/***************************************************************************
- * Copyright (C) 2005-2015 by the Quassel Project *
+ * Copyright (C) 2005-2016 by the Quassel Project *
* devel@quassel-irc.org *
* *
* This program is free software; you can redistribute it and/or modify *
#include "network.h"
#include "postgresqlstorage.h"
#include "quassel.h"
+#include "sqlauthenticator.h"
#include "sqlitestorage.h"
#include "util.h"
+// Currently building with LDAP bindings is optional.
+#ifdef HAVE_LDAP
+#include "ldapauthenticator.h"
+#endif
+
// migration related
#include <QFile>
#ifdef Q_OS_WIN
Core::Core()
: QObject(),
- _storage(0)
+ _storage(0),
+ _authenticator(0)
{
#ifdef HAVE_UMASK
umask(S_IRWXG | S_IRWXO);
}
registerStorageBackends();
+ registerAuthenticators();
connect(&_storageSyncTimer, SIGNAL(timeout()), this, SLOT(syncStorage()));
_storageSyncTimer.start(10 * 60 * 1000); // 10 minutes
QVariantMap dbsettings = cs.storageSettings().toMap();
_configured = initStorage(dbsettings.value("Backend").toString(), dbsettings.value("ConnectionProperties").toMap());
- if (Quassel::isOptionSet("select-backend")) {
- selectBackend(Quassel::optionValue("select-backend"));
+ // Not entirely sure what is 'legacy' about the above, but it seems to be the way things work!
+ QVariantMap authSettings = cs.authSettings().toMap();
+ initAuthenticator(authSettings.value("Authenticator").toString(), authSettings.value("AuthProperties").toMap());
+
+ if (Quassel::isOptionSet("select-backend") || Quassel::isOptionSet("select-authenticator")) {
+ if (Quassel::isOptionSet("select-backend")) {
+ selectBackend(Quassel::optionValue("select-backend"));
+ }
+ if (Quassel::isOptionSet("select-authenticator")) {
+ selectAuthenticator(Quassel::optionValue("select-authenticator"));
+ }
exit(0);
}
"to work."));
exit(1); // TODO make this less brutal (especially for mono client -> popup)
}
+
qWarning() << "Core is currently not configured! Please connect with a Quassel Client for basic setup.";
+
+ if (!cs.isWritable()) {
+ qWarning() << "Cannot write quasselcore configuration; probably a permission problem.";
+ exit(EXIT_FAILURE);
+ }
+
}
if (Quassel::isOptionSet("add-user")) {
- createUser();
- exit(0);
+ exit(createUser() ? EXIT_SUCCESS : EXIT_FAILURE);
+
}
if (Quassel::isOptionSet("change-userpass")) {
- changeUserPass(Quassel::optionValue("change-userpass"));
- exit(0);
+ exit(changeUserPass(Quassel::optionValue("change-userpass")) ?
+ EXIT_SUCCESS : EXIT_FAILURE);
}
connect(&_server, SIGNAL(newConnection()), this, SLOT(incomingConnection()));
foreach(CoreAuthHandler *handler, _connectingClients) {
handler->deleteLater(); // disconnect non authed clients
}
- qDeleteAll(sessions);
+ qDeleteAll(_sessions);
qDeleteAll(_storageBackends);
+ qDeleteAll(_authenticators);
}
CoreSettings s;
QVariantMap state;
QVariantList activeSessions;
- foreach(UserId user, instance()->sessions.keys()) activeSessions << QVariant::fromValue<UserId>(user);
+ foreach(UserId user, instance()->_sessions.keys())
+ activeSessions << QVariant::fromValue<UserId>(user);
state["CoreStateVersion"] = 1;
state["ActiveSessions"] = activeSessions;
s.setCoreState(state);
// qWarning() << qPrintable(tr("Cannot restore a state for an unconfigured core!"));
return;
}
- if (instance()->sessions.count()) {
+ if (instance()->_sessions.count()) {
qWarning() << qPrintable(tr("Calling restoreState() even though active sessions exist!"));
return;
}
quInfo() << "Restoring previous core state...";
foreach(QVariant v, activeSessions) {
UserId user = v.value<UserId>();
- instance()->createSession(user, true);
+ instance()->sessionForUser(user, true);
}
}
}
/*** Core Setup ***/
-QString Core::setup(const QString &adminUser, const QString &adminPassword, const QString &backend, const QVariantMap &setupData)
+QString Core::setup(const QString &adminUser, const QString &adminPassword, const QString &backend, const QVariantMap &setupData, const QString &authenticator, const QVariantMap &authSetupData)
{
- return instance()->setupCore(adminUser, adminPassword, backend, setupData);
+ return instance()->setupCore(adminUser, adminPassword, backend, setupData, authenticator, authSetupData);
}
-QString Core::setupCore(const QString &adminUser, const QString &adminPassword, const QString &backend, const QVariantMap &setupData)
+QString Core::setupCore(const QString &adminUser, const QString &adminPassword, const QString &backend, const QVariantMap &setupData, const QString &authenticator, const QVariantMap &authSetupData)
{
if (_configured)
return tr("Core is already configured! Not configuring again...");
return tr("Could not setup storage!");
}
- saveBackendSettings(backend, setupData);
+ quInfo() << "Selected authenticator:" << authenticator;
+ if (!(_configured = initAuthenticator(authenticator, authSetupData, true)))
+ {
+ return tr("Could not setup authenticator!");
+ }
+
+ if (!saveBackendSettings(backend, setupData)) {
+ return tr("Could not save backend settings, probably a permission problem.");
+ }
+ saveAuthenticatorSettings(authenticator, authSetupData);
quInfo() << qPrintable(tr("Creating admin user..."));
_storage->addUser(adminUser, adminPassword);
}
// mono client currently needs sqlite
- return setupCore("AdminUser", QString::number(pass), "SQLite", QVariantMap());
+ return setupCore("AdminUser", QString::number(pass), "SQLite", QVariantMap(), "Database", QVariantMap());
}
backend->deleteLater();
}
+// Authentication handling, now independent from storage.
