See ChangeLog
Monotone-Parent: 535292a4d5c9f53624dcaabc419821b5755e9ccc Monotone-Revision: c35e5e0bbfa47c91a6b8c9b68bf31ca78ee421fc Monotone-Author: ludovic@Sophos.ca Monotone-Date: 2010-12-14T18:08:36 Monotone-Branch: ca.inverse.sogomaint-2.0.2
parent
ba45f18cfe
commit
2c246f3e7a
|
@ -1,3 +1,10 @@
|
||||||
|
2010-12-14 Ludovic Marcotte <lmarcotte@inverse.ca>
|
||||||
|
|
||||||
|
* Implemented the "bindAsCurrentUser" feature (when
|
||||||
|
set to the LDAP SOGoUserSources, to YES) which forces
|
||||||
|
SOGo to use the DN of the currently "requesting" user
|
||||||
|
to perform all LDAP-related operations
|
||||||
|
|
||||||
2010-12-13 Wolfgang Sourdeau <wsourdeau@inverse.ca>
|
2010-12-13 Wolfgang Sourdeau <wsourdeau@inverse.ca>
|
||||||
|
|
||||||
* OpenChange/EOQualifier+MAPIFS.[hm]: new category module for
|
* OpenChange/EOQualifier+MAPIFS.[hm]: new category module for
|
||||||
|
|
Binary file not shown.
|
@ -1,14 +1,15 @@
|
||||||
/*
|
/*
|
||||||
|
Copyright (C) 2005-2010 Inverse inc.
|
||||||
Copyright (C) 2004-2005 SKYRIX Software AG
|
Copyright (C) 2004-2005 SKYRIX Software AG
|
||||||
|
|
||||||
This file is part of OpenGroupware.org.
|
This file is part of SOGo.
|
||||||
|
|
||||||
OGo is free software; you can redistribute it and/or modify it under
|
SOGo is free software; you can redistribute it and/or modify it under
|
||||||
the terms of the GNU Lesser General Public License as published by the
|
the terms of the GNU Lesser General Public License as published by the
|
||||||
Free Software Foundation; either version 2, or (at your option) any
|
Free Software Foundation; either version 2, or (at your option) any
|
||||||
later version.
|
later version.
|
||||||
|
|
||||||
OGo is distributed in the hope that it will be useful, but WITHOUT ANY
|
SOGo is distributed in the hope that it will be useful, but WITHOUT ANY
|
||||||
WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||||
FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
|
FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
|
||||||
License for more details.
|
License for more details.
|
||||||
|
@ -38,7 +39,6 @@
|
||||||
|
|
||||||
- (NSDictionary *) currentLocaleConsideringLanguages:(NSArray *)_langs;
|
- (NSDictionary *) currentLocaleConsideringLanguages:(NSArray *)_langs;
|
||||||
- (NSDictionary *) localeForLanguageNamed:(NSString *)_name;
|
- (NSDictionary *) localeForLanguageNamed:(NSString *)_name;
|
||||||
|
|
||||||
- (NSString *) davURLAsString;
|
- (NSString *) davURLAsString;
|
||||||
|
|
||||||
@end
|
@end
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
* Copyright (C) 2007-2010 Inverse inc.
|
* Copyright (C) 2007-2010 Inverse inc.
