Addressbook now uses password store for LDAP passwords.
authorAndrej Kacian <ticho@claws-mail.org>
Sat, 9 Apr 2016 16:03:01 +0000 (18:03 +0200)
committerAndrej Kacian <ticho@claws-mail.org>
Sat, 9 Apr 2016 16:03:01 +0000 (18:03 +0200)
src/addrindex.c
src/editldap.c
src/ldapctrl.c
src/ldapctrl.h
src/ldapserver.c
src/ldaputil.c

index 307527f..f102e96 100644 (file)
@@ -42,6 +42,7 @@
 #include "addr_compl.h"
 #include "utils.h"
 #include "alertpanel.h"
+#include "passwordstore.h"
 
 #ifndef DEV_STANDALONE
 #include "prefs_gtk.h"
@@ -1354,6 +1355,7 @@ static AddressDataSource *addrindex_parse_ldap( XMLFile *file ) {
        gboolean bDynSearch;
        gboolean bTLS, bSSL;
        gint iMatch;
+       gchar *password = NULL;
 
        /* g_print( "addrindex_parse_ldap\n" ); */
        /* Set up some defaults */
@@ -1387,7 +1389,7 @@ static AddressDataSource *addrindex_parse_ldap( XMLFile *file ) {
                        ldapctl_set_bind_dn( ctl, value );
                }
                else if( strcmp( name, ATTAG_LDAP_BIND_PASS ) == 0 ) {
-                       ldapctl_set_bind_password( ctl, value, FALSE, FALSE );
+                       password = value;
                }
                else if( strcmp( name, ATTAG_LDAP_CRITERIA ) == 0 ) {
                        g_free( criteria );
@@ -1430,6 +1432,9 @@ static AddressDataSource *addrindex_parse_ldap( XMLFile *file ) {
                attr = g_list_next( attr );
        }
 
+       if (password != NULL)
+               passwd_store_set(PWS_CORE, "LDAP", ctl->hostName, password, TRUE);
+
        server = ldapsvr_create_noctl();
        ldapsvr_set_name( server, serverName );
        ldapsvr_set_search_flag( server, bDynSearch );
@@ -1484,8 +1489,6 @@ static int addrindex_write_ldap( FILE *fp, AddressDataSource *ds, gint lvl ) {
                return -1;
        if (addrindex_write_attr( fp, ATTAG_LDAP_BIND_DN, ctl->bindDN ) < 0)
                return -1;
-       if (addrindex_write_attr( fp, ATTAG_LDAP_BIND_PASS, ctl->bindPass ) < 0)
-               return -1;
 
        sprintf( value, "%d", ctl->maxEntries );
        if (addrindex_write_attr( fp, ATTAG_LDAP_MAX_ENTRY, value ) < 0)
index 8213ce3..cb7927b 100644 (file)
@@ -45,6 +45,7 @@
 #include "manage_window.h"
 #include "gtkutils.h"
 #include "prefs_gtk.h"
+#include "passwordstore.h"
 
 #define PAGE_BASIC      0
 #define PAGE_SEARCH     1
@@ -885,7 +886,6 @@ static void edit_ldap_clear_fields(void) {
 static void edit_ldap_set_fields( LdapServer *server ) {
        LdapControl *ctl;
        gchar *crit;
-       gchar *pwd;
 
        if( ldapsvr_get_name( server ) )
                gtk_entry_set_text(GTK_ENTRY(ldapedit.entry_name),
@@ -901,11 +901,8 @@ static void edit_ldap_set_fields( LdapServer *server ) {
        if( ctl->bindDN )
                gtk_entry_set_text(
                        GTK_ENTRY(ldapedit.entry_bindDN), ctl->bindDN );
-       if( ctl->bindPass ) {
-               pwd = ldapctl_get_bind_password( ctl );
-               gtk_entry_set_text(     GTK_ENTRY(ldapedit.entry_bindPW),  pwd );
-               g_free(pwd);
-       }
+       gtk_entry_set_text(     GTK_ENTRY(ldapedit.entry_bindPW),
+                       passwd_store_get(PWS_CORE, "LDAP", ctl->hostName));
        gtk_spin_button_set_value(
                GTK_SPIN_BUTTON(ldapedit.spinbtn_timeout), ctl->timeOut );
        gtk_spin_button_set_value(
@@ -1036,7 +1033,6 @@ AdapterDSource *addressbook_edit_ldap(
                ldapctl_set_host( ctl, sHost );
                ldapctl_set_base_dn( ctl, sBase );
                ldapctl_set_bind_dn( ctl, sBind );
-               ldapctl_set_bind_password( ctl, sPass, TRUE, TRUE );
                ldapctl_set_port( ctl, iPort );
                ldapctl_set_max_entries( ctl, iMaxE );
                ldapctl_set_timeout( ctl, iTime );
@@ -1049,6 +1045,9 @@ AdapterDSource *addressbook_edit_ldap(
 
                addrindex_save_data(addrIndex);
 
