X-Git-Url: https://git.quassel-irc.org/?p=quassel.git;a=blobdiff_plain;f=src%2Fcore%2Fcore.cpp;h=b103b42d80c5f7096f55ea62948f20c70a738a5d;hp=4413211e1e6334016e95a54c66588850d5208760;hb=9f2fbea7c308914d0b737ec9a936a004d4687223;hpb=04315f46a16fc3627218377071e008b6b9744992 diff --git a/src/core/core.cpp b/src/core/core.cpp index 4413211e..b103b42d 100644 --- a/src/core/core.cpp +++ b/src/core/core.cpp @@ -1,5 +1,5 @@ /*************************************************************************** - * Copyright (C) 2005-2013 by the Quassel Project * + * Copyright (C) 2005-2018 by the Quassel Project * * devel@quassel-irc.org * * * * This program is free software; you can redistribute it and/or modify * @@ -18,35 +18,36 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * ***************************************************************************/ +#include + #include #include "core.h" +#include "coreauthhandler.h" #include "coresession.h" #include "coresettings.h" +#include "logger.h" #include "internalpeer.h" +#include "network.h" #include "postgresqlstorage.h" #include "quassel.h" +#include "sqlauthenticator.h" #include "sqlitestorage.h" -#include "network.h" -#include "logger.h" - #include "util.h" -#include "protocols/legacy/legacypeer.h" +// Currently building with LDAP bindings is optional. +#ifdef HAVE_LDAP +#include "ldapauthenticator.h" +#endif // migration related #include -#ifdef Q_OS_WIN32 +#ifdef Q_OS_WIN # include #else # include # include -#endif /* Q_OS_WIN32 */ - -#ifdef HAVE_UMASK -# include -# include -#endif /* HAVE_UMASK */ +#endif /* Q_OS_WIN */ // ============================== // Custom Events @@ -65,335 +66,366 @@ public: // ============================== // Core // ============================== -Core *Core::instanceptr = 0; +Core *Core::_instance{nullptr}; Core *Core::instance() { - if (instanceptr) return instanceptr; - instanceptr = new Core(); - instanceptr->init(); - return instanceptr; + return _instance; } -void Core::destroy() +Core::Core() { - delete instanceptr; - instanceptr = 0; + if (_instance) { + qWarning() << "Recreating core instance!"; + delete _instance; + } + _instance = this; + + // Parent all QObject-derived attributes, so when the Core instance gets moved into another + // thread, they get moved with it + _server.setParent(this); + _v6server.setParent(this); + _storageSyncTimer.setParent(this); } -Core::Core() - : _storage(0) +Core::~Core() { -#ifdef HAVE_UMASK - umask(S_IRWXG | S_IRWXO); -#endif - _startTime = QDateTime::currentDateTime().toUTC(); // for uptime :) - - Quassel::loadTranslation(QLocale::system()); + saveState(); + qDeleteAll(_connectingClients); + qDeleteAll(_sessions); + syncStorage(); + _instance = nullptr; +} - // FIXME: MIGRATION 0.3 -> 0.4: Move database and core config to new location - // Move settings, note this does not delete the old files -#ifdef Q_WS_MAC - QSettings newSettings("quassel-irc.org", "quasselcore"); -#else -# ifdef Q_WS_WIN - QSettings::Format format = QSettings::IniFormat; -# else - QSettings::Format format = QSettings::NativeFormat; -# endif - QString newFilePath = Quassel::configDirPath() + "quasselcore" - + ((format == QSettings::NativeFormat) ? QLatin1String(".conf") : QLatin1String(".ini")); - QSettings newSettings(newFilePath, format); -#endif /* Q_WS_MAC */ - - if (newSettings.value("Config/Version").toUInt() == 0) { -# ifdef Q_WS_MAC - QString org = "quassel-irc.org"; -# else - QString org = "Quassel Project"; -# endif - QSettings oldSettings(org, "Quassel Core"); - if (oldSettings.allKeys().count()) { - qWarning() << "\n\n*** IMPORTANT: Config and data file locations have changed. Attempting to auto-migrate your core settings..."; - foreach(QString key, oldSettings.allKeys()) - newSettings.setValue(key, oldSettings.value(key)); - newSettings.setValue("Config/Version", 1); - qWarning() << "* Your core settings have been migrated to" << newSettings.fileName(); - -#ifndef Q_WS_MAC /* we don't need to move the db and cert for mac */ -#ifdef Q_OS_WIN32 - QString quasselDir = qgetenv("APPDATA") + "/quassel/"; -#elif defined Q_WS_MAC - QString quasselDir = QDir::homePath() + "/Library/Application Support/Quassel/"; -#else - QString quasselDir = QDir::homePath() + "/.quassel/"; -#endif +bool Core::init() +{ + _startTime = QDateTime::currentDateTime().toUTC(); // for uptime :) - QFileInfo info(Quassel::configDirPath() + "quassel-storage.sqlite"); - if (!info.exists()) { - // move database, if we found it - QFile oldDb(quasselDir + "quassel-storage.sqlite"); - if (oldDb.exists()) { - bool success = oldDb.rename(Quassel::configDirPath() + "quassel-storage.sqlite"); - if (success) - qWarning() << "* Your database has been moved to" << Quassel::configDirPath() + "quassel-storage.sqlite"; - else - qWarning() << "!!! Moving your database has failed. Please move it manually into" << Quassel::configDirPath(); - } - } - // move certificate - QFileInfo certInfo(quasselDir + "quasselCert.pem"); - if (certInfo.exists()) { - QFile cert(quasselDir + "quasselCert.pem"); - bool success = cert.rename(Quassel::configDirPath() + "quasselCert.pem"); - if (success) - qWarning() << "* Your certificate has been moved to" << Quassel::configDirPath() + "quasselCert.pem"; - else - qWarning() << "!!! Moving your certificate has failed. Please move it manually into" << Quassel::configDirPath(); - } -#endif /* !Q_WS_MAC */ - qWarning() << "*** Migration completed.