cliParser->addOption("select-authenticator", 0, "Select authentication backend", "authidentifier");
cliParser->addSwitch("add-user", 0, "Starts an interactive session to add a new core user");
cliParser->addOption("change-userpass", 0, "Starts an interactive session to change the password of the user identified by <username>", "username");
- cliParser->addSwitch("oidentd", 0, "Enable oidentd integration");
+ cliParser->addSwitch("oidentd", 0, "Enable oidentd integration. In most cases you should also enable --strict-ident");
cliParser->addOption("oidentd-conffile", 0, "Set path to oidentd configuration file", "file");
- cliParser->addSwitch("oidentd-strict", 0, "Use users' quasselcore username as ident reply. Ignores each user's configured ident setting. Only meaningful with --oidentd.");
+ cliParser->addSwitch("strict-ident", 0, "Use users' quasselcore username as ident reply. Ignores each user's configured ident setting.");
#ifdef HAVE_SSL
cliParser->addSwitch("require-ssl", 0, "Require SSL for remote (non-loopback) client connections");
cliParser->addOption("ssl-cert", 0, "Specify the path to the SSL Certificate", "path", "configdir/quasselCert.pem");
connect(&_v6server, SIGNAL(newConnection()), this, SLOT(incomingConnection()));
if (!startListening()) exit(1); // TODO make this less brutal
+ _strictIdentEnabled = Quassel::isOptionSet("strict-ident");
+ if (_strictIdentEnabled) {
+ cacheSysIdent();
+ }
+
if (Quassel::isOptionSet("oidentd")) {
- _oidentdConfigGenerator = new OidentdConfigGenerator(Quassel::isOptionSet("oidentd-strict"), this);
- if (Quassel::isOptionSet("oidentd-strict")) {
- cacheSysIdent();
- }
+ _oidentdConfigGenerator = new OidentdConfigGenerator(this);
}
}
if (_sessions.contains(uid))
return _sessions[uid];
- SessionThread *session = new SessionThread(uid, restore, this);
+ SessionThread *session = new SessionThread(uid, restore, strictIdentEnabled(), this);
_sessions[uid] = session;
session->start();
return session;
static inline QDateTime startTime() { return instance()->_startTime; }
static inline bool isConfigured() { return instance()->_configured; }
+
+ /**
+ * Whether or not strict ident mode is enabled, locking users' idents to Quassel username
+ *
+ * @return True if strict mode enabled, otherwise false
+ */
+ static inline bool strictIdentEnabled() { return instance()->_strictIdentEnabled; }
+
static bool sslSupported();
/**
bool _configured;
+ /// Whether or not strict ident mode is enabled, locking users' idents to Quassel username
+ bool _strictIdentEnabled;
+
static std::unique_ptr<AbstractSqlMigrationReader> getMigrationReader(Storage *storage);
static std::unique_ptr<AbstractSqlMigrationWriter> getMigrationWriter(Storage *storage);
static void stdInEcho(bool on);
nick = identity->nicks()[0];
}
putRawLine(serverEncode(QString("NICK %1").arg(nick)));
- putRawLine(serverEncode(QString("USER %1 8 * :%2").arg(identity->ident(), identity->realName())));
+ // Only allow strict-compliant idents when strict mode is enabled
+ putRawLine(serverEncode(QString("USER %1 8 * :%2").arg(
+ coreSession()->strictCompliantIdent(identity),
+ identity->realName())));
}
};
-CoreSession::CoreSession(UserId uid, bool restoreState, QObject *parent)
+CoreSession::CoreSession(UserId uid, bool restoreState, bool strictIdentEnabled, QObject *parent)
: QObject(parent),
_user(uid),
+ _strictIdentEnabled(strictIdentEnabled),
_signalProxy(new SignalProxy(SignalProxy::Server, this)),
_aliasManager(this),
_bufferSyncer(new CoreBufferSyncer(this)),
createIdentity(coreIdentity);
}
-const QString CoreSession::strictSysident() {
- return Core::instance()->strictSysIdent(_user);
+const QString CoreSession::strictCompliantIdent(const CoreIdentity *identity) {
+ if (_strictIdentEnabled) {
+ // Strict mode enabled: only allow the user's Quassel username as an ident
+ return Core::instance()->strictSysIdent(_user);
+ } else {
+ // Strict mode disabled: allow any identity specified
+ return identity->ident();
+ }
}
void CoreSession::createIdentity(const CoreIdentity &identity)
Q_OBJECT
public:
- CoreSession(UserId, bool restoreState, QObject *parent = 0);
+ CoreSession(UserId, bool restoreState, bool strictIdentEnabled, QObject *parent = 0);
~CoreSession();
QList<BufferInfo> buffers() const;
inline UserId user() const { return _user; }
CoreNetwork *network(NetworkId) const;
CoreIdentity *identity(IdentityId) const;
- const QString strictSysident();
+
+ /**
+ * Returns the optionally strict-compliant ident for the given user identity
+ *
+ * If strict mode is enabled, this will return the user's Quassel username for any identity,
+ * otherwise this will return the given identity's ident, whatever it may be.
