X-Git-Url: https://git.quassel-irc.org/?p=quassel.git;a=blobdiff_plain;f=src%2Fcore%2Fldapauthenticator.cpp;h=227df19dd3dc2837b83c44bb9bce45653d2a603e;hp=378fc4bba1751d5d92236fabde8124dafdec74c7;hb=423e088804d243368074ab218b2bda2fff3303c9;hpb=d6f3eedebc7f9619b04dffc5f48faa792950fdcd

diff --git a/src/core/ldapauthenticator.cpp b/src/core/ldapauthenticator.cpp
index 378fc4bb..227df19d 100644
--- a/src/core/ldapauthenticator.cpp
+++ b/src/core/ldapauthenticator.cpp
@@ -1,5 +1,5 @@
 /***************************************************************************
- *   Copyright (C) 2005-2015 by the Quassel Project                        *
+ *   Copyright (C) 2005-2016 by the Quassel Project                        *
  *   devel@quassel-irc.org                                                 *
  *                                                                         *
  *   This program is free software; you can redistribute it and/or modify  *
@@ -32,8 +32,14 @@
 #include "network.h"
 #include "quassel.h"
 
-// Link against LDAP.
+/* We should use openldap on windows if at all possible, rather than trying to
+ * write some kind of compatiblity routine.
+#ifdef Q_CC_MSVC
+#include <windows.h>
+#include <winldap.h>
+#else*/
 #include <ldap.h>
+//#endif
 
 LdapAuthenticator::LdapAuthenticator(QObject *parent)
     : Authenticator(parent),
@@ -44,8 +50,7 @@ LdapAuthenticator::LdapAuthenticator(QObject *parent)
 
 LdapAuthenticator::~LdapAuthenticator()
 {
-    if (_connection != 0)
-    {
+    if (_connection != 0) {
         ldap_unbind_ext(_connection, 0, 0);
     }
 }
@@ -53,18 +58,26 @@ LdapAuthenticator::~LdapAuthenticator()
 
 bool LdapAuthenticator::isAvailable() const
 {
-    // XXX: probably this should test if we can speak to the LDAP server.
+    // FIXME: probably this should test if we can speak to the LDAP server.
     return true;
 }
 
-QString LdapAuthenticator::displayName() const
+
+QString LdapAuthenticator::backendId() const
 {
-    // We identify the backend to use for the monolithic core by its displayname.
+    // We identify the backend to use for the monolithic core by this identifier.
     // so only change this string if you _really_ have to and make sure the core
     // setup for the mono client still works ;)
     return QString("LDAP");
 }
 
+
+QString LdapAuthenticator::displayName() const
+{
+    return tr("LDAP");
+}
+
+
 QString LdapAuthenticator::description() const
 {
     return tr("Authenticate users using an LDAP server.");
@@ -84,6 +97,7 @@ QStringList LdapAuthenticator::setupKeys() const
     return keys;
 }
 
+
 QVariantMap LdapAuthenticator::setupDefaults() const
 {
     QVariantMap map;
@@ -93,7 +107,8 @@ QVariantMap LdapAuthenticator::setupDefaults() const
     return map;
 }
 
-void LdapAuthenticator::setConnectionProperties(const QVariantMap &properties)
+
+void LdapAuthenticator::setAuthProperties(const QVariantMap &properties)
 {
     _hostName = properties["Hostname"].toString();
     _port = properties["Port"].toInt();
@@ -104,48 +119,52 @@ void LdapAuthenticator::setConnectionProperties(const QVariantMap &properties)
     _uidAttribute = properties["UID Attribute"].toString();
 }
 
-// XXX: this code is sufficiently general that in the future, perhaps an abstract
+// TODO: this code is sufficiently general that in the future, perhaps an abstract
 // class should be created implementing it.
 // i.e. a provider that does its own thing and then pokes at the current storage
 // through the default core method.
 UserId LdapAuthenticator::validateUser(const QString &username, const QString &password)
 {
     bool result = ldapAuth(username, password);
-    if (!result)
-    {
+    if (!result) {
         return UserId();
     }
 
