From: Manuel Nickschas Date: Wed, 19 Oct 2016 21:17:47 +0000 (+0200) Subject: ldap: Some cleanups for GH-170 X-Git-Tag: travis-deploy-test~274 X-Git-Url: https://git.quassel-irc.org/?p=quassel.git;a=commitdiff_plain;h=f77a0b720ed58a2b68876b9320742b81b6df871f ldap: Some cleanups for GH-170 Mostly formatting and a few other bits. --- diff --git a/CMakeLists.txt b/CMakeLists.txt index d527ee6b..2e743749 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -136,7 +136,7 @@ endif() # List of authenticators and the cmake flags to build them # (currently that's just LDAP, but more can be added here). #################################################################### -option(WITH_LDAP "Enable LDAP authentication support if present on system" ON) +option(WITH_LDAP "Enable LDAP authentication support if present on system" ON) # Setup CMake ##################################################################### @@ -521,20 +521,18 @@ endif() # Setup LDAP Authentication support. ##################################################################### -if(WITH_LDAP) +if (WITH_LDAP) find_package(Ldap) - if(LDAP_FOUND) + if (LDAP_FOUND) message(STATUS "Enabling LDAP authentication support") set(HAVE_LDAP true) - if(HAVE_LDAP) - add_definitions(-DHAVE_LDAP) - endif(HAVE_LDAP) - else(LDAP_FOUND) + add_definitions(-DHAVE_LDAP) + else() message(STATUS "Disabling LDAP authentication support") - endif(LDAP_FOUND) -else(WITH_LDAP) + endif() +else() message(STATUS "Not enabling LDAP authentication support") -endif(WITH_LDAP) +endif() # Setup KDE / KDE Frameworks ##################################################################### diff --git a/src/core/authenticator.cpp b/src/core/authenticator.cpp index fa52b62b..21b6e488 100644 --- a/src/core/authenticator.cpp +++ b/src/core/authenticator.cpp @@ -1,5 +1,5 @@ /*************************************************************************** - * Copyright (C) 2005-2015 by the Quassel Project * + * Copyright (C) 2005-2016 by the Quassel Project * * devel@quassel-irc.org * * * * This program is free software; you can redistribute it and/or modify * diff --git a/src/core/authenticator.h b/src/core/authenticator.h index ce8a42af..97091efa 100644 --- a/src/core/authenticator.h +++ b/src/core/authenticator.h @@ -1,5 +1,5 @@ /*************************************************************************** - * Copyright (C) 2005-2015 by the Quassel Project * + * Copyright (C) 2005-2016 by the Quassel Project * * devel@quassel-irc.org * * * * This program is free software; you can redistribute it and/or modify * @@ -18,10 +18,12 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * ***************************************************************************/ -#ifndef AUTHENTICATOR_H -#define AUTHENTICATOR_H +#pragma once -#include +#include +#include +#include +#include #include "types.h" @@ -34,9 +36,9 @@ public: virtual ~Authenticator() {}; enum State { - IsReady, // ready to go - NeedsSetup, // need basic setup (ask the user for input) - NotAvailable // remove the authenticator backend from the list of avaliable authenticators. + IsReady, // ready to go + NeedsSetup, // need basic setup (ask the user for input) + NotAvailable // remove the authenticator backend from the list of avaliable authenticators. }; @@ -91,5 +93,3 @@ public slots: private: }; - -#endif diff --git a/src/core/core.cpp b/src/core/core.cpp index 6ad67026..ec19aaa7 100644 --- a/src/core/core.cpp +++ b/src/core/core.cpp @@ -317,7 +317,7 @@ QString Core::setupCore(const QString &adminUser, const QString &adminPassword, return tr("Could not setup storage!"); } - quInfo() << "Selected authenticator: " << authenticator; + quInfo() << "Selected authenticator:" << authenticator; if (!