+               passwd_store_set(PWS_CORE, "LDAP", sHost, sPass, FALSE);
+               passwd_store_write_config();
+
                /* Save attributes */
                editldap_parse_criteria( sCrit, ctl );
 
@@ -1057,9 +1056,12 @@ AdapterDSource *addressbook_edit_ldap(
        g_free( sHost );
        g_free( sBase );
        g_free( sBind );
-       g_free( sPass );
        g_free( sCrit );
 
+       if (sPass != NULL && strlen(sPass) > 0)
+               memset(sPass, 0, strlen(sPass));
+       g_free( sPass );
+
        return ads;
 }
 
index 052dc12..dd273b9 100644 (file)
@@ -34,7 +34,7 @@
 
 #include "ldapctrl.h"
 #include "mgutils.h"
-#include "passcrypt.h"
+#include "passwordstore.h"
 #include "editaddress_other_attributes_ldap.h"
 #include "common/utils.h"
 #include "common/quoted-printable.h"
@@ -51,7 +51,6 @@ LdapControl *ldapctl_create( void ) {
        ctl->port = LDAPCTL_DFL_PORT;
        ctl->baseDN = NULL;
        ctl->bindDN = NULL;
-       ctl->bindPass = NULL;
        ctl->listCriteria = NULL;
        ctl->attribEMail = g_strdup( LDAPCTL_ATTR_EMAIL );
        ctl->attribCName = g_strdup( LDAPCTL_ATTR_COMMONNAME );
@@ -133,92 +132,6 @@ void ldapctl_set_bind_dn( LdapControl* ctl, const gchar *value ) {
        debug_print("setting bindDN: %s\n", ctl->bindDN);
 }
 
