/***************************************************************************
- * Copyright (C) 2005-2018 by the Quassel Project *
+ * Copyright (C) 2005-2020 by the Quassel Project *
* devel@quassel-irc.org *
* *
* This program is free software; you can redistribute it and/or modify *
#include "ldapauthenticator.h"
-#include "logmessage.h"
#include "network.h"
#include "quassel.h"
#include <ldap.h>
//#endif
-LdapAuthenticator::LdapAuthenticator(QObject *parent)
- : Authenticator(parent),
- _connection(nullptr)
-{
-}
-
+LdapAuthenticator::LdapAuthenticator(QObject* parent)
+ : Authenticator(parent)
+ , _connection(nullptr)
+{}
LdapAuthenticator::~LdapAuthenticator()
{
}
}
-
bool LdapAuthenticator::isAvailable() const
{
// FIXME: probably this should test if we can speak to the LDAP server.
return true;
}
-
QString LdapAuthenticator::backendId() const
{
// We identify the backend to use for the monolithic core by this identifier.
return QString("LDAP");
}
-
QString LdapAuthenticator::displayName() const
{
return tr("LDAP");
}
-
QString LdapAuthenticator::description() const
{
return tr("Authenticate users using an LDAP server.");
}
-
QVariantList LdapAuthenticator::setupData() const
{
// The parameters needed for LDAP.
QVariantList data;
- data << "Hostname" << tr("Hostname") << QString{"ldap://localhost"}
- << "Port" << tr("Port") << DEFAULT_LDAP_PORT
- << "BindDN" << tr("Bind DN") << QString{}
- << "BindPassword" << tr("Bind Password") << QString{}
- << "BaseDN" << tr("Base DN") << QString{}
- << "Filter" << tr("Filter") << QString{}
- << "UidAttribute" << tr("UID Attribute") << QString{"uid"}
- ;
+ data << "Hostname" << tr("Hostname") << QString{"ldap://localhost"} << "Port" << tr("Port") << DEFAULT_LDAP_PORT << "BindDN"
+ << tr("Bind DN") << QString{} << "BindPassword" << tr("Bind Password") << QString{} << "BaseDN" << tr("Base DN") << QString{}
+ << "Filter" << tr("Filter") << QString{} << "UidAttribute" << tr("UID Attribute") << QString{"uid"};
return data;
}
-
-void LdapAuthenticator::setAuthProperties(const QVariantMap &properties,
- const QProcessEnvironment &environment,
- bool loadFromEnvironment)
+void LdapAuthenticator::setAuthProperties(const QVariantMap& properties, const QProcessEnvironment& environment, bool loadFromEnvironment)
{
if (loadFromEnvironment) {
_hostName = environment.value("AUTH_LDAP_HOSTNAME");
_baseDN = environment.value("AUTH_LDAP_BASE_DN");
_filter = environment.value("AUTH_LDAP_FILTER");
_uidAttribute = environment.value("AUTH_LDAP_UID_ATTRIBUTE");
- } else {
+ }
+ else {
_hostName = properties["Hostname"].toString();
_port = properties["Port"].toInt();
_bindDN = properties["BindDN"].toString();
// class should be created implementing it.
// i.e. a provider that does its own thing and then pokes at the current storage
// through the default core method.
-UserId LdapAuthenticator::validateUser(const QString &username, const QString &password)
+UserId LdapAuthenticator::validateUser(const QString& username, const QString& password)
{
bool result = ldapAuth(username, password);
if (!result) {
- return UserId();
+ return {};
}
// LDAP is case-insensitive, thus we will lowercase the username, in spite of
// Users created via LDAP have empty passwords, but authenticator column = LDAP.
// On the other hand, if auth succeeds and the user already exists, do a final
// cross-check to confirm we're using the right auth provider.
- UserId quasselId = Core::validateUser(lUsername, QString());
+ UserId quasselId = Core::getUserId(lUsername);
if (!quasselId.isValid()) {
return Core::addUser(lUsername, QString(), backendId());
}
return quasselId;
}
-
-bool LdapAuthenticator::setup(const QVariantMap &settings,
- const QProcessEnvironment &environment,
- bool loadFromEnvironment)
+bool LdapAuthenticator::setup(const QVariantMap& settings, const QProcessEnvironment& environment, bool loadFromEnvironment)
{
setAuthProperties(settings, environment, loadFromEnvironment);
bool status = ldapConnect();
return status;
}
-
-Authenticator::State LdapAuthenticator::init(const QVariantMap &settings,
- const QProcessEnvironment &environment,
- bool loadFromEnvironment)
+Authenticator::State LdapAuthenticator::init(const QVariantMap& settings, const QProcessEnvironment& environment, bool loadFromEnvironment)
{
setAuthProperties(settings, environment, loadFromEnvironment);
bool status = ldapConnect();
if (!status) {
- quInfo() << qPrintable(backendId()) << "authenticator cannot connect.";
+ qInfo() << qPrintable(backendId()) << "authenticator cannot connect.";
return NotAvailable;
}
- quInfo() << qPrintable(backendId()) << "authenticator is ready.";
+ qInfo() << qPrintable(backendId()) << "authenticator is ready.";
return IsReady;
}
serverURIArray = serverURI.toLocal8Bit();
res = ldap_initialize(&_connection, serverURIArray);
- quInfo() << "LDAP: Connecting to" << serverURI;
+ qInfo() << "LDAP: Connecting to" << serverURI;
if (res != LDAP_SUCCESS) {
qWarning() << "Could not connect to LDAP server:" << ldap_err2string(res);
return true;
}
-
void LdapAuthenticator::ldapDisconnect()
{
if (_connection == nullptr) {
_connection = nullptr;
}
-
-bool LdapAuthenticator::ldapAuth(const QString &username, const QString &password)
+bool LdapAuthenticator::ldapAuth(const QString& username, const QString& password)
{
if (password.isEmpty()) {
return false;
const QByteArray ldapQuery = "(&(" + uidAttribute + '=' + username.toLocal8Bit() + ")" + _filter.toLocal8Bit() + ")";
- res = ldap_search_ext_s(_connection, baseDN.constData(), LDAP_SCOPE_SUBTREE, ldapQuery.constData(), nullptr, 0, nullptr, nullptr, nullptr, 0, &msg);
+ res = ldap_search_ext_s(_connection,
+ baseDN.constData(),
+ LDAP_SCOPE_SUBTREE,
+ ldapQuery.constData(),
+ nullptr,
+ 0,
+ nullptr,
+ nullptr,
+ nullptr,
+ 0,
+ &msg);
if (res != LDAP_SUCCESS) {
qWarning() << "Refusing connection from" << username << "(LDAP search failed:" << ldap_err2string(res) << ")";
cred.bv_val = passwordArray.data();
cred.bv_len = password.size();
- char *userDN = ldap_get_dn(_connection, entry);
+ char* userDN = ldap_get_dn(_connection, entry);
res = ldap_sasl_bind_s(_connection, userDN, LDAP_SASL_SIMPLE, &cred, nullptr, nullptr, nullptr);