m_ldapauth.cpp: Allow multiple patterns for users to bypass LDAP auth

2025-03-10 02:59:01 -04:00 · 2014-02-05 18:41:30 -02:00 · 2014-02-05 18:41:30 -02:00 · 4ed0292914
commit 4ed0292914
parent 9dd4108273
2 changed files with 19 additions and 9 deletions
--- a/docs/conf/modules.conf.example
+++ b/docs/conf/modules.conf.example
@ -980,7 +980,7 @@
 # <ldapauth dbid="ldapdb"                                             #
 #           baserdn="ou=People,dc=brainbox,dc=cc"                     #
 #           attribute="uid"                                           #
-#           allowpattern="Guest*"                                     #
+#           allowpattern="Guest* Bot*"                                #
 #           killreason="Access denied"                                #
 #           verbose="yes"                                             #
 #           host="$uid.$ou.inspircd.org">                             #
@ -995,9 +995,10 @@
 # The attribute value indicates the attribute which is used to locate #
 # a user account by name. On POSIX systems this is usually 'uid'.     #
 #                                                                     #
-# The allowpattern value allows you to specify a wildcard mask which  #
-# will always be allowed to connect regardless of if they have an     #
-# account, for example guest users.                                   #
+# The allowpattern value allows you to specify a space separated list #
+# of wildcard masks which will always be allowed to connect           #
+# regardless of if they have an account, for example guest and bot    #
+# users.                                                              #
 #                                                                     #
 # Killreason indicates the QUIT reason to give to users if they fail  #
 # to authenticate.                                                    #
--- a/src/modules/m_ldapauth.cpp
+++ b/src/modules/m_ldapauth.cpp
@ -264,7 +264,7 @@ class ModuleLDAPAuth : public Module
 	LocalStringExt ldapVhost;
 	std::string base;
 	std::string attribute;
-	std::string allowpattern;
+	std::vector<std::string> allowpatterns;
 	std::vector<std::string> whitelistedcidrs;
 	bool useusername;

@ -287,7 +287,6 @@ public:

 		base 			= tag->getString("baserdn");
 		attribute		= tag->getString("attribute");
-		allowpattern	= tag->getString("allowpattern");
 		killreason		= tag->getString("killreason");
 		vhost			= tag->getString("host");
 		// Set to true if failed connects should be reported to operators
@ -316,6 +315,13 @@ public:
 			if (!attr.empty() && !val.empty())
 				requiredattributes.push_back(make_pair(attr, val));
 		}
+
+		std::string allowpattern = tag->getString("allowpattern");
+		irc::spacesepstream ss(allowpattern);
+		for (std::string more; ss.GetToken(more); )
+		{
+			allowpatterns.push_back(more);
+		}
 	}

 	void OnUserConnect(LocalUser *user) CXX11_OVERRIDE
@ -330,10 +336,13 @@ public:

 	ModResult OnUserRegister(LocalUser* user) CXX11_OVERRIDE
 	{
-		if ((!allowpattern.empty()) && (InspIRCd::Match(user->nick,allowpattern)))
+		for (std::vector<std::string>::const_iterator i = allowpatterns.begin(); i != allowpatterns.end(); ++i)
 		{
-			ldapAuthed.set(user,1);
-			return MOD_RES_PASSTHRU;
+			if (InspIRCd::Match(user->nick, *i))
+			{
+				ldapAuthed.set(user,1);
+				return MOD_RES_PASSTHRU;
+			}
 		}

 		for (std::vector<std::string>::iterator i = whitelistedcidrs.begin(); i != whitelistedcidrs.end(); i++)