+// Register and unregister authenticators.
+
+void Core::registerAuthenticators()
+{
+ // Register new authentication backends here!
+ registerAuthenticator(new SqlAuthenticator(this));
+#ifdef HAVE_LDAP
+ registerAuthenticator(new LdapAuthenticator(this));
+#endif
+}
+
+
+bool Core::registerAuthenticator(Authenticator *authenticator)
+{
+ if (authenticator->isAvailable()) {
+ _authenticators[authenticator->backendId()] = authenticator;
+ return true;
+ }
+ else {
+ authenticator->deleteLater();
+ return false;
+ }
+}
+
+
+void Core::unregisterAuthenticators()
+{
+ foreach(Authenticator* a, _authenticators.values()) {
+ a->deleteLater();
+ }
+ _authenticators.clear();
+}
+
+
+void Core::unregisterAuthenticator(Authenticator *backend)
+{
+ _authenticators.remove(backend->backendId());
+ backend->deleteLater();
+}
// old db settings:
// "Type" => "sqlite"
return true;
}
+// FIXME: Apparently, this is the legacy way of initting storage backends?
+// If there's a not-legacy way, it should be used here
+bool Core::initAuthenticator(const QString &backend, const QVariantMap &settings, bool setup)
+{
+ _authenticator = 0;
+
+ if (backend.isEmpty()) {
+ return false;
+ }
+
+ Authenticator *authenticator = 0;
+ if (_authenticators.contains(backend)) {
+ authenticator = _authenticators[backend];
+ }
+ else {
+ qCritical() << "Selected auth backend is not available:" << backend;
+ return false;
+ }
+
+ Authenticator::State authState = authenticator->init(settings);
+ switch (authState) {
+ case Authenticator::NeedsSetup:
+ if (!setup)
+ return false; // trigger setup process
+ if (authenticator->setup(settings))
+ return initAuthenticator(backend, settings, false);
+ // if initialization wasn't successful, we quit to keep from coming up unconfigured
+ case Authenticator::NotAvailable:
+ qCritical() << "FATAL: Selected auth backend is not available:" << backend;
+ exit(EXIT_FAILURE);
+ case Authenticator::IsReady:
+ // delete all other backends
+ _authenticators.remove(backend);
+ unregisterAuthenticators();
+ }
+ _authenticator = authenticator;
+ return true;
+}
+
void Core::syncStorage()
{
}
+bool Core::reloadCerts()
+{
+#ifdef HAVE_SSL
+ SslServer *sslServerv4 = qobject_cast<SslServer *>(&instance()->_server);
+ bool retv4 = sslServerv4->reloadCerts();
+
+ SslServer *sslServerv6 = qobject_cast<SslServer *>(&instance()->_v6server);
+ bool retv6 = sslServerv6->reloadCerts();
+
+ return retv4 && retv6;
+#else
+ // SSL not supported, don't mark configuration reload as failed
+ return true;
+#endif
+}
+
+
bool Core::startListening()
{
// in mono mode we only start a local port if a port is specified in the cli call
handler->deleteLater();
// Find or create session for validated user
- SessionThread *session;
- if (sessions.contains(uid)) {
- session = sessions[uid];
- }
- else {
- session = createSession(uid);
- if (!session) {
- qWarning() << qPrintable(tr("Could not initialize session for client:")) << qPrintable(peer->description());
- peer->close();
- peer->deleteLater();
- return;
- }
- }
+ sessionForUser(uid);
// as we are currently handling an event triggered by incoming data on this socket
// it is unsafe to directly move the socket to the client thread.
