diff options
-rw-r--r-- | addressbook/ChangeLog | 23 | ||||
-rw-r--r-- | addressbook/backend/ebook/e-book-listener.c | 2 | ||||
-rw-r--r-- | addressbook/backend/ebook/e-book-types.h | 1 | ||||
-rw-r--r-- | addressbook/backend/idl/addressbook.idl | 3 | ||||
-rw-r--r-- | addressbook/backend/pas/pas-backend-ldap.c | 73 |
5 files changed, 86 insertions, 16 deletions
diff --git a/addressbook/ChangeLog b/addressbook/ChangeLog index ab1eb8eb3d..ab61673333 100644 --- a/addressbook/ChangeLog +++ b/addressbook/ChangeLog @@ -1,5 +1,28 @@ 2002-03-09 Chris Toshok <toshok@ximian.com> + * backend/idl/addressbook.idl: add TLSNotAvailable to + BookLister_CallStatus. + + * backend/ebook/e-book-types.h: add TLS_NOT_AVAILABLE to the EBookStatus enum. + + * backend/ebook/e-book-listener.c + (e_book_listener_convert_status): add TLS_NOT_AVAILABLE to the + switch. + + * backend/pas/pas-backend-ldap.c + (pas_backend_ldap_get_static_capabilities): fix name. + (pas_backend_ldap_class_init): fix name. + (pas_backend_ldap_connect): change return type to CallStatus so we + can return different errors from here. Also, do STARTTLS if the + user has asked for it and the connection supports it, returning + TLSNotAvailable (and close the connection) if they chose to + require it. + (pas_backend_ldap_load_uri): return pas_backend_ldap_connect. + (func_beginswith): pull in change from evolution-1-0-branch to + make full_name beginswith search both cn and sn. + +2002-03-09 Chris Toshok <toshok@ximian.com> + * gui/widgets/e-addressbook-view.c (jump_to_letter): since I've gone ahead and made the file backend (by way of pas-backend-card-sexp.c) use case insensitive searches for diff --git a/addressbook/backend/ebook/e-book-listener.c b/addressbook/backend/ebook/e-book-listener.c index 139eb849fa..ce85ed75ba 100644 --- a/addressbook/backend/ebook/e-book-listener.c +++ b/addressbook/backend/ebook/e-book-listener.c @@ -630,6 +630,8 @@ e_book_listener_convert_status (const GNOME_Evolution_Addressbook_BookListener_C return E_BOOK_STATUS_CARD_ID_ALREADY_EXISTS; case GNOME_Evolution_Addressbook_BookListener_ProtocolNotSupported: return E_BOOK_STATUS_PROTOCOL_NOT_SUPPORTED; + case GNOME_Evolution_Addressbook_BookListener_TLSNotAvailable: + return E_BOOK_STATUS_TLS_NOT_AVAILABLE; case GNOME_Evolution_Addressbook_BookListener_OtherError: return E_BOOK_STATUS_OTHER_ERROR; default: diff --git a/addressbook/backend/ebook/e-book-types.h b/addressbook/backend/ebook/e-book-types.h index 9ce3323bdf..398e46d74c 100644 --- a/addressbook/backend/ebook/e-book-types.h +++ b/addressbook/backend/ebook/e-book-types.h @@ -26,6 +26,7 @@ typedef enum { E_BOOK_STATUS_PROTOCOL_NOT_SUPPORTED, E_BOOK_STATUS_CANCELLED, E_BOOK_STATUS_AUTHENTICATION_FAILED, + E_BOOK_STATUS_TLS_NOT_AVAILABLE, E_BOOK_STATUS_OTHER_ERROR } EBookStatus; diff --git a/addressbook/backend/idl/addressbook.idl b/addressbook/backend/idl/addressbook.idl index 21479d1de2..fe2870fcde 100644 --- a/addressbook/backend/idl/addressbook.idl +++ b/addressbook/backend/idl/addressbook.idl @@ -99,6 +99,9 @@ module Addressbook { AuthenticationFailed, AuthenticationRequired, UnsupportedField, + + TLSNotAvailable, + OtherError }; diff --git a/addressbook/backend/pas/pas-backend-ldap.c b/addressbook/backend/pas/pas-backend-ldap.c index aebe05d98d..f9f092117d 100644 --- a/addressbook/backend/pas/pas-backend-ldap.c +++ b/addressbook/backend/pas/pas-backend-ldap.c @@ -46,6 +46,11 @@ #include <stdlib.h> +typedef enum { + PAS_BACKEND_LDAP_TLS_NO, + PAS_BACKEND_LDAP_TLS_ALWAYS, + PAS_BACKEND_LDAP_TLS_WHEN_POSSIBLE, +} PASBackendLDAPUseTLS; /* interval for our poll_ldap timeout */ #define LDAP_POLL_INTERVAL 20 @@ -77,6 +82,7 @@ typedef struct _PASBackendLDAPCursorPrivate PASBackendLDAPCursorPrivate; typedef struct _PASBackendLDAPBookView PASBackendLDAPBookView; typedef struct LDAPOp LDAPOp; + struct _PASBackendLDAPPrivate { char *uri; gboolean connected; @@ -91,6 +97,11 @@ struct _PASBackendLDAPPrivate { gboolean ldap_v3; /* TRUE if the server supports protocol revision 3 (necessary for TLS) */ + gboolean starttls; /* TRUE if the *library* supports + starttls. will be false if openssl + was not built into openldap. */ + PASBackendLDAPUseTLS use_tls; + GList *book_views; LDAP *ldap; @@ -522,7 +533,7 @@ query_ldap_root_dse (PASBackendLDAP *bl) } -static void +static GNOME_Evolution_Addressbook_BookListener_CallStatus