diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/core/ns_identify.cpp | 5 | ||||
| -rw-r--r-- | modules/core/ns_register.cpp | 4 | ||||
| -rw-r--r-- | modules/extra/ldap.h | 99 | ||||
| -rw-r--r-- | modules/extra/m_async_commands.cpp | 3 | ||||
| -rw-r--r-- | modules/extra/m_ldap.cpp | 334 | ||||
| -rw-r--r-- | modules/extra/m_ldap_oper.cpp | 116 | ||||
| -rw-r--r-- | modules/extra/m_mysql.cpp | 67 | ||||
| -rw-r--r-- | modules/extra/ns_identify_ldap.cpp | 254 |
8 files changed, 834 insertions, 48 deletions
diff --git a/modules/core/ns_identify.cpp b/modules/core/ns_identify.cpp index f48f5e388..45b189ca6 100644 --- a/modules/core/ns_identify.cpp +++ b/modules/core/ns_identify.cpp @@ -63,7 +63,7 @@ class CommandNSIdentify : public Command else { if (u->IsIdentified()) - Log(LOG_COMMAND, "nickserv/identify") << "to log out of account " << u->Account()->display; + Log(LOG_COMMAND, u, this) << "to log out of account " << u->Account()->display; na->last_realname = u->realname; na->last_seen = Anope::CurTime; @@ -96,8 +96,7 @@ class CommandNSIdentify : public Command "any third-party person."), NickServ->nick.c_str()); } - if (u->IsIdentified()) - check_memos(u); + check_memos(u); } } return MOD_CONT; diff --git a/modules/core/ns_register.cpp b/modules/core/ns_register.cpp index 80dc92488..d7867896c 100644 --- a/modules/core/ns_register.cpp +++ b/modules/core/ns_register.cpp @@ -26,8 +26,6 @@ class CommandNSConfirm : public Command na->nc->pass = nr->password; - na->nc->memos.memomax = Config->MSMaxMemos; - if (force) { na->last_usermask = "*@*"; @@ -42,8 +40,6 @@ class CommandNSConfirm : public Command na->nc->AddAccess(create_mask(u)); } - na->time_registered = na->last_seen = Anope::CurTime; - na->nc->language = Config->NSDefLanguage; if (!nr->email.empty()) na->nc->email = nr->email; diff --git a/modules/extra/ldap.h b/modules/extra/ldap.h new file mode 100644 index 000000000..acb9d8f53 --- /dev/null +++ b/modules/extra/ldap.h @@ -0,0 +1,99 @@ + +typedef int LDAPQuery; + +class LDAPException : public ModuleException +{ + public: + LDAPException(const Anope::string &reason) : ModuleException(reason) { } + + virtual ~LDAPException() throw() { } +}; + +struct LDAPAttributes : public std::map<Anope::string, std::vector<Anope::string> > +{ + size_t size(const Anope::string &attr) const + { + const std::vector<Anope::string>& array = this->getArray(attr); + return array.size(); + } + + const std::vector<Anope::string> keys() const + { + std::vector<Anope::string> k; + for (const_iterator it = this->begin(), it_end = this->end(); it != it_end; ++it) + k.push_back(it->first); + return k; + } + + const Anope::string &get(const Anope::string &attr) const + { + const std::vector<Anope::string>& array = this->getArray(attr); + if (array.empty()) + throw LDAPException("Empty attribute " + attr + " in LDAPResult::get"); + return array[0]; + } + + const std::vector<Anope::string>& getArray(const Anope::string &attr) const + { + const_iterator it = this->find(attr); + if (it == this->end()) + throw LDAPException("Unknown attribute " + attr + " in LDAPResult::getArray"); + return it->second; + } +}; + +struct LDAPResult +{ + std::vector<LDAPAttributes> messages; + Anope::string error; + + enum QueryType + { + QUERY_BIND, + QUERY_SEARCH + }; + + QueryType type; + LDAPQuery