#include "module.h" #include "modules/ldap.h" static Module *me; static Anope::string basedn; static Anope::string search_filter; static Anope::string object_class; static Anope::string email_attribute; static Anope::string username_attribute; struct IdentifyInfo { Reference user; IdentifyRequest *req; ServiceReference lprov; bool admin_bind; Anope::string dn; IdentifyInfo(User *u, IdentifyRequest *r, ServiceReference &lp) : user(u), req(r), lprov(lp), admin_bind(true) { req->Hold(me); } ~IdentifyInfo() { req->Release(me); } }; class IdentifyInterface : public LDAPInterface { std::map requests; public: IdentifyInterface(Module *m) : LDAPInterface(m) { } void Add(LDAPQuery id, IdentifyInfo *ii) { std::map::iterator it = this->requests.find(id); if (it != this->requests.end()) delete it->second; this->requests[id] = ii; } void OnResult(const LDAPResult &r) anope_override { std::map::iterator it = this->requests.find(r.id); if (it == this->requests.end()) return; IdentifyInfo *ii = it->second; this->requests.erase(it); if (!ii->lprov) { delete ii; return; } switch (r.type) { case LDAPResult::QUERY_SEARCH: { if (!r.empty()) { try { const LDAPAttributes &attr = r.get(0); ii->dn = attr.get("dn"); Log(LOG_DEBUG) << "m_ldap_authenticationn: binding as " << ii->dn; LDAPQuery id = ii->lprov->Bind(this, ii->dn, ii->req->GetPassword()); this->Add(id, ii); return; } catch (const LDAPException &ex) { Log(this->owner) << "m_ldap_authentication: Error binding after search: " << ex.GetReason(); } } break; } case LDAPResult::QUERY_BIND: { if (ii->admin_bind) { Anope::string sf = search_filter.replace_all_cs("%account", ii->req->GetAccount()).replace_all_cs("%object_class", object_class); try { Log(LOG_DEBUG) << "m_ldap_authentication: searching for " << sf; LDAPQuery id = ii->lprov->Search(this, basedn, sf); this->Add(id, ii); ii->admin_bind = false; return; } catch (const LDAPException &ex) { Log(this->owner) << "m_ldap_authentication: Unable to search for " << sf << ": " << ex.GetReason(); } } else { NickAlias *na = NickAlias::Find(ii->req->GetAccount()); if (na == NULL) { na = new NickAlias(ii->req->GetAccount(), new NickCore(ii->req->GetAccount())); FOREACH_MOD(I_OnNickRegister, OnNickRegister(ii->user, na)); if (ii->user && NickServ) ii->user->SendMessage(NickServ, _("Your account \002%s\002 has been successfully created."), na->nick.c_str()); } // encrypt and store the password in the nickcore Anope::Encrypt(ii->req->GetPassword(), na->nc->pass); na->nc->Extend("m_ldap_authentication_dn", new ExtensibleItemClass(ii->dn)); ii->req->Success(me); } break; } default: break; } delete ii; } void OnError(const LDAPResult &r) anope_override { std::map::iterator it = this->requests.find(r.id); if (it == this->requests.end()) return; IdentifyInfo *ii = it->second; this->requests.erase(it); delete ii; } }; class OnIdentifyInterface : public LDAPInterface { std::map requests; public: OnIdentifyInterface(Module *m) : LDAPInterface(m) { } void Add(LDAPQuery id, const Anope::string &nick) { this->requests[id] = nick; } void OnResult(const LDAPResult &r) anope_override { std::map::iterator it = this->requests.find(r.id); if (it == this->requests.end()) return; User *u = User::Find(it->second); this->requests.erase(it); if (!u || !u->Account() || r.empty()) return; try { const LDAPAttributes &attr = r.get(0); Anope::string email = attr.get(email_attribute); if (!email.equals_ci(u->Account()->email)) { u->Account()->email = email; if (NickServ) u->SendMessage(NickServ, _("Your email has been updated to \002%s\002"), email.c_str()); Log(this->owner) << "m_ldap_authentication: Updated email address for " << u->nick << " (" << u->Account()->display << ") to " << email; } } catch (const LDAPException &ex) { Log(this->owner) << "m_ldap_authentication: " << ex.GetReason(); } } void OnError(const LDAPResult &r) anope_override { this->requests.erase(r.id); Log(this->owner) << "m_ldap_authentication: " << r.error; } }; class