/*
- * Sylpheed -- a GTK+ based, lightweight, and fast e-mail client
- * Copyright (C) 2003-2009 Match Grun and the Claws Mail team
+ * Claws Mail -- a GTK+ based, lightweight, and fast e-mail client
+ * Copyright (C) 2003-2018 Match Grun and the Claws Mail team
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
*/
/*
#ifdef HAVE_CONFIG_H
# include "config.h"
+#include "claws-features.h"
#endif
#ifdef USE_LDAP
#include <glib.h>
+#include <glib/gi18n.h>
#include <sys/time.h>
#include <string.h>
#include "ldaputil.h"
#include "utils.h"
#include "adbookbase.h"
+#include "passwordstore.h"
+#include "log.h"
/**
* Create new LDAP server interface object with no control object.
void ldapsrv_set_options (gint secs, LDAP *ld)
{
+#ifdef G_OS_UNIX
static struct timeval timeout;
- int rc;
- int i;
timeout.tv_sec = secs;
timeout.tv_usec = 0;
-#ifdef G_OS_UNIX
+ int i, rc;
i = LDAP_OPT_X_TLS_ALLOW;
rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &i);
- debug_print("cert %s\n", ldap_err2string(rc));
+ if (ld)
+ debug_print("cert %s\n", ldaputil_get_error(ld));
+ else
+ debug_print("cert %s\n", ldap_err2string(rc));
/* can crash old libldaps... */
rc = ldap_set_option(NULL, LDAP_OPT_NETWORK_TIMEOUT, &timeout);
- debug_print("tm %s\n", ldap_err2string(rc));
-#else
- rc = ldap_set_option(NULL, LDAP_OPT_TIMELIMIT, &secs);
- debug_print("tm %s\n", ldap_err2string(rc));
+ if (ld)
+ debug_print("tm %s\n", ldaputil_get_error(ld));
+ else
+ debug_print("tm %s\n", ldap_err2string(rc));
#endif
}
+#ifdef G_OS_WIN32
+#if LDAP_UNICODE
+#define LDAP_START_TLS_S "ldap_start_tls_sW"
+typedef ULONG (* PFldap_start_tls_s) (LDAP *, PULONG, LDAPMessage **, PLDAPControlW *, PLDAPControlW *);
+#else
+#define LDAP_START_TLS_S "ldap_start_tls_sA"
+typedef ULONG (* PFldap_start_tls_s) (LDAP *, PULONG, LDAPMessage **, PLDAPControlA *, PLDAPControlA *);
+#endif /* LDAP_UNICODE */
+PFldap_start_tls_s Win32_ldap_start_tls_s = NULL;
+#endif
+
/**
* Connect to LDAP server.
* \param ctl Control object to process.
LDAP *ldapsvr_connect(LdapControl *ctl) {
LDAP *ld = NULL;
gint rc;
+ gint op;
gint version;
gchar *uri = NULL;
gchar *pwd;
cm_return_val_if_fail(ctl != NULL, NULL);
ldapsrv_set_options (ctl->timeOut, NULL);
- uri = g_strdup_printf("ldap%s://%s:%d",
- ctl->enableSSL?"s":"",
- ctl->hostName, ctl->port);
+ if (ctl->enableSSL)
+ uri = g_strdup_printf("ldaps://%s:%d", ctl->hostName, ctl->port);
+ else
+ uri = g_strdup_printf("ldap://%s:%d", ctl->hostName, ctl->port);
#ifdef G_OS_UNIX
ldap_initialize(&ld, uri);
#else
ld = ldap_sslinit(ctl->hostName, ctl->port, ctl->enableSSL);
+ if (ld && ctl->enableSSL) {
+ version = LDAP_VERSION3;
+ debug_print("Setting version 3\n");
+ rc = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, (void *)&version);
+ if (rc == LDAP_SUCCESS) {
+ ctl->version = LDAP_VERSION3;
+ log_message(LOG_PROTOCOL, "LDAP (options): set version 3\n");
+ } else {
+ log_error(LOG_PROTOCOL, _("LDAP error (options): %d (%s)\n"),
+ rc, ldaputil_get_error(ld));
+ debug_print("Failed: %s\n", ldaputil_get_error(ld));
+ }
+
+ rc = ldap_get_option(ld, LDAP_OPT_SSL, (void*)&op);
+ if (rc != LDAP_SUCCESS) {
+ log_warning(LOG_PROTOCOL, _("LDAP warning (options): can't get SSL/TLS state\n"));
+ debug_print("Can't get SSL/TLS state\n");
+ }
+
+ if ((void *)op != LDAP_OPT_ON) {
+ debug_print("Enabling SSL/TLS\n");
+ op = LDAP_OPT_ON;
+ rc = ldap_set_option(ld, LDAP_OPT_SSL, (void *)&op);
+ if (rc != LDAP_SUCCESS) {
+ log_error(LOG_PROTOCOL, _("LDAP error (options): %d (%s)\n"),
+ rc, ldaputil_get_error(ld));
+ debug_print("Failed: %s\n", ldaputil_get_error(ld));
+ } else {
