X-Git-Url: https://git.quassel-irc.org/?a=blobdiff_plain;f=src%2Fcore%2Fldapauthenticator.cpp;h=7448396b0ae7f2ba96976d2f1b0ccace1c807113;hb=8582c2ad5708a1972c85bea1cf8d81ad3ece4814;hp=ae4ea8773518504c7377497eb81a4836bf3453fc;hpb=bcaaebece13e123dc66dc32b59e13956b12f8b4c;p=quassel.git diff --git a/src/core/ldapauthenticator.cpp b/src/core/ldapauthenticator.cpp index ae4ea877..7448396b 100644 --- a/src/core/ldapauthenticator.cpp +++ b/src/core/ldapauthenticator.cpp @@ -1,5 +1,5 @@ /*************************************************************************** - * Copyright (C) 2005-2016 by the Quassel Project * + * Copyright (C) 2005-2018 by the Quassel Project * * devel@quassel-irc.org * * * * This program is free software; you can redistribute it and/or modify * @@ -28,7 +28,7 @@ #include "ldapauthenticator.h" -#include "logger.h" +#include "logmessage.h" #include "network.h" #include "quassel.h" @@ -43,15 +43,15 @@ LdapAuthenticator::LdapAuthenticator(QObject *parent) : Authenticator(parent), - _connection(0) + _connection(nullptr) { } LdapAuthenticator::~LdapAuthenticator() { - if (_connection != 0) { - ldap_unbind_ext(_connection, 0, 0); + if (_connection != nullptr) { + ldap_unbind_ext(_connection, nullptr, nullptr); } } @@ -100,15 +100,27 @@ QVariantList LdapAuthenticator::setupData() const } -void LdapAuthenticator::setAuthProperties(const QVariantMap &properties) +void LdapAuthenticator::setAuthProperties(const QVariantMap &properties, + const QProcessEnvironment &environment, + bool loadFromEnvironment) { - _hostName = properties["Hostname"].toString(); - _port = properties["Port"].toInt(); - _bindDN = properties["BindDN"].toString(); - _bindPassword = properties["BindPassword"].toString(); - _baseDN = properties["BaseDN"].toString(); - _filter = properties["Filter"].toString(); - _uidAttribute = properties["UidAttribute"].toString(); + if (loadFromEnvironment) { + _hostName = environment.value("AUTH_LDAP_HOSTNAME"); + _port = environment.value("AUTH_LDAP_PORT").toInt(); + _bindDN = environment.value("AUTH_LDAP_BIND_DN"); + _bindPassword = environment.value("AUTH_LDAP_BIND_PASSWORD"); + _baseDN = environment.value("AUTH_LDAP_BASE_DN"); + _filter = environment.value("AUTH_LDAP_FILTER"); + _uidAttribute = environment.value("AUTH_LDAP_UID_ATTRIBUTE"); + } else { + _hostName = properties["Hostname"].toString(); + _port = properties["Port"].toInt(); + _bindDN = properties["BindDN"].toString(); + _bindPassword = properties["BindPassword"].toString(); + _baseDN = properties["BaseDN"].toString(); + _filter = properties["Filter"].toString(); + _uidAttribute = properties["UidAttribute"].toString(); + } } // TODO: this code is sufficiently general that in the future, perhaps an abstract @@ -119,7 +131,7 @@ UserId LdapAuthenticator::validateUser(const QString &username, const QString &p { bool result = ldapAuth(username, password); if (!result) { - return UserId(); + return {}; } // LDAP is case-insensitive, thus we will lowercase the username, in spite of @@ -142,17 +154,21 @@ UserId LdapAuthenticator::validateUser(const QString &username, const QString &p } -bool LdapAuthenticator::setup(const QVariantMap &settings) +bool LdapAuthenticator::setup(const QVariantMap &settings, + const QProcessEnvironment &environment, + bool loadFromEnvironment) { - setAuthProperties(settings); + setAuthProperties(settings, environment, loadFromEnvironment); bool status = ldapConnect(); return status; } -Authenticator::State LdapAuthenticator::init(const QVariantMap &settings) +Authenticator::State LdapAuthenticator::init(const QVariantMap &settings, + const QProcessEnvironment &environment, + bool loadFromEnvironment) { - setAuthProperties(settings); + setAuthProperties(settings, environment, loadFromEnvironment); bool