OnRegisterInterface : public LDAPInterface { public: OnRegisterInterface(Module *m) : LDAPInterface(m) { } void OnResult(const LDAPResult &r) anope_override { Log(this->owner) << "m_ldap_authentication: Successfully added newly created account to LDAP"; } void OnError(const LDAPResult &r) anope_override { Log(this->owner) << "m_ldap_authentication: Error adding newly created account to LDAP: " << r.getError(); } }; class NSIdentifyLDAP : public Module { ServiceReference ldap; IdentifyInterface iinterface; OnIdentifyInterface oninterface; OnRegisterInterface orinterface; Anope::string password_attribute; Anope::string disable_register_reason; Anope::string disable_email_reason; public: NSIdentifyLDAP(const Anope::string &modname, const Anope::string &creator) : Module(modname, creator, EXTRA | VENDOR), ldap("LDAPProvider", "ldap/main"), iinterface(this), oninterface(this), orinterface(this) { me = this; Implementation i[] = { I_OnReload, I_OnPreCommand, I_OnCheckAuthentication, I_OnNickIdentify, I_OnNickRegister }; ModuleManager::Attach(i, this, sizeof(i) / sizeof(Implementation)); ModuleManager::SetPriority(this, PRIORITY_FIRST); } void OnReload(Configuration::Conf *config) anope_override { Configuration::Block *conf = Config->GetModule(this); basedn = conf->Get("basedn"); search_filter = conf->Get("search_filter"); object_class = conf->Get("object_class"); username_attribute = conf->Get("username_attribute"); this->password_attribute = conf->Get("password_attribute"); email_attribute = conf->Get("email_attribute"); this->disable_register_reason = conf->Get("disable_register_reason"); this->disable_email_reason = conf->Get("disable_email_reason"); if (!email_attribute.empty()) /* Don't complain to users about how they need to update their email, we will do it for them */ config->GetBlock("nickserv")->Set("forceemail", "false"); } EventReturn OnPreCommand(CommandSource &source, Command *command, std::vector ¶ms) anope_override { if (!this->disable_register_reason.empty() && command->name == "nickserv/register") { source.Reply(this->disable_register_reason); return EVENT_STOP; } else if (!email_attribute.empty() && !this->disable_email_reason.empty() && command->name == "nickserv/set/email") { source.Reply(this->disable_email_reason); return EVENT_STOP; } return EVENT_CONTINUE; } void OnCheckAuthentication(User *u, IdentifyRequest *req) anope_override { if (!this->ldap) return; IdentifyInfo *ii = new IdentifyInfo(u, req, this->ldap); try { LDAPQuery id = this->ldap->BindAsAdmin(&this->iinterface); this->iinterface.Add(id, ii); } catch (const LDAPException &ex) { delete ii; Log(this) << ex.GetReason(); } } void OnNickIdentify(User *u) anope_override { if (email_attribute.empty() || !this->ldap || !u->Account()->HasExt("m_ldap_authentication_dn")) return; Anope::string *dn = u->Account()->GetExt *>("m_ldap_authentication_dn"); if (!dn || dn->empty()) return; try { LDAPQuery id = this->ldap->Search(&this->oninterface, *dn, "(" + email_attribute + "=*)"); this->oninterface.Add(id, u->nick); } catch (const LDAPException &ex) { Log(this) << ex.GetReason(); } } void OnNickRegister(User *, NickAlias *na) anope_override { if (!this->disable_register_reason.empty() || !this->ldap) return; try { this->ldap->BindAsAdmin(NULL); LDAPMods attributes; attributes.resize(4); attributes[0].name = "objectClass"; attributes[0].values.push_back("top"); attributes[0].values.push_back(object_class); attributes[1].name = username_attribute; attributes[1].values.push_back(na->nick); if (!na->nc->email.empty()) { attributes[2].name = email_attribute; attributes[2].values.push_back(na->nc->email); } attributes[3].name = this->password_attribute; attributes[3].values.push_back(na->nc->pass); Anope::string new_dn = username_attribute + "=" + na->nick + "," + basedn; this->ldap->Add(&this->orinterface, new_dn, attributes); } catch (const LDAPException &ex) { Log(this) << ex.GetReason(); } } }; MODULE_INIT(NSIdentifyLDAP)