\n\n"; - } - } - // MIGRATION end + Quassel::loadTranslation(QLocale::system()); // check settings version // so far, we only have 1 CoreSettings s; if (s.version() != 1) { qCritical() << "Invalid core settings version, terminating!"; - exit(EXIT_FAILURE); + QCoreApplication::exit(EXIT_FAILURE); + return false; } + // Set up storage and authentication backends registerStorageBackends(); + registerAuthenticators(); - connect(&_storageSyncTimer, SIGNAL(timeout()), this, SLOT(syncStorage())); - _storageSyncTimer.start(10 * 60 * 1000); // 10 minutes -} + QProcessEnvironment environment = QProcessEnvironment::systemEnvironment(); + bool config_from_environment = Quassel::isOptionSet("config-from-environment"); + QString db_backend; + QVariantMap db_connectionProperties; -void Core::init() -{ - CoreSettings cs; - _configured = initStorage(cs.storageSettings().toMap()); + QString auth_authenticator; + QVariantMap auth_properties; + + bool writeError = false; + + if (config_from_environment) { + db_backend = environment.value("DB_BACKEND"); + auth_authenticator = environment.value("AUTH_AUTHENTICATOR"); + } else { + CoreSettings cs; + + QVariantMap dbsettings = cs.storageSettings().toMap(); + db_backend = dbsettings.value("Backend").toString(); + db_connectionProperties = dbsettings.value("ConnectionProperties").toMap(); - if (Quassel::isOptionSet("select-backend")) { - selectBackend(Quassel::optionValue("select-backend")); - exit(0); + QVariantMap authSettings = cs.authSettings().toMap(); + auth_authenticator = authSettings.value("Authenticator", "Database").toString(); + auth_properties = authSettings.value("AuthProperties").toMap(); + + writeError = !cs.isWritable(); } - if (!_configured) { - if (!_storageBackends.count()) { - qWarning() << qPrintable(tr("Could not initialize any storage backend! Exiting...")); - qWarning() << qPrintable(tr("Currently, Quassel supports SQLite3 and PostgreSQL. You need to build your\n" - "Qt library with the sqlite or postgres plugin enabled in order for quasselcore\n" - "to work.")); - exit(1); // TODO make this less brutal (especially for mono client -> popup) + // legacy + _configured = initStorage(db_backend, db_connectionProperties, environment, config_from_environment); + + // Not entirely sure what is 'legacy' about the above, but it seems to be the way things work! + if (_configured) { + initAuthenticator(auth_authenticator, auth_properties, environment, config_from_environment); + } + + if (Quassel::isOptionSet("select-backend") || Quassel::isOptionSet("select-authenticator")) { + bool success{true}; + if (Quassel::isOptionSet("select-backend")) { + success &= selectBackend(Quassel::optionValue("select-backend")); } - qWarning() << "Core is currently not configured! Please connect with a Quassel Client for basic setup."; + if (Quassel::isOptionSet("select-authenticator")) { + success &= selectAuthenticator(Quassel::optionValue("select-authenticator")); + } + QCoreApplication::exit(success ? EXIT_SUCCESS : EXIT_FAILURE); + return success; } - if (Quassel::isOptionSet("add-user")) { - createUser(); - exit(0); + if (!_configured) { + if (config_from_environment) { + _configured = initStorage(db_backend, db_connectionProperties, environment, config_from_environment, true); + initAuthenticator(auth_authenticator, auth_properties, environment, config_from_environment, true); + + if (!_configured) { + qWarning() << "Cannot configure from environment"; + QCoreApplication::exit(EXIT_FAILURE); + return false; + } + } + else { + if (_registeredStorageBackends.empty()) { + quWarning() << qPrintable(tr("Could not initialize any storage backend! Exiting...")); + quWarning() + << qPrintable(tr("Currently, Quassel supports SQLite3 and PostgreSQL. You need to build your\n" + "Qt library with the sqlite or postgres plugin enabled in order for quasselcore\n" + "to work.")); + QCoreApplication::exit(EXIT_FAILURE); // TODO make this less brutal (especially for mono client -> popup) + return false; + } + + if (writeError) { + qWarning() << "Cannot write quasselcore configuration; probably a permission problem."; + QCoreApplication::exit(EXIT_FAILURE); + return false; + } + + quInfo() << "Core is currently not configured! Please connect with a Quassel Client for basic setup."; + } } + else { + if (Quassel::isOptionSet("add-user")) { + bool success = createUser(); + QCoreApplication::exit(success ? EXIT_SUCCESS : EXIT_FAILURE); + return success; + } + + if (Quassel::isOptionSet("change-userpass")) { + bool success = changeUserPass(Quassel::optionValue("change-userpass")); + QCoreApplication::exit(success ? EXIT_SUCCESS : EXIT_FAILURE); + return success; + } + + _strictIdentEnabled = Quassel::isOptionSet("strict-ident"); + if (_strictIdentEnabled) { + cacheSysIdent(); + } + + if (Quassel::isOptionSet("oidentd")) { + _oidentdConfigGenerator = new OidentdConfigGenerator(this); + } + + Quassel::registerReloadHandler([]() { + // Currently, only reloading SSL certificates and the sysident cache is supported + if (Core::instance()) { + Core::instance()->cacheSysIdent(); + Core::instance()->reloadCerts(); + return true; + } + return false; + }); - if (Quassel::isOptionSet("change-userpass")) { - changeUserPass(Quassel::optionValue("change-userpass")); - exit(0); + connect(&_storageSyncTimer, SIGNAL(timeout()), this, SLOT(syncStorage())); + _storageSyncTimer.start(10 * 60 * 1000); // 10 minutes } connect(&_server, SIGNAL(newConnection()), this, SLOT(incomingConnection())); connect(&_v6server, SIGNAL(newConnection()), this, SLOT(incomingConnection())); - if (!startListening()) exit(1); // TODO make this less brutal - - if (Quassel::isOptionSet("oidentd")) - _oidentdConfigGenerator = new OidentdConfigGenerator(this); -} + if (!startListening()) { + QCoreApplication::exit(EXIT_FAILURE); // TODO make this less brutal + return false; + } -Core::~Core() -{ - foreach(RemotePeer *peer, clientInfo.keys()) { - peer->close(); // disconnect non authed clients + if (_configured && !Quassel::isOptionSet("norestore")) { + Core::restoreState(); } - qDeleteAll(sessions); - qDeleteAll(_storageBackends); -} + return true; +} /*** Session Restore ***/ void Core::saveState() { - CoreSettings s; - QVariantMap state; - QVariantList activeSessions; - foreach(UserId user, instance()->sessions.keys()) activeSessions << QVariant::fromValue(user); - state["CoreStateVersion"] = 1; - state["ActiveSessions"] = activeSessions; - s.setCoreState(state); + if (_storage) { + QVariantList activeSessions; + for (auto &&user : instance()->_sessions.keys()) + activeSessions << QVariant::fromValue(user); + _storage->setCoreState(activeSessions); + } } void Core::restoreState() { - if (!instance()->_configured) { - // qWarning() << qPrintable(tr("Cannot restore a state for an unconfigured core!")); + if (!