2006-06-15 21:34:10 +02:00
|
|
|
/*
|
2010-12-28 18:42:50 +01:00
|
|
|
Copyright (C) 2007-2011 Inverse inc.
|
2006-06-15 21:34:10 +02:00
|
|
|
Copyright (C) 2004 SKYRIX Software AG
|
|
|
|
|
2010-12-28 18:42:50 +01:00
|
|
|
This file is part of SOGo.
|
2006-06-15 21:34:10 +02:00
|
|
|
|
2010-12-28 18:42:50 +01:00
|
|
|
SOGo is free software; you can redistribute it and/or modify it under
|
2006-06-15 21:34:10 +02:00
|
|
|
the terms of the GNU Lesser General Public License as published by the
|
|
|
|
Free Software Foundation; either version 2, or (at your option) any
|
|
|
|
later version.
|
|
|
|
|
2010-12-28 18:42:50 +01:00
|
|
|
SOGo is distributed in the hope that it will be useful, but WITHOUT ANY
|
2006-06-15 21:34:10 +02:00
|
|
|
WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
|
|
FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
|
|
|
|
License for more details.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU Lesser General Public
|
|
|
|
License along with OGo; see the file COPYING. If not, write to the
|
|
|
|
Free Software Foundation, 59 Temple Place - Suite 330, Boston, MA
|
|
|
|
02111-1307, USA.
|
|
|
|
*/
|
|
|
|
|
2007-06-18 17:37:37 +02:00
|
|
|
#import <Foundation/NSArray.h>
|
|
|
|
#import <Foundation/NSString.h>
|
2011-02-17 21:55:19 +01:00
|
|
|
#import <Foundation/NSURL.h>
|
2007-06-18 17:37:37 +02:00
|
|
|
|
|
|
|
#import <NGObjWeb/WOContext.h>
|
2008-07-29 18:36:16 +02:00
|
|
|
#import <NGObjWeb/WORequest.h>
|
2007-06-18 17:37:37 +02:00
|
|
|
#import <NGObjWeb/WOResponse.h>
|
2008-07-24 20:00:21 +02:00
|
|
|
#import <NGExtensions/NSObject+Logs.h>
|
2006-07-07 18:04:46 +02:00
|
|
|
|
2010-06-10 23:59:14 +02:00
|
|
|
#import "SOGoCASSession.h"
|
2010-03-08 16:18:05 +01:00
|
|
|
#import "SOGoConstants.h"
|
2007-06-18 17:37:37 +02:00
|
|
|
#import "SOGoPermissions.h"
|
2010-06-10 23:59:14 +02:00
|
|
|
#import "SOGoSystemDefaults.h"
|
2007-06-18 17:37:37 +02:00
|
|
|
#import "SOGoUser.h"
|
2010-06-10 23:59:14 +02:00
|
|
|
#import "SOGoUserManager.h"
|
2007-05-09 21:21:01 +02:00
|
|
|
|
2007-09-04 17:40:26 +02:00
|
|
|
#import "SOGoDAVAuthenticator.h"
|
2006-06-15 21:34:10 +02:00
|
|
|
|
2007-09-04 17:40:26 +02:00
|
|
|
@implementation SOGoDAVAuthenticator
|
2006-06-15 21:34:10 +02:00
|
|
|
|
2007-09-04 17:40:26 +02:00
|
|
|
+ (id) sharedSOGoDAVAuthenticator
|
2006-07-07 18:04:46 +02:00
|
|
|
{
|
2007-09-04 17:40:26 +02:00
|
|
|
static SOGoDAVAuthenticator *auth = nil;
|
2007-06-14 23:23:14 +02:00
|
|
|
|
|
|
|
if (!auth)
|
|
|
|
auth = [self new];
|
