2012-12-19 [colin] 3.9.0cvs50

	* src/editldap.c
	* src/ldapctrl.c
	* src/ldapserver.c
		Make LDAP over SSL work on Win32 - but not TLS,
		unfortunately. Also, it requires the certificate
		to be trusted.

diff --git a/ChangeLog b/ChangeLog
index 60c1f6192ec641f6706f198d8d70828d3fdcb045..303983253224f6dec429ef3924c35aff218be228 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2012-12-19 [colin]     3.9.0cvs50
+
+       * src/editldap.c
+       * src/ldapctrl.c
+       * src/ldapserver.c
+               Make LDAP over SSL work on Win32 - but not TLS,
+               unfortunately. Also, it requires the certificate
+               to be trusted.
+
 2012-12-16 [colin]     3.9.0cvs49
 
        * src/messageview.c

diff --git a/PATCHSETS b/PATCHSETS
index a6312655676f520e94651fad754db7770850712f..f63a5f0befedbe3aa44065ae6e6f7d125d9b1ef6 100644 (file)
--- a/PATCHSETS
+++ b/PATCHSETS
@@ -4547,3 +4547,4 @@
 ( cvs diff -u -r 1.12.2.78 -r 1.12.2.79 src/action.c;  cvs diff -u -r 1.274.2.363 -r 1.274.2.364 src/mainwindow.c;  ) > 3.9.0cvs47.patchset
 ( cvs diff -u -r 1.3.2.13 -r 1.3.2.14 src/addrselect.c;  ) > 3.9.0cvs48.patchset
 ( cvs diff -u -r 1.94.2.241 -r 1.94.2.242 src/messageview.c;  ) > 3.9.0cvs49.patchset
+( cvs diff -u -r 1.8.2.47 -r 1.8.2.48 src/editldap.c;  cvs diff -u -r 1.2.2.26 -r 1.2.2.27 src/ldapctrl.c;  cvs diff -u -r 1.4.2.25 -r 1.4.2.26 src/ldapserver.c;  ) > 3.9.0cvs50.patchset

diff --git a/configure.ac b/configure.ac
index ba25f8c847725f5f1aa176da9197b20308086ef2..1e7b49d9c7855d0a0f6657bd777861eee54c09e6 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -12,7 +12,7 @@ MINOR_VERSION=9
 MICRO_VERSION=0
 INTERFACE_AGE=0
 BINARY_AGE=0
-EXTRA_VERSION=49
+EXTRA_VERSION=50
 EXTRA_RELEASE=
 EXTRA_GTK2_VERSION=
 