|
||||||
*
|
*
|
||||||
* Author: Wolfgang Sourdeau <wsourdeau@inverse.ca>
|
* Author: Wolfgang Sourdeau <wsourdeau@inverse.ca>
|
||||||
|
* Ludovic Marcotte <lmarcotte@inverse.ca>
|
||||||
*
|
*
|
||||||
* This file is free software; you can redistribute it and/or modify
|
* This file is free software; you can redistribute it and/or modify
|
||||||
* it under the terms of the GNU General Public License as published by
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
@ -54,6 +55,7 @@
|
||||||
NSArray *mailFields;
|
NSArray *mailFields;
|
||||||
NSString *IMAPHostField;
|
NSString *IMAPHostField;
|
||||||
NSArray *bindFields;
|
NSArray *bindFields;
|
||||||
|
BOOL _bindAsCurrentUser;
|
||||||
|
|
||||||
NSString *domain;
|
NSString *domain;
|
||||||
NSString *contactInfoAttribute;
|
NSString *contactInfoAttribute;
|
||||||
|
@ -61,15 +63,18 @@
|
||||||
NSDictionary *modulesConstraints;
|
NSDictionary *modulesConstraints;
|
||||||
|
|
||||||
NSMutableArray *searchAttributes;
|
NSMutableArray *searchAttributes;
|
||||||
|
|
||||||
BOOL passwordPolicy;
|
BOOL passwordPolicy;
|
||||||
|
|
||||||
|
NSMutableDictionary *_dnCache;
|
||||||
}
|
}
|
||||||
|
|
||||||
- (void) setBindDN: (NSString *) newBindDN
|
- (void) setBindDN: (NSString *) newBindDN
|
||||||
password: (NSString *) newBindPassword
|
password: (NSString *) newBindPassword
|
||||||
hostname: (NSString *) newBindHostname
|
hostname: (NSString *) newBindHostname
|
||||||
port: (NSString *) newBindPort
|
port: (NSString *) newBindPort
|
||||||
encryption: (NSString *) newEncryption;
|
encryption: (NSString *) newEncryption
|
||||||
|
bindAsCurrentUser: (NSString *) bindAsCurrentUser;
|
||||||
|
|
||||||
- (void) setBaseDN: (NSString *) newBaseDN
|
- (void) setBaseDN: (NSString *) newBaseDN
|
||||||
IDField: (NSString *) newIDField
|
IDField: (NSString *) newIDField
|
||||||
|
|
|
@ -1,8 +1,9 @@
|
||||||
/* LDAPSource.m - this file is part of SOGo
|
/* LDAPSource.m - this file is part of SOGo
|
||||||
*
|
*
|
||||||
* Copyright (C) 2007-2009 Inverse inc.
|
* Copyright (C) 2007-2010 Inverse inc.
|
||||||
*
|
*
|
||||||
* Author: Wolfgang Sourdeau <wsourdeau@inverse.ca>
|
* Author: Wolfgang Sourdeau <wsourdeau@inverse.ca>
|
||||||
|
* Ludovic Marcotte <lmarcotte@inverse.ca>
|
||||||
*
|
*
|
||||||
* This file is free software; you can redistribute it and/or modify
|
* This file is free software; you can redistribute it and/or modify
|
||||||
* it under the terms of the GNU General Public License as published by
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
@ -40,6 +41,8 @@
|
||||||
|
|
||||||
#import "LDAPSource.h"
|
#import "LDAPSource.h"
|
||||||
|
|
||||||
|
#import "../../Main/SOGo.h"
|
||||||
|
|
||||||
#define SafeLDAPCriteria(x) [[[x stringByReplacingString: @"\\" withString: @"\\\\"] \
|
#define SafeLDAPCriteria(x) [[[x stringByReplacingString: @"\\" withString: @"\\\\"] \
|
||||||
stringByReplacingString: @"'" withString: @"\\'"] \
|
stringByReplacingString: @"'" withString: @"\\'"] \
|
||||||
stringByReplacingString: @"%" withString: @"%%"]
|
stringByReplacingString: @"%" withString: @"%%"]
|
||||||
|
@ -162,6 +165,8 @@ static NSArray *commonSearchFields;
|
||||||
|
|
||||||
searchAttributes = nil;
|
searchAttributes = nil;
|
||||||
passwordPolicy = NO;
|
passwordPolicy = NO;
|
||||||
|
|
||||||
|
_dnCache = [[NSMutableDictionary alloc] init];
|
||||||
}
|
}
|
||||||
|
|
||||||
return self;
|
return self;
|
||||||
|
@ -169,6 +174,7 @@ static NSArray *commonSearchFields;
|
||||||
|
|
||||||
- (void) dealloc
|
- (void) dealloc
|
||||||
{
|
{
|
||||||
|
NSLog(@"LDAPSource: -dealloc");
|
||||||
