remove qualifiers warning

[irc/evilnet/x3.git] / src / x3ldap.c

diff --git a/src/x3ldap.c b/src/x3ldap.c
index d108d137c89b1c62490e32291f183b26a8cd2eba..de62b210793b78065869070bc8424e554f7b6006 100644 (file)
--- a/src/x3ldap.c
+++ b/src/x3ldap.c
@@ -5,7 +5,7 @@
  *
  * x3 is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
+ * the Free Software Foundation; either version 3 of the License, or
  * (at your option) any later version.
  *
  * This program is distributed in the hope that it will be useful,
@@ -42,6 +42,7 @@ extern struct nickserv_config nickserv_conf;
 
 
 LDAP *ld = NULL;
+int admin_bind = false;
 
 int ldap_do_init()
 {
@@ -98,16 +99,20 @@ unsigned int ldap_do_bind( const char *dn, const char *pass)
 }
 int ldap_do_admin_bind()
 {
+   int rc;
    if(!(nickserv_conf.ldap_admin_dn && *nickserv_conf.ldap_admin_dn && 
       nickserv_conf.ldap_admin_pass && *nickserv_conf.ldap_admin_pass)) {
        log_module(MAIN_LOG, LOG_ERROR, "Tried to admin bind, but no admin credentials configured in config file. ldap_admin_dn/ldap_admin_pass");
        return LDAP_OTHER; /* not configured to do this */
     }
-    return(ldap_do_bind(nickserv_conf.ldap_admin_dn, nickserv_conf.ldap_admin_pass));
+    rc = ldap_do_bind(nickserv_conf.ldap_admin_dn, nickserv_conf.ldap_admin_pass);
+    if(rc == LDAP_SUCCESS)
+       admin_bind = true;
+    return rc;
 }
 
 
-unsigned int ldap_check_auth( char *account, char *pass)
+unsigned int ldap_check_auth( const char *account, const char *pass)
 {
    char buff[MAXLEN];
 
@@ -116,6 +121,7 @@ unsigned int ldap_check_auth( char *account, char *pass)
 
    memset(buff, 0, MAXLEN);
    snprintf(buff, sizeof(buff)-1, nickserv_conf.ldap_dn_fmt /*"uid=%s,ou=Users,dc=afternet,dc=org"*/, account);
+   admin_bind = false;
    return ldap_do_bind(buff, pass);
 
 }
@@ -136,7 +142,7 @@ int ldap_search_user(char *account, LDAPMessage **entry)
     */
    timeout.tv_usec = 0;
    timeout.tv_sec  = nickserv_conf.ldap_timeout;
-    if(LDAP_SUCCESS != ( rc = ldap_do_admin_bind())) {
+    if(!admin_bind && LDAP_SUCCESS != ( rc = ldap_do_admin_bind())) {
        log_module(MAIN_LOG, LOG_ERROR, "failed to bind as admin");
        return rc;
     }
@@ -146,7 +152,7 @@ int ldap_search_user(char *account, LDAPMessage **entry)
    }
    log_module(MAIN_LOG, LOG_DEBUG, "Search successfull!  %s    %s\n", nickserv_conf.ldap_base, filter);
    if(ldap_count_entries(ld, res) != 1) {
-      log_module(MAIN_LOG, LOG_ERROR, "LDAP search got %d entries when looking for %s", ldap_count_entries(ld, res), account);
+      log_module(MAIN_LOG, LOG_DEBUG, "LDAP search got %d entries when looking for %s", ldap_count_entries(ld, res), account);
       return(LDAP_OTHER); /* Search was a success, but user not found.. */
    }
    log_module(MAIN_LOG, LOG_DEBUG, "LDAP search got %d entries", ldap_count_entries(ld, res));
@@ -161,19 +167,21 @@ int ldap_search_user(char *account, LDAPMessage **entry)
  * 0 or 2+ entries are matched, or the proper ldap error
  * code for other errors.
  */ 
-int ldap_get_user_info(char *account, char **email) 
+int ldap_get_user_info(const char *account, char **email) 
 {
     int rc;
     char **value;
     LDAPMessage *entry, *res;
-    *email = NULL;
+    if(email)
+      *email = NULL;
     if( (rc = ldap_search_user(account, &res)) == LDAP_SUCCESS) {
         entry = ldap_first_entry(ld, res);
         value = ldap_get_values(ld, entry, nickserv_conf.ldap_field_email);
         if(!value) {
            return(LDAP_OTHER);
         }
-        *email = strdup(value[0]);
+        if(email)
+          *email = strdup(value[0]);
         log_module(MAIN_LOG, LOG_DEBUG, "%s: %s\n", nickserv_conf.ldap_field_email, value[0]);
         /*
         value = ldap_get_values(ld, entry, "description");
@@ -264,7 +272,7 @@ char *base64_encode(const unsigned  char *str, int length, int *ret_length)
         return NULL;
     }
 
