/***************************************************************************
- * Copyright (C) 2005-2016 by the Quassel Project *
+ * Copyright (C) 2005-2018 by the Quassel Project *
* devel@quassel-irc.org *
* *
* This program is free software; you can redistribute it and/or modify *
#include "ldapauthenticator.h"
-#include "logger.h"
+#include "logmessage.h"
#include "network.h"
#include "quassel.h"
LdapAuthenticator::LdapAuthenticator(QObject *parent)
: Authenticator(parent),
- _connection(0)
+ _connection(nullptr)
{
}
LdapAuthenticator::~LdapAuthenticator()
{
- if (_connection != 0) {
- ldap_unbind_ext(_connection, 0, 0);
+ if (_connection != nullptr) {
+ ldap_unbind_ext(_connection, nullptr, nullptr);
}
}
}
-void LdapAuthenticator::setAuthProperties(const QVariantMap &properties)
+void LdapAuthenticator::setAuthProperties(const QVariantMap &properties,
+ const QProcessEnvironment &environment,
+ bool loadFromEnvironment)
{
- _hostName = properties["Hostname"].toString();
- _port = properties["Port"].toInt();
- _bindDN = properties["BindDN"].toString();
- _bindPassword = properties["BindPassword"].toString();
- _baseDN = properties["BaseDN"].toString();
- _filter = properties["Filter"].toString();
- _uidAttribute = properties["UidAttribute"].toString();
+ if (loadFromEnvironment) {
+ _hostName = environment.value("AUTH_LDAP_HOSTNAME");
+ _port = environment.value("AUTH_LDAP_PORT").toInt();
+ _bindDN = environment.value("AUTH_LDAP_BIND_DN");
+ _bindPassword = environment.value("AUTH_LDAP_BIND_PASSWORD");
+ _baseDN = environment.value("AUTH_LDAP_BASE_DN");
+ _filter = environment.value("AUTH_LDAP_FILTER");
+ _uidAttribute = environment.value("AUTH_LDAP_UID_ATTRIBUTE");
+ } else {
+ _hostName = properties["Hostname"].toString();
+ _port = properties["Port"].toInt();
+ _bindDN = properties["BindDN"].toString();
+ _bindPassword = properties["BindPassword"].toString();
+ _baseDN = properties["BaseDN"].toString();
+ _filter = properties["Filter"].toString();
+ _uidAttribute = properties["UidAttribute"].toString();
+ }
}
// TODO: this code is sufficiently general that in the future, perhaps an abstract
{
bool result = ldapAuth(username, password);
if (!result) {
- return UserId();
+ return {};
}
// LDAP is case-insensitive, thus we will lowercase the username, in spite of
}
-bool LdapAuthenticator::setup(const QVariantMap &settings)
+bool LdapAuthenticator::setup(const QVariantMap &settings,
+ const QProcessEnvironment &environment,
+ bool loadFromEnvironment)
{
- setAuthProperties(settings);
+ setAuthProperties(settings, environment, loadFromEnvironment);
bool status = ldapConnect();
return status;
}
-Authenticator::State LdapAuthenticator::init(const QVariantMap &settings)
+Authenticator::State LdapAuthenticator::init(const QVariantMap &settings,
+ const QProcessEnvironment &environment,
+ bool loadFromEnvironment)
{
- setAuthProperties(settings);
+ setAuthProperties(settings, environment, loadFromEnvironment);
bool status = ldapConnect();
if (!status) {
// Method based on abustany LDAP quassel patch.
bool LdapAuthenticator::ldapConnect()
{
- if (_connection != 0) {
+ if (_connection != nullptr) {
ldapDisconnect();
}
serverURIArray = serverURI.toLocal8Bit();
res = ldap_initialize(&_connection, serverURIArray);
+ quInfo() << "LDAP: Connecting to" << serverURI;
+
if (res != LDAP_SUCCESS) {
qWarning() << "Could not connect to LDAP server:" << ldap_err2string(res);
return false;
if (res != LDAP_SUCCESS) {
qWarning() << "Could not set LDAP protocol version to v3:" << ldap_err2string(res);
- ldap_unbind_ext(_connection, 0, 0);
- _connection = 0;
+ ldap_unbind_ext(_connection, nullptr, nullptr);
+ _connection = nullptr;
return false;
}
void LdapAuthenticator::ldapDisconnect()
{
- if (_connection == 0) {
+ if (_connection == nullptr) {
return;
}
- ldap_unbind_ext(_connection, 0, 0);
- _connection = 0;
+ ldap_unbind_ext(_connection, nullptr, nullptr);
+ _connection = nullptr;
}
int res;
// Attempt to establish a connection.
- if (_connection == 0) {
+ if (_connection == nullptr) {
if (!ldapConnect()) {
return false;
}
QByteArray baseDN = _baseDN.toLocal8Bit();
QByteArray uidAttribute = _uidAttribute.toLocal8Bit();
- cred.bv_val = (bindPassword.size() > 0 ? bindPassword.data() : NULL);
+ cred.bv_val = (bindPassword.size() > 0 ? bindPassword.data() : nullptr);
cred.bv_len = bindPassword.size();
- res = ldap_sasl_bind_s(_connection, bindDN.size() > 0 ? bindDN.constData() : 0, LDAP_SASL_SIMPLE, &cred, 0, 0, 0);
+ res = ldap_sasl_bind_s(_connection, bindDN.size() > 0 ? bindDN.constData() : nullptr, LDAP_SASL_SIMPLE, &cred, nullptr, nullptr, nullptr);
if (res != LDAP_SUCCESS) {
qWarning() << "Refusing connection from" << username << "(LDAP bind failed:" << ldap_err2string(res) << ")";
return false;
}
- LDAPMessage *msg = NULL, *entry = NULL;
+ LDAPMessage *msg = nullptr, *entry = nullptr;
const QByteArray ldapQuery = "(&(" + uidAttribute + '=' + username.toLocal8Bit() + ")" + _filter.toLocal8Bit() + ")";
- res = ldap_search_ext_s(_connection, baseDN.constData(), LDAP_SCOPE_SUBTREE, ldapQuery.constData(), 0, 0, 0, 0, 0, 0, &msg);
+ res = ldap_search_ext_s(_connection, baseDN.constData(), LDAP_SCOPE_SUBTREE, ldapQuery.constData(), nullptr, 0, nullptr, nullptr, nullptr, 0, &msg);
if (res != LDAP_SUCCESS) {
qWarning() << "Refusing connection from" << username << "(LDAP search failed:" << ldap_err2string(res) << ")";
entry = ldap_first_entry(_connection, msg);
- if (entry == 0) {
+ if (entry == nullptr) {
qWarning() << "Refusing connection from" << username << "(LDAP search returned no results)";
ldap_msgfree(msg);
return false;
char *userDN = ldap_get_dn(_connection, entry);
- res = ldap_sasl_bind_s(_connection, userDN, LDAP_SASL_SIMPLE, &cred, 0, 0, 0);
+ res = ldap_sasl_bind_s(_connection, userDN, LDAP_SASL_SIMPLE, &cred, nullptr, nullptr, nullptr);
if (res != LDAP_SUCCESS) {
qWarning() << "Refusing connection from" << username << "(LDAP authentication failed)";