/*
- * Sylpheed -- a GTK+ based, lightweight, and fast e-mail client
- * Copyright (C) 2003-2007 Match Grun and the Claws Mail team
+ * Claws Mail -- a GTK+ based, lightweight, and fast e-mail client
+ * Copyright (C) 2003-2018 Match Grun and the Claws Mail team
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
*/
/*
#ifdef HAVE_CONFIG_H
# include "config.h"
+#include "claws-features.h"
#endif
#ifdef USE_LDAP
#include <glib.h>
+#include <glib/gi18n.h>
#include <sys/time.h>
#include <string.h>
-#include <ldap.h>
-#include <lber.h>
#include "mgutils.h"
#include "addritem.h"
#include "ldaputil.h"
#include "utils.h"
#include "adbookbase.h"
+#include "passwordstore.h"
+#include "log.h"
/**
* Create new LDAP server interface object with no control object.
* \return Name for server.
*/
gchar *ldapsvr_get_name( LdapServer *server ) {
- g_return_val_if_fail( server != NULL, NULL );
+ cm_return_val_if_fail( server != NULL, NULL );
return addrcache_get_name( server->addressCache );
}
* \param value Name for server.
*/
void ldapsvr_set_name( LdapServer* server, const gchar *value ) {
- g_return_if_fail( server != NULL );
+ cm_return_if_fail( server != NULL );
addrcache_set_name( server->addressCache, value );
debug_print("setting name: %s\n", value?value:"null");
}
* \param server Server object.
*/
void ldapsvr_force_refresh( LdapServer *server ) {
- g_return_if_fail( server != NULL );
+ cm_return_if_fail( server != NULL );
addrcache_refresh( server->addressCache );
}
* \return Status/error code.
*/
gint ldapsvr_get_status( LdapServer *server ) {
- g_return_val_if_fail( server != NULL, -1 );
+ cm_return_val_if_fail( server != NULL, -1 );
return server->retVal;
}
* \return Root level folder.
*/
ItemFolder *ldapsvr_get_root_folder( LdapServer *server ) {
- g_return_val_if_fail( server != NULL, NULL );
+ cm_return_val_if_fail( server != NULL, NULL );
/*
g_print( "ldapsvr_get_root_folder/start\n" );
ldapsvr_print_data( server, stdout );
* \return <i>TRUE</i> if data was accessed.
*/
gboolean ldapsvr_get_accessed( LdapServer *server ) {
- g_return_val_if_fail( server != NULL, FALSE );
+ cm_return_val_if_fail( server != NULL, FALSE );
return server->addressCache->accessFlag;
}
* \param value Value for flag.
*/
void ldapsvr_set_accessed( LdapServer *server, const gboolean value ) {
- g_return_if_fail( server != NULL );
+ cm_return_if_fail( server != NULL );
server->addressCache->accessFlag = value;
debug_print("setting accessFlag: %d\n", value);
}
* \return <i>TRUE</i> if data was modified.
*/
gboolean ldapsvr_get_modified( LdapServer *server ) {
- g_return_val_if_fail( server != NULL, FALSE );
+ cm_return_val_if_fail( server != NULL, FALSE );
return server->addressCache->modified;
}
* \param value Value for flag.
*/
void ldapsvr_set_modified( LdapServer *server, const gboolean value ) {
- g_return_if_fail( server != NULL );
+ cm_return_if_fail( server != NULL );
server->addressCache->modified = value;
debug_print("setting modified: %d\n", value);
}
* \return <i>TRUE</i> if data was read.
*/
gboolean ldapsvr_get_read_flag( LdapServer *server ) {
- g_return_val_if_fail( server != NULL, FALSE );
+ cm_return_val_if_fail( server != NULL, FALSE );
return server->addressCache->dataRead;
}
* \return <i>TRUE</i> if server is used for dynamic searches.
*/
gboolean ldapsvr_get_search_flag( LdapServer *server ) {
- g_return_val_if_fail( server != NULL, FALSE );
+ cm_return_val_if_fail( server != NULL, FALSE );
return server->searchFlag;
}
* \param value Name for server.
*/
void ldapsvr_set_search_flag( LdapServer *server, const gboolean value ) {
- g_return_if_fail( server != NULL );
+ cm_return_if_fail( server != NULL );
server->searchFlag = value;
debug_print("setting searchFlag: %d\n", value);
}
* \param ctl Control data.
*/
void ldapsvr_set_control( LdapServer *server, LdapControl *ctl ) {
- g_return_if_fail( server != NULL );
+ cm_return_if_fail( server != NULL );
addrcache_refresh( server->addressCache );
server->control = ctl;
}
*/
void ldapsvr_free_all_query( LdapServer *server ) {
GList *node;
- g_return_if_fail( server != NULL );
+ cm_return_if_fail( server != NULL );
node = server->listQuery;
while( node ) {
* \param qry Query object.