status = ldapConnect(); if (!status) { @@ -167,7 +183,7 @@ Authenticator::State LdapAuthenticator::init(const QVariantMap &settings) // Method based on abustany LDAP quassel patch. bool LdapAuthenticator::ldapConnect() { - if (_connection != 0) { + if (_connection != nullptr) { ldapDisconnect(); } @@ -181,6 +197,8 @@ bool LdapAuthenticator::ldapConnect() serverURIArray = serverURI.toLocal8Bit(); res = ldap_initialize(&_connection, serverURIArray); + quInfo() << "LDAP: Connecting to" << serverURI; + if (res != LDAP_SUCCESS) { qWarning() << "Could not connect to LDAP server:" << ldap_err2string(res); return false; @@ -190,8 +208,8 @@ bool LdapAuthenticator::ldapConnect() if (res != LDAP_SUCCESS) { qWarning() << "Could not set LDAP protocol version to v3:" << ldap_err2string(res); - ldap_unbind_ext(_connection, 0, 0); - _connection = 0; + ldap_unbind_ext(_connection, nullptr, nullptr); + _connection = nullptr; return false; } @@ -201,12 +219,12 @@ bool LdapAuthenticator::ldapConnect() void LdapAuthenticator::ldapDisconnect() { - if (_connection == 0) { + if (_connection == nullptr) { return; } - ldap_unbind_ext(_connection, 0, 0); - _connection = 0; + ldap_unbind_ext(_connection, nullptr, nullptr); + _connection = nullptr; } @@ -219,7 +237,7 @@ bool LdapAuthenticator::ldapAuth(const QString &username, const QString &passwor int res; // Attempt to establish a connection. - if (_connection == 0) { + if (_connection == nullptr) { if (!ldapConnect()) { return false; } @@ -233,10 +251,10 @@ bool LdapAuthenticator::ldapAuth(const QString &username, const QString &passwor QByteArray baseDN = _baseDN.toLocal8Bit(); QByteArray uidAttribute = _uidAttribute.toLocal8Bit(); - cred.bv_val = (bindPassword.size() > 0 ? bindPassword.data() : NULL); + cred.bv_val = (bindPassword.size() > 0 ? bindPassword.data() : nullptr); cred.bv_len = bindPassword.size(); - res = ldap_sasl_bind_s(_connection, bindDN.size() > 0 ? bindDN.constData() : 0, LDAP_SASL_SIMPLE, &cred, 0, 0, 0); + res = ldap_sasl_bind_s(_connection, bindDN.size() > 0 ? bindDN.constData() : nullptr, LDAP_SASL_SIMPLE, &cred, nullptr, nullptr, nullptr); if (res != LDAP_SUCCESS) { qWarning() << "Refusing connection from" << username << "(LDAP bind failed:" << ldap_err2string(res) << ")"; @@ -244,11 +262,11 @@ bool LdapAuthenticator::ldapAuth(const QString &username, const QString &passwor return false; } - LDAPMessage *msg = NULL, *entry = NULL; + LDAPMessage *msg = nullptr, *entry = nullptr; const QByteArray ldapQuery = "(&(" + uidAttribute + '=' + username.toLocal8Bit() + ")" + _filter.toLocal8Bit() + ")"; - res = ldap_search_ext_s(_connection, baseDN.constData(), LDAP_SCOPE_SUBTREE, ldapQuery.constData(), 0, 0, 0, 0, 0, 0, &msg); + res = ldap_search_ext_s(_connection, baseDN.constData(), LDAP_SCOPE_SUBTREE, ldapQuery.constData(), nullptr, 0, nullptr, nullptr, nullptr, 0, &msg); if (res != LDAP_SUCCESS) { qWarning() << "Refusing connection from" << username << "(LDAP search failed:" << ldap_err2string(res) << ")"; @@ -263,7 +281,7 @@ bool LdapAuthenticator::ldapAuth(const QString &username, const QString &passwor entry = ldap_first_entry(_connection, msg); - if (entry == 0) { + if (entry == nullptr) { qWarning() << "Refusing connection from" << username << "(LDAP search returned no results)"; ldap_msgfree(msg); return false; @@ -275,7 +293,7 @@ bool LdapAuthenticator::ldapAuth(const QString &username, const QString &passwor char *userDN = ldap_get_dn(_connection, entry); - res = ldap_sasl_bind_s(_connection, userDN, LDAP_SASL_SIMPLE, &cred, 0, 0, 0); + res = ldap_sasl_bind_s(_connection, userDN, LDAP_SASL_SIMPLE, &cred, nullptr, nullptr, nullptr); if (res != LDAP_SUCCESS) { qWarning() << "Refusing connection from" << username << "(LDAP authentication failed)";