[bindDN release];
|
[bindDN release];
|
||||||
[hostname release];
|
[hostname release];
|
||||||
[encryption release];
|
[encryption release];
|
||||||
|
@ -186,6 +192,7 @@ static NSArray *commonSearchFields;
|
||||||
[_scope release];
|
[_scope release];
|
||||||
[searchAttributes release];
|
[searchAttributes release];
|
||||||
[domain release];
|
[domain release];
|
||||||
|
[_dnCache release];
|
||||||
[super dealloc];
|
[super dealloc];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -203,7 +210,9 @@ static NSArray *commonSearchFields;
|
||||||
password: [udSource objectForKey: @"bindPassword"]
|
password: [udSource objectForKey: @"bindPassword"]
|
||||||
hostname: [udSource objectForKey: @"hostname"]
|
hostname: [udSource objectForKey: @"hostname"]
|
||||||
port: [udSource objectForKey: @"port"]
|
port: [udSource objectForKey: @"port"]
|
||||||
encryption: [udSource objectForKey: @"encryption"]];
|
encryption: [udSource objectForKey: @"encryption"]
|
||||||
|
bindAsCurrentUser: [udSource objectForKey: @"bindAsCurrentUser"]];
|
||||||
|
|
||||||
[self setBaseDN: [udSource objectForKey: @"baseDN"]
|
[self setBaseDN: [udSource objectForKey: @"baseDN"]
|
||||||
IDField: [udSource objectForKey: @"IDFieldName"]
|
IDField: [udSource objectForKey: @"IDFieldName"]
|
||||||
CNField: [udSource objectForKey: @"CNFieldName"]
|
CNField: [udSource objectForKey: @"CNFieldName"]
|
||||||
|
@ -252,11 +261,27 @@ static NSArray *commonSearchFields;
|
||||||
return self;
|
return self;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
- (void) setBindDN: (NSString *) theDN
|
||||||
|
{
|
||||||
|
ASSIGN(bindDN, theDN);
|
||||||
|
}
|
||||||
|
|
||||||
|
- (void) setBindPassword: (NSString *) thePassword
|
||||||
|
{
|
||||||
|
ASSIGN (password, thePassword);
|
||||||
|
}
|
||||||
|
|
||||||
|
- (BOOL) bindAsCurrentUser
|
||||||
|
{
|
||||||
|
return _bindAsCurrentUser;
|
||||||
|
}
|
||||||
|
|
||||||
- (void) setBindDN: (NSString *) newBindDN
|
- (void) setBindDN: (NSString *) newBindDN
|
||||||
password: (NSString *) newBindPassword
|
password: (NSString *) newBindPassword
|
||||||
hostname: (NSString *) newBindHostname
|
hostname: (NSString *) newBindHostname
|
||||||
port: (NSString *) newBindPort
|
port: (NSString *) newBindPort
|
||||||
encryption: (NSString *) newEncryption
|
encryption: (NSString *) newEncryption
|
||||||
|
bindAsCurrentUser: (NSString *) bindAsCurrentUser
|
||||||
{
|
{
|
||||||
ASSIGN (bindDN, newBindDN);
|
ASSIGN (bindDN, newBindDN);
|
||||||
ASSIGN (encryption, [newEncryption uppercaseString]);
|
ASSIGN (encryption, [newEncryption uppercaseString]);
|
||||||
|
@ -266,6 +291,7 @@ static NSArray *commonSearchFields;
|
||||||
if (newBindPort)
|
if (newBindPort)
|
||||||
port = [newBindPort intValue];
|
port = [newBindPort intValue];
|
||||||
ASSIGN (password, newBindPassword);
|
ASSIGN (password, newBindPassword);
|
||||||
|
_bindAsCurrentUser = [bindAsCurrentUser boolValue];
|
||||||
}
|
}
|
||||||
|
|
||||||
- (void) setBaseDN: (NSString *) newBaseDN
|
- (void) setBaseDN: (NSString *) newBaseDN
|
||||||
|
@ -337,6 +363,8 @@ static NSArray *commonSearchFields;
|
||||||
|
|
||||||
NS_DURING
|
NS_DURING
|
||||||
{
|
{
|
||||||
|
//NSLog(@"Creating NGLdapConnection instance for bindDN '%@'", bindDN);
|
||||||
|
|
||||||
ldapConnection = [[NGLdapConnection alloc] initWithHostName: hostname
|
ldapConnection = [[NGLdapConnection alloc] initWithHostName: hostname
|
||||||
port: port];
|
port: port];
|
||||||
[ldapConnection autorelease];
|
[ldapConnection autorelease];
|
||||||
|
@ -442,11 +470,21 @@ static NSArray *commonSearchFields;
|
||||||
{
|
{
|
||||||
