIDDEN) || na->nc->HasFlag(NI_SUSPENDED) || source.u->Account() == na->nc) + return EVENT_CONTINUE; + } + + IdentifyInfo *ii = new IdentifyInfo(source.u, account, pass); + try + { + Anope::string full_binddn = this->username_attribute + "=" + account + "," + this->binddn; + LDAPQuery id = this->ldap->Bind(&this->iinterface, full_binddn, pass); + this->iinterface.Add(id, ii); + } + catch (const LDAPException &ex) + { + delete ii; + Log() << "ns_identify_ldap: " << ex.GetReason(); + return EVENT_CONTINUE; + } + + return EVENT_STOP; + } + } + + return EVENT_CONTINUE; + } + + void OnNickIdentify(User *u) + { + if (email_attribute.empty()) + return; + + try + { + LDAPQuery id = this->ldap->Search(&this->oninterface, this->binddn, "(" + this->username_attribute + "=" + u->Account()->display + ")"); + this->oninterface.Add(id, u->nick); + } + catch (const LDAPException &ex) + { + Log() << "ns_identify_ldap: " << ex.GetReason(); + } + } +}; + +MODULE_INIT(NSIdentifyLDAP) |