LupusNobilis
/
sogo
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

See ChangeLog 

Monotone-Parent: 535292a4d5c9f53624dcaabc419821b5755e9ccc
Monotone-Revision: c35e5e0bbfa47c91a6b8c9b68bf31ca78ee421fc

Monotone-Author: ludovic@Sophos.ca
Monotone-Date: 2010-12-14T18:08:36
Monotone-Branch: ca.inverse.sogo
maint-2.0.2
Ludovic Marcotte 2010-12-14 18:08:36 +00:00
parent ba45f18cfe
commit 2c246f3e7a
9 changed files with 103 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ChangeLog
View File

@ -1,3 +1,10 @@
2010-12-14 Ludovic Marcotte <lmarcotte@inverse.ca>
* Implemented the "bindAsCurrentUser" feature (when
set to the LDAP SOGoUserSources, to YES) which forces
SOGo to use the DN of the currently "requesting" user
to perform all LDAP-related operations
2010-12-13 Wolfgang Sourdeau <wsourdeau@inverse.ca> 2010-12-13 Wolfgang Sourdeau <wsourdeau@inverse.ca>
* OpenChange/EOQualifier+MAPIFS.[hm]: new category module for * OpenChange/EOQualifier+MAPIFS.[hm]: new category module for

BIN
Documentation/SOGo Installation Guide.odt
View File

Binary file not shown.

8
Main/SOGo.h
View File

@ -1,14 +1,15 @@
/* /*
Copyright (C) 2005-2010 Inverse inc.
Copyright (C) 2004-2005 SKYRIX Software AG Copyright (C) 2004-2005 SKYRIX Software AG
This file is part of OpenGroupware.org. This file is part of SOGo.
OGo is free software; you can redistribute it and/or modify it under SOGo is free software; you can redistribute it and/or modify it under
the terms of the GNU Lesser General Public License as published by the the terms of the GNU Lesser General Public License as published by the
Free Software Foundation; either version 2, or (at your option) any Free Software Foundation; either version 2, or (at your option) any
later version. later version.
OGo is distributed in the hope that it will be useful, but WITHOUT ANY SOGo is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
License for more details. License for more details.
@ -38,7 +39,6 @@
- (NSDictionary *) currentLocaleConsideringLanguages:(NSArray *)_langs; - (NSDictionary *) currentLocaleConsideringLanguages:(NSArray *)_langs;
- (NSDictionary *) localeForLanguageNamed:(NSString *)_name; - (NSDictionary *) localeForLanguageNamed:(NSString *)_name;
- (NSString *) davURLAsString; - (NSString *) davURLAsString;
@end @end

9
SoObjects/SOGo/LDAPSource.h
View File

@ -3,6 +3,7 @@
* Copyright (C) 2007-2010 Inverse inc. * Copyright (C) 2007-2010 Inverse inc.
* *
* Author: Wolfgang Sourdeau <wsourdeau@inverse.ca> * Author: Wolfgang Sourdeau <wsourdeau@inverse.ca>
* Ludovic Marcotte <lmarcotte@inverse.ca>
* *
* This file is free software; you can redistribute it and/or modify * This file is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -54,6 +55,7 @@
NSArray *mailFields; NSArray *mailFields;
NSString *IMAPHostField; NSString *IMAPHostField;
NSArray *bindFields; NSArray *bindFields;
BOOL _bindAsCurrentUser;
NSString *domain; NSString *domain;
NSString *contactInfoAttribute; NSString *contactInfoAttribute;
@ -61,15 +63,18 @@
NSDictionary *modulesConstraints; NSDictionary *modulesConstraints;
NSMutableArray *searchAttributes; NSMutableArray *searchAttributes;
BOOL passwordPolicy; BOOL passwordPolicy;
NSMutableDictionary *_dnCache;
} }
- (void) setBindDN: (NSString *) newBindDN - (void) setBindDN: (NSString *) newBindDN
password: (NSString *) newBindPassword password: (NSString *) newBindPassword
hostname: (NSString *) newBindHostname hostname: (NSString *) newBindHostname
port: (NSString *) newBindPort port: (NSString *) newBindPort
encryption: (NSString *) newEncryption; encryption: (NSString *) newEncryption
bindAsCurrentUser: (NSString *) bindAsCurrentUser;
- (void) setBaseDN: (NSString *) newBaseDN - (void) setBaseDN: (NSString *) newBaseDN
IDField: (NSString *) newIDField IDField: (NSString *) newIDField