_configured) { + quWarning() << qPrintable(tr("Cannot restore a state for an unconfigured core!")); return; } - if (instance()->sessions.count()) { - qWarning() << qPrintable(tr("Calling restoreState() even though active sessions exist!")); + if (_sessions.count()) { + quWarning() << qPrintable(tr("Calling restoreState() even though active sessions exist!")); return; } + CoreSettings s; /* We don't check, since we are at the first version since switching to Git uint statever = s.coreState().toMap()["CoreStateVersion"].toUInt(); if(statever < 1) { - qWarning() << qPrintable(tr("Core state too old, ignoring...")); + quWarning() << qPrintable(tr("Core state too old, ignoring...")); return; } */ - QVariantList activeSessions = s.coreState().toMap()["ActiveSessions"].toList(); + const QList &activeSessionsFallback = s.coreState().toMap()["ActiveSessions"].toList(); + QVariantList activeSessions = instance()->_storage->getCoreState(activeSessionsFallback); + if (activeSessions.count() > 0) { quInfo() << "Restoring previous core state..."; - foreach(QVariant v, activeSessions) { + for(auto &&v : activeSessions) { UserId user = v.value(); - instance()->createSession(user, true); + sessionForUser(user, true); } } } /*** Core Setup ***/ -QString Core::setupCoreForInternalUsage() + +QString Core::setup(const QString &adminUser, const QString &adminPassword, const QString &backend, const QVariantMap &setupData, const QString &authenticator, const QVariantMap &authSetupData) { - Q_ASSERT(!_storageBackends.isEmpty()); - QVariantMap setupData; - qsrand(QDateTime::currentDateTime().toTime_t()); - int pass = 0; - for (int i = 0; i < 10; i++) { - pass *= 10; - pass += qrand() % 10; - } - setupData["AdminUser"] = "AdminUser"; - setupData["AdminPasswd"] = QString::number(pass); - setupData["Backend"] = QString("SQLite"); // mono client currently needs sqlite - return setupCore(setupData); + return instance()->setupCore(adminUser, adminPassword, backend, setupData, authenticator, authSetupData); } -QString Core::setupCore(QVariantMap setupData) +QString Core::setupCore(const QString &adminUser, const QString &adminPassword, const QString &backend, const QVariantMap &setupData, const QString &authenticator, const QVariantMap &authSetupData) { - QString user = setupData.take("AdminUser").toString(); - QString password = setupData.take("AdminPasswd").toString(); - if (user.isEmpty() || password.isEmpty()) { + if (_configured) + return tr("Core is already configured! Not configuring again..."); + + if (adminUser.isEmpty() || adminPassword.isEmpty()) { return tr("Admin user or password not set."); } - if (_configured || !(_configured = initStorage(setupData, true))) { + if (!(_configured = initStorage(backend, setupData, {}, false, true))) { return tr("Could not setup storage!"); } - CoreSettings s; - s.setStorageSettings(setupData); + + quInfo() << "Selected authenticator:" << authenticator; + if (!(_configured = initAuthenticator(authenticator, authSetupData, {}, false, true))) + { + return tr("Could not setup authenticator!"); + } + + if (!saveBackendSettings(backend, setupData)) { + return tr("Could not save backend settings, probably a permission problem."); + } + saveAuthenticatorSettings(authenticator, authSetupData); + quInfo() << qPrintable(tr("Creating admin user...")); - _storage->addUser(user, password); + _storage->addUser(adminUser, adminPassword); + cacheSysIdent(); startListening(); // TODO check when we need this return QString(); } -/*** Storage Handling ***/ -void Core::registerStorageBackends() +QString Core::setupCoreForInternalUsage() { - // Register storage backends here! - registerStorageBackend(new SqliteStorage(this)); - registerStorageBackend(new PostgreSqlStorage(this)); + Q_ASSERT(!_registeredStorageBackends.empty()); + + qsrand(QDateTime::currentDateTime().toMSecsSinceEpoch()); + int pass = 0; + for (int i = 0; i < 10; i++) { + pass *= 10; + pass += qrand() % 10; + } + + // mono client currently needs sqlite + return setupCore("AdminUser", QString::number(pass), "SQLite", QVariantMap(), "Database", QVariantMap()); } -bool Core::registerStorageBackend(Storage *backend) +/*** Storage Handling ***/ + +template +void Core::registerStorageBackend() { - if (backend->isAvailable()) { - _storageBackends[backend->displayName()] = backend; - return true; - } - else { + auto backend = makeDeferredShared(this); + if (backend->isAvailable()) + _registeredStorageBackends.emplace_back(std::move(backend)); + else backend->deleteLater(); - return false; - } } -void Core::unregisterStorageBackends() +void Core::registerStorageBackends() { - foreach(Storage *s, _storageBackends.values()) { - s->deleteLater(); + if (_registeredStorageBackends.empty()) { + registerStorageBackend(); + registerStorageBackend(); } - _storageBackends.clear(); } -void Core::unregisterStorageBackend(Storage *backend) +DeferredSharedPtr Core::storageBackend(const QString &backendId) const { - _storageBackends.remove(backend->displayName()); - backend->deleteLater(); + auto it = std::find_if(_registeredStorageBackends.begin(), _registeredStorageBackends.end(), + [backendId](const DeferredSharedPtr &backend) { + return backend->displayName() == backendId; + }); + return it != _registeredStorageBackends.end() ? *it : nullptr; } - // old db settings: // "Type" => "sqlite" -bool Core::initStorage(const QString &backend, QVariantMap settings, bool setup) +bool Core::initStorage(const QString &backend, const QVariantMap &settings, + const QProcessEnvironment &environment, bool loadFromEnvironment, bool setup) { - _storage = 0; - if (backend.isEmpty()) { + quWarning() << "No storage backend selected!"; return false; } - Storage *storage = 0; - if (_storageBackends.contains(backend)) { - storage = _storageBackends[backend]; - } - else { + auto storage = storageBackend(backend); + if (!storage) { qCritical() << "Selected storage backend is not available:" << backend; return false; } - Storage::State storageState = storage->init(settings); + Storage::State storageState = storage->init(settings, environment, loadFromEnvironment); switch (storageState) { case Storage::NeedsSetup: if (!setup) return false; // trigger