-    result = (char *)calloc(((length + 2) / 3) * 4, sizeof(char));
+    result = (char *)calloc((((length + 2) / 3) * 4)+1, sizeof(char));
     p = result;
 
     while (length > 2) { /* keep going until we have less than 24 bits */
@@ -306,13 +314,14 @@ char **make_object_vals()
     if(object_vals)
        free(object_vals);
 
-    object_vals = malloc(sizeof( *object_vals ) * nickserv_conf.ldap_object_classes->used);
+    object_vals = malloc(sizeof( *object_vals ) * (nickserv_conf.ldap_object_classes->used+1));
 
     for(y = 0; y < nickserv_conf.ldap_object_classes->used; y++) {
         object_vals[y] = nickserv_conf.ldap_object_classes->list[y];
     }
     object_vals[y] = NULL;
     return object_vals;
+    /* NOTE: The return value of this is only good until the next call to it. */
 }
 
 char *make_password(const char *crypted)
@@ -338,15 +347,26 @@ LDAPMod **make_mods_add(const char *account, const char *password, const char *e
     static char *account_vals[] = { NULL, NULL };
     static char *password_vals[] = { NULL, NULL };
     static char *email_vals[] = { NULL, NULL };
-    int num_mods = 3;
+    int num_mods = 2;
     int i;
+    int mod = 0;
     /* TODO: take this from nickserv_conf.ldap_add_objects */
     LDAPMod **mods;
     static char **object_vals;
+
+    account_vals[0] = NULL;
+    account_vals[1] = NULL;
+    password_vals[0] = NULL;
+    password_vals[1] = NULL;
+    email_vals[0] = NULL;
+    email_vals[1] = NULL;
     object_vals = make_object_vals();
 
     account_vals[0] = (char *) account;
-    password_vals[0] = (char *) password;
+    if (password != NULL) {
+      password_vals[0] = (char *) password;
+      num_mods++;
+    }
     email_vals[0] = (char *) email;
 
     if(!(nickserv_conf.ldap_field_account && *nickserv_conf.ldap_field_account))
@@ -362,26 +382,30 @@ LDAPMod **make_mods_add(const char *account, const char *password, const char *e
       memset(mods[i], 0, sizeof(LDAPMod));
     }
 
-    mods[0]->mod_op = LDAP_MOD_ADD;
-    mods[0]->mod_type = strdup("objectclass");
-    mods[0]->mod_values = object_vals;
+    mods[mod]->mod_op = LDAP_MOD_ADD;
+    mods[mod]->mod_type = strdup("objectclass");
+    mods[mod]->mod_values = object_vals;
+    mod++;
 
-    mods[1]->mod_op = LDAP_MOD_ADD;
-    mods[1]->mod_type = strdup(nickserv_conf.ldap_field_account);
-    mods[1]->mod_values = account_vals;
+    mods[mod]->mod_op = LDAP_MOD_ADD;
+    mods[mod]->mod_type = strdup(nickserv_conf.ldap_field_account);
+    mods[mod]->mod_values = account_vals;
+    mod++;
 
-    mods[2]->mod_op = LDAP_MOD_ADD;
-    mods[2]->mod_type = strdup(nickserv_conf.ldap_field_password);
-    mods[2]->mod_values = password_vals;
+    if (password != NULL) {
+      mods[mod]->mod_op = LDAP_MOD_ADD;
+      mods[mod]->mod_type = strdup(nickserv_conf.ldap_field_password);
+      mods[mod]->mod_values = password_vals;
+      mod++;
+    }
 
     if(nickserv_conf.ldap_field_email && *nickserv_conf.ldap_field_email && email && *email) {
-        mods[3]->mod_op = LDAP_MOD_ADD;
-        mods[3]->mod_type = strdup(nickserv_conf.ldap_field_email);
-        mods[3]->mod_values = email_vals;
-        mods[4] = NULL;
+      mods[mod]->mod_op = LDAP_MOD_ADD;
+      mods[mod]->mod_type = strdup(nickserv_conf.ldap_field_email);
+      mods[mod]->mod_values = email_vals;
+      mod++;
     }
-    else
-       mods[3] = NULL;
+    mods[mod] = NULL;
     *num_mods_ret = num_mods;
     return mods;
 }
@@ -394,14 +418,15 @@ int ldap_do_add(const char *account, const char *crypted, const char *email)
     int num_mods;
     char *passbuf;
     
