/***************************************************************************
- * Copyright (C) 2005-2015 by the Quassel Project *
+ * Copyright (C) 2005-2016 by the Quassel Project *
* devel@quassel-irc.org *
* *
* This program is free software; you can redistribute it and/or modify *
#include "network.h"
#include "quassel.h"
-// Link against LDAP.
+/* We should use openldap on windows if at all possible, rather than trying to
+ * write some kind of compatiblity routine.
+#ifdef Q_CC_MSVC
+#include <windows.h>
+#include <winldap.h>
+#else*/
#include <ldap.h>
+//#endif
LdapAuthenticator::LdapAuthenticator(QObject *parent)
: Authenticator(parent),
LdapAuthenticator::~LdapAuthenticator()
{
- if (_connection != 0)
- {
+ if (_connection != 0) {
ldap_unbind_ext(_connection, 0, 0);
}
}
bool LdapAuthenticator::isAvailable() const
{
- // XXX: probably this should test if we can speak to the LDAP server.
+ // FIXME: probably this should test if we can speak to the LDAP server.
return true;
}
-QString LdapAuthenticator::displayName() const
+
+QString LdapAuthenticator::backendId() const
{
- // We identify the backend to use for the monolithic core by its displayname.
+ // We identify the backend to use for the monolithic core by this identifier.
// so only change this string if you _really_ have to and make sure the core
// setup for the mono client still works ;)
return QString("LDAP");
}
+
+QString LdapAuthenticator::displayName() const
+{
+ return tr("LDAP");
+}
+
+
QString LdapAuthenticator::description() const
{
return tr("Authenticate users using an LDAP server.");
return keys;
}
+
QVariantMap LdapAuthenticator::setupDefaults() const
{
QVariantMap map;
return map;
}
-void LdapAuthenticator::setConnectionProperties(const QVariantMap &properties)
+
+void LdapAuthenticator::setAuthProperties(const QVariantMap &properties)
{
_hostName = properties["Hostname"].toString();
_port = properties["Port"].toInt();
_uidAttribute = properties["UID Attribute"].toString();
}
-// XXX: this code is sufficiently general that in the future, perhaps an abstract
+// TODO: this code is sufficiently general that in the future, perhaps an abstract
// class should be created implementing it.
// i.e. a provider that does its own thing and then pokes at the current storage
// through the default core method.
UserId LdapAuthenticator::validateUser(const QString &username, const QString &password)
{
bool result = ldapAuth(username, password);
- if (!result)
- {
+ if (!result) {
return UserId();
}
// If auth succeeds, but the user has not logged into quassel previously, make
// a new user for them and return that ID.
- // Users created via LDAP have empty usernames.
- UserId quasselID = Core::validateUser(username, QString());
- if (!quasselID.isValid())
- {
- return Core::addUser(username, QString());
+ // Users created via LDAP have empty passwords, but authenticator column = LDAP.
+ // On the other hand, if auth succeeds and the user already exists, do a final
+ // cross-check to confirm we're using the right auth provider.
+ UserId quasselId = Core::validateUser(username, QString());
+ if (!quasselId.isValid()) {
+ return Core::addUser(username, QString(), backendId());
+ }
+ else if (!(Core::checkAuthProvider(quasselId, backendId()))) {
+ return 0;
}
- return quasselID;
+ return quasselId;
}
+
bool LdapAuthenticator::setup(const QVariantMap &settings)
{
- setConnectionProperties(settings);
+ setAuthProperties(settings);
bool status = ldapConnect();
return status;
}
+
Authenticator::State LdapAuthenticator::init(const QVariantMap &settings)
{
- setConnectionProperties(settings);
+ setAuthProperties(settings);
bool status = ldapConnect();
- if (!status)
- {
- quInfo() << qPrintable(displayName()) << "Authenticator cannot connect.";
+ if (!status) {
+ quInfo() << qPrintable(backendId()) << "Authenticator cannot connect.";
return NotAvailable;
}
- quInfo() << qPrintable(displayName()) << "Authenticator is ready.";
+ quInfo() << qPrintable(backendId()) << "Authenticator is ready.";
return IsReady;
}
return true;
}
+
void LdapAuthenticator::ldapDisconnect()
{
if (_connection == 0) {
_connection = 0;
}
+
bool LdapAuthenticator::ldapAuth(const QString &username, const QString &password)
{
if (password.isEmpty()) {
// Attempt to establish a connection.
if (_connection == 0) {
- if (not ldapConnect()) {
+ if (!ldapConnect()) {
return false;
}
}
QByteArray baseDN = _baseDN.toLocal8Bit();
QByteArray uidAttribute = _uidAttribute.toLocal8Bit();
- cred.bv_val = const_cast<char*>(bindPassword.size() > 0 ? bindPassword.constData() : NULL);
+ cred.bv_val = (bindPassword.size() > 0 ? bindPassword.data() : NULL);
cred.bv_len = bindPassword.size();
res = ldap_sasl_bind_s(_connection, bindDN.size() > 0 ? bindDN.constData() : 0, LDAP_SASL_SIMPLE, &cred, 0, 0, 0);
return false;
}
- const QByteArray passwordArray = password.toLocal8Bit();
- cred.bv_val = const_cast<char*>(passwordArray.constData());
+ QByteArray passwordArray = password.toLocal8Bit();
+ cred.bv_val = passwordArray.data();
cred.bv_len = password.size();
char *userDN = ldap_get_dn(_connection, entry);
projects / quassel.git / blobdiff