*
* x3 is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
+ * the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
LDAP *ld = NULL;
+int admin_bind = false;
int ldap_do_init()
{
if(!nickserv_conf.ldap_enable)
return false;
/* TODO: check here for all required config options and exit() out if not present */
- ld = ldap_init(nickserv_conf.ldap_host, nickserv_conf.ldap_port);
- if(ld == NULL) {
+ //ld = ldap_init(nickserv_conf.ldap_host, nickserv_conf.ldap_port);
+
+ //if(ld == NULL) {
+ if(ldap_initialize(&ld, nickserv_conf.ldap_uri)) {
log_module(MAIN_LOG, LOG_ERROR, "LDAP initilization failed!\n");
exit(1);
}
ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &nickserv_conf.ldap_version);
- log_module(MAIN_LOG, LOG_INFO, "Success! ldap_init() was successfull in connecting to %s port %d\n", nickserv_conf.ldap_host, nickserv_conf.ldap_port );
+ log_module(MAIN_LOG, LOG_INFO, "Success! ldap_init() was successfull in connecting to %s\n", nickserv_conf.ldap_uri);
return true;
}
return q;
}
else {
- log_module(MAIN_LOG, LOG_ERROR, "Bind failed: %s/****** (%d)", dn, q);
- ldap_perror(ld, "ldap");
+ log_module(MAIN_LOG, LOG_ERROR, "Bind failed: %s/****** (%s)", dn, ldap_err2string(q));
+ /* ldap_perror(ld, "ldap"); */
ldap_do_init();
}
if(n++ > 1) {
}
int ldap_do_admin_bind()
{
+ int rc;
if(!(nickserv_conf.ldap_admin_dn && *nickserv_conf.ldap_admin_dn &&
nickserv_conf.ldap_admin_pass && *nickserv_conf.ldap_admin_pass)) {
log_module(MAIN_LOG, LOG_ERROR, "Tried to admin bind, but no admin credentials configured in config file. ldap_admin_dn/ldap_admin_pass");
return LDAP_OTHER; /* not configured to do this */
}
- return(ldap_do_bind(nickserv_conf.ldap_admin_dn, nickserv_conf.ldap_admin_pass));
+ rc = ldap_do_bind(nickserv_conf.ldap_admin_dn, nickserv_conf.ldap_admin_pass);
+ if(rc == LDAP_SUCCESS)
+ admin_bind = true;
+ return rc;
}
memset(buff, 0, MAXLEN);
snprintf(buff, sizeof(buff)-1, nickserv_conf.ldap_dn_fmt /*"uid=%s,ou=Users,dc=afternet,dc=org"*/, account);
+ admin_bind = false;
return ldap_do_bind(buff, pass);
}
Now we do a search;
*/
timeout.tv_usec = 0;
- timeout.tv_sec = 5;
- if(LDAP_SUCCESS != ( rc = ldap_do_admin_bind())) {
+ timeout.tv_sec = nickserv_conf.ldap_timeout;
+ if(!admin_bind && LDAP_SUCCESS != ( rc = ldap_do_admin_bind())) {
log_module(MAIN_LOG, LOG_ERROR, "failed to bind as admin");
return rc;
}
}
log_module(MAIN_LOG, LOG_DEBUG, "Search successfull! %s %s\n", nickserv_conf.ldap_base, filter);
if(ldap_count_entries(ld, res) != 1) {
- log_module(MAIN_LOG, LOG_ERROR, "LDAP search got %d entries when looking for %s", ldap_count_entries(ld, res), account);
+ log_module(MAIN_LOG, LOG_DEBUG, "LDAP search got %d entries when looking for %s", ldap_count_entries(ld, res), account);
return(LDAP_OTHER); /* Search was a success, but user not found.. */
}
log_module(MAIN_LOG, LOG_DEBUG, "LDAP search got %d entries", ldap_count_entries(ld, res));
int rc;
char **value;
LDAPMessage *entry, *res;
- *email = NULL;
+ if(email)
+ *email = NULL;
if( (rc = ldap_search_user(account, &res)) == LDAP_SUCCESS) {
entry = ldap_first_entry(ld, res);
value = ldap_get_values(ld, entry, nickserv_conf.ldap_field_email);
if(!value) {
return(LDAP_OTHER);
}
- *email = strdup(value[0]);
+ if(email)
+ *email = strdup(value[0]);
log_module(MAIN_LOG, LOG_DEBUG, "%s: %s\n", nickserv_conf.ldap_field_email, value[0]);
/*
value = ldap_get_values(ld, entry, "description");
/********* base64 stuff ***********/
-unsigned char *pack(char *str, unsigned int *len)
+unsigned char *pack(const char *str, unsigned int *len)
{
int nibbleshift = 4;
int first = 1;
int outputpos = -1;
memset(buf, 0, MAXLEN+1);
- v = str;
+ v = (char *)str;
while(*v) {
char n = *(v++);
return NULL;
}
- result = (char *)calloc(((length + 2) / 3) * 4, sizeof(char));
+ result = (char *)calloc((((length + 2) / 3) * 4)+1, sizeof(char));
p = result;
while (length > 2) { /* keep going until we have less than 24 bits */
return object_vals;
}
-char *make_password(const char *password)
+char *make_password(const char *crypted)
