LupusNobilis
/
sogo
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

See ChangeLog 

Monotone-Parent: 535292a4d5c9f53624dcaabc419821b5755e9ccc
Monotone-Revision: c35e5e0bbfa47c91a6b8c9b68bf31ca78ee421fc

Monotone-Author: ludovic@Sophos.ca
Monotone-Date: 2010-12-14T18:08:36
Monotone-Branch: ca.inverse.sogo
maint-2.0.2
Ludovic Marcotte 2010-12-14 18:08:36 +00:00
parent ba45f18cfe
commit 2c246f3e7a
9 changed files with 103 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ChangeLog
View File

@ -1,3 +1,10 @@
2010-12-14 Ludovic Marcotte <lmarcotte@inverse.ca>
* Implemented the "bindAsCurrentUser" feature (when
set to the LDAP SOGoUserSources, to YES) which forces
SOGo to use the DN of the currently "requesting" user
to perform all LDAP-related operations
2010-12-13 Wolfgang Sourdeau <wsourdeau@inverse.ca>
* OpenChange/EOQualifier+MAPIFS.[hm]: new category module for

BIN
Documentation/SOGo Installation Guide.odt
View File

Binary file not shown.

8
Main/SOGo.h
View File

@ -1,14 +1,15 @@
/*
Copyright (C) 2005-2010 Inverse inc.
Copyright (C) 2004-2005 SKYRIX Software AG
This file is part of OpenGroupware.org.
This file is part of SOGo.
OGo is free software; you can redistribute it and/or modify it under
SOGo is free software; you can redistribute it and/or modify it under
the terms of the GNU Lesser General Public License as published by the
Free Software Foundation; either version 2, or (at your option) any
later version.
OGo is distributed in the hope that it will be useful, but WITHOUT ANY
SOGo is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
License for more details.
@ -38,7 +39,6 @@
- (NSDictionary *) currentLocaleConsideringLanguages:(NSArray *)_langs;
- (NSDictionary *) localeForLanguageNamed:(NSString *)_name;
- (NSString *) davURLAsString;
@end

9
SoObjects/SOGo/LDAPSource.h
View File

@ -3,6 +3,7 @@
* Copyright (C) 2007-2010 Inverse inc.
*
* Author: Wolfgang Sourdeau <wsourdeau@inverse.ca>
* Ludovic Marcotte <lmarcotte@inverse.ca>
*
* This file is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -54,6 +55,7 @@
NSArray *mailFields;
NSString *IMAPHostField;
NSArray *bindFields;
BOOL _bindAsCurrentUser;
NSString *domain;
NSString *contactInfoAttribute;
@ -61,15 +63,18 @@
NSDictionary *modulesConstraints;
NSMutableArray *searchAttributes;
BOOL passwordPolicy;
NSMutableDictionary *_dnCache;
}
- (void) setBindDN: (NSString *) newBindDN
password: (NSString *) newBindPassword
hostname: (NSString *) newBindHostname
port: (NSString *) newBindPort
encryption: (NSString *) newEncryption;
encryption: (NSString *) newEncryption
bindAsCurrentUser: (NSString *) bindAsCurrentUser;
- (void) setBaseDN: (NSString *) newBaseDN
IDField: (NSString *) newIDField