setup process - if (storage->setup(settings)) - return initStorage(backend, settings, false); - // if setup wasn't successfull we mark the backend as unavailable + if (storage->setup(settings, environment, loadFromEnvironment)) + return initStorage(backend, settings, environment, loadFromEnvironment, false); + return false; + + // if initialization wasn't successful, we quit to keep from coming up unconfigured case Storage::NotAvailable: - qCritical() << "Selected storage backend is not available:" << backend; - storage->deleteLater(); - _storageBackends.remove(backend); - storage = 0; + qCritical() << "FATAL: Selected storage backend is not available:" << backend; + if (!setup) { + QCoreApplication::exit(EXIT_FAILURE); + } return false; + case Storage::IsReady: // delete all other backends - _storageBackends.remove(backend); - unregisterStorageBackends(); - connect(storage, SIGNAL(bufferInfoUpdated(UserId, const BufferInfo &)), this, SIGNAL(bufferInfoUpdated(UserId, const BufferInfo &))); + _registeredStorageBackends.clear(); + connect(storage.get(), SIGNAL(bufferInfoUpdated(UserId, const BufferInfo &)), + this, SIGNAL(bufferInfoUpdated(UserId, const BufferInfo &))); + break; } - _storage = storage; + _storage = std::move(storage); return true; } -bool Core::initStorage(QVariantMap dbSettings, bool setup) -{ - return initStorage(dbSettings["Backend"].toString(), dbSettings["ConnectionProperties"].toMap(), setup); -} - - void Core::syncStorage() { if (_storage) @@ -413,8 +445,143 @@ bool Core::createNetwork(UserId user, NetworkInfo &info) } +/*** Authenticators ***/ + +// Authentication handling, now independent from storage. +template +void Core::registerAuthenticator() +{ + auto authenticator = makeDeferredShared(this); + if (authenticator->isAvailable()) + _registeredAuthenticators.emplace_back(std::move(authenticator)); + else + authenticator->deleteLater(); +} + + +void Core::registerAuthenticators() +{ + if (_registeredAuthenticators.empty()) { + registerAuthenticator(); +#ifdef HAVE_LDAP + registerAuthenticator(); +#endif + } +} + + +DeferredSharedPtr Core::authenticator(const QString &backendId) const +{ + auto it = std::find_if(_registeredAuthenticators.begin(), _registeredAuthenticators.end(), + [backendId](const DeferredSharedPtr &authenticator) { + return authenticator->backendId() == backendId; + }); + return it != _registeredAuthenticators.end() ? *it : nullptr; +} + + +// FIXME: Apparently, this is the legacy way of initting storage backends? +// If there's a not-legacy way, it should be used here +bool Core::initAuthenticator(const QString &backend, const QVariantMap &settings, + const QProcessEnvironment &environment, bool loadFromEnvironment, + bool setup) +{ + if (backend.isEmpty()) { + quWarning() << "No authenticator selected!"; + return false; + } + + auto auth = authenticator(backend); + if (!auth) { + qCritical() << "Selected auth backend is not available:" << backend; + return false; + } + + Authenticator::State authState = auth->init(settings, environment, loadFromEnvironment); + switch (authState) { + case Authenticator::NeedsSetup: + if (!setup) + return false; // trigger setup process + if (auth->setup(settings, environment, loadFromEnvironment)) + return initAuthenticator(backend, settings, environment, loadFromEnvironment, false); + return false; + + // if initialization wasn't successful, we quit to keep from coming up unconfigured + case Authenticator::NotAvailable: + qCritical() << "FATAL: Selected auth backend is not available:" << backend; + if (!setup) { + QCoreApplication::exit(EXIT_FAILURE); + } + return false; + + case Authenticator::IsReady: + // delete all other backends + _registeredAuthenticators.clear(); + break; + } + _authenticator = std::move(auth); + return true; +} + + /*** Network Management ***/ +bool Core::sslSupported() +{ +#ifdef HAVE_SSL + SslServer *sslServer = qobject_cast(&instance()->_server); + return sslServer && sslServer->isCertValid(); +#else + return false; +#endif +} + + +bool Core::reloadCerts() +{ +#ifdef HAVE_SSL + SslServer *sslServerv4 = qobject_cast(&_server); + bool retv4 = sslServerv4->reloadCerts(); + + SslServer *sslServerv6 = qobject_cast(&_v6server); + bool retv6 = sslServerv6->reloadCerts(); + + return retv4 && retv6; +#else + // SSL not supported, don't mark configuration reload as failed + return true; +#endif +} + + +void Core::cacheSysIdent() +{ + if (isConfigured()) { + _authUserNames = _storage->getAllAuthUserNames(); + } +} + + +QString Core::strictSysIdent(UserId user) const +{ + if (_authUserNames.contains(user)) { + return _authUserNames[user]; + } + + // A new user got added since we last pulled our cache from the database. + // There's no way to avoid a database hit - we don't even know the authname! + instance()->cacheSysIdent(); + + if (_authUserNames.contains(user)) { + return _authUserNames[user]; + } + + // ...something very weird is going on if we ended up here (an active CoreSession without a corresponding database entry?) + qWarning().nospace() << "Unable to find authusername for UserId " << user << ", this should never happen!"; + return "unknown"; // Should we just terminate the program instead? +} + + bool Core::startListening() { // in mono mode we only start a local port if a port is specified in the cli call @@ -517,13 +684,14 @@ void Core::incomingConnection() Q_ASSERT(server); while (server->hasPendingConnections()) { QTcpSocket *socket = server->nextPendingConnection(); - RemotePeer *peer = new LegacyPeer(socket, this); - connect(peer, SIGNAL(disconnected()), SLOT(clientDisconnected())); - connect(peer, SIGNAL(dataReceived(QVariant)), SLOT(processClientMessage(QVariant))); - connect(peer, SIGNAL(error(QAbstractSocket::SocketError)), SLOT(socketError(QAbstractSocket::SocketError))); + CoreAuthHandler *handler = new CoreAuthHandler(socket, this); + _connectingClients.insert(handler); + + connect(handler, SIGNAL(disconnected()), SLOT(clientDisconnected())); + connect(handler, SIGNAL(socketError(QAbstractSocket::SocketError,QString)), SLOT(socketError(QAbstractSocket::SocketError,QString))); + connect(handler, SIGNAL(handshakeComplete(RemotePeer*,UserId)), SLOT(setupClientSession(RemotePeer*,UserId))); - clientInfo.insert(peer, QVariantMap()); quInfo() << qPrintable(tr("Client connected from")) << qPrintable(socket->peerAddress().toString()); if (!