pas_backend_ldap_connect (PASBackendLDAP *bl) { PASBackendLDAPPrivate *blpriv = bl->priv; @@ -532,7 +543,7 @@ pas_backend_ldap_connect (PASBackendLDAP *bl) ldap_unbind (blpriv->ldap); blpriv->ldap = ldap_init (blpriv->ldap_host, blpriv->ldap_port); -#ifdef DEBUG +#if defined (DEBUG) && defined (LDAP_OPT_DEBUG_LEVEL) { int debug_level = 4; ldap_set_option (blpriv->ldap, LDAP_OPT_DEBUG_LEVEL, &debug_level); @@ -552,23 +563,32 @@ pas_backend_ldap_connect (PASBackendLDAP *bl) } } -#if notyet - if (TRUE /* the user wants to use TLS */) { + if (bl->priv->use_tls) { if (bl->priv->ldap_v3 /* the server supports v3 */) { ldap_error = ldap_start_tls_s (blpriv->ldap, NULL, NULL); if (LDAP_SUCCESS != ldap_error) { - g_warning ("ldap_start_tls_s failed with ldap_error 0x%2x (%s)", - ldap_error, - ldap_err2string (ldap_error)); + if (bl->priv->use_tls == PAS_BACKEND_LDAP_TLS_ALWAYS) { + g_message ("TLS not available (fatal version), (ldap_error 0x%02x)", ldap_error); + ldap_unbind (blpriv->ldap); + blpriv->ldap = NULL; + return GNOME_Evolution_Addressbook_BookListener_TLSNotAvailable; + } + else { + g_message ("TLS not available (ldap_error 0x%02x)", ldap_error); + } } else g_message ("TLS active"); } else { g_warning ("user wants to use TLS, but server doesn't support LDAPv3"); + if (bl->priv->use_tls == PAS_BACKEND_LDAP_TLS_ALWAYS) { + ldap_unbind (blpriv->ldap); + blpriv->ldap = NULL; + return GNOME_Evolution_Addressbook_BookListener_TLSNotAvailable; + } } } -#endif blpriv->connected = TRUE; @@ -576,6 +596,8 @@ pas_backend_ldap_connect (PASBackendLDAP *bl) might not be able to if we can't authenticate. if we can't, try again in auth_user.) */ check_schema_support (bl); + + return GNOME_Evolution_Addressbook_BookListener_Success; } else { g_warning ("pas_backend_ldap_connect failed for " @@ -584,6 +606,7 @@ pas_backend_ldap_connect (PASBackendLDAP *bl) blpriv->ldap_port, blpriv->ldap_rootdn ? blpriv->ldap_rootdn : ""); blpriv->connected = FALSE; + return GNOME_Evolution_Addressbook_BookListener_RepositoryOffline; } } @@ -2317,7 +2340,13 @@ func_beginswith(struct _ESExp *f, int argc, struct _ESExpResult **argv, void *da the right thing if the server supports them or not, and for entries that have no fileAs attribute. */ if (ldap_attr) { - if (!strcmp (ldap_attr, "fileAs")) { + if (!strcmp (propname, "full_name")) { + ldap_data->list = g_list_prepend(ldap_data->list, + g_strdup_printf( + "(|(cn=%s*)(sn=%s*))", + str, str)); + } + else if (!strcmp (ldap_attr, "fileAs")) { ldap_data->list = g_list_prepend(ldap_data->list, g_strdup_printf( "(|(fileAs=%s*)(&(!(fileAs=*))(sn=%s*)))", @@ -2966,6 +2995,22 @@ pas_backend_ldap_load_uri (PASBackend *backend, if (value) limit = atoi(value); } + else if (key_length == strlen("use_tls") && !strncmp (attributes[i], "use_tls", key_length)) { + if (value) { + if (!strncmp (value, "always", 6)) { + bl->priv->use_tls = PAS_BACKEND_LDAP_TLS_ALWAYS; + } + else if (!strncmp (value, "when-possible", 3)) { + bl->priv->use_tls = PAS_BACKEND_LDAP_TLS_WHEN_POSSIBLE; + } + else { + g_warning ("unhandled value for use_tls, not using it"); + } + } + else { + bl->priv->use_tls = PAS_BACKEND_LDAP_TLS_WHEN_POSSIBLE; + } + } } ldap_error = ldap_url_parse ((char*)attributes[0], &lud); @@ -2985,11 +3030,7 @@ pas_backend_ldap_load_uri (PASBackend *backend, ldap_free_urldesc(lud); - pas_backend_ldap_connect (bl); - if (bl->priv->ldap == NULL) - return GNOME_Evolution_Addressbook_BookListener_RepositoryOffline; - else - return GNOME_Evolution_Addressbook_BookListener_Success; + return pas_backend_ldap_connect (bl); } else return GNOME_Evolution_Addressbook_BookListener_OtherError; } @@ -3088,7 +3129,7 @@ pas_backend_ldap_remove_client (PASBackend *backend, } static char * -pas_backend_ldap_get_static_capabilites (PASBackend *backend) +pas_backend_ldap_get_static_capabilities (PASBackend *backend) { return g_strdup("net"); } @@ -3173,7 +3214,7 @@ pas_backend_ldap_class_init (PASBackendLDAPClass *klass) parent_class->get_uri = pas_backend_ldap_get_uri; parent_class->add_client = pas_backend_ldap_add_client; parent_class->remove_client = pas_backend_ldap_remove_client; - parent_class->get_static_capabilities = pas_backend_ldap_get_static_capabilites; + parent_class->get_static_capabilities = pas_backend_ldap_get_static_capabilities; object_class->destroy = pas_backend_ldap_destroy; } |