-    if(LDAP_SUCCESS != ( rc = ldap_do_admin_bind())) {
+    if(!admin_bind && LDAP_SUCCESS != ( rc = ldap_do_admin_bind())) {
        log_module(MAIN_LOG, LOG_ERROR, "failed to bind as admin");
        return rc;
     }
-    
-    passbuf = make_password(crypted);
+
+    if (crypted != NULL)
+      passbuf = make_password(crypted);
     snprintf(newdn, MAXLEN-1, nickserv_conf.ldap_dn_fmt, account);
-    mods = make_mods_add(account, passbuf, email, &num_mods);
+    mods = make_mods_add(account, (crypted != NULL ? passbuf : crypted), email, &num_mods);
     if(!mods) {
        log_module(MAIN_LOG, LOG_ERROR, "Error building mods for ldap_add");
        return LDAP_OTHER;
@@ -409,7 +434,7 @@ int ldap_do_add(const char *account, const char *crypted, const char *email)
     rc = ldap_add_ext_s(ld, newdn, mods, NULL, NULL);
     if(rc != LDAP_SUCCESS && rc!= LDAP_ALREADY_EXISTS) {
        log_module(MAIN_LOG, LOG_ERROR, "Error adding ldap account: %s -- %s", account, ldap_err2string(rc));
-       return rc;
+    //   return rc;
     }
     //ldap_unbind_s(ld);
     for(i = 0; i < num_mods; i++) {
@@ -417,7 +442,8 @@ int ldap_do_add(const char *account, const char *crypted, const char *email)
        free(mods[i]);
     }
     free(mods);
-    free(passbuf);
+    if (crypted != NULL)
+      free(passbuf);
     return rc;
 }
 
@@ -426,7 +452,7 @@ int ldap_delete_account(char *account)
     char dn[MAXLEN];
     int rc;
 
-    if(LDAP_SUCCESS != ( rc = ldap_do_admin_bind())) {
+    if(!admin_bind && LDAP_SUCCESS != ( rc = ldap_do_admin_bind())) {
        log_module(MAIN_LOG, LOG_ERROR, "failed to bind as admin");
        return rc;
     }
@@ -441,7 +467,7 @@ int ldap_rename_account(char *oldaccount, char *newaccount)
     char dn[MAXLEN], newdn[MAXLEN];
     int rc;
 
-    if(LDAP_SUCCESS != ( rc = ldap_do_admin_bind())) {
+    if(!admin_bind && LDAP_SUCCESS != ( rc = ldap_do_admin_bind())) {
        log_module(MAIN_LOG, LOG_ERROR, "failed to bind as admin");
        return rc;
     }
@@ -455,7 +481,7 @@ int ldap_rename_account(char *oldaccount, char *newaccount)
     rc = ldap_modrdn2_s(ld, dn, newdn, true);
     if(rc != LDAP_SUCCESS) {
        log_module(MAIN_LOG, LOG_ERROR, "Error modifying ldap account: %s -- %s", oldaccount, ldap_err2string(rc));
-       return rc;
+       //return rc;
     }
     return rc;
     
@@ -510,6 +536,56 @@ LDAPMod **make_mods_modify(const char *password, const char *email, int *num_mod
     return mods;
 }
 