+ rc = ldap_get_option(ld, LDAP_OPT_SSL, (void*)&op);
+ if (rc != LDAP_SUCCESS) {
+ log_error(LOG_PROTOCOL, _("LDAP error (options): %d (%s)\n"),
+ rc, ldaputil_get_error(ld));
+ } else {
+ log_message(LOG_PROTOCOL, _("LDAP (options): SSL/TLS enabled (%d)\n"), op);
+ }
+ debug_print("SSL/TLS now %d\n", op);
+ }
+ }
+
+ if (!ld || (rc = ldap_connect(ld, NULL)) != LDAP_SUCCESS) {
+ log_error(LOG_PROTOCOL, _("LDAP error (connect): %d (%s)\n"),
+ rc, ldaputil_get_error(ld));
+ debug_print("ldap_connect failed: %d %s\n", rc, ldaputil_get_error(ld));
+ } else {
+ log_message(LOG_PROTOCOL, _("LDAP (connect): completed successfully\n"));
+ }
+ }
#endif
g_free(uri);
if (ld == NULL)
return NULL;
+ debug_print("Got handle to LDAP host %s on port %d\n", ctl->hostName, ctl->port);
- debug_print("connected to LDAP host %s on port %d\n", ctl->hostName, ctl->port);
-
-#ifdef USE_LDAP_TLS
- /* Handle TLS */
version = LDAP_VERSION3;
+ debug_print("Setting version 3\n");
rc = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version);
if (rc == LDAP_OPT_SUCCESS) {
ctl->version = LDAP_VERSION3;
+ log_message(LOG_PROTOCOL, "LDAP (options): set version 3\n");
+ } else {
+ log_error(LOG_PROTOCOL, _("LDAP error (options): %d (%s)\n"),
+ rc, ldaputil_get_error(ld));
}
+#if (defined USE_LDAP_TLS || defined G_OS_WIN32)
+ /* Handle TLS */
if (ctl->version == LDAP_VERSION3) {
if (ctl->enableTLS && !ctl->enableSSL) {
+#ifdef G_OS_WIN32
+ ULONG serv_rc;
+ if (Win32_ldap_start_tls_s == NULL) {
+ void *lib = LoadLibrary("wldap32.dll");
+ if (!lib || (Win32_ldap_start_tls_s = (PFldap_start_tls_s) GetProcAddress(lib, LDAP_START_TLS_S)) == NULL) {
+ log_error(LOG_PROTOCOL, _("LDAP error (TLS): "
+ "ldap_start_tls_s not supported on this platform\n"));
+ if (lib)
+ FreeLibrary(lib);
+ return NULL;
+ }
+ }
+ debug_print("Setting STARTTLS\n");
+ rc = Win32_ldap_start_tls_s(ld, &serv_rc, NULL, NULL, NULL);
+ debug_print("ldap_start_tls_s: %d server %d %s\n",
+ rc, serv_rc, ldaputil_get_error(ld));
+#else
+ debug_print("Setting STARTTLS\n");
rc = ldap_start_tls_s(ld, NULL, NULL);
-
+#endif
if (rc != LDAP_SUCCESS) {
- g_printerr("LDAP Error(tls): ldap_simple_bind_s: %s\n",
- ldap_err2string(rc));
+ log_error(LOG_PROTOCOL, _("LDAP error (TLS): ldap_start_tls_s: %d (%s)\n"),
+ rc, ldaputil_get_error(ld));
return NULL;
+ } else {
+ log_message(LOG_PROTOCOL, _("LDAP (TLS): started successfully\n"));
+ debug_print("Done\n");
}
}
}
/* Bind to the server, if required */
if (ctl->bindDN) {
if (* ctl->bindDN != '\0') {
- pwd = ldapctl_get_bind_password(ctl);
+ pwd = passwd_store_get(PWS_CORE, "LDAP", ctl->hostName);
rc = claws_ldap_simple_bind_s(ld, ctl->bindDN, pwd);
+ if (pwd != NULL && strlen(pwd) > 0)
+ memset(pwd, 0, strlen(pwd));
+ g_free(pwd);
if (rc != LDAP_SUCCESS) {
- g_printerr("bindDN: %s, bindPass xxx\n", ctl->bindDN);
- g_printerr("LDAP Error(bind): ldap_simple_bind_s: %s\n",
- ldap_err2string(rc));
- g_free(pwd);
+ log_error(LOG_PROTOCOL, _("LDAP error (bind): binding DN '%s': %d (%s)\n" ),
+ ctl->bindDN, rc, ldaputil_get_error(ld));
return NULL;
}
- g_free(pwd);
+ log_message(LOG_PROTOCOL, _("LDAP (bind): successfully for DN '%s'\n"),
+ ctl->bindDN);
}
}
return ld;
* \param ld Resource to LDAP.
*/
void ldapsvr_disconnect(LDAP *ld) {
+ gint rc;
/* Disconnect */
cm_return_if_fail(ld != NULL);
- ldap_unbind_ext(ld, NULL, NULL);
+ rc = ldap_unbind_ext(ld, NULL, NULL);
+ if (rc != LDAP_SUCCESS) {
+ log_error(LOG_PROTOCOL, _("LDAP error (unbind): %d (%s)\n"),
+ rc, ldaputil_get_error(ld));
+ } else {
+ log_message(LOG_PROTOCOL, _("LDAP (unbind): successful\n"));
+ }
}
#endif /* USE_LDAP */