     // If auth succeeds, but the user has not logged into quassel previously, make
     // a new user for them and return that ID.
-    // Users created via LDAP have empty usernames.
-    UserId quasselID = Core::validateUser(username, QString());
-    if (!quasselID.isValid())
-    {
-        return Core::addUser(username, QString());
+    // Users created via LDAP have empty passwords, but authenticator column = LDAP.
+    // On the other hand, if auth succeeds and the user already exists, do a final
+    // cross-check to confirm we're using the right auth provider.
+    UserId quasselId = Core::validateUser(username, QString());
+    if (!quasselId.isValid()) {
+        return Core::addUser(username, QString(), backendId());
+    }
+    else if (!(Core::checkAuthProvider(quasselId, backendId()))) {
+        return 0;
     }
-    return quasselID;
+    return quasselId;
 }
 
+
 bool LdapAuthenticator::setup(const QVariantMap &settings)
 {
-    setConnectionProperties(settings);
+    setAuthProperties(settings);
     bool status = ldapConnect();
     return status;
 }
 
+
 Authenticator::State LdapAuthenticator::init(const QVariantMap &settings)
 {
-    setConnectionProperties(settings);
+    setAuthProperties(settings);
 
     bool status = ldapConnect();
-    if (!status)
-    {
-        quInfo() << qPrintable(displayName()) << "Authenticator cannot connect.";
+    if (!status) {
+        quInfo() << qPrintable(backendId()) << "Authenticator cannot connect.";
         return NotAvailable;
     }
 
-    quInfo() << qPrintable(displayName()) << "Authenticator is ready.";
+    quInfo() << qPrintable(backendId()) << "Authenticator is ready.";
     return IsReady;
 }
 
@@ -183,6 +202,7 @@ bool LdapAuthenticator::ldapConnect()
     return true;
 }
 
+
 void LdapAuthenticator::ldapDisconnect()
 {
     if (_connection == 0) {
@@ -193,6 +213,7 @@ void LdapAuthenticator::ldapDisconnect()
     _connection = 0;
 }
 
+
 bool LdapAuthenticator::ldapAuth(const QString &username, const QString &password)
 {
     if (password.isEmpty()) {
@@ -203,7 +224,7 @@ bool LdapAuthenticator::ldapAuth(const QString &username, const QString &passwor
 
     // Attempt to establish a connection.
     if (_connection == 0) {
-        if (not ldapConnect()) {
+        if (!ldapConnect()) {
             return false;
         }
     }
@@ -216,7 +237,7 @@ bool LdapAuthenticator::ldapAuth(const QString &username, const QString &passwor
     QByteArray baseDN = _baseDN.toLocal8Bit();
     QByteArray uidAttribute = _uidAttribute.toLocal8Bit();
 
-    cred.bv_val = const_cast<char*>(bindPassword.size() > 0 ? bindPassword.constData() : NULL);
+    cred.bv_val = (bindPassword.size() > 0 ? bindPassword.data() : NULL);
     cred.bv_len = bindPassword.size();
 
     res = ldap_sasl_bind_s(_connection, bindDN.size() > 0 ? bindDN.constData() : 0, LDAP_SASL_SIMPLE, &cred, 0, 0, 0);
@@ -252,8 +273,8 @@ bool LdapAuthenticator::ldapAuth(const QString &username, const QString &passwor
         return false;
     }
 
-    const QByteArray passwordArray = password.toLocal8Bit();
-    cred.bv_val = const_cast<char*>(passwordArray.constData());
+    QByteArray passwordArray = password.toLocal8Bit();
+    cred.bv_val = passwordArray.data();
     cred.bv_len = password.size();
 
     char *userDN = ldap_get_dn(_connection, entry);