_configured) { @@ -533,168 +701,15 @@ void Core::incomingConnection() } -void Core::processClientMessage(const QVariant &data) -{ - RemotePeer *peer = qobject_cast(sender()); - if (!peer) { - qWarning() << Q_FUNC_INFO << "Message not sent by RemoteConnection!"; - return; - } - - QVariantMap msg = data.toMap(); - if (!msg.contains("MsgType")) { - // Client is way too old, does not even use the current init format - qWarning() << qPrintable(tr("Antique client trying to connect... refusing.")); - peer->close(); - return; - } - - // OK, so we have at least an init message format we can understand - if (msg["MsgType"] == "ClientInit") { - QVariantMap reply; - - // Just version information -- check it! - uint ver = msg["ProtocolVersion"].toUInt(); - if (ver < Quassel::buildInfo().coreNeedsProtocol) { - reply["MsgType"] = "ClientInitReject"; - reply["Error"] = tr("Your Quassel Client is too old!
" - "This core needs at least client/core protocol version %1.
" - "Please consider upgrading your client.").arg(Quassel::buildInfo().coreNeedsProtocol); - peer->writeSocketData(reply); - qWarning() << qPrintable(tr("Client")) << peer->description() << qPrintable(tr("too old, rejecting.")); - peer->close(); - return; - } - - reply["ProtocolVersion"] = Quassel::buildInfo().protocolVersion; - reply["CoreVersion"] = Quassel::buildInfo().fancyVersionString; - reply["CoreDate"] = Quassel::buildInfo().buildDate; - reply["CoreStartTime"] = startTime(); // v10 clients don't necessarily parse this, see below - - // FIXME: newer clients no longer use the hardcoded CoreInfo (for now), since it gets the - // time zone wrong. With the next protocol bump (10 -> 11), we should remove this - // or make it properly configurable. - - int uptime = startTime().secsTo(QDateTime::currentDateTime().toUTC()); - int updays = uptime / 86400; uptime %= 86400; - int uphours = uptime / 3600; uptime %= 3600; - int upmins = uptime / 60; - reply["CoreInfo"] = tr("Quassel Core Version %1
" - "Built: %2
" - "Up %3d%4h%5m (since %6)").arg(Quassel::buildInfo().fancyVersionString) - .arg(Quassel::buildInfo().buildDate) - .arg(updays).arg(uphours, 2, 10, QChar('0')).arg(upmins, 2, 10, QChar('0')).arg(startTime().toString(Qt::TextDate)); - - reply["CoreFeatures"] = (int)Quassel::features(); - -#ifdef HAVE_SSL - SslServer *sslServer = qobject_cast(&_server); - QSslSocket *sslSocket = qobject_cast(peer->socket()); - bool supportSsl = sslServer && sslSocket && sslServer->isCertValid(); -#else - bool supportSsl = false; -#endif - -#ifndef QT_NO_COMPRESS - bool supportsCompression = true; -#else - bool supportsCompression = false; -#endif - - reply["SupportSsl"] = supportSsl; - reply["SupportsCompression"] = supportsCompression; - // switch to ssl/compression after client has been informed about our capabilities (see below) - - reply["LoginEnabled"] = true; - - // check if we are configured, start wizard otherwise - if (!_configured) { - reply["Configured"] = false; - QList backends; - foreach(Storage *backend, _storageBackends.values()) { - QVariantMap v; - v["DisplayName"] = backend->displayName(); - v["Description"] = backend->description(); - v["SetupKeys"] = backend->setupKeys(); - v["SetupDefaults"] = backend->setupDefaults(); - backends.append(v); - } - reply["StorageBackends"] = backends; - reply["LoginEnabled"] = false; - } - else { - reply["Configured"] = true; - } - clientInfo[peer] = msg; // store for future reference - reply["MsgType"] = "ClientInitAck"; - peer->writeSocketData(reply); - peer->socket()->flush(); // ensure that the write cache is flushed before we switch to ssl - -#ifdef HAVE_SSL - // after we told the client that we are ssl capable we switch to ssl mode - if (supportSsl && msg["UseSsl"].toBool()) { - qDebug() << qPrintable(tr("Starting TLS for Client:")) << peer->description(); - connect(sslSocket, SIGNAL(sslErrors(const QList &)), SLOT(sslErrors(const QList &))); - sslSocket->startServerEncryption(); - } -#endif - -#ifndef QT_NO_COMPRESS - if (supportsCompression && msg["UseCompression"].toBool()) { - peer->socket()->setProperty("UseCompression", true); - qDebug() << "Using compression for Client:" << qPrintable(peer->socket()->peerAddress().toString()); - } -#endif - } - else { - // for the rest, we need an initialized connection - if (!clientInfo.contains(peer)) { - QVariantMap reply; - reply["MsgType"] = "ClientLoginReject"; - reply["Error"] = tr("Client not initialized!
You need to send an init message before trying to login."); - peer->writeSocketData(reply); - qWarning() << qPrintable(tr("Client")) << qPrintable(peer->socket()->peerAddress().toString()) << qPrintable(tr("did not send an init message before trying to login, rejecting.")); - peer->close(); return; - } - if (msg["MsgType"] == "CoreSetupData") { - QVariantMap reply; - QString result = setupCore(msg["SetupData"].toMap()); - if (!result.isEmpty()) { - reply["MsgType"] = "CoreSetupReject"; - reply["Error"] = result; - } - else { - reply["MsgType"] = "CoreSetupAck"; - } - peer->writeSocketData(reply); - } - else if (msg["MsgType"] == "ClientLogin") { - QVariantMap reply; - UserId uid = _storage->validateUser(msg["User"].toString(), msg["Password"].toString()); - if (uid == 0) { - reply["MsgType"] = "ClientLoginReject"; - reply["Error"] = tr("Invalid username or password!
