From 8d59235e93965971d61375baa4a35a86a16e99a3 Mon Sep 17 00:00:00 2001 From: Andrej Kacian Date: Sat, 9 Apr 2016 18:03:01 +0200 Subject: [PATCH] Addressbook now uses password store for LDAP passwords. --- src/addrindex.c | 9 +++-- src/editldap.c | 18 +++++---- src/ldapctrl.c | 96 ++---------------------------------------------- src/ldapctrl.h | 1 - src/ldapserver.c | 8 ++-- src/ldaputil.c | 1 - 6 files changed, 25 insertions(+), 108 deletions(-) diff --git a/src/addrindex.c b/src/addrindex.c index 307527faa..f102e96c8 100644 --- a/src/addrindex.c +++ b/src/addrindex.c @@ -42,6 +42,7 @@ #include "addr_compl.h" #include "utils.h" #include "alertpanel.h" +#include "passwordstore.h" #ifndef DEV_STANDALONE #include "prefs_gtk.h" @@ -1354,6 +1355,7 @@ static AddressDataSource *addrindex_parse_ldap( XMLFile *file ) { gboolean bDynSearch; gboolean bTLS, bSSL; gint iMatch; + gchar *password = NULL; /* g_print( "addrindex_parse_ldap\n" ); */ /* Set up some defaults */ @@ -1387,7 +1389,7 @@ static AddressDataSource *addrindex_parse_ldap( XMLFile *file ) { ldapctl_set_bind_dn( ctl, value ); } else if( strcmp( name, ATTAG_LDAP_BIND_PASS ) == 0 ) { - ldapctl_set_bind_password( ctl, value, FALSE, FALSE ); + password = value; } else if( strcmp( name, ATTAG_LDAP_CRITERIA ) == 0 ) { g_free( criteria ); @@ -1430,6 +1432,9 @@ static AddressDataSource *addrindex_parse_ldap( XMLFile *file ) { attr = g_list_next( attr ); } + if (password != NULL) + passwd_store_set(PWS_CORE, "LDAP", ctl->hostName, password, TRUE); + server = ldapsvr_create_noctl(); ldapsvr_set_name( server, serverName ); ldapsvr_set_search_flag( server, bDynSearch ); @@ -1484,8 +1489,6 @@ static int addrindex_write_ldap( FILE *fp, AddressDataSource *ds, gint lvl ) { return -1; if (addrindex_write_attr( fp, ATTAG_LDAP_BIND_DN, ctl->bindDN ) < 0) return -1; - if (addrindex_write_attr( fp, ATTAG_LDAP_BIND_PASS, ctl->bindPass ) < 0) - return -1; sprintf( value, "%d", ctl->maxEntries ); if (addrindex_write_attr( fp, ATTAG_LDAP_MAX_ENTRY, value ) < 0) diff --git a/src/editldap.c b/src/editldap.c index 8213ce3f9..cb7927b12 100644 --- a/src/editldap.c +++ b/src/editldap.c @@ -45,6 +45,7 @@ #include "manage_window.h" #include "gtkutils.h" #include "prefs_gtk.h" +#include "passwordstore.h" #define PAGE_BASIC 0 #define PAGE_SEARCH 1 @@ -885,7 +886,6 @@ static void edit_ldap_clear_fields(void) { static void edit_ldap_set_fields( LdapServer *server ) { LdapControl *ctl; gchar *crit; - gchar *pwd; if( ldapsvr_get_name( server ) ) gtk_entry_set_text(GTK_ENTRY(ldapedit.entry_name), @@ -901,11 +901,8 @@ static void edit_ldap_set_fields( LdapServer *server ) { if( ctl->bindDN ) gtk_entry_set_text( GTK_ENTRY(ldapedit.entry_bindDN), ctl->bindDN ); - if( ctl->bindPass ) { - pwd = ldapctl_get_bind_password( ctl ); - gtk_entry_set_text( GTK_ENTRY(ldapedit.entry_bindPW), pwd ); - g_free(pwd); - } + gtk_entry_set_text( GTK_ENTRY(ldapedit.entry_bindPW), + passwd_store_get(PWS_CORE, "LDAP", ctl->hostName)); gtk_spin_button_set_value( GTK_SPIN_BUTTON(ldapedit.spinbtn_timeout), ctl->timeOut ); gtk_spin_button_set_value( @@ -1036,7 +1033,6 @@ AdapterDSource *addressbook_edit_ldap( ldapctl_set_host( ctl, sHost ); ldapctl_set_base_dn( ctl, sBase ); ldapctl_set_bind_dn( ctl, sBind ); - ldapctl_set_bind_password( ctl, sPass, TRUE, TRUE ); ldapctl_set_port( ctl, iPort ); ldapctl_set_max_entries( ctl, iMaxE ); ldapctl_set_timeout( ctl, iTime ); @@ -1049,6 +1045,9 @@ AdapterDSource *addressbook_edit_ldap( addrindex_save_data(addrIndex); + passwd_store_set(PWS_CORE, "LDAP", sHost, sPass, FALSE); + passwd_store_write_config(); + /* Save attributes */ editldap_parse_criteria( sCrit, ctl ); @@ -1057,9 +1056,12 @@ AdapterDSource *addressbook_edit_ldap( g_free( sHost ); g_free( sBase ); g_free( sBind ); - g_free( sPass ); g_free( sCrit ); + if (sPass != NULL && strlen(sPass) > 0) + memset(sPass, 0, strlen(sPass)); + g_free( sPass ); + return ads; } diff --git a/src/ldapctrl.c b/src/ldapctrl.c index 052dc1246..dd273b92c 100644 --- a/src/ldapctrl.c +++ b/src/ldapctrl.c @@ -34,7 +34,7 @@ #include "ldapctrl.h" #include "mgutils.h" -#include "passcrypt.h" +#include "passwordstore.h" #include "editaddress_other_attributes_ldap.h" #include "common/utils.h" #include "common/quoted-printable.h" @@ -51,7 +51,6 @@ LdapControl *ldapctl_create( void ) { ctl->port = LDAPCTL_DFL_PORT; ctl->baseDN = NULL; ctl->bindDN = NULL; - ctl->bindPass = NULL; ctl->listCriteria = NULL; ctl->attribEMail = g_strdup( LDAPCTL_ATTR_EMAIL ); ctl->attribCName = g_strdup( LDAPCTL_ATTR_COMMONNAME ); @@ -133,92 +132,6 @@ void ldapctl_set_bind_dn( LdapControl* ctl, const gchar *value ) { debug_print("setting bindDN: %s\n", ctl->bindDN); } -/** - * Specify bind password to be used. - * \param ctl Control object to process. - * \param value Password. - * \param encrypt Encrypt password - * \param change Save encrypted - */ -void ldapctl_set_bind_password( - LdapControl* ctl, const gchar *value, gboolean encrypt, gboolean change ) { - gchar *buf, *tmp; - - ctl->bindPass = mgu_replace_string( ctl->bindPass, value ); - - if ( ctl->bindPass == NULL ) - return; - - g_strstrip( ctl->bindPass ); - - buf = tmp = NULL; - if ( encrypt ) { - /* If first char is not ! the password is not encrypted */ - if (ctl->bindPass[0] == '!' || change) { - if (ctl->bindPass[0] != '!' && change) - buf = mgu_replace_string( buf, ctl->bindPass ); - else { - if (ctl->bindPass[1] != '|') - buf = mgu_replace_string( buf, ctl->bindPass + 1 ); - else { - /* quoted printable decode */ - buf = mgu_replace_string( buf, ctl->bindPass + 2 ); - qp_decode_line(buf); - } - } - - passcrypt_encrypt( buf, strlen(buf) ); - if (ctl->bindPass[0] != '!' && change) { - /* quoted printable encode */ - tmp = g_malloc0(qp_get_q_encoding_len(buf) + 1); - qp_q_encode(tmp, buf); - g_free(buf); - buf = g_strconcat( "!|", tmp, NULL ); - g_free(tmp); - } - - ctl->bindPass = mgu_replace_string( ctl->bindPass, buf ); - g_free(buf); - - } - } - debug_print("setting bindPassword\n"); -} - -/** - * Fetch bind password to be used. - * \param ctl Control object to process. - * \return Decrypted password. - */ -gchar* ldapctl_get_bind_password( LdapControl* ctl ) { - gchar *pwd = NULL, *buf; - - if ( ctl->bindPass != NULL ) { - pwd = mgu_replace_string( pwd, ctl->bindPass ); - /* If first char is not ! the password is not encrypted */ - if (pwd && pwd[0] == '!') { - if (pwd[1] && pwd[1] == '|') { - buf = g_strdup(pwd + 2); - /* quoted printable decode */ - qp_decode_line(buf); - } - else { - buf = g_strdup(pwd + 1); - } - g_free(pwd); - - passcrypt_decrypt( buf, strlen(buf) ); - - pwd = g_strdup(buf); - g_free(buf); - } - } - - debug_print("getting