summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon Rettberg2024-06-25 11:40:36 +0200
committerSimon Rettberg2024-06-25 11:40:36 +0200
commit2ea077382d0500a6554018539a985e0eaf32a92a (patch)
tree9f76201947dafed4ed4ca15a2f73960e9c593774
parentAdd allowed-shibboleth-domains config option to inject in website (diff)
downloadslxgreeter-2ea077382d0500a6554018539a985e0eaf32a92a.tar.gz
slxgreeter-2ea077382d0500a6554018539a985e0eaf32a92a.tar.xz
slxgreeter-2ea077382d0500a6554018539a985e0eaf32a92a.zip
Make shibboleth whitelist a folder which can contain multiple files
This way we can allow the user the create and specify multiple config modules for shibboleth at once.
-rw-r--r--src/global.cpp27
-rw-r--r--src/global.h2
-rw-r--r--src/nam.cpp2
-rw-r--r--src/nam.h2
-rw-r--r--src/settings.h2
-rw-r--r--src/webview.cpp6
6 files changed, 35 insertions, 6 deletions
diff --git a/src/global.cpp b/src/global.cpp
index ab2519b..91704f3 100644
--- a/src/global.cpp
+++ b/src/global.cpp
@@ -9,6 +9,7 @@
#include <QStringList>
#include <QCryptographicHash>
#include <QRegularExpression>
+#include <QSet>
bool Global::m_testMode = false;
@@ -139,3 +140,29 @@ bool Global::isValidShibCreds(const QString &ustr, const QString &upass)
&& R_USER.match(ustr).hasMatch()
&& R_PASS.match(upass).hasMatch();
}
+
+QString Global::getCombinedIdpWhitelist()
+{
+ QDir configDir(QLatin1String("/opt/openslx/pam/shibboleth/whitelist"));
+ QFileInfoList fileInfoList = configDir.entryInfoList(QStringList() << "*.idp", QDir::Files);
+
+ QSet<QString> list;
+ for (QFileInfo fileInfo : fileInfoList) {
+ QString filePath = fileInfo.absoluteFilePath();
+ QFile f(filePath);
+ if (!f.open(QFile::ReadOnly))
+ continue;
+ while (f.canReadLine()) {
+ list << QString::fromUtf8(f.readLine());
+ }
+ f.close();
+ }
+ QString retval;
+ for (const QString &s : list) {
+ if (!retval.isEmpty()) {
+ retval.append(QLatin1Char(' '));
+ }
+ retval += s;
+ }
+ return retval;
+}
diff --git a/src/global.h b/src/global.h
index d581c07..7985175 100644
--- a/src/global.h
+++ b/src/global.h
@@ -56,6 +56,8 @@ public:
static bool isValidShibCreds(const QString &ustr, const QString &upass);
+ static QString getCombinedIdpWhitelist();
+
private:
static bool m_testMode;
static QLightDM::Greeter *m_Greeter;
diff --git a/src/nam.cpp b/src/nam.cpp
index 6128c40..b244505 100644
--- a/src/nam.cpp
+++ b/src/nam.cpp
@@ -49,6 +49,6 @@ QNetworkReply* SlxNetworkAccessManager::createRequest(QNetworkAccessManager::Ope
return new SlxDisabledNetworkReply(this, req, op);
}
auto cp(req);
- cp.setAttribute(QNetworkRequest::HTTP2AllowedAttribute, QVariant(false));
+ cp.setAttribute(QNetworkRequest::Http2AllowedAttribute, QVariant(false));
return QNetworkAccessManager::createRequest(op, cp, outgoingData);
}
diff --git a/src/nam.h b/src/nam.h
index ec2bb17..d1406be 100644
--- a/src/nam.h
+++ b/src/nam.h
@@ -13,7 +13,7 @@ class SlxNetworkAccessManager : public QNetworkAccessManager
Q_OBJECT
public:
SlxNetworkAccessManager(QRegularExpression blackList, QRegularExpression whiteList, QObject *parent = nullptr)
- : QNetworkAccessManager(parent), _black(blackList), _white(whiteList) {}
+ : QNetworkAccessManager(parent), _black(blackList), _white(whiteList) { }
protected:
QNetworkReply* createRequest(QNetworkAccessManager::Operation op,
const QNetworkRequest &originalReq, QIODevice *outgoingData = nullptr) override;
diff --git a/src/settings.h b/src/settings.h
index a218e3b..ce6da1d 100644
--- a/src/settings.h
+++ b/src/settings.h
@@ -25,6 +25,7 @@ public:
for (QFileInfo fileInfo : fileInfoList) {
QString filePath = fileInfo.absoluteFilePath();
QSettings setting(filePath, IniFormat);
+ setting.setIniCodec(QTextCodec::codecForLocale());
for(QString key : setting.allKeys()) {
this->setValue(key, setting.value(key));
}
@@ -60,7 +61,6 @@ public:
static QString guestSessionButtonText() { return s_settings->value("guest-session-button-text").toString(); }
static QString guestSessionStartText() { return s_settings->value("guest-session-start-text").toString(); }
static QString guestSessionStartButtonText() { return s_settings->value("guest-session-start-button-text").toString(); }
- static QString allowedShibbolethDomains() { return s_settings->value("allowed-shibboleth-domains").toString(); }
static int resetForm() { return s_settings->value("reset-timeout", "30").toInt(); }
static int rpcPort() { return s_settings->value("rpc-port", "0").toInt(); }
};
diff --git a/src/webview.cpp b/src/webview.cpp
index 4fb8511..7646324 100644
--- a/src/webview.cpp
+++ b/src/webview.cpp
@@ -41,7 +41,7 @@ WebView::WebView(QWidget* parent)
_firstLoad(false)
{
auto p = new UaWebPage;
- if (!Settings::allowedShibbolethDomains().trimmed().isEmpty()) {
+ if (!Global::getCombinedIdpWhitelist().trimmed().isEmpty()) {
QObject::connect(p, &UaWebPage::frameCreated, [this](QWebFrame *frame) {
QObject::connect(frame, &QWebFrame::javaScriptWindowObjectCleared, [this, frame]() {
this->jsInjector(frame);
@@ -72,8 +72,8 @@ WebView::WebView(QWidget* parent)
void WebView::jsInjector(QWebFrame *frame)
{
- QString str = Settings::allowedShibbolethDomains().replace(
- QRegularExpression("[^\\w. -]", QRegularExpression::UseUnicodePropertiesOption),
+ QString str = Global::getCombinedIdpWhitelist().replace(
+ QRegularExpression("[^\\w. /:-]", QRegularExpression::UseUnicodePropertiesOption),
QStringLiteral(""));
frame->evaluateJavaScript(QStringLiteral("var slxIdpFilter ='") + str + QStringLiteral("'"));
}