+ *
+ * @return The user's ident, compliant with strict mode (when enabled)
+ */
+ const QString strictCompliantIdent(const CoreIdentity *identity);
+
inline CoreNetworkConfig *networkConfig() const { return _networkConfig; }
NetworkConnection *networkConnection(NetworkId) const;
UserId _user;
+ /// Whether or not strict ident mode is enabled, locking users' idents to Quassel username
+ bool _strictIdentEnabled;
+
SignalProxy *_signalProxy;
CoreAliasManager _aliasManager;
// QHash<NetworkId, NetworkConnection *> _connections;
#include "corenetwork.h"
#include "oidentdconfiggenerator.h"
-OidentdConfigGenerator::OidentdConfigGenerator(bool strict, QObject *parent) :
+OidentdConfigGenerator::OidentdConfigGenerator(QObject *parent) :
QObject(parent),
- _initialized(false),
- _strict(strict)
+ _initialized(false)
{
if (!_initialized)
init();
QString OidentdConfigGenerator::sysIdentForIdentity(const CoreIdentity *identity) const {
- if (!_strict) {
- return identity->ident();
- }
+ // Make sure the identity's ident complies with strict mode if enabled
const CoreNetwork *network = qobject_cast<CoreNetwork *>(sender());
- return network->coreSession()->strictSysident();
+ return network->coreSession()->strictCompliantIdent(identity);
}
{
Q_OBJECT
public:
- /**
- * @param strict If false, any identity a user chooses is reported to servers as authoritative.
- * If true, the user's quassel username is always reported.
- */
- explicit OidentdConfigGenerator(bool strict = false, QObject *parent = 0);
+ explicit OidentdConfigGenerator(QObject *parent = 0);
~OidentdConfigGenerator();
public slots:
#include "sessionthread.h"
#include "signalproxy.h"
-SessionThread::SessionThread(UserId uid, bool restoreState, QObject *parent)
+SessionThread::SessionThread(UserId uid, bool restoreState, bool strictIdentEnabled, QObject *parent)
: QThread(parent),
_session(0),
_user(uid),
_sessionInitialized(false),
- _restoreState(restoreState)
+ _restoreState(restoreState),
+ _strictIdentEnabled(strictIdentEnabled)
{
connect(this, SIGNAL(initialized()), this, SLOT(setSessionInitialized()));
}
void SessionThread::run()
{
- _session = new CoreSession(user(), _restoreState);
+ _session = new CoreSession(user(), _restoreState, _strictIdentEnabled);
connect(this, SIGNAL(addRemoteClient(RemotePeer*)), _session, SLOT(addClient(RemotePeer*)));
connect(this, SIGNAL(addInternalClient(InternalPeer*)), _session, SLOT(addClient(InternalPeer*)));
connect(_session, SIGNAL(sessionState(Protocol::SessionState)), Core::instance(), SIGNAL(sessionState(Protocol::SessionState)));
Q_OBJECT
public:
- SessionThread(UserId user, bool restoreState, QObject *parent = 0);
+ SessionThread(UserId user, bool restoreState, bool strictIdentEnabled, QObject *parent = 0);
~SessionThread();
void run();
bool _sessionInitialized;
bool _restoreState;
+ /// Whether or not strict ident mode is enabled, locking users' idents to Quassel username
+ bool _strictIdentEnabled;
+
bool isSessionInitialized();
void addClientToSession(QObject *peer);
void addRemoteClientToSession(RemotePeer *remotePeer);