57
SoObjects/SOGo/LDAPSource.m
View File

@ -1,8 +1,9 @@
/* LDAPSource.m - this file is part of SOGo /* LDAPSource.m - this file is part of SOGo
* *
* Copyright (C) 2007-2009 Inverse inc. * Copyright (C) 2007-2010 Inverse inc.
* *
* Author: Wolfgang Sourdeau <wsourdeau@inverse.ca> * Author: Wolfgang Sourdeau <wsourdeau@inverse.ca>
* Ludovic Marcotte <lmarcotte@inverse.ca>
* *
* This file is free software; you can redistribute it and/or modify * This file is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -40,6 +41,8 @@
#import "LDAPSource.h" #import "LDAPSource.h"
#import "../../Main/SOGo.h"
#define SafeLDAPCriteria(x) [[[x stringByReplacingString: @"\\" withString: @"\\\\"] \ #define SafeLDAPCriteria(x) [[[x stringByReplacingString: @"\\" withString: @"\\\\"] \
stringByReplacingString: @"'" withString: @"\\'"] \ stringByReplacingString: @"'" withString: @"\\'"] \
stringByReplacingString: @"%" withString: @"%%"] stringByReplacingString: @"%" withString: @"%%"]
@ -162,6 +165,8 @@ static NSArray *commonSearchFields;
searchAttributes = nil; searchAttributes = nil;
passwordPolicy = NO; passwordPolicy = NO;
_dnCache = [[NSMutableDictionary alloc] init];
} }
return self; return self;
@ -169,6 +174,7 @@ static NSArray *commonSearchFields;
- (void) dealloc - (void) dealloc
{ {
NSLog(@"LDAPSource: -dealloc");
[bindDN release]; [bindDN release];
[hostname release]; [hostname release];
[encryption release]; [encryption release];
@ -186,6 +192,7 @@ static NSArray *commonSearchFields;
[_scope release]; [_scope release];
[searchAttributes release]; [searchAttributes release];
[domain release]; [domain release];
[_dnCache release];
[super dealloc]; [super dealloc];
} }
@ -203,7 +210,9 @@ static NSArray *commonSearchFields;
password: [udSource objectForKey: @"bindPassword"] password: [udSource objectForKey: @"bindPassword"]
hostname: [udSource objectForKey: @"hostname"] hostname: [udSource objectForKey: @"hostname"]
port: [udSource objectForKey: @"port"] port: [udSource objectForKey: @"port"]
encryption: [udSource objectForKey: @"encryption"]]; encryption: [udSource objectForKey: @"encryption"]
bindAsCurrentUser: [udSource objectForKey: @"bindAsCurrentUser"]];
[self setBaseDN: [udSource objectForKey: @"baseDN"] [self setBaseDN: [udSource objectForKey: @"baseDN"]
IDField: [udSource objectForKey: @"IDFieldName"] IDField: [udSource objectForKey: @"IDFieldName"]
CNField: [udSource objectForKey: @"CNFieldName"] CNField: [udSource objectForKey: @"CNFieldName"]
@ -252,11 +261,27 @@ static NSArray *commonSearchFields;
return self; return self;
} }
- (void) setBindDN: (NSString *) theDN
{