(_configured = initAuthenticator(authenticator, authSetupData, true))) { return tr("Could not setup authenticator!"); @@ -372,6 +372,7 @@ bool Core::registerStorageBackend(Storage *backend) } } + void Core::unregisterStorageBackends() { foreach(Storage *s, _storageBackends.values()) { @@ -397,30 +398,31 @@ void Core::registerAuthenticators() #ifdef HAVE_LDAP registerAuthenticator(new LdapAuthenticator(this)); #endif - } + bool Core::registerAuthenticator(Authenticator *authenticator) { - if (authenticator->isAvailable()) - { + if (authenticator->isAvailable()) { _authenticators[authenticator->backendId()] = authenticator; return true; - } else { + } + else { authenticator->deleteLater(); return false; } } + void Core::unregisterAuthenticators() { - foreach(Authenticator* a, _authenticators.values()) - { + foreach(Authenticator* a, _authenticators.values()) { a->deleteLater(); } _authenticators.clear(); } + void Core::unregisterAuthenticator(Authenticator *backend) { _authenticators.remove(backend->backendId()); @@ -506,6 +508,7 @@ bool Core::initAuthenticator(const QString &backend, const QVariantMap &settings return true; } + void Core::syncStorage() { if (_storage) @@ -790,6 +793,7 @@ QVariantList Core::backendInfo() return backends; } + QVariantList Core::authenticatorInfo() { QVariantList backends; @@ -925,9 +929,9 @@ bool Core::selectAuthenticator(const QString &backend) saveAuthenticatorSettings(backend, settings); qWarning() << "Switched auth backend to:" << qPrintable(backend); } - + _authenticator = authenticator; - return true; + return true; } @@ -981,8 +985,7 @@ bool Core::changeUserPass(const QString &username) return false; } - if (!canChangeUserPassword(userId)) - { + if (!canChangeUserPassword(userId)) { out << "User " << username << " is configured through an auth provider that has forbidden manual password changing." << endl; return false; } @@ -1038,17 +1041,18 @@ bool Core::changeUserPassword(UserId userId, const QString &password) bool Core::canChangeUserPassword(UserId userId) { QString authProvider = instance()->_storage->getUserAuthenticator(userId); - if (authProvider != "Database") - { + if (authProvider != "Database") { if (authProvider != instance()->_authenticator->backendId()) { return false; - } else if (instance()->_authenticator->canChangePassword()) { + } + else if (instance()->_authenticator->canChangePassword()) { return false; } } return true; } + AbstractSqlMigrationReader *Core::getMigrationReader(Storage *storage) { if (!storage) @@ -1089,6 +1093,7 @@ bool Core::saveBackendSettings(const QString &backend, const QVariantMap &settin return s.sync(); } + void Core::saveAuthenticatorSettings(const QString &backend, const QVariantMap &settings) { QVariantMap dbsettings; @@ -1154,9 +1159,9 @@ QVariantMap Core::promptForSettings(const Storage *storage) QStringList keys = storage->setupKeys(); QVariantMap defaults = storage->setupDefaults(); return Core::promptForSettings(keys, defaults); - } + QVariantMap Core::promptForSettings(const Authenticator *authenticator) { QStringList keys = authenticator->setupKeys(); diff --git a/src/core/coreauthhandler.cpp b/src/core/coreauthhandler.cpp index c7251cfd..6f454fa3 100644 --- a/src/core/coreauthhandler.cpp +++ b/src/core/coreauthhandler.cpp @@ -174,8 +174,7 @@ void CoreAuthHandler::handle(const RegisterClient &msg) QVariantList backends; QVariantList authenticators; bool configured = Core::isConfigured(); - if (!configured) - { + if (!configured) { backends = Core::backendInfo(); authenticators = Core::authenticatorInfo(); } @@ -200,8 +199,7 @@ void CoreAuthHandler::handle(const SetupData &msg) // Maybe this should be hardcoded elsewhere, i.e. as a define. QString authenticator = msg.authenticator; quInfo() << "[" << authenticator << "]"; - if (authenticator.trimmed().isEmpty() || authenticator == 0) - { + if (authenticator.trimmed().isEmpty()) { authenticator = QString("Database"); } @@ -221,8 +219,7 @@ void CoreAuthHandler::handle(const Login &msg) // First attempt local auth using the real username and password. // If that fails, move onto the auth provider. UserId uid = Core::validateUser(msg.user, msg.password); - if (uid == 0) - { + if (uid == 0) { uid = Core::authenticateUser(msg.user, msg.password); } diff --git a/src/core/coresettings.cpp b/src/core/coresettings.cpp index 45d9f679..11888ab9 100644 --- a/src/core/coresettings.cpp +++ b/src/core/coresettings.cpp @@ -43,11 +43,13 @@ QVariant CoreSettings::storageSettings(const QVariant &def) return localValue("StorageSettings", def); } + QVariant CoreSettings::authSettings(const QVariant &def) { return localValue("AuthSettings", def); } + void CoreSettings::setAuthSettings(const QVariant &data) { setLocalValue("AuthSettings", data); diff --git a/src/core/ldapauthenticator.cpp b/src/core/ldapauthenticator.cpp index 240e0ea3..d79ebf18 100644 --- a/src/core/ldapauthenticator.cpp +++ b/src/core/ldapauthenticator.cpp @@ -1,5 +1,5 @@ /*************************************************************************** - * Copyright (C) 2005-2015 by the Quassel Project * + * Copyright (C) 2005-2016 by the Quassel Project * * devel@quassel-irc.org * * * * This program is free software; you can redistribute it and/or modify * @@ -50,8 +50,7 @@ LdapAuthenticator::LdapAuthenticator(QObject *parent) LdapAuthenticator::~LdapAuthenticator() { - if (_connection != 0) - { + if (_connection != 0) { ldap_unbind_ext(_connection, 0, 0); } } @@ -63,6 +62,7 @@ bool LdapAuthenticator::isAvailable() const return true; } + QString LdapAuthenticator::backendId() const { // We identify the backend to use for the monolithic core by its displayname. @@ -71,6 +71,7 @@ QString LdapAuthenticator::backendId() const return QString("LDAP"); } + QString LdapAuthenticator::description() const { return tr("Authenticate users using an LDAP server."); @@ -90,6 +91,7 @@ QStringList LdapAuthenticator::setupKeys() const return keys; } + QVariantMap LdapAuthenticator::setupDefaults() const { QVariantMap map; @@ -99,6 +101,7 @@ QVariantMap LdapAuthenticator::setupDefaults() const return map; } + void LdapAuthenticator::setConnectionProperties(const QVariantMap &properties) { _hostName = properties["Hostname"].toString(); @@ -117,8 +120,7 @@ void LdapAuthenticator::setConnectionProperties(const QVariantMap &properties) UserId LdapAuthenticator::validateUser(const QString &username, const QString &password) { bool result = ldapAuth(username, password); - if (!result) - { + if (!result) { return UserId(); } @@ -127,18 +129,17 @@ UserId LdapAuthenticator::validateUser(const QString &username, const QString &p // Users created via LDAP have empty passwords, but authenticator column = LDAP. // On the other hand, if auth succeeds and the user already exists, do a final // cross-check to confirm we're using the right auth provider. - UserId quasselID = Core::validateUser(username, QString()); - if (!quasselID.isValid()) - { + UserId quasselId = Core::validateUser(username, QString()); + if (!quasselId.isValid()) { return Core::addUser(username, QString(), backendId()); } - else if (!(Core::checkAuthProvider(quasselID, backendId()))) - { + else if (!