diff --git a/src/editldap.c b/src/editldap.c
index 90f04c717aa594996baad9fcbd90533120d50550..113ae308cb32a4d19c23660073973ab859c80c4a 100644 (file)
--- a/src/editldap.c
+++ b/src/editldap.c
@@ -76,7 +76,7 @@ static struct _LDAPEdit {
        GtkWidget *spinbtn_queryage;
        GtkWidget *check_dynsearch;
        GtkWidget *check_matchoption;
-#ifdef USE_LDAP_TLS
+#if (defined USE_LDAP_TLS || defined G_OS_WIN32)
        GtkWidget *enable_ssl;
        GtkWidget *enable_tls;
 #endif
@@ -231,7 +231,7 @@ static void edit_ldap_server_check( void ) {
        sPass = gtk_editable_get_chars( GTK_EDITABLE(ldapedit.entry_bindPW), 0, -1 );
        iPort = gtk_spin_button_get_value_as_int( GTK_SPIN_BUTTON( ldapedit.spinbtn_port ) );
        iTime = gtk_spin_button_get_value_as_int( GTK_SPIN_BUTTON( ldapedit.spinbtn_timeout ) );
-#ifdef USE_LDAP_TLS
+#if (defined USE_LDAP_TLS || defined G_OS_WIN32)
        tls = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(ldapedit.enable_tls));
        ssl = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(ldapedit.enable_ssl));
 #endif
@@ -294,7 +294,7 @@ static void edit_ldap_basedn_select( void ) {
        sPass = gtk_editable_get_chars( GTK_EDITABLE(ldapedit.entry_bindPW), 0, -1 );
        iPort = gtk_spin_button_get_value_as_int( GTK_SPIN_BUTTON( ldapedit.spinbtn_port ) );
        iTime = gtk_spin_button_get_value_as_int( GTK_SPIN_BUTTON( ldapedit.spinbtn_timeout ) );
-#ifdef USE_LDAP_TLS
+#if (defined USE_LDAP_TLS || defined G_OS_WIN32)
        tls = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(ldapedit.enable_tls));
        ssl = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(ldapedit.enable_ssl));
 #endif
@@ -399,7 +399,7 @@ static void addressbook_edit_ldap_page_basic( gint pageNum, gchar *pageLbl ) {
        GtkWidget *hbox_spin;
        GtkAdjustment *spinbtn_port_adj;
        GtkWidget *spinbtn_port;
-#ifdef USE_LDAP_TLS
+#if (defined USE_LDAP_TLS || defined G_OS_WIN32)
        GtkWidget *enable_ssl_checkbtn, *enable_tls_checkbtn;
 #endif
        GtkWidget *entry_baseDN;
@@ -466,7 +466,7 @@ static void addressbook_edit_ldap_page_basic( gint pageNum, gchar *pageLbl ) {
        gtk_widget_set_size_request (spinbtn_port, 64, -1);
        gtk_spin_button_set_numeric (GTK_SPIN_BUTTON (spinbtn_port), TRUE);
        
-#ifdef USE_LDAP_TLS
+#if (defined USE_LDAP_TLS || defined G_OS_WIN32)
        enable_tls_checkbtn = gtk_check_button_new_with_label(_("TLS"));
        enable_ssl_checkbtn = gtk_check_button_new_with_label(_("SSL"));
        SET_TOGGLE_SENSITIVITY_REVERSE(enable_tls_checkbtn, enable_ssl_checkbtn);
@@ -480,7 +480,9 @@ static void addressbook_edit_ldap_page_basic( gint pageNum, gchar *pageLbl ) {
                "If connection fails, be sure to check the correct "
                "configuration in ldap.conf (TLS_CACERTDIR and TLS_REQCERT fields)." ));
 
+#ifdef G_OS_UNIX /* Win32's ldap_start_tls_s() does not work, for some reason. */
        gtk_box_pack_start (GTK_BOX (hbox_spin), enable_tls_checkbtn, TRUE, FALSE, 0);
+#endif
        gtk_box_pack_start (GTK_BOX (hbox_spin), enable_ssl_checkbtn, TRUE, FALSE, 0);
 #endif
 
@@ -535,7 +537,7 @@ static void addressbook_edit_ldap_page_basic( gint pageNum, gchar *pageLbl ) {
        ldapedit.entry_server = entry_server;
        ldapedit.spinbtn_port = spinbtn_port;
        ldapedit.entry_baseDN = entry_baseDN;
-#ifdef USE_LDAP_TLS
+#if (defined USE_LDAP_TLS || defined G_OS_WIN32)
        ldapedit.enable_ssl = enable_ssl_checkbtn;
        ldapedit.enable_tls = enable_tls_checkbtn;
 