The username/password combination you supplied could not be found in the database."); - peer->writeSocketData(reply); - return; - } - reply["MsgType"] = "ClientLoginAck"; - peer->writeSocketData(reply); - quInfo() << qPrintable(tr("Client")) << qPrintable(peer->socket()->peerAddress().toString()) << qPrintable(tr("initialized and authenticated successfully as \"%1\" (UserId: %2).").arg(msg["User"].toString()).arg(uid.toInt())); - setupClientSession(peer, uid); - } - } -} - - // Potentially called during the initialization phase (before handing the connection off to the session) void Core::clientDisconnected() { - RemotePeer *peer = qobject_cast(sender()); - Q_ASSERT(peer); + CoreAuthHandler *handler = qobject_cast(sender()); + Q_ASSERT(handler); - quInfo() << qPrintable(tr("Non-authed client disconnected.")) << qPrintable(peer->socket()->peerAddress().toString()); - clientInfo.remove(peer); - peer->deleteLater(); + quInfo() << qPrintable(tr("Non-authed client disconnected:")) << qPrintable(handler->socket()->peerAddress().toString()); + _connectingClients.remove(handler); + handler->deleteLater(); // make server listen again if still not configured if (!_configured) { @@ -708,24 +723,16 @@ void Core::clientDisconnected() void Core::setupClientSession(RemotePeer *peer, UserId uid) { + CoreAuthHandler *handler = qobject_cast(sender()); + Q_ASSERT(handler); + // From now on everything is handled by the client session - disconnect(peer, 0, this, 0); - peer->socket()->flush(); - clientInfo.remove(peer); + disconnect(handler, 0, this, 0); + _connectingClients.remove(handler); + handler->deleteLater(); // Find or create session for validated user - SessionThread *session; - if (sessions.contains(uid)) { - session = sessions[uid]; - } - else { - session = createSession(uid); - if (!session) { - qWarning() << qPrintable(tr("Could not initialize session for client:")) << qPrintable(peer->socket()->peerAddress().toString()); - peer->close(); - return; - } - } + sessionForUser(uid); // as we are currently handling an event triggered by incoming data on this socket // it is unsafe to directly move the socket to the client thread. @@ -746,13 +753,7 @@ void Core::customEvent(QEvent *event) void Core::addClientHelper(RemotePeer *peer, UserId uid) { // Find or create session for validated user - if (!sessions.contains(uid)) { - qWarning() << qPrintable(tr("Could not find a session for client:")) << qPrintable(peer->socket()->peerAddress().toString()); - peer->close(); - return; - } - - SessionThread *session = sessions[uid]; + SessionThread *session = sessionForUser(uid); session->addClient(peer); } @@ -769,7 +770,7 @@ void Core::setupInternalClientSession(InternalPeer *clientPeer) uid = _storage->internalUser(); } else { - qWarning() << "Core::setupInternalClientSession(): You're trying to run monolithic Quassel with an unusable Backend! Go fix it!"; + quWarning() << "Core::setupInternalClientSession(): You're trying to run monolithic Quassel with an unusable Backend! Go fix it!"; return; } @@ -778,126 +779,212 @@ void Core::setupInternalClientSession(InternalPeer *clientPeer) clientPeer->setPeer(corePeer); // Find or create session for validated user - SessionThread *sessionThread; - if (sessions.contains(uid)) - sessionThread = sessions[uid]; - else - sessionThread = createSession(uid); - + SessionThread *sessionThread = sessionForUser(uid); sessionThread->addClient(corePeer); } -SessionThread *Core::createSession(UserId uid, bool restore) +SessionThread *Core::sessionForUser(UserId uid, bool restore) { - if (sessions.contains(uid)) { - qWarning() << "Calling createSession() when a session for the user already exists!"; - return 0; - } - SessionThread *sess = new SessionThread(uid, restore, this); - sessions[uid] = sess; - sess->start(); - return sess; + if (_sessions.contains(uid)) + return _sessions[uid]; + + SessionThread *session = new SessionThread(uid, restore, strictIdentEnabled(), this); + _sessions[uid] = session; + session->start(); + return session; } -#ifdef HAVE_SSL -void Core::sslErrors(const QList &errors) +void Core::socketError(QAbstractSocket::SocketError err, const QString &errorString) { - Q_UNUSED(errors); - QSslSocket *socket = qobject_cast(sender()); - if (socket) - socket->ignoreSslErrors(); + quWarning() << QString("Socket error %1: %2").arg(err).arg(errorString); } -#endif - -void Core::socketError(QAbstractSocket::SocketError err) +QVariantList Core::backendInfo() { - RemotePeer *peer = qobject_cast(sender()); - if (peer && err != QAbstractSocket::RemoteHostClosedError) - qWarning() << "Core::socketError()" << peer->socket() << err << peer->socket()->errorString(); + instance()->registerStorageBackends(); + + QVariantList backendInfos; + for (auto &&backend : instance()->_registeredStorageBackends) { + QVariantMap v; + v["BackendId"] = backend->backendId(); + v["DisplayName"] = backend->displayName(); + v["Description"] = backend->description(); + v["SetupData"] = backend->setupData(); // ignored by legacy clients + + // TODO Protocol Break: Remove legacy (cf. authenticatorInfo()) + const auto &setupData = backend->setupData(); + QStringList setupKeys; + QVariantMap setupDefaults; + for (int i = 0; i + 2 < setupData.size(); i += 3) { + setupKeys << setupData[i].toString(); + setupDefaults[setupData[i].toString()] = setupData[i + 2]; + } + v["SetupKeys"] = setupKeys; + v["SetupDefaults"] = setupDefaults; + // TODO Protocol Break: Remove + v["IsDefault"] = (backend->backendId() == "SQLite"); // newer clients will just use the first in the list + + backendInfos << v; + } + return backendInfos; } +QVariantList Core::authenticatorInfo() +{ + instance()->registerAuthenticators(); + + QVariantList authInfos; + for(auto &&backend : instance()->_registeredAuthenticators) { + QVariantMap v; + v["BackendId"] = backend->backendId(); + v["DisplayName"] = backend->displayName(); + v["Description"] = backend->description(); + v["SetupData"] = backend->setupData(); + authInfos << v; + } + return authInfos; +} + // migration / backend selection bool Core::selectBackend(const QString &backend) { // reregister all storage backends registerStorageBackends(); - if (!