ASSIGN(bindDN, theDN);
}
- (void) setBindPassword: (NSString *) thePassword
{
ASSIGN (password, thePassword);
}
- (BOOL) bindAsCurrentUser
{
return _bindAsCurrentUser;
}
- (void) setBindDN: (NSString *) newBindDN - (void) setBindDN: (NSString *) newBindDN
password: (NSString *) newBindPassword password: (NSString *) newBindPassword
hostname: (NSString *) newBindHostname hostname: (NSString *) newBindHostname
port: (NSString *) newBindPort port: (NSString *) newBindPort
encryption: (NSString *) newEncryption encryption: (NSString *) newEncryption
bindAsCurrentUser: (NSString *) bindAsCurrentUser
{ {
ASSIGN (bindDN, newBindDN); ASSIGN (bindDN, newBindDN);
ASSIGN (encryption, [newEncryption uppercaseString]); ASSIGN (encryption, [newEncryption uppercaseString]);
@ -266,6 +291,7 @@ static NSArray *commonSearchFields;
if (newBindPort) if (newBindPort)
port = [newBindPort intValue]; port = [newBindPort intValue];
ASSIGN (password, newBindPassword); ASSIGN (password, newBindPassword);
_bindAsCurrentUser = [bindAsCurrentUser boolValue];
} }
- (void) setBaseDN: (NSString *) newBaseDN - (void) setBaseDN: (NSString *) newBaseDN
@ -337,6 +363,8 @@ static NSArray *commonSearchFields;
NS_DURING NS_DURING
{ {
//NSLog(@"Creating NGLdapConnection instance for bindDN '%@'", bindDN);
ldapConnection = [[NGLdapConnection alloc] initWithHostName: hostname ldapConnection = [[NGLdapConnection alloc] initWithHostName: hostname
port: port]; port: port];
[ldapConnection autorelease]; [ldapConnection autorelease];
@ -442,11 +470,21 @@ static NSArray *commonSearchFields;
{ {
if (queryTimeout > 0) if (queryTimeout > 0)
[bindConnection setQueryTimeLimit: queryTimeout]; [bindConnection setQueryTimeLimit: queryTimeout];
if (bindFields)
userDN = [self _fetchUserDNForLogin: _login]; userDN = [_dnCache objectForKey: _login];
else
userDN = [NSString stringWithFormat: @"%@=%@,%@", if (!userDN)
IDField, _login, baseDN]; {
if (bindFields)
userDN = [self _fetchUserDNForLogin: _login];
else
userDN = [NSString stringWithFormat: @"%@=%@,%@",
IDField, _login, baseDN];
}
// We cache the _login <-> userDN entry to speed up things
[_dnCache setObject: userDN forKey: _login];
if (userDN) if (userDN)
{ {
NS_DURING NS_DURING
@ -975,6 +1013,11 @@ static NSArray *commonSearchFields;
return login; return login;
} }
- (NSString *) lookupDNByLogin: (NSString *) theLogin
{
return [_dnCache objectForKey: theLogin];
}
- (NGLdapEntry *) lookupGroupEntryByUID: (NSString *) theUID - (NGLdapEntry *) lookupGroupEntryByUID: (NSString *) theUID
{ {
return [self lookupGroupEntryByAttribute: UIDField return [self lookupGroupEntryByAttribute: UIDField