2007-07-04 22:13:08 +02:00
|
|
|
|
2006-06-15 21:34:10 +02:00
|
|
|
return auth;
|
|
|
|
}
|
|
|
|
|
2006-07-07 18:04:46 +02:00
|
|
|
- (BOOL) checkLogin: (NSString *) _login
|
|
|
|
password: (NSString *) _pwd
|
|
|
|
{
|
2011-07-16 00:22:11 +02:00
|
|
|
NSString *domain;
|
2010-06-10 23:59:14 +02:00
|
|
|
SOGoSystemDefaults *sd;
|
|
|
|
SOGoCASSession *session;
|
2010-03-08 16:18:05 +01:00
|
|
|
SOGoPasswordPolicyError perr;
|
|
|
|
int expire, grace;
|
2010-06-10 23:59:14 +02:00
|
|
|
BOOL rc;
|
2010-03-08 16:18:05 +01:00
|
|
|
|
2011-07-16 00:22:11 +02:00
|
|
|
domain = nil;
|
2010-06-15 16:39:11 +02:00
|
|
|
perr = PolicyNoError;
|
2010-08-20 16:07:32 +02:00
|
|
|
rc = ([[SOGoUserManager sharedUserManager]
|
|
|
|
checkLogin: [_login stringByReplacingString: @"%40"
|
|
|
|
withString: @"@"]
|
|
|
|
password: _pwd
|
2011-07-16 00:22:11 +02:00
|
|
|
domain: &domain
|
2010-08-20 16:07:32 +02:00
|
|
|
perr: &perr
|
|
|
|
expire: &expire
|
|
|
|
grace: &grace]
|
2010-06-15 16:39:11 +02:00
|
|
|
&& perr == PolicyNoError);
|
|
|
|
if (!rc)
|
2010-06-10 23:59:14 +02:00
|
|
|
{
|
2010-06-15 16:39:11 +02:00
|
|
|
sd = [SOGoSystemDefaults sharedSystemDefaults];
|
|
|
|
if ([[sd davAuthenticationType] isEqualToString: @"cas"])
|
|
|
|
{
|
|
|
|
/* CAS authentication for DAV requires using a proxy */
|
2010-06-18 15:30:05 +02:00
|
|
|
session = [SOGoCASSession CASSessionWithTicket: _pwd
|
|
|
|
fromProxy: YES];
|
2010-06-22 17:22:12 +02:00
|
|
|
rc = [[session login] isEqualToString: _login];
|
|
|
|
if (rc)
|
|
|
|
[session updateCache];
|
2010-06-15 16:39:11 +02:00
|
|
|
}
|
2010-06-10 23:59:14 +02:00
|
|
|
}
|
2010-03-08 16:18:05 +01:00
|
|
|
|
2010-06-10 23:59:14 +02:00
|
|
|
return rc;
|
2006-06-15 21:34:10 +02:00
|
|
|
}
|
|
|
|
|
2007-07-10 16:16:52 +02:00
|
|
|
- (NSString *) passwordInContext: (WOContext *) context
|
2007-06-18 17:37:37 +02:00
|
|
|
{
|
2010-06-10 23:59:14 +02:00
|
|
|
NSString *auth, *password;
|
|
|
|
NSArray *creds;
|
2007-06-18 17:37:37 +02:00
|
|
|
|
|
|
|
password = nil;
|
2007-06-22 21:54:05 +02:00
|
|
|
auth = [[context request] headerForKey: @"authorization"];
|
2007-06-18 17:37:37 +02:00
|
|
|
if (auth)
|
|
|
|
{
|
|
|
|
creds = [self parseCredentials: auth];
|
|
|
|
if ([creds count] > 1)
|
|
|
|
password = [creds objectAtIndex: 1];
|
|
|
|
}
|
2007-07-10 16:16:52 +02:00
|
|
|
|
2007-06-18 17:37:37 +02:00
|
|
|
return password;
|
|
|
|
}
|
|
|
|
|
2010-01-28 22:42:03 +01:00
|
|
|
- (NSString *) imapPasswordInContext: (WOContext *) context
|
2011-02-17 21:55:19 +01:00
