X-Git-Url: https://git.quassel-irc.org/?p=quassel.git;a=blobdiff_plain;f=src%2Fcore%2Fldapauthenticator.cpp;h=227df19dd3dc2837b83c44bb9bce45653d2a603e;hp=9439a6b4a46ea524c61fc28b692e39aa0be06833;hb=423e088804d243368074ab218b2bda2fff3303c9;hpb=931e5280abc6738f94ac052af2a7e31e82487cf1

diff --git a/src/core/ldapauthenticator.cpp b/src/core/ldapauthenticator.cpp
index 9439a6b4..227df19d 100644
--- a/src/core/ldapauthenticator.cpp
+++ b/src/core/ldapauthenticator.cpp
@@ -1,5 +1,5 @@
 /***************************************************************************
- *   Copyright (C) 2005-2015 by the Quassel Project                        *
+ *   Copyright (C) 2005-2016 by the Quassel Project                        *
  *   devel@quassel-irc.org                                                 *
  *                                                                         *
  *   This program is free software; you can redistribute it and/or modify  *
@@ -20,10 +20,10 @@
 
 /* This file contains an implementation of an LDAP Authenticator, as an example
  * of what a custom external auth provider could do.
- * 
+ *
  * It's based off of this pull request for quassel by abustany:
  * https://github.com/quassel/quassel/pull/4/
- * 
+ *
  */
 
 #include "ldapauthenticator.h"
@@ -32,39 +32,52 @@
 #include "network.h"
 #include "quassel.h"
 
-// Link against LDAP.
+/* We should use openldap on windows if at all possible, rather than trying to
+ * write some kind of compatiblity routine.
+#ifdef Q_CC_MSVC
+#include <windows.h>
+#include <winldap.h>
+#else*/
 #include <ldap.h>
+//#endif
 
 LdapAuthenticator::LdapAuthenticator(QObject *parent)
     : Authenticator(parent),
-	_connection(0)
+    _connection(0)
 {
 }
 
 
 LdapAuthenticator::~LdapAuthenticator()
 {
-	if (_connection != 0)
-	{
-		ldap_unbind_ext(_connection, 0, 0);
+    if (_connection != 0) {
+        ldap_unbind_ext(_connection, 0, 0);
     }
 }
 
 
 bool LdapAuthenticator::isAvailable() const
 {
-    // XXX: probably this should test if we can speak to the LDAP server.
+    // FIXME: probably this should test if we can speak to the LDAP server.
     return true;
 }
 
-QString LdapAuthenticator::displayName() const
+
+QString LdapAuthenticator::backendId() const
 {
-    // We identify the backend to use for the monolithic core by its displayname.
+    // We identify the backend to use for the monolithic core by this identifier.
     // so only change this string if you _really_ have to and make sure the core
     // setup for the mono client still works ;)
     return QString("LDAP");
 }
 
+
+QString LdapAuthenticator::displayName() const
+{
+    return tr("LDAP");
+}
+
+
 QString LdapAuthenticator::description() const
 {
     return tr("Authenticate users using an LDAP server.");
@@ -84,6 +97,7 @@ QStringList LdapAuthenticator::setupKeys() const
     return keys;
 }
 
+
 QVariantMap LdapAuthenticator::setupDefaults() const
 {
     QVariantMap map;
@@ -93,60 +107,65 @@ QVariantMap LdapAuthenticator::setupDefaults() const
     return map;
 }
 
-void LdapAuthenticator::setConnectionProperties(const QVariantMap &properties)
+
+void LdapAuthenticator::setAuthProperties(const QVariantMap &properties)
 {
     _hostName = properties["Hostname"].toString();
     _port = properties["Port"].toInt();
     _baseDN = properties["Base DN"].toString();
-	_filter = properties["Filter"].toString();
+    _filter = properties["Filter"].toString();
     _bindDN = properties["Bind DN"].toString();
     _bindPassword = properties["Bind Password"].toString();
     _uidAttribute = properties["UID Attribute"].toString();
 }
 
-// XXX: this code is sufficiently general that in the future, perhaps an abstract
+// TODO: this code is sufficiently general that in the future, perhaps an abstract
 // class should be created implementing it.
 // i.e. a provider that does its own thing and then pokes at the current storage
 // through the default core method.
 UserId LdapAuthenticator::validateUser(const QString &username, const QString &password)
 {
-	bool result = ldapAuth(username, password);
-	if (!result)
-	{
-		return UserId();
-	}
-
-	// If auth succeeds, but the user has not logged into quassel previously, make
-	// a new user for them and return that ID.
-	// Users created via LDAP have empty usernames.
-	UserId quasselID = Core::validateUser(username, QString());
-	if (!quasselID.isValid())
-	{
-		return Core::addUser(username, QString());
-	}
-	return quasselID;
+    bool result = ldapAuth(username, password);
+    if (!result) {
+        return UserId();
+    }
+
+    // If auth succeeds, but the user has not logged into quassel previously, make
+    // a new user for them and return that ID.
+    // Users created via LDAP have empty passwords, but authenticator column = LDAP.
+    // On the other hand, if auth succeeds and the user already exists, do a final
+    // cross-check to confirm we're using the right auth provider.
+    UserId quasselId = Core::validateUser(username, QString());
+    if (!quasselId.isValid()) {
+        return Core::addUser(username, QString(), backendId());
+    }
+    else if (!(Core::checkAuthProvider(quasselId, backendId()))) {
+        return 0;
+    }
+    return quasselId;
 }
 
