#include "sqlitestorage.h"
#include "util.h"
+// Currently building with LDAP bindings is optional.
+#ifdef HAVE_LDAP
+#include "ldapauthenticator.h"
+#endif
+
// migration related
#include <QFile>
#ifdef Q_OS_WIN
}
registerStorageBackends();
- registerAuthenticatorBackends();
-
+ registerAuthenticatorBackends();
+
connect(&_storageSyncTimer, SIGNAL(timeout()), this, SLOT(syncStorage()));
_storageSyncTimer.start(10 * 60 * 1000); // 10 minutes
}
QVariantMap dbsettings = cs.storageSettings().toMap();
_configured = initStorage(dbsettings.value("Backend").toString(), dbsettings.value("ConnectionProperties").toMap());
- // Not entirely sure what is 'legacy' about the above, but it seems to be the way things work!
- QVariantMap authSettings = cs.authSettings().toMap();
- initAuthenticator(authSettings.value("AuthBackend").toString(), authSettings.value("ConnectionProperties").toMap());
-
+ // Not entirely sure what is 'legacy' about the above, but it seems to be the way things work!
+ QVariantMap authSettings = cs.authSettings().toMap();
+ initAuthenticator(authSettings.value("AuthBackend").toString(), authSettings.value("ConnectionProperties").toMap());
+
if (Quassel::isOptionSet("select-backend")) {
selectBackend(Quassel::optionValue("select-backend"));
exit(0);
}
-
+
// TODO: add --select-authenticator command line option and code.
if (!_configured) {
}
qDeleteAll(_sessions);
qDeleteAll(_storageBackends);
+ qDeleteAll(_authenticatorBackends);
}
return tr("Could not setup storage!");
}
+ quInfo() << "Selected authenticator: " << authBackend;
+ if (!(_configured = initAuthenticator(authBackend, authSetupData, true)))
+ {
+ return tr("Could not setup authenticator!");
+ }
+
if (!saveBackendSettings(backend, setupData)) {
return tr("Could not save backend settings, probably a permission problem.");
}
void Core::registerAuthenticatorBackends()
{
// Register new authentication backends here!
- //registerAuthenticatorBackend(new LdapAuthenticator(this));
registerAuthenticatorBackend(new SqlAuthenticator(this));
-
+#ifdef HAVE_LDAP
+ registerAuthenticatorBackend(new LdapAuthenticator(this));
+#endif
+
}
bool Core::registerAuthenticatorBackend(Authenticator *authenticator)
{
- if (authenticator->isAvailable())
- {
- _authenticatorBackends[authenticator->displayName()] = authenticator;
- return true;
- } else {
- authenticator->deleteLater();
- return false;
- }
+ if (authenticator->isAvailable())
+ {
+ _authenticatorBackends[authenticator->displayName()] = authenticator;
+ return true;
+ } else {
+ authenticator->deleteLater();
+ return false;
+ }
}
void Core::unregisterAuthenticatorBackends()
{
- foreach(Authenticator* a, _authenticatorBackends.values())
- {
- a->deleteLater();
- }
- _authenticatorBackends.clear();
+ foreach(Authenticator* a, _authenticatorBackends.values())
+ {
+ a->deleteLater();
+ }
+ _authenticatorBackends.clear();
}
void Core::unregisterAuthenticatorBackend(Authenticator *backend)
{
- _authenticatorBackends.remove(backend->displayName());
- backend->deleteLater();
+ _authenticatorBackends.remove(backend->displayName());
+ backend->deleteLater();
}
// old db settings:
bool Core::initAuthenticator(const QString &backend, const QVariantMap &settings, bool setup)
{
_authenticator = 0;
-
+
if (backend.isEmpty()) {
return false;
}
-
+
Authenticator *authenticator = 0;
if (_authenticatorBackends.contains(backend)) {
authenticator = _authenticatorBackends[backend];
unregisterAuthenticatorBackends();
}
_authenticator = authenticator;
- return true;
+ return true;
}
void Core::syncStorage()
return false;
}
+ if (!canChangeUserPassword(userId))
+ {
+ out << "User " << username << " is configured through an auth provider that has forbidden manual password changing." << endl;
+ return false;
+ }
+
out << "Change password for user: " << username << endl;
disableStdInEcho();
if (!isConfigured() || !userId.isValid())
return false;
+ if (!canChangeUserPassword(userId))
+ return false;
+
return instance()->_storage->updateUser(userId, password);
}
+// XXX: this code isn't currently 100% optimal because the core
+// doesn't know it can have multiple auth providers configured (there aren't
+// multiple auth providers at the moment anyway) and we have hardcoded the
+// Database provider to be always allowed.
+bool Core::canChangeUserPassword(UserId userId)
+{
+ QString authProvider = instance()->_storage->getUserAuthenticator(userId);
+ if (authProvider != "Database")
+ {
+ if (authProvider != instance()->_authenticator->displayName()) {
+ return false;
+ } else if (instance()->_authenticator->canChangePassword()) {
+ return false;
+ }
+ }
+ return true;
+}
AbstractSqlMigrationReader *Core::getMigrationReader(Storage *storage)
{