*/
void ldapsvr_add_query( LdapServer *server, LdapQuery *qry ) {
- g_return_if_fail( server != NULL );
- g_return_if_fail( qry != NULL );
+ cm_return_if_fail( server != NULL );
+ cm_return_if_fail( qry != NULL );
server->listQuery = g_list_append( server->listQuery, qry );
qry->server = server;
* \param server Server object.
*/
void ldapsvr_free( LdapServer *server ) {
- g_return_if_fail( server != NULL );
+ cm_return_if_fail( server != NULL );
/* Stop and cancel any queries that may be active */
ldapsvr_stop_all_query( server );
GList *node;
gint i;
- g_return_if_fail( server != NULL );
+ cm_return_if_fail( server != NULL );
fprintf( stream, "LdapServer:\n" );
fprintf( stream, " ret val: %d\n", server->retVal );
* \return List of persons.
*/
GList *ldapsvr_get_list_person( LdapServer *server ) {
- g_return_val_if_fail( server != NULL, NULL );
+ cm_return_val_if_fail( server != NULL, NULL );
return addrcache_get_list_person( server->addressCache );
}
* \return List of folders.
*/
GList *ldapsvr_get_list_folder( LdapServer *server ) {
- g_return_val_if_fail( server != NULL, NULL );
+ cm_return_val_if_fail( server != NULL, NULL );
/* return addrcache_get_list_folder( server->addressCache ); */
return NULL;
}
void ldapsvr_execute_query( LdapServer *server, LdapQuery *qry ) {
LdapControl *ctlCopy;
- g_return_if_fail( server != NULL );
- g_return_if_fail( qry != NULL );
+ cm_return_if_fail( server != NULL );
+ cm_return_if_fail( qry != NULL );
/* Copy server's control data to the query */
ctlCopy = ldapctl_create();
*/
void ldapsvr_stop_query_id( LdapServer *server, const gint queryID ) {
GList *node;
- g_return_if_fail( server != NULL );
+ cm_return_if_fail( server != NULL );
node = server->listQuery;
while( node ) {
*/
void ldapsvr_stop_all_query( LdapServer *server ) {
GList *node;
- g_return_if_fail( server != NULL );
+ cm_return_if_fail( server != NULL );
node = server->listQuery;
while( node ) {
*/
void ldapsvr_cancel_all_query( LdapServer *server ) {
GList *node;
- g_return_if_fail( server != NULL );
+ cm_return_if_fail( server != NULL );
node = server->listQuery;
while( node ) {
{
LdapQuery *incomplete = NULL;
GList *node;
- g_return_val_if_fail( server != NULL, NULL );
+ cm_return_val_if_fail( server != NULL, NULL );
node = server->listQuery;
node = g_list_last( node );
ItemFolder *folder;
debug_print("ldapsvr_retire_query\n");
- g_return_if_fail( server != NULL );
+ cm_return_if_fail( server != NULL );
ctl = server->control;
maxAge = ctl->maxQueryAge;
gchar *searchTerm;
ItemFolder *folder;
- g_return_val_if_fail( server != NULL, FALSE );
- g_return_val_if_fail( req != NULL, FALSE );
+ cm_return_val_if_fail( server != NULL, FALSE );
+ cm_return_val_if_fail( req != NULL, FALSE );
searchTerm = req->searchTerm;
gchar *searchTerm;
ItemFolder *folder;
- g_return_val_if_fail( server != NULL, NULL );
- g_return_val_if_fail( req != NULL, NULL );
+ cm_return_val_if_fail( server != NULL, NULL );
+ cm_return_val_if_fail( req != NULL, NULL );
/* Retire any aged queries */
/* // ldapsvr_retire_query( server ); */
gchar *searchTerm;
gchar *name;
- g_return_val_if_fail( server != NULL, NULL );
- g_return_val_if_fail( req != NULL, NULL );
- g_return_val_if_fail( folder != NULL, NULL );
+ cm_return_val_if_fail( server != NULL, NULL );