(Core::checkAuthProvider(quasselId, backendId()))) { return 0; } - return quasselID; + return quasselId; } + bool LdapAuthenticator::setup(const QVariantMap &settings) { setConnectionProperties(settings); @@ -146,13 +147,13 @@ bool LdapAuthenticator::setup(const QVariantMap &settings) return status; } + Authenticator::State LdapAuthenticator::init(const QVariantMap &settings) { setConnectionProperties(settings); bool status = ldapConnect(); - if (!status) - { + if (!status) { quInfo() << qPrintable(backendId()) << "Authenticator cannot connect."; return NotAvailable; } @@ -195,6 +196,7 @@ bool LdapAuthenticator::ldapConnect() return true; } + void LdapAuthenticator::ldapDisconnect() { if (_connection == 0) { @@ -205,6 +207,7 @@ void LdapAuthenticator::ldapDisconnect() _connection = 0; } + bool LdapAuthenticator::ldapAuth(const QString &username, const QString &password) { if (password.isEmpty()) { @@ -215,7 +218,7 @@ bool LdapAuthenticator::ldapAuth(const QString &username, const QString &passwor // Attempt to establish a connection. if (_connection == 0) { - if (not ldapConnect()) { + if (!ldapConnect()) { return false; } } @@ -228,7 +231,7 @@ bool LdapAuthenticator::ldapAuth(const QString &username, const QString &passwor QByteArray baseDN = _baseDN.toLocal8Bit(); QByteArray uidAttribute = _uidAttribute.toLocal8Bit(); - cred.bv_val = const_cast(bindPassword.size() > 0 ? bindPassword.constData() : NULL); + cred.bv_val = (bindPassword.size() > 0 ? bindPassword.data() : NULL); cred.bv_len = bindPassword.size(); res = ldap_sasl_bind_s(_connection, bindDN.size() > 0 ? bindDN.constData() : 0, LDAP_SASL_SIMPLE, &cred, 0, 0, 0); @@ -264,8 +267,8 @@ bool LdapAuthenticator::ldapAuth(const QString &username, const QString &passwor return false; } - const QByteArray passwordArray = password.toLocal8Bit(); - cred.bv_val = const_cast(passwordArray.constData()); + QByteArray passwordArray = password.toLocal8Bit(); + cred.bv_val = passwordArray.data(); cred.bv_len = password.size(); char *userDN = ldap_get_dn(_connection, entry); diff --git a/src/core/ldapauthenticator.h b/src/core/ldapauthenticator.h index ff05c4f3..a1498065 100644 --- a/src/core/ldapauthenticator.h +++ b/src/core/ldapauthenticator.h @@ -1,5 +1,5 @@ /*************************************************************************** - * Copyright (C) 2005-2015 by the Quassel Project * + * Copyright (C) 2005-2016 by the Quassel Project * * devel@quassel-irc.org * * * * This program is free software; you can redistribute it and/or modify * @@ -26,8 +26,7 @@ * */ -#ifndef LDAPAUTHENTICATOR_H -#define LDAPAUTHENTICATOR_H +#pragma once #include "authenticator.h" @@ -93,6 +92,3 @@ private: LDAP *_connection; }; - - -#endif diff --git a/src/core/sqlauthenticator.cpp b/src/core/sqlauthenticator.cpp index e7f057b7..4977218e 100644 --- a/src/core/sqlauthenticator.cpp +++ b/src/core/sqlauthenticator.cpp @@ -1,5 +1,5 @@ /*************************************************************************** - * Copyright (C) 2005-2015 by the Quassel Project * + * Copyright (C) 2005-2016 by the Quassel Project * * devel@quassel-irc.org * * * * This program is free software; you can redistribute it and/or modify * @@ -36,12 +36,14 @@ SqlAuthenticator::~SqlAuthenticator() { } + bool SqlAuthenticator::isAvailable() const { // FIXME: probably this should query the current storage (see the ::init routine too). return true; } + QString SqlAuthenticator::backendId() const { // We identify the backend to use for the monolithic core by its displayname. @@ -50,23 +52,27 @@ QString SqlAuthenticator::backendId() const return QString("Database"); } + QString SqlAuthenticator::description() const { return tr("Do not auth against any remote authentication