{
char *base64pass;
- char crypted[MD5_CRYPT_LENGTH+1];
unsigned char *packed;
unsigned int len;
char *passbuf;
- cryptpass(password, crypted);
packed = pack(crypted, &len);
base64pass = base64_encode(packed, len, NULL);
return mods;
}
-int ldap_do_add(const char *account, const char *password, const char *email)
+int ldap_do_add(const char *account, const char *crypted, const char *email)
{
char newdn[MAXLEN];
LDAPMod **mods;
int num_mods;
char *passbuf;
- if(LDAP_SUCCESS != ( rc = ldap_do_admin_bind())) {
+ if(!admin_bind && LDAP_SUCCESS != ( rc = ldap_do_admin_bind())) {
log_module(MAIN_LOG, LOG_ERROR, "failed to bind as admin");
return rc;
}
- passbuf = make_password(password);
+ passbuf = make_password(crypted);
snprintf(newdn, MAXLEN-1, nickserv_conf.ldap_dn_fmt, account);
- mods = make_mods_add(account, password, email, &num_mods);
+ mods = make_mods_add(account, passbuf, email, &num_mods);
if(!mods) {
log_module(MAIN_LOG, LOG_ERROR, "Error building mods for ldap_add");
return LDAP_OTHER;
}
rc = ldap_add_ext_s(ld, newdn, mods, NULL, NULL);
- if(rc != LDAP_SUCCESS) {
+ if(rc != LDAP_SUCCESS && rc!= LDAP_ALREADY_EXISTS) {
log_module(MAIN_LOG, LOG_ERROR, "Error adding ldap account: %s -- %s", account, ldap_err2string(rc));
- return rc;
+ // return rc;
}
//ldap_unbind_s(ld);
for(i = 0; i < num_mods; i++) {
int ldap_delete_account(char *account)
{
char dn[MAXLEN];
+ int rc;
+
+ if(!admin_bind && LDAP_SUCCESS != ( rc = ldap_do_admin_bind())) {
+ log_module(MAIN_LOG, LOG_ERROR, "failed to bind as admin");
+ return rc;
+ }
+
memset(dn, 0, MAXLEN);
snprintf(dn, MAXLEN-1, nickserv_conf.ldap_dn_fmt, account);
return(ldap_delete_s(ld, dn));
char dn[MAXLEN], newdn[MAXLEN];
int rc;
- if(LDAP_SUCCESS != ( rc = ldap_do_admin_bind())) {
+ if(!admin_bind && LDAP_SUCCESS != ( rc = ldap_do_admin_bind())) {
log_module(MAIN_LOG, LOG_ERROR, "failed to bind as admin");
return rc;
}
rc = ldap_modrdn2_s(ld, dn, newdn, true);
if(rc != LDAP_SUCCESS) {
log_module(MAIN_LOG, LOG_ERROR, "Error modifying ldap account: %s -- %s", oldaccount, ldap_err2string(rc));
- return rc;
+ //return rc;
}
return rc;
int num_mods;
char *passbuf = NULL;
- if(LDAP_SUCCESS != ( rc = ldap_do_admin_bind())) {
+ if(!admin_bind && LDAP_SUCCESS != ( rc = ldap_do_admin_bind())) {
log_module(MAIN_LOG, LOG_ERROR, "failed to bind as admin");
return rc;
}
snprintf(dn, MAXLEN-1, nickserv_conf.ldap_dn_fmt, account);
mods = make_mods_modify(passbuf, email, &num_mods);
if(!mods) {
- log_module(MAIN_LOG, LOG_ERROR, "Error building mods for ldap_add");
+ log_module(MAIN_LOG, LOG_ERROR, "Error building mods for ldap_do_modify");
return LDAP_OTHER;
}
rc = ldap_modify_s(ld, dn, mods);
if(rc != LDAP_SUCCESS) {
- log_module(MAIN_LOG, LOG_ERROR, "Error adding ldap account: %s -- %s", account, ldap_err2string(rc));
- return rc;
+ log_module(MAIN_LOG, LOG_ERROR, "Error modifying ldap account: %s -- %s", account, ldap_err2string(rc));
+ // return rc;
}
for(i = 0; i < num_mods; i++) {
free(mods[i]->mod_type);
int num_mods;
int rc, i;
- if(LDAP_SUCCESS != ( rc = ldap_do_admin_bind())) {
+ if(!admin_bind && LDAP_SUCCESS != ( rc = ldap_do_admin_bind())) {
log_module(MAIN_LOG, LOG_ERROR, "failed to bind as admin");
return rc;
}
return LDAP_OTHER;
}
rc = ldap_modify_s(ld, group, mods);
- if(rc != LDAP_SUCCESS) {
+ if(rc != LDAP_SUCCESS && rc != LDAP_TYPE_OR_VALUE_EXISTS) {
log_module(MAIN_LOG, LOG_ERROR, "Error adding %s to group %s: %s", account, group, ldap_err2string(rc));
return rc;
}
int num_mods;
int rc, i;
- if(LDAP_SUCCESS != ( rc = ldap_do_admin_bind())) {
+ if(!admin_bind && LDAP_SUCCESS != ( rc = ldap_do_admin_bind())) {
log_module(MAIN_LOG, LOG_ERROR, "failed to bind as admin");
return rc;
}
return LDAP_OTHER;
}
rc = ldap_modify_s(ld, group, mods);
- if(rc != LDAP_SUCCESS) {
+ if(rc != LDAP_SUCCESS && rc != LDAP_NO_SUCH_ATTRIBUTE) {
log_module(MAIN_LOG, LOG_ERROR, "Error removing %s from group %s: %s", account, group, ldap_err2string(rc));
return rc;
}
void ldap_close()
{
+ admin_bind = false;
ldap_unbind(ld);
}