+ cm_return_val_if_fail( req != NULL, NULL );
+ cm_return_val_if_fail( folder != NULL, NULL );
/* Retire any aged queries */
/* // ldapsvr_retire_query( server ); */
{
gchar *name;
- g_return_val_if_fail( server != NULL, -1 );
+ cm_return_val_if_fail( server != NULL, -1 );
name = addrcache_get_name(server->addressCache);
debug_print("...addrbook_read_data :%s:\n", name?name:"null");
void ldapsrv_set_options (gint secs, LDAP *ld)
{
+#ifdef G_OS_UNIX
static struct timeval timeout;
- int i = LDAP_OPT_X_TLS_ALLOW;
- int rc;
timeout.tv_sec = secs;
timeout.tv_usec = 0;
- rc=ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &i);
- debug_print("cert %s\n", ldap_err2string(rc));
-
+ int i, rc;
+ i = LDAP_OPT_X_TLS_ALLOW;
+ rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &i);
+ if (ld)
+ debug_print("cert %s\n", ldaputil_get_error(ld));
+ else
+ debug_print("cert %s\n", ldap_err2string(rc));
/* can crash old libldaps... */
- rc=ldap_set_option(NULL, LDAP_OPT_NETWORK_TIMEOUT, &timeout);
- debug_print("tm %s\n", ldap_err2string(rc));
+ rc = ldap_set_option(NULL, LDAP_OPT_NETWORK_TIMEOUT, &timeout);
+ if (ld)
+ debug_print("tm %s\n", ldaputil_get_error(ld));
+ else
+ debug_print("tm %s\n", ldap_err2string(rc));
+#endif
+}
+
+#ifdef G_OS_WIN32
+#if LDAP_UNICODE
+#define LDAP_START_TLS_S "ldap_start_tls_sW"
+typedef ULONG (* PFldap_start_tls_s) (LDAP *, PULONG, LDAPMessage **, PLDAPControlW *, PLDAPControlW *);
+#else
+#define LDAP_START_TLS_S "ldap_start_tls_sA"
+typedef ULONG (* PFldap_start_tls_s) (LDAP *, PULONG, LDAPMessage **, PLDAPControlA *, PLDAPControlA *);
+#endif /* LDAP_UNICODE */
+PFldap_start_tls_s Win32_ldap_start_tls_s = NULL;
+#endif
+
+/**
+ * Connect to LDAP server.
+ * \param ctl Control object to process.
+ * \return LDAP Resource to LDAP.
+ */
+LDAP *ldapsvr_connect(LdapControl *ctl) {
+ LDAP *ld = NULL;
+ gint rc;
+ gint op;
+ gint version;
+ gchar *uri = NULL;
+ gchar *pwd;
+
+ cm_return_val_if_fail(ctl != NULL, NULL);
+
+ ldapsrv_set_options (ctl->timeOut, NULL);
+ if (ctl->enableSSL)
+ uri = g_strdup_printf("ldaps://%s:%d", ctl->hostName, ctl->port);
+ else
+ uri = g_strdup_printf("ldap://%s:%d", ctl->hostName, ctl->port);
+#ifdef G_OS_UNIX
+ ldap_initialize(&ld, uri);
+#else
+ ld = ldap_sslinit(ctl->hostName, ctl->port, ctl->enableSSL);
+ if (ld && ctl->enableSSL) {
+ version = LDAP_VERSION3;
+ debug_print("Setting version 3\n");
+ rc = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, (void *)&version);
+ if (rc == LDAP_SUCCESS) {
+ ctl->version = LDAP_VERSION3;
+ log_message(LOG_PROTOCOL, "LDAP (options): set version 3\n");
+ } else {
+ log_error(LOG_PROTOCOL, _("LDAP error (options): %d (%s)\n"),
+ rc, ldaputil_get_error(ld));
+ debug_print("Failed: %s\n", ldaputil_get_error(ld));
+ }
+
+ rc = ldap_get_option(ld, LDAP_OPT_SSL, (void*)&op);
+ if (rc != LDAP_SUCCESS) {
+ log_warning(LOG_PROTOCOL, _("LDAP warning (options): can't get SSL/TLS state\n"));
+ debug_print("Can't get SSL/TLS state\n");
+ }
+
+ if ((void *)op != LDAP_OPT_ON) {
+ debug_print("Enabling SSL/TLS\n");
+ op = LDAP_OPT_ON;
+ rc = ldap_set_option(ld, LDAP_OPT_SSL, (void *)&op);
+ if (rc != LDAP_SUCCESS) {
+ log_error(LOG_PROTOCOL, _("LDAP error (options): %d (%s)\n"),
+ rc, ldaputil_get_error(ld));
+ debug_print("Failed: %s\n", ldaputil_get_error(ld));