57
SoObjects/SOGo/LDAPSource.m
View File

@ -1,8 +1,9 @@
/* LDAPSource.m - this file is part of SOGo
*
* Copyright (C) 2007-2009 Inverse inc.
* Copyright (C) 2007-2010 Inverse inc.
*
* Author: Wolfgang Sourdeau <wsourdeau@inverse.ca>
* Ludovic Marcotte <lmarcotte@inverse.ca>
*
* This file is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -40,6 +41,8 @@
#import "LDAPSource.h"
#import "../../Main/SOGo.h"
#define SafeLDAPCriteria(x) [[[x stringByReplacingString: @"\\" withString: @"\\\\"] \
stringByReplacingString: @"'" withString: @"\\'"] \
stringByReplacingString: @"%" withString: @"%%"]
@ -162,6 +165,8 @@ static NSArray *commonSearchFields;
searchAttributes = nil;
passwordPolicy = NO;
_dnCache = [[NSMutableDictionary alloc] init];
}
return self;
@ -169,6 +174,7 @@ static NSArray *commonSearchFields;
- (void) dealloc
{
NSLog(@"LDAPSource: -dealloc");
[bindDN release];
[hostname release];
[encryption release];
@ -186,6 +192,7 @@ static NSArray *commonSearchFields;
[_scope release];
[searchAttributes release];
[domain release];
[_dnCache release];
[super dealloc];
}
@ -203,7 +210,9 @@ static NSArray *commonSearchFields;
password: [udSource objectForKey: @"bindPassword"]
hostname: [udSource objectForKey: @"hostname"]
port: [udSource objectForKey: @"port"]
encryption: [udSource objectForKey: @"encryption"]];
encryption: [udSource objectForKey: @"encryption"]
bindAsCurrentUser: [udSource objectForKey: @"bindAsCurrentUser"]];
[self setBaseDN: [udSource objectForKey: @"baseDN"]
IDField: [udSource objectForKey: @"IDFieldName"]
CNField: [udSource objectForKey: @"CNFieldName"]
@ -252,11 +261,27 @@ static NSArray *commonSearchFields;
return self;
}
- (void) setBindDN: (NSString *) theDN
{
ASSIGN(bindDN, theDN);
}
- (void) setBindPassword: (NSString *) thePassword
{
ASSIGN (password, thePassword);
}
- (BOOL) bindAsCurrentUser
{
return _bindAsCurrentUser;
}
- (void) setBindDN: (NSString *) newBindDN
password: (NSString *) newBindPassword
hostname: (NSString *) newBindHostname
port: (NSString *) newBindPort
encryption: (NSString *) newEncryption
bindAsCurrentUser: (NSString *) bindAsCurrentUser
{
ASSIGN (bindDN, newBindDN);
ASSIGN (encryption, [newEncryption uppercaseString]);
@ -266,6 +291,7 @@ static NSArray *commonSearchFields;
if (newBindPort)
port = [newBindPort intValue];
ASSIGN (password, newBindPassword);
_bindAsCurrentUser = [bindAsCurrentUser boolValue];
}
- (void) setBaseDN: (NSString *) newBaseDN
@ -337,6 +363,8 @@ static NSArray *commonSearchFields;
NS_DURING
{
//NSLog(@"Creating NGLdapConnection instance for bindDN '%@'", bindDN);
ldapConnection = [[NGLdapConnection alloc] initWithHostName: hostname
port: port];
[ldapConnection autorelease];
@ -442,11 +470,21 @@ static NSArray *commonSearchFields;
{
if (queryTimeout > 0)
[bindConnection setQueryTimeLimit: queryTimeout];
if (bindFields)
userDN = [self _fetchUserDNForLogin: _login];
else
userDN = [NSString stringWithFormat: @"%@=%@,%@",
IDField, _login, baseDN];
userDN = [_dnCache objectForKey: _login];
if (!userDN)
{
if (bindFields)
userDN = [self _fetchUserDNForLogin: _login];
else
userDN = [NSString stringWithFormat: @"%@=%@,%@",
IDField, _login, baseDN];
}
// We cache the _login <-> userDN entry to speed up things
[_dnCache setObject: userDN forKey: _login];
if (userDN)
{
NS_DURING
@ -975,6 +1013,11 @@ static NSArray *commonSearchFields;
return login;
}
- (NSString *) lookupDNByLogin: (NSString *) theLogin
{
return [_dnCache objectForKey: theLogin];
}
- (NGLdapEntry *) lookupGroupEntryByUID: (NSString *) theUID
{
return [self lookupGroupEntryByAttribute: UIDField