if (queryTimeout > 0)
|
if (queryTimeout > 0)
|
||||||
[bindConnection setQueryTimeLimit: queryTimeout];
|
[bindConnection setQueryTimeLimit: queryTimeout];
|
||||||
if (bindFields)
|
|
||||||
userDN = [self _fetchUserDNForLogin: _login];
|
userDN = [_dnCache objectForKey: _login];
|
||||||
else
|
|
||||||
userDN = [NSString stringWithFormat: @"%@=%@,%@",
|
if (!userDN)
|
||||||
IDField, _login, baseDN];
|
{
|
||||||
|
if (bindFields)
|
||||||
|
userDN = [self _fetchUserDNForLogin: _login];
|
||||||
|
else
|
||||||
|
userDN = [NSString stringWithFormat: @"%@=%@,%@",
|
||||||
|
IDField, _login, baseDN];
|
||||||
|
}
|
||||||
|
|
||||||
|
// We cache the _login <-> userDN entry to speed up things
|
||||||
|
[_dnCache setObject: userDN forKey: _login];
|
||||||
|
|
||||||
if (userDN)
|
if (userDN)
|
||||||
{
|
{
|
||||||
NS_DURING
|
NS_DURING
|
||||||
|
@ -975,6 +1013,11 @@ static NSArray *commonSearchFields;
|
||||||
return login;
|
return login;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
- (NSString *) lookupDNByLogin: (NSString *) theLogin
|
||||||
|
{
|
||||||
|
return [_dnCache objectForKey: theLogin];
|
||||||
|
}
|
||||||
|
|
||||||
- (NGLdapEntry *) lookupGroupEntryByUID: (NSString *) theUID
|
- (NGLdapEntry *) lookupGroupEntryByUID: (NSString *) theUID
|
||||||
{
|
{
|
||||||
return [self lookupGroupEntryByAttribute: UIDField
|
return [self lookupGroupEntryByAttribute: UIDField
|
||||||
|
|
|
@ -41,6 +41,7 @@
|
||||||
- (NSString *) domain;
|
- (NSString *) domain;
|
||||||
|
|
||||||
- (BOOL) checkLogin: (NSString *) _login
|
- (BOOL) checkLogin: (NSString *) _login
|
||||||
|
|
||||||
password: (NSString *) _pwd
|
password: (NSString *) _pwd
|
||||||
perr: (SOGoPasswordPolicyError *) _perr
|
perr: (SOGoPasswordPolicyError *) _perr
|
||||||
expire: (int *) _expire
|
expire: (int *) _expire
|
||||||
|
@ -62,7 +63,13 @@
|
||||||
|
|
||||||
@protocol SOGoDNSource <SOGoSource>
|
@protocol SOGoDNSource <SOGoSource>
|
||||||
|
|
||||||
|
- (void) setBindDN: (NSString *) theDN;
|
||||||
|
- (void) setBindPassword: (NSString *) thePassword;
|
||||||
|
- (BOOL) bindAsCurrentUser;
|
||||||
|
|
||||||
- (NSString *) lookupLoginByDN: (NSString *) theDN;
|
- (NSString *) lookupLoginByDN: (NSString *) theDN;
|
||||||
|
- (NSString *) lookupDNByLogin: (NSString *) theLogin;
|
||||||
|
|
||||||
- (NSString *) baseDN;
|
- (NSString *) baseDN;
|
||||||
|
|
||||||
@end
|
@end
|
||||||
|
|
|
@ -1,15 +1,15 @@
|
||||||
/*
|
/*
|
||||||
Copyright (C) 2006-2009 Inverse inc.
|
Copyright (C) 2006-2010 Inverse inc.
|
||||||
Copyright (C) 2005 SKYRIX Software AG
|
Copyright (C) 2005 SKYRIX Software AG
|
||||||
|
|
||||||
This file is part of OpenGroupware.org.
|
This file is part of SOGo.
|
||||||
|
|
||||||
OGo is free software; you can redistribute it and/or modify it under
|
SOGo is free software; you can redistribute it and/or modify it under
|
||||||
the terms of the GNU Lesser General Public License as published by the
|
the terms of the GNU Lesser General Public License as published by the
|
||||||
Free Software Foundation; either version 2, or (at your option) any
|
Free Software Foundation; either version 2, or (at your option) any
|
||||||
later version.
|
later version.
|
||||||
|
|
||||||
OGo is distributed in the hope that it will be useful, but WITHOUT ANY
|
SOGo is distributed in the hope that it will be useful, but WITHOUT ANY
|
||||||
WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||||
FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
|
FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
|
||||||
License for more details.
|
License for more details.