id; + + size_t size() const + { + return this->messages.size(); + } + + const LDAPAttributes &get(size_t sz) const + { + if (sz >= this->messages.size()) + throw LDAPException("Index out of range"); + return this->messages[sz]; + } + + const Anope::string &getError() const + { + return this->error; + } +}; + +class LDAPInterface +{ + public: + Module *owner; + + LDAPInterface(Module *m) : owner(m) { } + + virtual void OnResult(const LDAPResult &r) { } + + virtual void OnError(const LDAPResult &err) { } +}; + + +class LDAPProvider : public Service +{ + public: + LDAPProvider(Module *c, const Anope::string &n) : Service(c, n) { } + + virtual LDAPQuery Bind(LDAPInterface *i, const Anope::string &who, const Anope::string &pass) = 0; + + virtual LDAPQuery Search(LDAPInterface *i, const Anope::string &base, const Anope::string &filter) = 0; +}; + diff --git a/modules/extra/m_async_commands.cpp b/modules/extra/m_async_commands.cpp index d4bbaaf6d..e7aa37ff0 100644 --- a/modules/extra/m_async_commands.cpp +++ b/modules/extra/m_async_commands.cpp @@ -41,7 +41,10 @@ class AsynchCommandMutex : public CommandMutex EventReturn MOD_RESULT; FOREACH_RESULT(I_OnPreCommand, OnPreCommand(source, command, params)); if (MOD_RESULT == EVENT_STOP) + { + source.DoReply(); return; + } if (!command->permission.empty() && !u->Account()->HasCommand(command->permission)) { diff --git a/modules/extra/m_ldap.cpp b/modules/extra/m_ldap.cpp new file mode 100644 index 000000000..0d198e27d --- /dev/null +++ b/modules/extra/m_ldap.cpp @@ -0,0 +1,334 @@ +/* RequiredLibraries: ldap */ + +#include "module.h" +#include "ldap.h" +#include <ldap.h> + +static Pipe *me; + +class LDAPService : public LDAPProvider, public Thread, public Condition +{ + Anope::string server; + int port; + Anope::string binddn; + Anope::string password; + + LDAP *con; + + public: + typedef std::map<int, LDAPInterface *> query_queue; + typedef std::vector<std::pair<LDAPInterface *, LDAPResult *> > result_queue; + query_queue queries; + result_queue results; + + LDAPService(Module *o, const Anope::string &n, const Anope::string &s, int po, const Anope::string &b, const Anope::string &p) : LDAPProvider(o, "ldap/" + n), server(s), port(po), binddn(b), password(p) + { + if (ldap_initialize(&this->con, this->server.c_str()) != LDAP_SUCCESS) + throw LDAPException("Unable to connect to LDAP service " + this->name + ": " + Anope::LastError()); + static const int version = LDAP_VERSION3; + if (ldap_set_option(this->con, LDAP_OPT_PROTOCOL_VERSION, &version) != LDAP_OPT_SUCCESS) + throw LDAPException("Unable to set protocol version for " + this->name + ": " + Anope::LastError()); + + threadEngine.Start(this); + } + + ~LDAPService() + { + this->Lock(); + + for (query_queue::iterator it = this->queries.begin(), it_end = this->queries.end(); it != it_end; ++it) + { + ldap_abandon_ext(this->con, it->first, NULL, NULL); + delete it->second; + } + this->queries.clear(); + + for (result_queue::iterator it = this->results.begin(), it_end = this->results.end(); it != it_end; ++it) + { + it->second->error = "LDAP Interface is going away"; + it->first->OnError(*it->second); + } + this->results.clear(); + + this->Unlock(); + + ldap_unbind_ext(this->con, NULL, NULL); + } + + LDAPQuery Bind(LDAPInterface *i, const Anope::string &who, const Anope::string &pass) + { + berval cred; + cred.bv_val = strdup(pass.c_str()); + cred.bv_len = pass.length(); + + LDAPQuery msgid; + int ret = ldap_sasl_bind(con, who.c_str(), LDAP_SASL_SIMPLE, &cred, NULL, NULL, &msgid); + free(cred.bv_val); + if (ret != LDAP_SUCCESS) + throw LDAPException(ldap_err2string(ret)); + + if (i != NULL) + { + this->Lock(); + this->queries[msgid] = i; + this->Unlock(); + } + this->Wakeup(); + + return msgid; + } + + LDAPQuery Search(LDAPInterface *i, const Anope::string &base, const Anope::string &filter) + { + if (i == NULL) + throw LDAPException("No interface"); + + LDAPQuery msgid; + int ret = ldap_search_ext(this->con, base.c_str(), LDAP_SCOPE_SUBTREE, filter.c_str(), NULL, 0, NULL, NULL, NULL, 0, &msgid); + if (ret != LDAP_SUCCESS) + throw LDAPException(ldap_err2string(ret)); + + this->Lock(); + this->queries[msgid] = i; + this->Unlock(); + this->Wakeup(); + + return msgid; + } + + void Run() + { + while (!this->GetExitState()) + { + if (this->queries.empty()) + { + this->Lock(); + this->Wait(); + this->Unlock(); + if (this->GetExitState()) + break; + } + + static struct timeval tv = { 1, 0 }; + LDAPMessage *result; + int type = ldap_result(this->con, LDAP_RES_ANY, 1, &tv, &result); + if (type <= 0 || this->GetExitState()) + continue; + + bool notify = false; + int cur_id = ldap_msgid(result); + + this->Lock(); + + query_queue::iterator it = this->queries.find(cur_id); + if (it == this->queries.end()) + { + this->Unlock(); + continue; + } + LDAPInterface *i = it->second; + this->queries.erase(it); + + this->Unlock(); + + LDAPResult *ldap_result = new LDAPResult(); + ldap_result->id = cur_id; + + for (LDAPMessage *cur = ldap_first_message(this->con, result); cur; cur = ldap_next_message(this->con, cur)) + { + int cur_type = ldap_msgtype(cur); + + LDAPAttributes attributes; + + switch (cur_type) + { + case LDAP_RES_BIND: + { + ldap_result->type = LDAPResult::QUERY_BIND; + + int errcode = -1; + int parse_result = ldap_parse_result(this->con, cur, &errcode, NULL, NULL, NULL, NULL, 0); + if (parse_result != LDAP_SUCCESS) + ldap_result->error = ldap_err2string(parse_result); + else if (errcode != LDAP_SUCCESS) + ldap_result->error = ldap_err2string(errcode); + notify = true; + break; + } + case LDAP_RES_SEARCH_ENTRY: + { + ldap_result->type = LDAPResult::QUERY_SEARCH; + + BerElement *ber = NULL; + for (char *attr = ldap_first_attribute(this->con, cur, &ber); attr; attr = ldap_next_attribute(this->con, cur, ber)) + { + berval **vals = ldap_get_values_len(this->con, cur, attr); + int count = ldap_count_values_len(vals); + + std::vector<Anope::string> attrs; + for (int j = 0; j < count; ++j) + attrs.push_back(vals[j]->bv_val); + attributes[attr] = attrs; + + ldap_memfree(attr); + } + if (ber != NULL) + ber_free(ber, 0); + + notify = true; + break; + } + default: + Log(LOG_DEBUG) << "m_ldap: Unknown msg type " << cur_type; + continue; + } + + ldap_result->messages.push_back(attributes); + } + + ldap_msgfree(result); + + this->Lock(); + this->results.push_back(std::make_pair(i, ldap_result)); + this->Unlock(); + + if (notify) + me->Notify(); + } + } + + void SetExitState() + { + ModuleManager::UnregisterService(this); + Thread::SetExitState(); + } +}; + +class ModuleLDAP : public Module, public Pipe +{ + std::map<Anope::string, LDAPService *> LDAPServices; + public: + + ModuleLDAP(const Anope::string &modname, const Anope::string &creator) : Module(modname, creator) + { + me = this; + + Implementation i[] = { I_OnReload, I_OnModuleUnload }; + ModuleManager::Attach(i, this, 2); + + OnReload(true); + } + + ~ModuleLDAP() + { + for (std::map<Anope::string, LDAPService *>::iterator it = this->LDAPServices.begin(); it != this->LDAPServices.end(); ++it) + it->second->SetExitState(); + LDAPServices.clear(); + } + + void OnReload(bool startup) + { + ConfigReader config; + int i, num; + + for (std::map<Anope::string, LDAPService *>::iterator it = this->LDAPServices.begin(); it != this->LDAPServices.end();) + { + const Anope::string &cname = it->first; + LDAPService *s = it->second; + ++it; + + for (i = 0, num = config.Enumerate("ldap"); i < num; ++i) + { + if (config.ReadValue("ldap", "name", "", i) == cname) + { + break; + } + } + + if (i == num) + { + Log(LOG_NORMAL, "ldap") << "LDAP: Removing server connection " << cname; + + s->SetExitState(); + this->LDAPServices.erase(cname); + } + } + + for (i = 0, num = config.Enumerate("ldap"); i < num; ++i) + { + Anope::string connname = config.ReadValue("ldap", "name", "main", i); + + if (this->LDAPServices.find(connname) == this->LDAPServices.end()) + { + Anope::string server = config.ReadValue("ldap", "server", "127.0.0.1", i); + int port = config.ReadInteger("ldap", "port", "389", i, true); + Anope::string binddn = config.ReadValue("ldap", "binddn", "", i); + Anope::string password = config.ReadValue("ldap", "password", "", i); + + try + { + LDAPService *ss = new LDAPService(this, connname, server, port, binddn, password); + this->LDAPServices.insert(std::make_pair(connname, ss)); + ModuleManager::RegisterService(ss); + + Log(LOG_NORMAL, "ldap") << "LDAP: Successfully connected to server " << connname << " (" << server << ")"; + } + catch (const LDAPException &ex) + { + Log(LOG_NORMAL, "ldap") << "LDAP: " << ex.GetReason(); + } + } + } + } + + void OnModuleUnload(User *, Module *m) + { + for (std::map<Anope::string, LDAPService *>::iterator it = this->LDAPServices.begin(); it != this->LDAPServices.end(); ++it) + { + LDAPService *s = it->second; + s->Lock(); + for (LDAPService::query_queue::iterator it2 = s->queries.begin(); it2 != s->queries.end();) + { + int msgid = it2->first; + LDAPInterface *i = it2->second; + ++it2; + if (i->owner == m) + s->queries.erase(msgid); + } + for (unsigned i = s->results.size(); i > 0; --i) + { + LDAPInterface *li = s->results[i - 1].first; + if (li->owner == m) + s->results.erase(s->results.begin() + i - 1); + } + s->Unlock(); + } + } + + void OnNotify() + { + for (std::map<Anope::string, LDAPService *>::iterator it = this->LDAPServices.begin(); it != this->LDAPServices.end(); ++it) + { + LDAPService *s = it->second; + + s->Lock(); + LDAPService::result_queue results = s->results; + s->results.clear(); + s->Unlock(); + + for (unsigned i = 0; i < results.size(); ++i) + { + LDAPInterface *li = results[i].first; + LDAPResult *r = results[i].second; + + if (!r->error.empty()) + li->OnError(*r); + else + li->OnResult(*r); + } + } + } +}; + +MODULE_INIT(ModuleLDAP) + diff --git a/modules/extra/m_ldap_oper.cpp b/modules/extra/m_ldap_oper.cpp new file mode 100644 index 000000000..8e08587d2 --- /dev/null +++ b/modules/extra/m_ldap_oper.cpp @@ -0,0 +1,116 @@ +#include "module.h" +#include "ldap.h" + +static Anope::string opertype_attribute; + +class IdentifyInterface : public LDAPInterface +{ + std::map<LDAPQuery, Anope::string> requests; + + public: + IdentifyInterface(Module *m) : LDAPInterface(m) + { + } + + void Add(LDAPQuery id, const Anope::string &nick) + { + std::map<LDAPQuery, Anope::string>::iterator it = this->requests.find(id); + this->requests[id] = nick; + } + + void OnResult(const LDAPResult &r) + { + std::map<LDAPQuery, Anope::string>::iterator it = this->requests.find(r.id); + if (it == this->requests.end()) + return; + User *u = finduser(it->second); + this->requests.erase(it); + + + if (!u || !u->Account()) + return; + + try + { + const LDAPAttributes &attr = r.get(0); + + const Anope::string &opertype = attr.get(opertype_attribute); + + for (std::list<OperType *>::iterator oit = Config->MyOperTypes.begin(), oit_end = Config->MyOperTypes.end(); oit != oit_end; ++oit) + { + OperType *ot = *oit; + if (ot->GetName() == opertype && ot != u->Account()->ot) + { + u->Account()->ot = ot; + Log() << "m_ldap_oper: Tied " << u->nick << " (" << u->Account()->display << ") to opertype " << ot->GetName(); + break; + } + } + } + catch (const LDAPException &ex) + { + Log() << "m_ldap_oper: " << ex.GetReason(); + } + } + + void OnError(const LDAPResult &r) + { + this->requests.erase(r.id); + } +}; + +class LDAPOper : public Module +{ + service_reference<LDAPProvider> ldap; + IdentifyInterface iinterface; + + Anope::string binddn; + Anope::string password; + Anope::string basedn; + Anope::string filter; + public: + LDAPOper(const Anope::string &modname, const Anope::string &creator) : + Module(modname, creator), ldap("ldap/main"), iinterface(this) + { + this->SetAuthor("Anope"); + this->SetType(SUPPORTED); + + Implementation i[] = { I_OnReload, I_OnNickIdentify }; + ModuleManager::Attach(i, this, 2); + + OnReload(false); + } + + void OnReload(bool) + { + ConfigReader config; + + this->binddn = config.ReadValue("m_ldap_oper", "binddn", "", 0); + this->password = config.ReadValue("m_ldap_oper", "password", "", 0); + this->basedn = config.ReadValue("m_ldap_oper", "basedn", "", 0); + this->filter = config.ReadValue("m_ldap_oper", "filter", "", 0); + opertype_attribute = config.ReadValue("m_ldap_oper", "opertype_attribute", "", 0); + } + + void OnNickIdentify(User *u) + { + try + { + if (!this->ldap) + throw LDAPException("No LDAP interface. Is m_ldap loaded and configured correctly?"); + else if (this->basedn.empty() || this->filter.empty() || opertype_attribute.empty()) + throw LDAPException("Could not search LDAP for opertype settings, invalid configuration."); + + if (!this->binddn.empty()) + this->ldap->Bind(NULL, this->binddn.replace_all_cs("%a", u->Account()->display), this->password.c_str()); + LDAPQuery id = this->ldap->Search(&this->iinterface, this->basedn, this->filter.replace_all_cs("%a", u->Account()->display)); + this->iinterface.Add(id, u->nick); + } + catch (const LDAPException &ex) + { + Log() << "m_ldapoper: " << ex.GetReason(); + } + } +}; + +MODULE_INIT(LDAPOper) diff --git a/modules/extra/m_mysql.cpp b/modules/extra/m_mysql.cpp index 7ef4243e6..e26d13b6a 100644 --- a/modules/extra/m_mysql.cpp +++ b/modules/extra/m_mysql.cpp @@ -134,30 +134,19 @@ class DispatcherThread : public Thread, public