+/* Save OpServ level to LDAP
+ *
+ * level    - OpServ level
+ *
+ * A level of <0 will be treated as 0
+ */
+int ldap_do_oslevel(const char *account, int level, int oldlevel)
+{
+  LDAPMod **mods;
+  static char *oslevel_vals[] = { NULL, NULL };
+  char dn[MAXLEN], temp[MAXLEN];
+  int rc;
+
+  if(!admin_bind && LDAP_SUCCESS != ( rc = ldap_do_admin_bind())) {
+    log_module(MAIN_LOG, LOG_ERROR, "failed to bind as admin");
+    return rc;
+  }
+
+  if (level < 0) {
+    level = 0;
+  }
+
+  snprintf(temp, MAXLEN-1, "%d", (level ? level : oldlevel));
+  oslevel_vals[0] = (char *) temp;
+
+  if(!(nickserv_conf.ldap_field_oslevel && *nickserv_conf.ldap_field_oslevel))
+    return 0;
+
+  snprintf(dn, MAXLEN-1, nickserv_conf.ldap_dn_fmt, account);
+
+  mods = ( LDAPMod ** ) malloc(( 1 ) * sizeof( LDAPMod * ));
+  mods[0] = (LDAPMod *) malloc(sizeof(LDAPMod));
+  memset(mods[0], 0, sizeof(LDAPMod));
+
+  mods[0]->mod_op = (level ? LDAP_MOD_REPLACE : LDAP_MOD_DELETE);
+  mods[0]->mod_type = strdup(nickserv_conf.ldap_field_oslevel);
+  mods[0]->mod_values = oslevel_vals;
+  mods[1] = NULL;
+
+  rc = ldap_modify_s(ld, dn, mods);
+  if(rc != LDAP_SUCCESS) {
+    log_module(MAIN_LOG, LOG_ERROR, "Error modifying ldap OpServ level: %s -- %s", account, ldap_err2string(rc));
+    //return rc;
+  }
+  free(mods[0]->mod_type);
+  free(mods[0]);
+  free(mods);
+
+  return rc;
+}
 
 /* Save email or password to server
  *
@@ -526,7 +602,7 @@ int ldap_do_modify(const char *account, const char *password, const char *email)
     int num_mods;
     char *passbuf = NULL;
     
-    if(LDAP_SUCCESS != ( rc = ldap_do_admin_bind())) {
+    if(!admin_bind && LDAP_SUCCESS != ( rc = ldap_do_admin_bind())) {
        log_module(MAIN_LOG, LOG_ERROR, "failed to bind as admin");
        return rc;
     }
@@ -538,13 +614,13 @@ int ldap_do_modify(const char *account, const char *password, const char *email)
     snprintf(dn, MAXLEN-1, nickserv_conf.ldap_dn_fmt, account);
     mods = make_mods_modify(passbuf, email, &num_mods);
     if(!mods) {
-       log_module(MAIN_LOG, LOG_ERROR, "Error building mods for ldap_add");
+       log_module(MAIN_LOG, LOG_ERROR, "Error building mods for ldap_do_modify");
        return LDAP_OTHER;
     }
     rc = ldap_modify_s(ld, dn, mods);
     if(rc != LDAP_SUCCESS) {
-       log_module(MAIN_LOG, LOG_ERROR, "Error adding ldap account: %s -- %s", account, ldap_err2string(rc));
-       return rc;
+       log_module(MAIN_LOG, LOG_ERROR, "Error modifying ldap account: %s -- %s", account, ldap_err2string(rc));
+    //   return rc;
     }
     for(i = 0; i < num_mods; i++) {
        free(mods[i]->mod_type);
@@ -592,7 +668,7 @@ int ldap_add2group(char *account, const char *group)
     int num_mods;
     int rc, i;
 
-    if(LDAP_SUCCESS != ( rc = ldap_do_admin_bind())) {
+    if(!admin_bind && LDAP_SUCCESS != ( rc = ldap_do_admin_bind())) {
        log_module(MAIN_LOG, LOG_ERROR, "failed to bind as admin");
        return rc;
     }
@@ -602,7 +678,7 @@ int ldap_add2group(char *account, const char *group)
        return LDAP_OTHER;
     }
     rc = ldap_modify_s(ld, group, mods);
-    if(rc != LDAP_SUCCESS && rc != LDAP_ALREADY_EXISTS) {
+    if(rc != LDAP_SUCCESS && rc != LDAP_TYPE_OR_VALUE_EXISTS) {
        log_module(MAIN_LOG, LOG_ERROR, "Error adding %s to group %s: %s", account, group, ldap_err2string(rc));
        return rc;
     }
@@ -620,7 +696,7 @@ int ldap_delfromgroup(char *account, const char *group)
     int num_mods;
     int rc, i;
 
-    if(LDAP_SUCCESS != ( rc = ldap_do_admin_bind())) {
+    if(!admin_bind && LDAP_SUCCESS != ( rc = ldap_do_admin_bind())) {
        log_module(MAIN_LOG, LOG_ERROR, "failed to bind as admin");
        return rc;
     }
@@ -645,6 +721,7 @@ int ldap_delfromgroup(char *account, const char *group)
 
 void ldap_close()
 {
+   admin_bind = false;
    ldap_unbind(ld);
 }