|
||||||
|
@ -29,7 +29,7 @@
|
||||||
SOGoUser
|
SOGoUser
|
||||||
|
|
||||||
This adds some additional SOGo properties to the SoUser object. The
|
This adds some additional SOGo properties to the SoUser object. The
|
||||||
properties are (currently) looked up using the LDAPUserManager.
|
properties are (currently) looked up using the SOGoUserManager.
|
||||||
|
|
||||||
You have access to this object from the WOContext:
|
You have access to this object from the WOContext:
|
||||||
context.activeUser
|
context.activeUser
|
||||||
|
@ -52,12 +52,6 @@
|
||||||
@class SOGoUserProfile;
|
@class SOGoUserProfile;
|
||||||
@class SOGoUserSettings;
|
@class SOGoUserSettings;
|
||||||
|
|
||||||
// @interface SoUser (SOGoExtension)
|
|
||||||
|
|
||||||
// - (NSString *) language;
|
|
||||||
|
|
||||||
// @end
|
|
||||||
|
|
||||||
@interface SOGoUser : SoUser
|
@interface SOGoUser : SoUser
|
||||||
{
|
{
|
||||||
SOGoUserDefaults *_defaults;
|
SOGoUserDefaults *_defaults;
|
||||||
|
@ -72,8 +66,6 @@
|
||||||
NSString *cn;
|
NSString *cn;
|
||||||
}
|
}
|
||||||
|
|
||||||
// + (NSString *) language;
|
|
||||||
|
|
||||||
+ (SOGoUser *) userWithLogin: (NSString *) newLogin;
|
+ (SOGoUser *) userWithLogin: (NSString *) newLogin;
|
||||||
|
|
||||||
+ (SOGoUser *) userWithLogin: (NSString *) login
|
+ (SOGoUser *) userWithLogin: (NSString *) login
|
||||||
|
|
|
@ -416,6 +416,9 @@
|
||||||
NSMutableDictionary *currentUser;
|
NSMutableDictionary *currentUser;
|
||||||
BOOL checkOK;
|
BOOL checkOK;
|
||||||
|
|
||||||
|
// We check for cached passwords. If the entry is cached, we
|
||||||
|
// check this immediately. If not, we'll go directly at the
|
||||||
|
// authentication source and try to validate there, then cache it.
|
||||||
jsonUser = [[SOGoCache sharedCache] userAttributesForLogin: _login];
|
jsonUser = [[SOGoCache sharedCache] userAttributesForLogin: _login];
|
||||||
currentUser = [jsonUser objectFromJSONString];
|
currentUser = [jsonUser objectFromJSONString];
|
||||||
dictPassword = [currentUser objectForKey: @"password"];
|
dictPassword = [currentUser objectForKey: @"password"];
|
||||||
|
@ -446,6 +449,25 @@
|
||||||
else
|
else
|
||||||
checkOK = NO;
|
checkOK = NO;
|
||||||
|
|
||||||
|
// We MUST, for all LDAP sources, update the bindDN and bindPassword
|
||||||
|
// to the user's value if bindAsCurrentUser is set to true in the
|
||||||
|
// LDAP source configuration
|
||||||
|
if (checkOK)
|
||||||
|
{
|
||||||
|
NSObject <SOGoDNSource> *currentSource;
|
||||||
|
NSEnumerator *sources;
|
||||||
|
|
||||||
|
sources = [[_sources allValues] objectEnumerator];
|
||||||
|
while ((currentSource = [sources nextObject]))
|
||||||
|
if ([currentSource conformsToProtocol: @protocol(SOGoDNSource)] &&
|
||||||
|
[currentSource bindAsCurrentUser] &&
|
||||||
|
[currentSource lookupDNByLogin: _login])
|
||||||
|
{
|
||||||
|
[currentSource setBindDN: [currentSource lookupDNByLogin: _login]];
|
||||||
|
[currentSource setBindPassword: _pwd];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return checkOK;
|
return checkOK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/* SQLSource.h - this file is part of SOGo
|
/* SQLSource.h - this file is part of SOGo
|
||||||
*
|
*
|
||||||
* Copyright (C) 2009 Inverse inc.
|
* Copyright (C) 2009-2010 Inverse inc.
|
||||||
*
|
*
|
||||||
* Author: Ludovic Marcotte <lmarcotte@inverse.ca>
|
* Author: Ludovic Marcotte <lmarcotte@inverse.ca>
|
||||||
*
|
*
|
||||||
|
|
Loading…
Reference in New Issue