void Core::addClientHelper(RemotePeer *peer, UserId uid)
{
// Find or create session for validated user
- if (!sessions.contains(uid)) {
- qWarning() << qPrintable(tr("Could not find a session for client:")) << qPrintable(peer->description());
- peer->close();
- peer->deleteLater();
- return;
- }
-
- SessionThread *session = sessions[uid];
+ SessionThread *session = sessionForUser(uid);
session->addClient(peer);
}
clientPeer->setPeer(corePeer);
// Find or create session for validated user
- SessionThread *sessionThread;
- if (sessions.contains(uid))
- sessionThread = sessions[uid];
- else
- sessionThread = createSession(uid);
-
+ SessionThread *sessionThread = sessionForUser(uid);
sessionThread->addClient(corePeer);
}
-SessionThread *Core::createSession(UserId uid, bool restore)
+SessionThread *Core::sessionForUser(UserId uid, bool restore)
{
- if (sessions.contains(uid)) {
- qWarning() << "Calling createSession() when a session for the user already exists!";
- return 0;
- }
- SessionThread *sess = new SessionThread(uid, restore, this);
- sessions[uid] = sess;
- sess->start();
- return sess;
+ if (_sessions.contains(uid))
+ return _sessions[uid];
+
+ SessionThread *session = new SessionThread(uid, restore, this);
+ _sessions[uid] = session;
+ session->start();
+ return session;
}
v["Description"] = backend->description();
v["SetupKeys"] = backend->setupKeys();
v["SetupDefaults"] = backend->setupDefaults();
+ v["IsDefault"] = isStorageBackendDefault(backend);
backends.append(v);
}
return backends;
}
+QVariantList Core::authenticatorInfo()
+{
+ QVariantList backends;
+ foreach(const Authenticator *backend, instance()->_authenticators.values()) {
+ QVariantMap v;
+ v["DisplayName"] = backend->backendId();
+ v["Description"] = backend->description();
+ v["SetupKeys"] = backend->setupKeys();
+ v["SetupDefaults"] = backend->setupDefaults();
+ backends.append(v);
+ }
+ return backends;
+}
+
// migration / backend selection
bool Core::selectBackend(const QString &backend)
{
Storage::State storageState = storage->init(settings);
switch (storageState) {
case Storage::IsReady:
- saveBackendSettings(backend, settings);
+ if (!saveBackendSettings(backend, settings)) {
+ qCritical() << qPrintable(QString("Could not save backend settings, probably a permission problem."));
+ }
qWarning() << "Switched backend to:" << qPrintable(backend);
qWarning() << "Backend already initialized. Skipping Migration";
return true;
return false;
}
- saveBackendSettings(backend, settings);
+ if (!saveBackendSettings(backend, settings)) {
+ qCritical() << qPrintable(QString("Could not save backend settings, probably a permission problem."));
+ }
qWarning() << "Switched backend to:" << qPrintable(backend);
break;
}
storage = 0;
if (reader->migrateTo(writer)) {
qDebug() << "Migration finished!";
- saveBackendSettings(backend, settings);
+ if (!saveBackendSettings(backend, settings)) {
+ qCritical() << qPrintable(QString("Could not save backend settings, probably a permission problem."));
+ return false;
+ }
return true;
}
return false;
return true;
}
+// TODO: I am not sure if this function is implemented correctly.
+// There is currently no concept of migraiton between auth backends.
+bool Core::selectAuthenticator(const QString &backend)
+{
+ // Register all authentication backends.
