From 4ed0292914ca78aa419aab3add5b113c26b81a12 Mon Sep 17 00:00:00 2001
From: Thiago Crepaldi <thiago@thiagocrepaldi.com>
Date: Wed, 5 Feb 2014 18:41:30 -0200
Subject: m_ldapauth.cpp: Allow multiple patterns for users to bypass LDAP auth

---
 docs/conf/modules.conf.example |  9 +++++----
 src/modules/m_ldapauth.cpp     | 19 ++++++++++++++-----
 2 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example
index 9078771e5..2849cd1a8 100644
--- a/docs/conf/modules.conf.example
+++ b/docs/conf/modules.conf.example
@@ -980,7 +980,7 @@
 # <ldapauth dbid="ldapdb"                                             #
 #           baserdn="ou=People,dc=brainbox,dc=cc"                     #
 #           attribute="uid"                                           #
-#           allowpattern="Guest*"                                     #
+#           allowpattern="Guest* Bot*"                                #
 #           killreason="Access denied"                                #
 #           verbose="yes"                                             #
 #           host="$uid.$ou.inspircd.org">                             #
@@ -995,9 +995,10 @@
 # The attribute value indicates the attribute which is used to locate #
 # a user account by name. On POSIX systems this is usually 'uid'.     #
 #                                                                     #
-# The allowpattern value allows you to specify a wildcard mask which  #
-# will always be allowed to connect regardless of if they have an     #
-# account, for example guest users.                                   #
+# The allowpattern value allows you to specify a space separated list #
+# of wildcard masks which will always be allowed to connect           #
+# regardless of if they have an account, for example guest and bot    #
+# users.                                                              #
 #                                                                     #
 # Killreason indicates the QUIT reason to give to users if they fail  #
 # to authenticate.                                                    #
diff --git a/src/modules/m_ldapauth.cpp b/src/modules/m_ldapauth.cpp
index 6b7c9d219..179fe6fca 100644
--- a/src/modules/m_ldapauth.cpp
+++ b/src/modules/m_ldapauth.cpp
@@ -264,7 +264,7 @@ class ModuleLDAPAuth : public Module
 	LocalStringExt ldapVhost;
 	std::string base;
 	std::string attribute;
-	std::string allowpattern;
+	std::vector<std::string> allowpatterns;
 	std::vector<std::string> whitelistedcidrs;
 	bool useusername;
 
@@ -287,7 +287,6 @@ public:
 
 		base 			= tag->getString("baserdn");
 		attribute		= tag->getString("attribute");
-		allowpattern	= tag->getString("allowpattern");
 		killreason		= tag->getString("killreason");
 		vhost			= tag->getString("host");
 		// Set to true if failed connects should be reported to operators
@@ -316,6 +315,13 @@ public:
 			if (!attr.empty() && !val.empty())
 				requiredattributes.push_back(make_pair(attr, val));
 		}
+
+		std::string allowpattern = tag->getString("allowpattern");
+		irc::spacesepstream ss(allowpattern);
+		for (std::string more; ss.GetToken(more); )
+		{
+			allowpatterns.push_back(more);
+		}
 	}
 
 	void OnUserConnect(LocalUser *user) CXX11_OVERRIDE
@@ -330,10 +336,13 @@ public:
 
 	ModResult OnUserRegister(LocalUser* user) CXX11_OVERRIDE
 	{
-		if ((!allowpattern.empty()) && (InspIRCd::Match(user->nick,allowpattern)))
+		for (std::vector<std::string>::const_iterator i = allowpatterns.begin(); i != allowpatterns.end(); ++i)
 		{
-			ldapAuthed.set(user,1);
-			return MOD_RES_PASSTHRU;
+			if (InspIRCd::Match(user->nick, *i))
+			{
+				ldapAuthed.set(user,1);
+				return MOD_RES_PASSTHRU;
+			}
 		}
 
 		for (std::vector<std::string>::iterator i = whitelistedcidrs.begin(); i != whitelistedcidrs.end(); i++)
-- 
cgit v1.2.3