From 87f8c35e03da9fdceae423b0da9a2ce179b83fb2 Mon Sep 17 00:00:00 2001 From: Sadie Powell Date: Thu, 20 Apr 2023 11:51:10 +0100 Subject: Merge and . Closes #1478. --- src/modules/m_ldapauth.cpp | 50 ++++++++++++++++++++-------------------------- 1 file changed, 22 insertions(+), 28 deletions(-) (limited to 'src/modules/m_ldapauth.cpp') diff --git a/src/modules/m_ldapauth.cpp b/src/modules/m_ldapauth.cpp index b10945a43..c74140f9c 100644 --- a/src/modules/m_ldapauth.cpp +++ b/src/modules/m_ldapauth.cpp @@ -320,8 +320,7 @@ class ModuleLDAPAuth final StringExtItem ldapVhost; std::string base; std::string attribute; - std::vector allowpatterns; - std::vector whitelistedcidrs; + std::vector exemptions; bool useusername; public: @@ -339,9 +338,6 @@ public: void ReadConfig(ConfigStatus& status) override { const auto& tag = ServerInstance->Config->ConfValue("ldapauth"); - whitelistedcidrs.clear(); - requiredattributes.clear(); - base = tag->getString("baserdn"); attribute = tag->getString("attribute"); killreason = tag->getString("killreason"); @@ -352,14 +348,7 @@ public: LDAP.SetProvider("LDAP/" + tag->getString("dbid")); - for (const auto& [_, wtag] : ServerInstance->Config->ConfTags("ldapwhitelist")) - { - std::string cidr = wtag->getString("cidr"); - if (!cidr.empty()) { - whitelistedcidrs.push_back(cidr); - } - } - + requiredattributes.clear(); for (const auto& [_, rtag] : ServerInstance->Config->ConfTags("ldaprequire")) { const std::string attr = rtag->getString("attribute"); @@ -369,12 +358,26 @@ public: requiredattributes.emplace_back(attr, val); } - std::string allowpattern = tag->getString("allowpattern"); - irc::spacesepstream ss(allowpattern); - for (std::string more; ss.GetToken(more); ) + exemptions.clear(); + for (const auto& [_, etag] : ServerInstance->Config->ConfTags("ldapexemption")) + { + const std::string mask = etag->getString("mask"); + if (!mask.empty()) + exemptions.push_back(mask); + } + + // Begin v3 config compatibility. + for (const auto& [_, wtag] : ServerInstance->Config->ConfTags("ldapwhitelist")) { - allowpatterns.push_back(more); + const std::string cidr = wtag->getString("cidr"); + if (!cidr.empty()) + exemptions.push_back("*!*@" + cidr); } + + irc::spacesepstream nickstream(tag->getString("allowpattern")); + for (std::string nick; nickstream.GetToken(nick); ) + exemptions.push_back(nick + "!*@*"); + // End v3 config compatibility. } void OnUserConnect(LocalUser* user) override @@ -389,18 +392,9 @@ public: ModResult OnUserRegister(LocalUser* user) override { - for (const auto& allowpattern : allowpatterns) - { - if (InspIRCd::Match(user->nick, allowpattern)) - { - ldapAuthed.Set(user, true); - return MOD_RES_PASSTHRU; - } - } - - for (const auto& whitelistedcidr : whitelistedcidrs) + for (const auto& exemption : exemptions) { - if (InspIRCd::MatchCIDR(user->GetAddress(), whitelistedcidr, ascii_case_insensitive_map)) + if (InspIRCd::MatchCIDR(user->GetRealMask(), exemption) || InspIRCd::MatchCIDR(user->GetMask(), exemption)) { ldapAuthed.Set(user, true); return MOD_RES_PASSTHRU; -- cgit v1.3.1-10-gc9f91