Condition void Run(); }; -/** The pipe used by the SocketEngine to notify the main thread when - * we have results from queries - */ -class MySQLPipe : public Pipe -{ - public: - void OnNotify(); -}; - class ModuleSQL; static ModuleSQL *me; -class ModuleSQL : public Module +class ModuleSQL : public Module, public Pipe { - public: /* SQL connections */ std::map<Anope::string, MySQLService *> MySQLServices; + public: /* Pending query requests */ std::deque<QueryRequest> QueryRequests; /* Pending finished requests with results */ std::deque<QueryResult> FinishedRequests; /* The thread used to execute queries */ DispatcherThread *DThread; - /* Notify pipe */ - MySQLPipe *SQLPipe; ModuleSQL(const Anope::string &modname, const Anope::string &creator) : Module(modname, creator) { @@ -166,8 +155,6 @@ class ModuleSQL : public Module Implementation i[] = { I_OnReload, I_OnModuleUnload }; ModuleManager::Attach(i, this, 2); - SQLPipe = new MySQLPipe(); - DThread = new DispatcherThread(); threadEngine.Start(DThread); @@ -184,8 +171,6 @@ class ModuleSQL : public Module DThread->Wakeup(); DThread->Join(); delete DThread; - - delete SQLPipe; } void OnReload(bool startup) @@ -195,7 +180,7 @@ class ModuleSQL : public Module for (std::map<Anope::string, MySQLService *>::iterator it = this->MySQLServices.begin(); it != this->MySQLServices.end();) { - const Anope::string cname = it->first; + const Anope::string &cname = it->first; MySQLService *s = it->second; ++it; @@ -266,7 +251,28 @@ class ModuleSQL : public Module this->DThread->Unlock(); - this->SQLPipe->OnNotify(); + this->OnNotify(); + } + + void OnNotify() + { + this->DThread->Lock(); + std::deque<QueryResult> finishedRequests = this->FinishedRequests; + this->FinishedRequests.clear(); + this->DThread->Unlock(); + + for (std::deque<QueryResult>::const_iterator it = finishedRequests.begin(), it_end = finishedRequests.end(); it != it_end; ++it) + { + const QueryResult &qr = *it; + + if (!qr.sqlinterface) + throw SQLException("NULL qr.sqlinterface in MySQLPipe::OnNotify() ?"); + + if (qr.result.GetError().empty()) + qr.sqlinterface->OnResult(qr.result); + else + qr.sqlinterface->OnError(qr.result); + } } }; @@ -386,7 +392,7 @@ void DispatcherThread::Run() else { if (!me->FinishedRequests.empty()) - me->SQLPipe->Notify(); + me->Notify(); this->Wait(); } } @@ -394,26 +400,5 @@ void DispatcherThread::Run() this->Unlock(); } -void MySQLPipe::OnNotify() -{ - me->DThread->Lock(); - std::deque<QueryResult> finishedRequests = me->FinishedRequests; - me->FinishedRequests.clear(); - me->DThread->Unlock(); - - for (std::deque<QueryResult>::const_iterator it = finishedRequests.begin(), it_end = finishedRequests.end(); it != it_end; ++it) - { - const QueryResult &qr = *it; - - if (!qr.sqlinterface) - throw SQLException("NULL qr.sqlinterface in MySQLPipe::OnNotify() ?"); - - if (qr.result.GetError().empty()) - qr.sqlinterface->OnResult(qr.result); - else - qr.sqlinterface->OnError(qr.result); - } -} - MODULE_INIT(ModuleSQL) diff --git a/modules/extra/ns_identify_ldap.cpp b/modules/extra/ns_identify_ldap.cpp new file mode 100644 index 000000000..7bc237289 --- /dev/null +++ b/modules/extra/ns_identify_ldap.cpp @@ -0,0 +1,254 @@ +#include "module.h" +#include "ldap.h" + +static Anope::string email_attribute; + +struct IdentifyInfo +{ + dynamic_reference<User> user; + Anope::string account; + Anope::string pass; + + IdentifyInfo(User *u, const Anope::string &a, const Anope::string &p) : user(u), account(a), pass(p) { } +}; + + +class IdentifyInterface : public LDAPInterface, public Command +{ + std::map<LDAPQuery, IdentifyInfo *> requests; + + public: + IdentifyInterface(Module *m) : LDAPInterface(m), Command("IDENTIFY", 0, 0) + { + this->service = NickServ; + } + + CommandReturn Execute(CommandSource &, const std::vector<Anope::string> &) { return MOD_STOP; } + + void Add(LDAPQuery id, IdentifyInfo *ii) + { + std::map<LDAPQuery, IdentifyInfo *>::iterator it = this->requests.find(id); + if (it != this->requests.end()) + delete it->second; + this->requests[id] = ii; + } + + void OnResult(const LDAPResult &r) + { + std::map<LDAPQuery, IdentifyInfo *>::iterator it = this->requests.find(r.id); + if (it == this->requests.end()) + return; + IdentifyInfo *ii = it->second; + this->requests.erase(it); + + User *u = *ii->user; + NickAlias *this_na = findnick(u->nick), *na = findnick(ii->account); + + if (!na) + { + na = new NickAlias(ii->account, new NickCore(ii->account)); + enc_encrypt(ii->pass, na->nc->pass); + + Anope::string last_usermask = u->GetIdent() + "@" + u->GetDisplayedHost(); + na->last_usermask = last_usermask; + na->last_realname = u->realname; + if (Config->NSAddAccessOnReg) + na->nc->AddAccess(create_mask(u)); + + u->SendMessage(NickServ, _("Your account \002%s\002 has been successfully created."), ii->account.c_str()); + } + + if (u->Account()) + Log(LOG_COMMAND, u, this) << "to log out of account " << u->Account()->display; + + na->last_realname = u->realname; + na->last_seen = Anope::CurTime; + + u->Login(na->nc); + ircdproto->SendAccountLogin(u, u->Account()); + ircdproto->SetAutoIdentificationToken(u); + + if (this_na && this_na->nc == na->nc) + u->SetMode(NickServ, UMODE_REGISTERED); + + u->UpdateHost(); + + Log(LOG_COMMAND, u, this) << "and identified for account " << u->Account()->display << " using LDAP"; + u->SendMessage(NickServ, _("Password accepted - you are now recognized.")); + if (ircd->vhost) + do_on_id(u); + if (Config->NSModeOnID) + do_setmodes(u); + + FOREACH_MOD(I_OnNickIdentify, OnNickIdentify(u)); + + delete ii; + } + + void OnError(const LDAPResult &r) + { + std::map<LDAPQuery, IdentifyInfo *>::iterator it = this->requests.find(r.id); + if (it == this->requests.end()) + return; + IdentifyInfo *ii = it->second; + this->requests.erase(it); + + if (!ii->user) + { + delete this; + return; + } + + User *u = *ii->user; + + Log(LOG_COMMAND, u, this) << "and failed to identify for account " << ii->account << ". LDAP error: " << r.getError(); + u->SendMessage(NickServ, _(PASSWORD_INCORRECT)); + bad_password(u); + delete ii; + } +}; + +class OnIdentifyInterface : public LDAPInterface +{ + std::map<LDAPQuery, Anope::string> requests; + + public: + OnIdentifyInterface(Module *m) : LDAPInterface(m) { } + + void Add(LDAPQuery id, const Anope::string &nick) + { + this->requests[id] = nick; + } + + void OnResult(const LDAPResult &r) + { + std::map<LDAPQuery, Anope::string>::iterator it = this->requests.find(r.id); + if (it == this->requests.end()) + return; + User *u = finduser(it->second); + this->requests.erase(it); + + if (!u || !u->Account()) + return; + + try + { + const LDAPAttributes &attr = r.get(0); + Anope::string email = attr.get(email_attribute); + + if (!email.equals_ci(u->Account()->email)) + { + u->Account()->email = email; + u->SendMessage(NickServ, "Your email has been updated to \002%s\002", email.c_str()); + Log() << "ns_identify_ldap: Updated email address for " << u->nick << " (" << u->Account()->display << ") to " << email; + } + } + catch (const LDAPException &ex) + { + Log() << "ns_identify_ldap: " << ex.GetReason(); + } + } + + void OnError(const LDAPResult &r) + { + this->requests.erase(r.id); + Log() << "ns_identify_ldap: " << r.error; + } +}; + +class NSIdentifyLDAP : public Module +{ + service_reference<LDAPProvider> ldap; + IdentifyInterface iinterface; + OnIdentifyInterface oninterface; + + Anope::string binddn; + Anope::string username_attribute; + bool disable_register; + Anope::string disable_reason; + public: + NSIdentifyLDAP(const Anope::string &modname, const Anope::string &creator) : + Module(modname, creator), ldap("ldap/main"), iinterface(this), oninterface(this) + { + this->SetAuthor("Anope"); + this->SetType(SUPPORTED); + + Implementation i[] = { I_OnReload, I_OnPreCommand, I_OnNickIdentify }; + ModuleManager::Attach(i, this, 3); + + OnReload(false); + } + + void OnReload(bool) + { + ConfigReader config; + + this->binddn = config.ReadValue("ns_identify_ldap", "binddn", "", 0); + this->username_attribute = config.ReadValue("ns_identify_ldap", "username_attribute", "", 0); + email_attribute = config.ReadValue("ns_identify_ldap", "email_attribute", "", 0); + this->disable_register = config.ReadFlag("ns_identify_ldap", "disable_ns_register", "false", 0); + this->disable_reason = config.ReadValue("ns_identify_ldap", "disable_reason", "", 0); + } + + EventReturn OnPreCommand(CommandSource &source, Command *command, const std::vector<Anope::string> ¶ms) + { + if (command->service == NickServ) + { + if (this->disable_register && command->name == "REGISTER") + { + source.Reply(_(this->disable_reason.c_str())); + return EVENT_STOP; + } + else if (command->name == "IDENTIFY" && !params.empty() && this->ldap) + { + Anope::string account = params.size() > 1 ? params[0] : source.u->nick; + Anope::string pass = params.size() > 1 ? params[1] : params[0]; + + NickAlias *na = findnick(account); + if (na) + { + account = na->nc->display; + + if (na->HasFlag(NS_FORBIDDEN) || na->nc->HasFlag(NI_SUSPENDED) || source.u->Account() == na->nc) + return EVENT_CONTINUE; + } + + IdentifyInfo *ii = new IdentifyInfo(source.u, account, pass); + try + { + Anope::string full_binddn = this->username_attribute + "=" + account + "," + this->binddn; + LDAPQuery id = this->ldap->Bind(&this->iinterface, full_binddn, pass); + this->iinterface.Add(id, ii); + } + catch (const LDAPException &ex) + { + delete ii; + Log() << "ns_identify_ldap: " << ex.GetReason(); + return EVENT_CONTINUE; + } + + return EVENT_STOP; + } + } + + return EVENT_CONTINUE; + } + + void OnNickIdentify(User *u) + { + if (email_attribute.empty()) + return; + + try + { + LDAPQuery id = this->ldap->Search(&this->oninterface, this->binddn, "(" + this->username_attribute + "=" + u->Account()->display + ")"); + this->oninterface.Add(id, u->nick); + } + catch (const LDAPException &ex) + { + Log() << "ns_identify_ldap: " << ex.GetReason(); + } + } +}; + +MODULE_INIT(NSIdentifyLDAP) |