@@ -875,7 +877,7 @@ static void edit_ldap_clear_fields(void) {
                GTK_TOGGLE_BUTTON( ldapedit.check_dynsearch), TRUE );
        gtk_toggle_button_set_active(
                GTK_TOGGLE_BUTTON( ldapedit.check_matchoption), FALSE );
-#ifdef USE_LDAP_TLS
+#if (defined USE_LDAP_TLS || defined G_OS_WIN32)
        gtk_toggle_button_set_active(
                GTK_TOGGLE_BUTTON( ldapedit.enable_ssl), FALSE );
        gtk_toggle_button_set_active(
@@ -915,7 +917,7 @@ static void edit_ldap_set_fields( LdapServer *server ) {
                GTK_SPIN_BUTTON(ldapedit.spinbtn_timeout), ctl->timeOut );
        gtk_spin_button_set_value(
                GTK_SPIN_BUTTON(ldapedit.spinbtn_maxentry), ctl->maxEntries );
-#ifdef USE_LDAP_TLS
+#if (defined USE_LDAP_TLS || defined G_OS_WIN32)
        gtk_toggle_button_set_active(
                GTK_TOGGLE_BUTTON(ldapedit.enable_tls), ctl->enableTLS );
        gtk_toggle_button_set_active(
@@ -1012,7 +1014,7 @@ AdapterDSource *addressbook_edit_ldap(
                        GTK_TOGGLE_BUTTON( ldapedit.check_dynsearch ) );
        bMatch = gtk_toggle_button_get_active(
                        GTK_TOGGLE_BUTTON( ldapedit.check_matchoption ) );
-#ifdef USE_LDAP_TLS
+#if (defined USE_LDAP_TLS || defined G_OS_WIN32)
        ssl = gtk_toggle_button_get_active(
                        GTK_TOGGLE_BUTTON( ldapedit.enable_ssl ) );
        tls = gtk_toggle_button_get_active(

diff --git a/src/ldapctrl.c b/src/ldapctrl.c
index 30a223ecc146bcfd25fbf15827efa88908b49d75..052dc1246b13c6884cd6d150c4de29377c635e59 100644 (file)
--- a/src/ldapctrl.c
+++ b/src/ldapctrl.c
@@ -295,14 +295,14 @@ void ldapctl_set_matching_option( LdapControl* ctl, const gint value ) {
  * \param value <i>TRUE</i> to enable TLS.
  */
 void ldapctl_set_tls( LdapControl* ctl, const gboolean value ) {
-#ifdef USE_LDAP_TLS
+#if (defined USE_LDAP_TLS || defined G_OS_WIN32)
        ctl->enableTLS = value;
        debug_print("setting TLS: %d\n", ctl->enableTLS);
 #endif
 }
 
 void ldapctl_set_ssl( LdapControl* ctl, const gboolean value ) {
-#ifdef USE_LDAP_TLS
+#if (defined USE_LDAP_TLS || defined G_OS_WIN32)
        ctl->enableSSL = value;
        debug_print("setting SSL: %d\n", ctl->enableSSL);
 #endif

diff --git a/src/ldapserver.c b/src/ldapserver.c
index fd247015b8b4316621a530a4b0a0e93bd90b94df..541d2fbab8f1ed50255ddce17412c71f57c96cea 100644 (file)
--- a/src/ldapserver.c
+++ b/src/ldapserver.c
@@ -738,6 +738,17 @@ void ldapsrv_set_options (gint secs, LDAP *ld)
 #endif
 }
 