bindPassword\n"); - - return pwd; -} - /** * Specify maximum number of entries to retrieve. * \param ctl Control object to process. @@ -361,7 +274,6 @@ static void ldapctl_clear( LdapControl *ctl ) { g_free( ctl->hostName ); g_free( ctl->baseDN ); g_free( ctl->bindDN ); - g_free( ctl->bindPass ); g_free( ctl->attribEMail ); g_free( ctl->attribCName ); g_free( ctl->attribFName ); @@ -375,7 +287,6 @@ static void ldapctl_clear( LdapControl *ctl ) { ctl->port = 0; ctl->baseDN = NULL; ctl->bindDN = NULL; - ctl->bindPass = NULL; ctl->attribEMail = NULL; ctl->attribCName = NULL; ctl->attribFName = NULL; @@ -425,8 +336,10 @@ void ldapctl_print( const LdapControl *ctl, FILE *stream ) { fprintf( stream, " port: %d\n", ctl->port ); fprintf( stream, " base dn: '%s'\n", ctl->baseDN?ctl->baseDN:"null" ); fprintf( stream, " bind dn: '%s'\n", ctl->bindDN?ctl->bindDN:"null" ); - pwd = ldapctl_get_bind_password((LdapControl *) ctl); + pwd = passwd_store_get(PWS_CORE, "LDAP", ctl->hostName); fprintf( stream, "bind pass: '%s'\n", pwd?pwd:"null" ); + if (pwd != NULL && strlen(pwd) > 0) + memset(pwd, 0, strlen(pwd)); g_free(pwd); fprintf( stream, "attr mail: '%s'\n", ctl->attribEMail?ctl->attribEMail:"null" ); fprintf( stream, "attr comn: '%s'\n", ctl->attribCName?ctl->attribCName:"null" ); @@ -474,7 +387,6 @@ void ldapctl_copy( const LdapControl *ctlFrom, LdapControl *ctlTo ) { ctlTo->hostName = g_strdup( ctlFrom->hostName ); ctlTo->baseDN = g_strdup( ctlFrom->baseDN ); ctlTo->bindDN = g_strdup( ctlFrom->bindDN ); - ctlTo->bindPass = g_strdup( ctlFrom->bindPass ); ctlTo->attribEMail = g_strdup( ctlFrom->attribEMail ); ctlTo->attribCName = g_strdup( ctlFrom->attribCName ); ctlTo->attribFName = g_strdup( ctlFrom->attribFName ); diff --git a/src/ldapctrl.h b/src/ldapctrl.h index b76500f56..41673618b 100644 --- a/src/ldapctrl.h +++ b/src/ldapctrl.h @@ -64,7 +64,6 @@ struct _LdapControl { gint port; gchar *baseDN; gchar *bindDN; - gchar *bindPass; gint maxEntries; gint timeOut; gint maxQueryAge; diff --git a/src/ldapserver.c b/src/ldapserver.c index 5006f46cb..9507b5237 100644 --- a/src/ldapserver.c +++ b/src/ldapserver.c @@ -41,6 +41,7 @@ #include "ldaputil.h" #include "utils.h" #include "adbookbase.h" +#include "passwordstore.h" /** * Create new LDAP server interface object with no control object. @@ -851,16 +852,17 @@ LDAP *ldapsvr_connect(LdapControl *ctl) { /* Bind to the server, if required */ if (ctl->bindDN) { if (* ctl->bindDN != '\0') { - pwd = ldapctl_get_bind_password(ctl); + pwd = passwd_store_get(PWS_CORE, "LDAP", ctl->hostName); rc = claws_ldap_simple_bind_s(ld, ctl->bindDN, pwd); + if (pwd != NULL && strlen(pwd) > 0) + memset(pwd, 0, strlen(pwd)); + g_free(pwd); if (rc != LDAP_SUCCESS) { g_printerr("bindDN: %s, bindPass xxx\n", ctl->bindDN); g_printerr("LDAP Error(bind): ldap_simple_bind_s: %s\n", ldaputil_get_error(ld)); - g_free(pwd); return NULL; } - g_free(pwd); } } return ld; diff --git a/src/ldaputil.c b/src/ldaputil.c index 305036ce3..060c82dd5 100644 --- a/src/ldaputil.c +++ b/src/ldaputil.c @@ -247,7 +247,6 @@ GList *ldaputil_read_basedn( ldapctl_set_host(ctl, host); ldapctl_set_timeout(ctl, tov); ldapctl_set_bind_dn(ctl, bindDN); - ldapctl_set_bind_password(ctl, bindPW, FALSE, FALSE); ld = ldapsvr_connect(ctl); if (ld == NULL) { -- 2.25.1