+ registerAuthenticators();
+ if (!_authenticators.contains(backend)) {
+ qWarning() << qPrintable(QString("Core::selectAuthenticator(): unsupported backend: %1").arg(backend));
+ qWarning() << " supported backends are:" << qPrintable(QStringList(_authenticators.keys()).join(", "));
+ return false;
+ }
+
+ Authenticator *authenticator = _authenticators[backend];
+ QVariantMap settings = promptForSettings(authenticator);
+
+ Authenticator::State state = authenticator->init(settings);
+ switch (state) {
+ case Authenticator::IsReady:
+ saveAuthenticatorSettings(backend, settings);
+ qWarning() << "Switched auth backend to:" << qPrintable(backend);
+// qWarning() << "Auth backend already initialized. Skipping Migration";
+ return true;
+ case Authenticator::NotAvailable:
+ qCritical() << "Auth backend is not available:" << qPrintable(backend);
+ return false;
+ case Authenticator::NeedsSetup:
+ if (!authenticator->setup(settings)) {
+ qWarning() << qPrintable(QString("Core::selectAuthenticator(): unable to setup authenticator: %1").arg(backend));
+ return false;
+ }
-void Core::createUser()
+ if (authenticator->init(settings) != Authenticator::IsReady) {
+ qWarning() << qPrintable(QString("Core::migrateBackend(): unable to initialize authenticator: %1").arg(backend));
+ return false;
+ }
+
+ saveAuthenticatorSettings(backend, settings);
+ qWarning() << "Switched auth backend to:" << qPrintable(backend);
+ }
+
+ _authenticator = authenticator;
+ return true;
+}
+
+
+bool Core::createUser()
{
QTextStream out(stdout);
QTextStream in(stdin);
if (password != password2) {
qWarning() << "Passwords don't match!";
- return;
+ return false;
}
if (password.isEmpty()) {
qWarning() << "Password is empty!";
- return;
+ return false;
}
if (_configured && _storage->addUser(username, password).isValid()) {
out << "Added user " << username << " successfully!" << endl;
+ return true;
}
else {
qWarning() << "Unable to add user:" << qPrintable(username);
+ return false;
}
}
-void Core::changeUserPass(const QString &username)
+bool Core::changeUserPass(const QString &username)
{
QTextStream out(stdout);
QTextStream in(stdin);
UserId userId = _storage->getUserId(username);
if (!userId.isValid()) {
out << "User " << username << " does not exist." << endl;
- return;
+ return false;
+ }
+
+ if (!canChangeUserPassword(userId)) {
+ out << "User " << username << " is configured through an auth provider that has forbidden manual password changing." << endl;
+ return false;
}
out << "Change password for user: " << username << endl;
if (password != password2) {
qWarning() << "Passwords don't match!";
- return;
+ return false;
}
if (password.isEmpty()) {
qWarning() << "Password is empty!";
- return;
+ return false;
}
if (_configured && _storage->updateUser(userId, password)) {
out << "Password changed successfully!" << endl;
+ return true;
}
else {
qWarning() << "Failed to change password!";
+ return false;
+ }
+}
+
+
+bool Core::changeUserPassword(UserId userId, const QString &password)
+{
+ if (!isConfigured() || !userId.isValid())
+ return false;
+
+ if (!canChangeUserPassword(userId))
+ return false;
+
+ return instance()->_storage->updateUser(userId, password);
+}
+
+// TODO: this code isn't currently 100% optimal because the core
+// doesn't know it can have multiple auth providers configured (there aren't
+// multiple auth providers at the moment anyway) and we have hardcoded the
+// Database provider to be always allowed.
+bool Core::canChangeUserPassword(UserId userId)
+{
+ QString authProvider = instance()->_storage->getUserAuthenticator(userId);
+ if (authProvider != "Database") {
+ if (authProvider != instance()->_authenticator->backendId()) {
+ return false;
+ }
+ else if (instance()->_authenticator->canChangePassword()) {
+ return false;
+ }
}
+ return true;
}
}
-void Core::saveBackendSettings(const QString &backend, const QVariantMap &settings)
+bool Core::saveBackendSettings(const QString &backend, const QVariantMap &settings)
{
QVariantMap dbsettings;
dbsettings["Backend"] = backend;
dbsettings["ConnectionProperties"] = settings;
- CoreSettings().setStorageSettings(dbsettings);
+ CoreSettings s = CoreSettings();
+ s.setStorageSettings(dbsettings);
+ return s.sync();
}
-QVariantMap Core::promptForSettings(const Storage *storage)
+void Core::saveAuthenticatorSettings(const QString &backend, const QVariantMap &settings)
+{
+ QVariantMap dbsettings;
+ dbsettings["Authenticator"] = backend;
+ dbsettings["AuthProperties"] = settings;
+ CoreSettings().setAuthSettings(dbsettings);
+}
+
+// Generic version of promptForSettings that doesn't care what *type* of
+// backend it runs over.
+QVariantMap Core::promptForSettings(QStringList keys, QVariantMap defaults)
{
QVariantMap settings;
- QStringList keys = storage->setupKeys();
if (keys.isEmpty())
return settings;
QTextStream in(stdin);
out << "Default values are in brackets" << endl;
- QVariantMap defaults = storage->setupDefaults();
QString value;
foreach(QString key, keys) {
QVariant val;
return settings;
}
+// Since an auth and storage backend work basically the same way,
+// use polymorphism here on this routine.
+QVariantMap Core::promptForSettings(const Storage *storage)
+{
+ QStringList keys = storage->setupKeys();
+ QVariantMap defaults = storage->setupDefaults();
+ return Core::promptForSettings(keys, defaults);
+}
+
+
+QVariantMap Core::promptForSettings(const Authenticator *authenticator)
+{
+ QStringList keys = authenticator->setupKeys();
+ QVariantMap defaults = authenticator->setupDefaults();
+ return Core::promptForSettings(keys, defaults);
+}
+
#ifdef Q_OS_WIN
void Core::stdInEcho(bool on)