+#ifdef G_OS_WIN32
+#if LDAP_UNICODE
+#define LDAP_START_TLS_S "ldap_start_tls_sW"
+typedef ULONG (* PFldap_start_tls_s) (LDAP *, PULONG, LDAPMessage **, PLDAPControlW *, PLDAPControlW *);
+#else
+#define LDAP_START_TLS_S "ldap_start_tls_sA"
+typedef ULONG (* PFldap_start_tls_s) (LDAP *, PULONG, LDAPMessage **, PLDAPControlA *, PLDAPControlA *);
+#endif /* LDAP_UNICODE */
+PFldap_start_tls_s Win32_ldap_start_tls_s = NULL;
+#endif
+
 /**
  * Connect to LDAP server.
  * \param  ctl Control object to process.
@@ -760,13 +771,30 @@ LDAP *ldapsvr_connect(LdapControl *ctl) {
        ldap_initialize(&ld, uri);
 #else
        ld = ldap_sslinit(ctl->hostName, ctl->port, ctl->enableSSL);
-       if (ctl->enableSSL) {
-               ldap_get_option(ld,LDAP_OPT_SSL,(void*)&rc);
+       if (ld && ctl->enableSSL) {
+               version = LDAP_VERSION3;
+               debug_print("Setting version 3\n");
+               rc = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, (void *)&version);
+               if (rc == LDAP_SUCCESS)
+                       ctl->version = LDAP_VERSION3;
+               else
+                       debug_print("Failed: %s\n", ldaputil_get_error(ld));
+
+               if (ldap_get_option(ld,LDAP_OPT_SSL,(void*)&rc) != LDAP_SUCCESS)
+                       debug_print("Can't get SSL state\n");
+
                if ((void *)rc != LDAP_OPT_ON) {
                        debug_print("Enabling SSL\n");
-                       if (ldap_set_option(ld,LDAP_OPT_SSL,LDAP_OPT_ON) != 0)
+                       if (ldap_set_option(ld,LDAP_OPT_SSL,LDAP_OPT_ON) != LDAP_SUCCESS)
                                debug_print("Failed: %s\n", ldaputil_get_error(ld));
+                       else {
+                               ldap_get_option(ld,LDAP_OPT_SSL,(void*)&rc);
+                               debug_print("SSL now %d\n", rc);
+                       }
+
                }
+               if (!ld || (rc = ldap_connect(ld, NULL)) != LDAP_SUCCESS)
+                       debug_print("ldap_connect failed: %d %s\n", rc, ldaputil_get_error(ld));
        }
 #endif
        g_free(uri);
@@ -778,22 +806,43 @@ LDAP *ldapsvr_connect(LdapControl *ctl) {
        debug_print("Got handle to LDAP host %s on port %d\n", ctl->hostName, ctl->port);
 
        version = LDAP_VERSION3;
+       debug_print("Setting version 3\n");
        rc = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version);
        if (rc == LDAP_OPT_SUCCESS) {
                ctl->version = LDAP_VERSION3;
        } else
                g_printerr("LDAP: Error %d (%s)\n",
                        rc, ldaputil_get_error(ld));
-#ifdef USE_LDAP_TLS
+
+#if (defined USE_LDAP_TLS || defined G_OS_WIN32)
        /* Handle TLS */
        if (ctl->version == LDAP_VERSION3) {
                if (ctl->enableTLS && !ctl->enableSSL) {
+#ifdef G_OS_WIN32
+                       ULONG serv_rc;
+                       if (Win32_ldap_start_tls_s == NULL) {
+                               void *lib = LoadLibrary("wldap32.dll");
+                               if (!lib || (Win32_ldap_start_tls_s = (PFldap_start_tls_s) GetProcAddress(lib, LDAP_START_TLS_S)) == NULL) {
+                                       g_printerr("LDAP Error(tls): ldap_start_tls_s: not supported on this platform");
+                                       if (lib)
+                                               FreeLibrary(lib);
+                                       return NULL;
+                               }
+                       }
+                       debug_print("Setting TLS\n");
+                       rc = Win32_ldap_start_tls_s(ld, &serv_rc, NULL, NULL, NULL);
+                       debug_print("ldap_start_tls_s: %d server %d %s\n",
+                                       rc, serv_rc, ldaputil_get_error(ld));
+#else
+                       debug_print("Setting TLS\n");
                        rc = ldap_start_tls_s(ld, NULL, NULL);
-                       
+#endif
                        if (rc != LDAP_SUCCESS) {
-                               g_printerr("LDAP Error(tls): ldap_simple_bind_s: %s\n",
-                                       ldaputil_get_error(ld));
+                               g_printerr("LDAP Error(tls): ldap_start_tls_s: %d %s\n",
+                                       rc, ldaputil_get_error(ld));
                                return NULL;
+                       } else {
+                               debug_print("Done\n");
                        }
                }
        }