|
|
|
forURL: (NSURL *) server
|
2010-01-28 22:42:03 +01:00
|
|
|
forceRenew: (BOOL) renew
|
|
|
|
{
|
2011-02-17 21:55:19 +01:00
|
|
|
NSString *password, *service, *scheme;
|
2010-06-10 23:59:14 +02:00
|
|
|
SOGoCASSession *session;
|
2011-02-17 21:55:19 +01:00
|
|
|
SOGoSystemDefaults *sd;
|
|
|
|
|
2010-06-10 23:59:14 +02:00
|
|
|
password = [self passwordInContext: context];
|
|
|
|
if ([password length])
|
|
|
|
{
|
|
|
|
sd = [SOGoSystemDefaults sharedSystemDefaults];
|
|
|
|
if ([[sd davAuthenticationType] isEqualToString: @"cas"])
|
|
|
|
{
|
2010-06-18 15:30:05 +02:00
|
|
|
session = [SOGoCASSession CASSessionWithTicket: password
|
|
|
|
fromProxy: YES];
|
2011-02-17 21:55:19 +01:00
|
|
|
|
|
|
|
// We must NOT assume the scheme exists
|
|
|
|
scheme = [server scheme];
|
|
|
|
|
|
|
|
if (!scheme)
|
|
|
|
scheme = @"imap";
|
|
|
|
|
|
|
|
service = [NSString stringWithFormat: @"%@://%@", scheme, [server host]];
|
|
|
|
|
2010-06-10 23:59:14 +02:00
|
|
|
if (renew)
|
|
|
|
[session invalidateTicketForService: service];
|
|
|
|
password = [session ticketForService: service];
|
|
|
|
if ([password length] || renew)
|
|
|
|
[session updateCache];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return password;
|
2010-01-28 22:42:03 +01:00
|
|
|
}
|
|
|
|
|
2006-06-15 21:34:10 +02:00
|
|
|
/* create SOGoUser */
|
|
|
|
|
2007-03-07 23:31:02 +01:00
|
|
|
- (SOGoUser *) userInContext: (WOContext *)_ctx
|
2006-07-07 18:04:46 +02:00
|
|
|
{
|
2007-06-26 23:48:52 +02:00
|
|
|
static SOGoUser *anonymous = nil;
|
2007-03-18 16:22:05 +01:00
|
|
|
SOGoUser *user;
|
2007-01-26 23:25:23 +01:00
|
|
|
NSString *login;
|
|
|
|
|
|
|
|
login = [self checkCredentialsInContext:_ctx];
|
2010-06-10 20:45:35 +02:00
|
|
|
if ([login isEqualToString: @"anonymous"])
|
|
|
|
{
|
|
|
|
if (!anonymous)
|
|
|
|
anonymous
|
|
|
|
= [[SOGoUser alloc]
|
|
|
|
initWithLogin: @"anonymous"
|
|
|
|
roles: [NSArray arrayWithObject: SoRole_Anonymous]];
|
|
|
|
user = anonymous;
|
|
|
|
}
|
|
|
|
else if ([login length])
|
2007-01-26 23:25:23 +01:00
|
|
|
{
|
2010-06-10 20:45:35 +02:00
|
|
|
user = [SOGoUser userWithLogin: login
|
|
|
|
roles: [self rolesForLogin: login]];
|
|
|
|
[user setCurrentPassword: [self passwordInContext: _ctx]];
|
2007-01-26 23:25:23 +01:00
|
|
|
}
|
|
|
|
else
|
|
|
|
user = nil;
|
2006-07-07 18:04:46 +02:00
|
|
|
|
2007-01-26 23:25:23 +01:00
|
|
|
return user;
|
2006-06-15 21:34:10 +02:00
|
|
|
}
|
|
|
|
|
2007-09-04 17:40:26 +02:00
|
|
|
@end /* SOGoDAVAuthenticator */
|