-/**
- * Specify bind password to be used.
- * \param ctl  Control object to process.
- * \param value Password.
- * \param encrypt Encrypt password
- * \param change Save encrypted
- */
-void ldapctl_set_bind_password( 
-       LdapControl* ctl, const gchar *value, gboolean encrypt, gboolean change ) {
-       gchar *buf, *tmp;
-
-       ctl->bindPass = mgu_replace_string( ctl->bindPass, value );
-
-       if ( ctl->bindPass == NULL )
-               return;
-
-       g_strstrip( ctl->bindPass );
-       
-       buf = tmp = NULL;
-       if ( encrypt ) {
-               /* If first char is not ! the password is not encrypted */
-               if (ctl->bindPass[0] == '!' || change) {
-                       if (ctl->bindPass[0] != '!' && change)
-                               buf = mgu_replace_string( buf, ctl->bindPass );
-                       else {
-                               if (ctl->bindPass[1] != '|')
-                                       buf = mgu_replace_string( buf, ctl->bindPass + 1 );
-                               else {
-                                       /* quoted printable decode */
-                                       buf = mgu_replace_string( buf, ctl->bindPass + 2 );
-                                       qp_decode_line(buf);
-                               }
-                       }
-                       
-                       passcrypt_encrypt( buf, strlen(buf) );
-                       if (ctl->bindPass[0] != '!' && change) {
-                               /* quoted printable encode */
-                               tmp = g_malloc0(qp_get_q_encoding_len(buf) + 1);
-                               qp_q_encode(tmp, buf);
-                               g_free(buf);
-                               buf = g_strconcat( "!|", tmp, NULL );
-                               g_free(tmp);
-                       }
-
-                       ctl->bindPass = mgu_replace_string( ctl->bindPass, buf );
-                       g_free(buf);
-                       
-               }
-       }
-       debug_print("setting bindPassword\n");
-}
-
-/**
- * Fetch bind password to be used.
- * \param ctl  Control object to process.
- * \return Decrypted password.
- */
-gchar* ldapctl_get_bind_password( LdapControl* ctl ) {
-       gchar *pwd = NULL, *buf;
-
-       if ( ctl->bindPass != NULL ) {
-               pwd = mgu_replace_string( pwd, ctl->bindPass );
-               /* If first char is not ! the password is not encrypted */
-               if (pwd && pwd[0] == '!') {
-                       if (pwd[1] && pwd[1] == '|') {
-                               buf = g_strdup(pwd + 2);
-                               /* quoted printable decode */
-                               qp_decode_line(buf);
-                       }
-                       else {
-                               buf = g_strdup(pwd + 1);
-                       }
-                       g_free(pwd);
-                       
-                       passcrypt_decrypt( buf, strlen(buf) );
-
-                       pwd = g_strdup(buf);
-                       g_free(buf);
-               }
-       }
-
-       debug_print("getting bindPassword\n");
-
-       return pwd;
-}
-
 /**
  * Specify maximum number of entries to retrieve.
  * \param ctl  Control object to process.
@@ -361,7 +274,6 @@ static void ldapctl_clear( LdapControl *ctl ) {
        g_free( ctl->hostName );
        g_free( ctl->baseDN );
        g_free( ctl->bindDN );
-       g_free( ctl->bindPass );
        g_free( ctl->attribEMail );
        g_free( ctl->attribCName );
        g_free( ctl->attribFName );
@@ -375,7 +287,6 @@ static void ldapctl_clear( LdapControl *ctl ) {
        ctl->port = 0;
        ctl->baseDN = NULL;
        ctl->bindDN = NULL;
-       ctl->bindPass = NULL;
        ctl->attribEMail = NULL;
        ctl->attribCName = NULL;
        ctl->attribFName = NULL;
@@ -425,8 +336,10 @@ void ldapctl_print( const LdapControl *ctl, FILE *stream ) {
        fprintf( stream, "     port: %d\n",   ctl->port );
        fprintf( stream, "  base dn: '%s'\n", ctl->baseDN?ctl->baseDN:"null" );
        fprintf( stream, "  bind dn: '%s'\n", ctl->bindDN?ctl->bindDN:"null" );
-       pwd = ldapctl_get_bind_password((LdapControl *) ctl);
+       pwd = passwd_store_get(PWS_CORE, "LDAP", ctl->hostName);
        fprintf( stream, "bind pass: '%s'\n", pwd?pwd:"null" );
+       if (pwd != NULL && strlen(pwd) > 0)
+               memset(pwd, 0, strlen(pwd));
        g_free(pwd);
        fprintf( stream, "attr mail: '%s'\n", ctl->attribEMail?ctl->attribEMail:"null" );
        fprintf( stream, "attr comn: '%s'\n", ctl->attribCName?ctl->attribCName:"null" );
@@ -474,7 +387,6 @@ void ldapctl_copy( const LdapControl *ctlFrom, LdapControl *ctlTo ) {
        ctlTo->hostName = g_strdup( ctlFrom->hostName );
        ctlTo->baseDN = g_strdup( ctlFrom->baseDN );
        ctlTo->bindDN = g_strdup( ctlFrom->bindDN );
-       ctlTo->bindPass = g_strdup( ctlFrom->bindPass );
        ctlTo->attribEMail = g_strdup( ctlFrom->attribEMail );
        ctlTo->attribCName = g_strdup( ctlFrom->attribCName );
        ctlTo->attribFName = g_strdup( ctlFrom->attribFName );
index b76500f..4167361 100644 (file)
@@ -64,7 +64,6 @@ struct _LdapControl {
        gint      port;
        gchar     *baseDN;
        gchar     *bindDN;
-       gchar     *bindPass;
        gint      maxEntries;
        gint      timeOut;
        gint      maxQueryAge;
index 5006f46..9507b52 100644 (file)
@@ -41,6 +41,7 @@
 #include "ldaputil.h"
 #include "utils.h"
 #include "adbookbase.h"
+#include "passwordstore.h"
 
 /**
  * Create new LDAP server interface object with no control object.
@@ -851,16 +852,17 @@ LDAP *ldapsvr_connect(LdapControl *ctl) {
        /* Bind to the server, if required */
        if (ctl->bindDN) {
                if (* ctl->bindDN != '\0') {
-                       pwd = ldapctl_get_bind_password(ctl);
+                       pwd = passwd_store_get(PWS_CORE, "LDAP", ctl->hostName);
                        rc = claws_ldap_simple_bind_s(ld, ctl->bindDN, pwd);
+                       if (pwd != NULL && strlen(pwd) > 0)
+                               memset(pwd, 0, strlen(pwd));
+                       g_free(pwd);
                        if (rc != LDAP_SUCCESS) {
                                g_printerr("bindDN: %s, bindPass xxx\n", ctl->bindDN);
                                g_printerr("LDAP Error(bind): ldap_simple_bind_s: %s\n",
                                        ldaputil_get_error(ld));
-                               g_free(pwd);
                                return NULL;
                        }
-                       g_free(pwd);
                }
        }
        return ld;
index 305036c..060c82d 100644 (file)
@@ -247,7 +247,6 @@ GList *ldaputil_read_basedn(
        ldapctl_set_host(ctl, host);
        ldapctl_set_timeout(ctl, tov);
        ldapctl_set_bind_dn(ctl, bindDN);
-       ldapctl_set_bind_password(ctl, bindPW, FALSE, FALSE);
 
        ld = ldapsvr_connect(ctl);
        if (ld == NULL) {