service, but instead save a hashed and salted password " "in the selected database."); } + UserId SqlAuthenticator::validateUser(const QString &user, const QString &password) { return Core::validateUser(user, password); } + bool SqlAuthenticator::setup(const QVariantMap &settings) { Q_UNUSED(settings) return true; } + Authenticator::State SqlAuthenticator::init(const QVariantMap &settings) { Q_UNUSED(settings) diff --git a/src/core/sqlauthenticator.h b/src/core/sqlauthenticator.h index 4f2c71f1..c392045b 100644 --- a/src/core/sqlauthenticator.h +++ b/src/core/sqlauthenticator.h @@ -18,8 +18,7 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * ***************************************************************************/ -#ifndef SQLAUTHENTICATOR_H -#define SQLAUTHENTICATOR_H +#pragma once #include "authenticator.h" @@ -49,6 +48,3 @@ public slots: //virtual UserId getUserId(const QString &username); }; - - -#endif diff --git a/src/qtui/coreconfigwizard.cpp b/src/qtui/coreconfigwizard.cpp index ee9dd0dc..a4cfe166 100644 --- a/src/qtui/coreconfigwizard.cpp +++ b/src/qtui/coreconfigwizard.cpp @@ -37,10 +37,10 @@ CoreConfigWizard::CoreConfigWizard(CoreConnection *connection, const QList CoreConfigWizard::backends() const return _backends; } + QHash CoreConfigWizard::authenticators() const { return _authenticators; } + void CoreConfigWizard::prepareCoreSetup(const QString &backend, const QVariantMap &properties, const QString &authenticator, const QVariantMap &authProperties) { // Prevent the user from changing any settings he already specified... @@ -102,10 +104,10 @@ void CoreConfigWizard::prepareCoreSetup(const QString &backend, const QVariantMa // FIXME? We need to be able to set up older cores that don't have auth backend support. // So if the core doesn't support that feature, don't pass those parameters. - if (!(Client::coreFeatures() & Quassel::Authenticators)) - { + if (!(Client::coreFeatures() & Quassel::Authenticators)) { coreConnection()->setupCore(Protocol::SetupData(field("adminUser.user").toString(), field("adminUser.password").toString(), backend, properties)); - } else { + } + else { coreConnection()->setupCore(Protocol::SetupData(field("adminUser.user").toString(), field("adminUser.password").toString(), backend, properties, authenticator, authProperties)); } } @@ -194,10 +196,10 @@ AdminUserPage::AdminUserPage(QWidget *parent) : QWizardPage(parent) int AdminUserPage::nextId() const { // If the core doesn't support auth backends, skip that page! - if (!(Client::coreFeatures() & Quassel::Authenticators)) - { + if (!(Client::coreFeatures() & Quassel::Authenticators)) { return CoreConfigWizard::StorageSelectionPage; - } else { + } + else { return CoreConfigWizard::AuthenticationSelectionPage; } } @@ -276,31 +278,6 @@ QVariantMap AuthenticationSelectionPage::connectionProperties() const properties[key] = def; } } - qDebug() << properties; - -// QVariantMap properties = _backends[backend].toMap()["ConnectionProperties"].toMap(); -// if(!properties.isEmpty() && _connectionBox) { -// QVariantMap::iterator propertyIter = properties.begin(); -// while(propertyIter != properties.constEnd()) { -// QWidget *widget = _connectionBox->findChild(propertyIter.key()); -// switch(propertyIter.value().type()) { -// case QVariant::Int: -// { -// QSpinBox *spinbox = qobject_cast(widget); -// Q_ASSERT(spinbox); -// propertyIter.value() = QVariant(spinbox->value()); -// } -// break; -// default: -// { -// QLineEdit *lineEdit = qobject_cast(widget); -// Q_ASSERT(lineEdit); -// propertyIter.value() = QVariant(lineEdit->text()); -// } -// } -// propertyIter++; -// } -// } return properties; }