_storageBackends.contains(backend)) { - qWarning() << qPrintable(QString("Core::selectBackend(): unsupported backend: %1").arg(backend)); - qWarning() << " supported backends are:" << qPrintable(QStringList(_storageBackends.keys()).join(", ")); + auto storage = storageBackend(backend); + if (!storage) { + QStringList backends; + std::transform(_registeredStorageBackends.begin(), _registeredStorageBackends.end(), + std::back_inserter(backends), [](const DeferredSharedPtr& backend) { + return backend->displayName(); + }); + quWarning() << qPrintable(tr("Unsupported storage backend: %1").arg(backend)); + quWarning() << qPrintable(tr("Supported backends are:")) << qPrintable(backends.join(", ")); return false; } - Storage *storage = _storageBackends[backend]; - QVariantMap settings = promptForSettings(storage); + QVariantMap settings = promptForSettings(storage.get()); Storage::State storageState = storage->init(settings); switch (storageState) { case Storage::IsReady: - saveBackendSettings(backend, settings); - qWarning() << "Switched backend to:" << qPrintable(backend); - qWarning() << "Backend already initialized. Skipping Migration"; + if (!saveBackendSettings(backend, settings)) { + qCritical() << qPrintable(QString("Could not save backend settings, probably a permission problem.")); + } + quWarning() << qPrintable(tr("Switched storage backend to: %1").arg(backend)); + quWarning() << qPrintable(tr("Backend already initialized. Skipping Migration...")); return true; case Storage::NotAvailable: - qCritical() << "Backend is not available:" << qPrintable(backend); + qCritical() << qPrintable(tr("Storage backend is not available: %1").arg(backend)); return false; case Storage::NeedsSetup: if (!storage->setup(settings)) { - qWarning() << qPrintable(QString("Core::selectBackend(): unable to setup backend: %1").arg(backend)); + quWarning() << qPrintable(tr("Unable to setup storage backend: %1").arg(backend)); return false; } if (storage->init(settings) != Storage::IsReady) { - qWarning() << qPrintable(QString("Core::migrateBackend(): unable to initialize backend: %1").arg(backend)); + quWarning() << qPrintable(tr("Unable to initialize storage backend: %1").arg(backend)); return false; } - saveBackendSettings(backend, settings); - qWarning() << "Switched backend to:" << qPrintable(backend); + if (!saveBackendSettings(backend, settings)) { + qCritical() << qPrintable(QString("Could not save backend settings, probably a permission problem.")); + } + quWarning() << qPrintable(tr("Switched storage backend to: %1").arg(backend)); break; } // let's see if we have a current storage object we can migrate from - AbstractSqlMigrationReader *reader = getMigrationReader(_storage); - AbstractSqlMigrationWriter *writer = getMigrationWriter(storage); + auto reader = getMigrationReader(_storage.get()); + auto writer = getMigrationWriter(storage.get()); if (reader && writer) { - qDebug() << qPrintable(QString("Migrating Storage backend %1 to %2...").arg(_storage->displayName(), storage->displayName())); - delete _storage; - _storage = 0; - delete storage; - storage = 0; - if (reader->migrateTo(writer)) { + qDebug() << qPrintable(tr("Migrating storage backend %1 to %2...").arg(_storage->displayName(), storage->displayName())); + _storage.reset(); + storage.reset(); + if (reader->migrateTo(writer.get())) { qDebug() << "Migration finished!"; - saveBackendSettings(backend, settings); + qDebug() << qPrintable(tr("Migration finished!")); + if (!saveBackendSettings(backend, settings)) { + qCritical() << qPrintable(QString("Could not save backend settings, probably a permission problem.")); + return false; + } return true; } + quWarning() << qPrintable(tr("Unable to migrate storage backend! (No migration writer for %1)").arg(backend)); return false; - qWarning() << qPrintable(QString("Core::migrateDb(): unable to migrate storage backend! (No migration writer for %1)").arg(backend)); } // inform the user why we cannot merge if (!_storage) { - qWarning() << "No currently active backend. Skipping migration."; + quWarning() << qPrintable(tr("No currently active storage backend. Skipping migration...")); } else if (!reader) { - qWarning() << "Currently active backend does not support migration:" << qPrintable(_storage->displayName()); + quWarning() << qPrintable(tr("Currently active storage backend does not support migration: %1").arg(_storage->displayName())); } if (writer) { - qWarning() << "New backend does not support migration:" << qPrintable(backend); + quWarning() << qPrintable(tr("New storage backend does not support migration: %1").arg(backend)); } // so we were unable to merge, but let's create a user \o/ - _storage = storage; + _storage = std::move(storage); createUser(); return true; } +// TODO: I am not sure if this function is implemented correctly. +// There is currently no concept of migraiton between auth backends. +bool Core::selectAuthenticator(const QString &backend) +{ + // Register all authentication backends. + registerAuthenticators(); + auto auther = authenticator(backend); + if (!auther) { + QStringList authenticators; + std::transform(_registeredAuthenticators.begin(), _registeredAuthenticators.end(), + std::back_inserter(authenticators), [](const DeferredSharedPtr& authenticator) { + return authenticator->displayName(); + }); + quWarning() << qPrintable(tr("Unsupported authenticator: %1").arg(backend)); + quWarning() << qPrintable(tr("Supported authenticators are:")) << qPrintable(authenticators.join(", ")); + return false; + } + + QVariantMap settings = promptForSettings(auther.get()); + + Authenticator::State state = auther->init(settings); + switch (state) { + case Authenticator::IsReady: + saveAuthenticatorSettings(backend, settings); + quWarning() << qPrintable(tr("Switched authenticator to: %1").arg(backend)); + return true; + case Authenticator::NotAvailable: + qCritical() << qPrintable(tr("Authenticator is not available: %1").arg(backend)); + return false; + case Authenticator::NeedsSetup: + if (!auther->setup(settings)) { + quWarning() << qPrintable(tr("Unable to setup authenticator: %1").arg(backend)); + return false; + } + + if (auther->init(settings) != Authenticator::IsReady) { + quWarning() << qPrintable(tr("Unable to initialize authenticator: %1").arg(backend)); + return false; + } + + saveAuthenticatorSettings(backend, settings); + quWarning() << qPrintable(tr("Switched authenticator to: %1").arg(backend)); + } + + _authenticator = std::move(auther); + return true; +} + -void Core::createUser() +bool Core::createUser() { QTextStream out(stdout); QTextStream in(stdin); @@ -918,31 +1005,38 @@ void Core::createUser() enableStdInEcho(); if (password != password2) { - qWarning() << "Passwords don't match!"; - return; + quWarning() << "Passwords don't match!"; + return false; } if (password.isEmpty()) { - qWarning() << "Password is empty!"; - return; + quWarning() << "Password is empty!"; + return false; } if (_configured && _storage->addUser(username, password).isValid()) { out << "Added user " << username << " successfully!" << endl; + return true; } else { - qWarning() << "Unable to add user:" << qPrintable(username); + quWarning() << "Unable to add user:" << qPrintable(username); + return false; } } -void Core::changeUserPass(const QString &username) +bool Core::changeUserPass(const QString &username) { QTextStream out(stdout); QTextStream in(stdin); UserId userId = _storage->getUserId(username); if (!userId.isValid()) { out << "User " << username << " does not exist." << endl; - return; + return false; + } + + if (!canChangeUserPassword(userId)) { + out << "User " << username << " is configured through an auth provider that has forbidden manual password changing." << endl; + return false; } out << "Change password for user: " << username << endl; @@ -959,114 +1053,150 @@ void Core::changeUserPass(const QString &username) enableStdInEcho(); if (password != password2) { - qWarning() << "Passwords don't match!"; - return; + quWarning() << "Passwords don't match!"; + return false; } if (password.isEmpty()) { - qWarning() << "Password is empty!"; - return; + quWarning() << "Password is empty!"; + return false; } if (_configured && _storage->updateUser(userId, password)) { out << "Password changed successfully!" << endl; + return true; } else { - qWarning() << "Failed to change password!"; + quWarning() << "Failed to change password!"; + return false; + } +} + + +bool Core::changeUserPassword(UserId userId, const QString &password) +{ + if (!isConfigured() || !userId.isValid()) + return false; + + if (!canChangeUserPassword(userId)) + return false; + + return instance()->_storage->updateUser(userId, password); +} + +// TODO: this code isn't currently 100% optimal because the core +// doesn't know it can have multiple auth providers configured (there aren't +// multiple auth providers at the moment anyway) and we have hardcoded the +// Database provider to be always allowed. +bool Core::canChangeUserPassword(UserId userId) +{ + QString authProvider = instance()->_storage->getUserAuthenticator(userId); + if (authProvider != "Database") { + if (authProvider != instance()->_authenticator->backendId()) { + return false; + } + else if (instance()->_authenticator->canChangePassword()) { + return false; + } } + return true; } -AbstractSqlMigrationReader *Core::getMigrationReader(Storage *storage) +std::unique_ptr Core::getMigrationReader(Storage *storage) { if (!storage) - return 0; + return nullptr; AbstractSqlStorage *sqlStorage = qobject_cast(storage); if (!sqlStorage) { qDebug() << "Core::migrateDb(): only SQL based backends can be migrated!"; - return 0; + return nullptr; } return sqlStorage->createMigrationReader(); } -AbstractSqlMigrationWriter *Core::getMigrationWriter(Storage *storage) +std::unique_ptr Core::getMigrationWriter(Storage *storage) { if (!storage) - return 0; + return nullptr; AbstractSqlStorage *sqlStorage = qobject_cast(storage); if (!sqlStorage) { qDebug() << "Core::migrateDb(): only SQL based backends can be migrated!"; - return 0; + return nullptr; } return sqlStorage->createMigrationWriter(); } -void Core::saveBackendSettings(const QString &backend, const QVariantMap &settings) +bool Core::saveBackendSettings(const QString &backend, const QVariantMap &settings) { QVariantMap dbsettings; dbsettings["Backend"] = backend; dbsettings["ConnectionProperties"] = settings; - CoreSettings().setStorageSettings(dbsettings); + CoreSettings s = CoreSettings(); + s.setStorageSettings(dbsettings); + return s.sync(); } -QVariantMap Core::promptForSettings(const Storage *storage) +void Core::saveAuthenticatorSettings(const QString &backend, const QVariantMap &settings) +{ + QVariantMap dbsettings; + dbsettings["Authenticator"] = backend; + dbsettings["AuthProperties"] = settings; + CoreSettings().setAuthSettings(dbsettings); +} + +// Generic version of promptForSettings that doesn't care what *type* of +// backend it runs over. +template +QVariantMap Core::promptForSettings(const Backend *backend) { QVariantMap settings; + const QVariantList& setupData = backend->setupData(); - QStringList keys = storage->setupKeys(); - if (keys.isEmpty()) + if (setupData.isEmpty()) return settings; QTextStream out(stdout); QTextStream in(stdin); out << "Default values are in brackets" << endl; - QVariantMap defaults = storage->setupDefaults(); - QString value; - foreach(QString key, keys) { - QVariant val; - if (defaults.contains(key)) { - val = defaults[key]; - } - out << key; - if (!val.toString().isEmpty()) { - out << " (" << val.toString() << ")"; - } - out << ": "; - out.flush(); + for (int i = 0; i + 2 < setupData.size(); i += 3) { + QString key = setupData[i].toString(); + out << setupData[i+1].toString() << " [" << setupData[i+2].toString() << "]: " << flush; - bool noEcho = QString("password").toLower().startsWith(key.toLower()); + bool noEcho = key.toLower().contains("password"); if (noEcho) { disableStdInEcho(); } - value = in.readLine().trimmed(); + QString input = in.readLine().trimmed(); if (noEcho) { out << endl; enableStdInEcho(); } - if (!value.isEmpty()) { - switch (defaults[key].type()) { + QVariant value{setupData[i+2]}; + if (!input.isEmpty()) { + switch (value.type()) { case QVariant::Int: - val = QVariant(value.toInt()); + value = input.toInt(); break; default: - val = QVariant(value); + value = input; } } - settings[key] = val; + settings[key] = value; } return settings; } -#ifdef Q_OS_WIN32 +#ifdef Q_OS_WIN void Core::stdInEcho(bool on) { HANDLE hStdin = GetStdHandle(STD_INPUT_HANDLE); @@ -1079,7 +1209,6 @@ void Core::stdInEcho(bool on) SetConsoleMode(hStdin, mode); } - #else void Core::stdInEcho(bool on) { @@ -1092,5 +1221,4 @@ void Core::stdInEcho(bool on) tcsetattr(STDIN_FILENO, TCSANOW, &t); } - -#endif /* Q_OS_WIN32 */ +#endif /* Q_OS_WIN */