7
SoObjects/SOGo/SOGoSource.h
View File

@ -41,6 +41,7 @@
- (NSString *) domain;
- (BOOL) checkLogin: (NSString *) _login
password: (NSString *) _pwd
perr: (SOGoPasswordPolicyError *) _perr
expire: (int *) _expire
@ -62,7 +63,13 @@
@protocol SOGoDNSource <SOGoSource>
- (void) setBindDN: (NSString *) theDN;
- (void) setBindPassword: (NSString *) thePassword;
- (BOOL) bindAsCurrentUser;
- (NSString *) lookupLoginByDN: (NSString *) theDN;
- (NSString *) lookupDNByLogin: (NSString *) theLogin;
- (NSString *) baseDN;
@end

18
SoObjects/SOGo/SOGoUser.h
View File

@ -1,15 +1,15 @@
/*
Copyright (C) 2006-2009 Inverse inc.
Copyright (C) 2006-2010 Inverse inc.
Copyright (C) 2005 SKYRIX Software AG
This file is part of OpenGroupware.org.
This file is part of SOGo.
OGo is free software; you can redistribute it and/or modify it under
SOGo is free software; you can redistribute it and/or modify it under
the terms of the GNU Lesser General Public License as published by the
Free Software Foundation; either version 2, or (at your option) any
later version.
OGo is distributed in the hope that it will be useful, but WITHOUT ANY
SOGo is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
License for more details.
@ -29,7 +29,7 @@
SOGoUser
This adds some additional SOGo properties to the SoUser object. The
properties are (currently) looked up using the LDAPUserManager.
properties are (currently) looked up using the SOGoUserManager.
You have access to this object from the WOContext:
context.activeUser
@ -52,12 +52,6 @@
@class SOGoUserProfile;
@class SOGoUserSettings;
// @interface SoUser (SOGoExtension)
// - (NSString *) language;
// @end
@interface SOGoUser : SoUser
{
SOGoUserDefaults *_defaults;
@ -72,8 +66,6 @@
NSString *cn;
}
// + (NSString *) language;
+ (SOGoUser *) userWithLogin: (NSString *) newLogin;
+ (SOGoUser *) userWithLogin: (NSString *) login

22
SoObjects/SOGo/SOGoUserManager.m
View File

@ -416,6 +416,9 @@
NSMutableDictionary *currentUser;
BOOL checkOK;
// We check for cached passwords. If the entry is cached, we
// check this immediately. If not, we'll go directly at the
// authentication source and try to validate there, then cache it.
jsonUser = [[SOGoCache sharedCache] userAttributesForLogin: _login];
currentUser = [jsonUser objectFromJSONString];
dictPassword = [currentUser objectForKey: @"password"];
@ -446,6 +449,25 @@
else
checkOK = NO;
// We MUST, for all LDAP sources, update the bindDN and bindPassword
// to the user's value if bindAsCurrentUser is set to true in the
// LDAP source configuration
if (checkOK)
{
NSObject <SOGoDNSource> *currentSource;
NSEnumerator *sources;
sources = [[_sources allValues] objectEnumerator];
while ((currentSource = [sources nextObject]))
if ([currentSource conformsToProtocol: @protocol(SOGoDNSource)] &&
[currentSource bindAsCurrentUser] &&
[currentSource lookupDNByLogin: _login])
{
[currentSource setBindDN: [currentSource lookupDNByLogin: _login]];
[currentSource setBindPassword: _pwd];
}
}
return checkOK;
}

2
SoObjects/SOGo/SQLSource.h
View File

@ -1,6 +1,6 @@
/* SQLSource.h - this file is part of SOGo
*
* Copyright (C) 2009 Inverse inc.
* Copyright (C) 2009-2010 Inverse inc.
*
* Author: Ludovic Marcotte <lmarcotte@inverse.ca>
*