+ } else {
+ rc = ldap_get_option(ld, LDAP_OPT_SSL, (void*)&op);
+ if (rc != LDAP_SUCCESS) {
+ log_error(LOG_PROTOCOL, _("LDAP error (options): %d (%s)\n"),
+ rc, ldaputil_get_error(ld));
+ } else {
+ log_message(LOG_PROTOCOL, _("LDAP (options): SSL/TLS enabled (%d)\n"), op);
+ }
+ debug_print("SSL/TLS now %d\n", op);
+ }
+ }
+
+ if (!ld || (rc = ldap_connect(ld, NULL)) != LDAP_SUCCESS) {
+ log_error(LOG_PROTOCOL, _("LDAP error (connect): %d (%s)\n"),
+ rc, ldaputil_get_error(ld));
+ debug_print("ldap_connect failed: %d %s\n", rc, ldaputil_get_error(ld));
+ } else {
+ log_message(LOG_PROTOCOL, _("LDAP (connect): completed successfully\n"));
+ }
+ }
+#endif
+ g_free(uri);
+
+ if (ld == NULL)
+ return NULL;
+
+ debug_print("Got handle to LDAP host %s on port %d\n", ctl->hostName, ctl->port);
+
+ version = LDAP_VERSION3;
+ debug_print("Setting version 3\n");
+ rc = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version);
+ if (rc == LDAP_OPT_SUCCESS) {
+ ctl->version = LDAP_VERSION3;
+ log_message(LOG_PROTOCOL, "LDAP (options): set version 3\n");
+ } else {
+ log_error(LOG_PROTOCOL, _("LDAP error (options): %d (%s)\n"),
+ rc, ldaputil_get_error(ld));
+ }
+
+#if (defined USE_LDAP_TLS || defined G_OS_WIN32)
+ /* Handle TLS */
+ if (ctl->version == LDAP_VERSION3) {
+ if (ctl->enableTLS && !ctl->enableSSL) {
+#ifdef G_OS_WIN32
+ ULONG serv_rc;
+ if (Win32_ldap_start_tls_s == NULL) {
+ void *lib = LoadLibrary("wldap32.dll");
+ if (!lib || (Win32_ldap_start_tls_s = (PFldap_start_tls_s) GetProcAddress(lib, LDAP_START_TLS_S)) == NULL) {
+ log_error(LOG_PROTOCOL, _("LDAP error (TLS): "
+ "ldap_start_tls_s not supported on this platform\n"));
+ if (lib)
+ FreeLibrary(lib);
+ return NULL;
+ }
+ }
+ debug_print("Setting STARTTLS\n");
+ rc = Win32_ldap_start_tls_s(ld, &serv_rc, NULL, NULL, NULL);
+ debug_print("ldap_start_tls_s: %d server %d %s\n",
+ rc, serv_rc, ldaputil_get_error(ld));
+#else
+ debug_print("Setting STARTTLS\n");
+ rc = ldap_start_tls_s(ld, NULL, NULL);
+#endif
+ if (rc != LDAP_SUCCESS) {
+ log_error(LOG_PROTOCOL, _("LDAP error (TLS): ldap_start_tls_s: %d (%s)\n"),
+ rc, ldaputil_get_error(ld));
+ return NULL;
+ } else {
+ log_message(LOG_PROTOCOL, _("LDAP (TLS): started successfully\n"));
+ debug_print("Done\n");
+ }
+ }
+ }
+#endif
+ /* Bind to the server, if required */
+ if (ctl->bindDN) {
+ if (* ctl->bindDN != '\0') {
+ pwd = passwd_store_get(PWS_CORE, "LDAP", ctl->hostName);
+ rc = claws_ldap_simple_bind_s(ld, ctl->bindDN, pwd);
+ if (pwd != NULL && strlen(pwd) > 0)
+ memset(pwd, 0, strlen(pwd));
+ g_free(pwd);
+ if (rc != LDAP_SUCCESS) {
+ log_error(LOG_PROTOCOL, _("LDAP error (bind): binding DN '%s': %d (%s)\n" ),
+ ctl->bindDN, rc, ldaputil_get_error(ld));
+ return NULL;
+ }
+ log_message(LOG_PROTOCOL, _("LDAP (bind): successfully for DN '%s'\n"),
+ ctl->bindDN);
+ }
+ }
+ return ld;
}
+
+/**
+ * Disconnect to LDAP server.
+ * \param ld Resource to LDAP.
+ */
+void ldapsvr_disconnect(LDAP *ld) {
+ gint rc;
+ /* Disconnect */
+ cm_return_if_fail(ld != NULL);
+ rc = ldap_unbind_ext(ld, NULL, NULL);
+ if (rc != LDAP_SUCCESS) {
+ log_error(LOG_PROTOCOL, _("LDAP error (unbind): %d (%s)\n"),
+ rc, ldaputil_get_error(ld));
+ } else {
+ log_message(LOG_PROTOCOL, _("LDAP (unbind): successful\n"));
+ }
+}
+
#endif /* USE_LDAP */
/*