+
 bool LdapAuthenticator::setup(const QVariantMap &settings)
 {
-	setConnectionProperties(settings);
-	bool status = ldapConnect();
-	return status;
+    setAuthProperties(settings);
+    bool status = ldapConnect();
+    return status;
 }
 
+
 Authenticator::State LdapAuthenticator::init(const QVariantMap &settings)
 {
-	setConnectionProperties(settings);
-	
-	bool status = ldapConnect();
-	if (!status)
-	{
-		quInfo() << qPrintable(displayName()) << "Authenticator cannot connect.";
-		return NotAvailable;
-	}
-	
-	quInfo() << qPrintable(displayName()) << "Authenticator is ready.";
-	return IsReady;
+    setAuthProperties(settings);
+
+    bool status = ldapConnect();
+    if (!status) {
+        quInfo() << qPrintable(backendId()) << "Authenticator cannot connect.";
+        return NotAvailable;
+    }
+
+    quInfo() << qPrintable(backendId()) << "Authenticator is ready.";
+    return IsReady;
 }
 
 // Method based on abustany LDAP quassel patch.
@@ -158,12 +177,12 @@ bool LdapAuthenticator::ldapConnect()
 
     int res, v = LDAP_VERSION3;
 
-	QString serverURI;
-	QByteArray serverURIArray;
-	
-	// Convert info to hostname:port.
-	serverURI = _hostName + ":" + QString::number(_port);
-	serverURIArray = serverURI.toLocal8Bit();
+    QString serverURI;
+    QByteArray serverURIArray;
+
+    // Convert info to hostname:port.
+    serverURI = _hostName + ":" + QString::number(_port);
+    serverURIArray = serverURI.toLocal8Bit();
     res = ldap_initialize(&_connection, serverURIArray);
 
     if (res != LDAP_SUCCESS) {
@@ -183,6 +202,7 @@ bool LdapAuthenticator::ldapConnect()
     return true;
 }
 
+
 void LdapAuthenticator::ldapDisconnect()
 {
     if (_connection == 0) {
@@ -193,6 +213,7 @@ void LdapAuthenticator::ldapDisconnect()
     _connection = 0;
 }
 
+
 bool LdapAuthenticator::ldapAuth(const QString &username, const QString &password)
 {
     if (password.isEmpty()) {
@@ -201,22 +222,22 @@ bool LdapAuthenticator::ldapAuth(const QString &username, const QString &passwor
 
     int res;
 
-	// Attempt to establish a connection.
+    // Attempt to establish a connection.
     if (_connection == 0) {
-        if (not ldapConnect()) {
+        if (!ldapConnect()) {
             return false;
         }
     }
 
     struct berval cred;
-	
-	// Convert some things to byte arrays as needed.
-	QByteArray bindPassword = _bindPassword.toLocal8Bit();
-	QByteArray bindDN = _bindDN.toLocal8Bit();
-	QByteArray baseDN = _baseDN.toLocal8Bit();
-	QByteArray uidAttribute = _uidAttribute.toLocal8Bit();
-
-    cred.bv_val = const_cast<char*>(bindPassword.size() > 0 ? bindPassword.constData() : NULL);
+
+    // Convert some things to byte arrays as needed.
+    QByteArray bindPassword = _bindPassword.toLocal8Bit();
+    QByteArray bindDN = _bindDN.toLocal8Bit();
+    QByteArray baseDN = _baseDN.toLocal8Bit();
+    QByteArray uidAttribute = _uidAttribute.toLocal8Bit();
+
+    cred.bv_val = (bindPassword.size() > 0 ? bindPassword.data() : NULL);
     cred.bv_len = bindPassword.size();
 
     res = ldap_sasl_bind_s(_connection, bindDN.size() > 0 ? bindDN.constData() : 0, LDAP_SASL_SIMPLE, &cred, 0, 0, 0);
@@ -252,8 +273,8 @@ bool LdapAuthenticator::ldapAuth(const QString &username, const QString &passwor
         return false;
     }
 
-    const QByteArray passwordArray = password.toLocal8Bit();
-    cred.bv_val = const_cast<char*>(passwordArray.constData());
+    QByteArray passwordArray = password.toLocal8Bit();
+    cred.bv_val = passwordArray.data();
     cred.bv_len = password.size();
 
     char *userDN = ldap_get_dn(_connection, entry);
@@ -268,10 +289,10 @@ bool LdapAuthenticator::ldapAuth(const QString &username, const QString &passwor
     }
 
     // The original implementation had requiredAttributes. I have not included this code
-    // but it would be easy to re-add if someone wants this feature. 
+    // but it would be easy to re-add if someone wants this feature.
     // Ben Rosser <bjr@acm.jhu.edu> (12/23/15).
-    
+
     ldap_memfree(userDN);
     ldap_msgfree(msg);
-    return true; 	
-}
\ No newline at end of file
+    return true;
+}