7
SoObjects/SOGo/SOGoSource.h
View File

@ -41,6 +41,7 @@
- (NSString *) domain; - (NSString *) domain;
- (BOOL) checkLogin: (NSString *) _login - (BOOL) checkLogin: (NSString *) _login
password: (NSString *) _pwd password: (NSString *) _pwd
perr: (SOGoPasswordPolicyError *) _perr perr: (SOGoPasswordPolicyError *) _perr
expire: (int *) _expire expire: (int *) _expire
@ -62,7 +63,13 @@
@protocol SOGoDNSource <SOGoSource> @protocol SOGoDNSource <SOGoSource>
- (void) setBindDN: (NSString *) theDN;
- (void) setBindPassword: (NSString *) thePassword;
- (BOOL) bindAsCurrentUser;
- (NSString *) lookupLoginByDN: (NSString *) theDN; - (NSString *) lookupLoginByDN: (NSString *) theDN;
- (NSString *) lookupDNByLogin: (NSString *) theLogin;
- (NSString *) baseDN; - (NSString *) baseDN;
@end @end

18
SoObjects/SOGo/SOGoUser.h
View File

@ -1,15 +1,15 @@
/* /*
Copyright (C) 2006-2009 Inverse inc. Copyright (C) 2006-2010 Inverse inc.
Copyright (C) 2005 SKYRIX Software AG Copyright (C) 2005 SKYRIX Software AG
This file is part of OpenGroupware.org. This file is part of SOGo.
OGo is free software; you can redistribute it and/or modify it under SOGo is free software; you can redistribute it and/or modify it under
the terms of the GNU Lesser General Public License as published by the the terms of the GNU Lesser General Public License as published by the
Free Software Foundation; either version 2, or (at your option) any Free Software Foundation; either version 2, or (at your option) any
later version. later version.
OGo is distributed in the hope that it will be useful, but WITHOUT ANY SOGo is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
License for more details. License for more details.
@ -29,7 +29,7 @@
SOGoUser SOGoUser
This adds some additional SOGo properties to the SoUser object. The This adds some additional SOGo properties to the SoUser object. The
properties are (currently) looked up using the LDAPUserManager. properties are (currently) looked up using the SOGoUserManager.
You have access to this object from the WOContext: You have access to this object from the WOContext:
context.activeUser context.activeUser
@ -52,12 +52,6 @@
@class SOGoUserProfile; @class SOGoUserProfile;
@class SOGoUserSettings; @class SOGoUserSettings;
// @interface SoUser (SOGoExtension)
// - (NSString *) language;
// @end
@interface SOGoUser : SoUser @interface SOGoUser : SoUser
{ {
SOGoUserDefaults *_defaults; SOGoUserDefaults *_defaults;
@ -72,8 +66,6 @@
NSString *cn; NSString *cn;
} }
// + (NSString *) language;
+ (SOGoUser *) userWithLogin: (NSString *) newLogin; + (SOGoUser *) userWithLogin: (NSString *) newLogin;
+ (SOGoUser *) userWithLogin: (NSString *) login + (SOGoUser *) userWithLogin: (NSString *) login

22
SoObjects/SOGo/SOGoUserManager.m
View File

@ -416,6 +416,9 @@
NSMutableDictionary *currentUser; NSMutableDictionary *currentUser;
BOOL checkOK; BOOL checkOK;
// We check for cached passwords. If the entry is cached, we
// check this immediately. If not, we'll go directly at the
// authentication source and try to validate there, then cache it.
jsonUser = [[SOGoCache sharedCache] userAttributesForLogin: _login]; jsonUser = [[SOGoCache sharedCache] userAttributesForLogin: _login];
currentUser = [jsonUser objectFromJSONString]; currentUser = [jsonUser objectFromJSONString];
dictPassword = [currentUser objectForKey: @"password"]; dictPassword = [currentUser objectForKey: @"password"];
@ -446,6 +449,25 @@
else else
checkOK = NO; checkOK = NO;
// We MUST, for all LDAP sources, update the bindDN and bindPassword
// to the user's value if bindAsCurrentUser is set to true in the
// LDAP source configuration
if (checkOK)
{
NSObject <SOGoDNSource> *currentSource;
NSEnumerator *sources;
sources = [[_sources allValues] objectEnumerator];
while ((currentSource = [sources nextObject]))
if ([currentSource conformsToProtocol: @protocol(SOGoDNSource)] &&
[currentSource bindAsCurrentUser] &&
[currentSource lookupDNByLogin: _login])
{
[currentSource setBindDN: [currentSource lookupDNByLogin: _login]];
[currentSource setBindPassword: _pwd];
}
}
return checkOK; return checkOK;
} }

2
SoObjects/SOGo/SQLSource.h
View File

@ -1,6 +1,6 @@
/* SQLSource.h - this file is part of SOGo /* SQLSource.h - this file is part of SOGo
* *
* Copyright (C) 2009 Inverse inc. * Copyright (C) 2009-2010 Inverse inc.
* *
* Author: Ludovic Marcotte <lmarcotte@inverse.ca> * Author: Ludovic Marcotte <lmarcotte@inverse.ca>
* *