From 9ccdadd473a220eac94f67ff94d52ab9893e00b7 Mon Sep 17 00:00:00 2001 From: Chris Toshok Date: Sun, 10 Mar 2002 01:57:47 +0000 Subject: add TLSNotAvailable to BookLister_CallStatus. 2002-03-09 Chris Toshok * backend/idl/addressbook.idl: add TLSNotAvailable to BookLister_CallStatus. * backend/ebook/e-book-types.h: add TLS_NOT_AVAILABLE to the EBookStatus enum. * backend/ebook/e-book-listener.c (e_book_listener_convert_status): add TLS_NOT_AVAILABLE to the switch. * backend/pas/pas-backend-ldap.c (pas_backend_ldap_get_static_capabilities): fix name. (pas_backend_ldap_class_init): fix name. (pas_backend_ldap_connect): change return type to CallStatus so we can return different errors from here. Also, do STARTTLS if the user has asked for it and the connection supports it, returning TLSNotAvailable (and close the connection) if they chose to require it. (pas_backend_ldap_load_uri): return pas_backend_ldap_connect. (func_beginswith): pull in change from evolution-1-0-branch to make full_name beginswith search both cn and sn. svn path=/trunk/; revision=16005 --- addressbook/ChangeLog | 23 +++++++++ addressbook/backend/ebook/e-book-listener.c | 2 + addressbook/backend/ebook/e-book-types.h | 1 + addressbook/backend/idl/addressbook.idl | 3 ++ addressbook/backend/pas/pas-backend-ldap.c | 73 ++++++++++++++++++++++------- 5 files changed, 86 insertions(+), 16 deletions(-) diff --git a/addressbook/ChangeLog b/addressbook/ChangeLog index ab1eb8eb3d..ab61673333 100644 --- a/addressbook/ChangeLog +++ b/addressbook/ChangeLog @@ -1,3 +1,26 @@ +2002-03-09 Chris Toshok + + * backend/idl/addressbook.idl: add TLSNotAvailable to + BookLister_CallStatus. + + * backend/ebook/e-book-types.h: add TLS_NOT_AVAILABLE to the EBookStatus enum. + + * backend/ebook/e-book-listener.c + (e_book_listener_convert_status): add TLS_NOT_AVAILABLE to the + switch. + + * backend/pas/pas-backend-ldap.c + (pas_backend_ldap_get_static_capabilities): fix name. + (pas_backend_ldap_class_init): fix name. + (pas_backend_ldap_connect): change return type to CallStatus so we + can return different errors from here. Also, do STARTTLS if the + user has asked for it and the connection supports it, returning + TLSNotAvailable (and close the connection) if they chose to + require it. + (pas_backend_ldap_load_uri): return pas_backend_ldap_connect. + (func_beginswith): pull in change from evolution-1-0-branch to + make full_name beginswith search both cn and sn. + 2002-03-09 Chris Toshok * gui/widgets/e-addressbook-view.c (jump_to_letter): since I've diff --git a/addressbook/backend/ebook/e-book-listener.c b/addressbook/backend/ebook/e-book-listener.c index 139eb849fa..ce85ed75ba 100644 --- a/addressbook/backend/ebook/e-book-listener.c +++ b/addressbook/backend/ebook/e-book-listener.c @@ -630,6 +630,8 @@ e_book_listener_convert_status (const GNOME_Evolution_Addressbook_BookListener_C return E_BOOK_STATUS_CARD_ID_ALREADY_EXISTS; case GNOME_Evolution_Addressbook_BookListener_ProtocolNotSupported: return E_BOOK_STATUS_PROTOCOL_NOT_SUPPORTED; + case GNOME_Evolution_Addressbook_BookListener_TLSNotAvailable: + return E_BOOK_STATUS_TLS_NOT_AVAILABLE; case GNOME_Evolution_Addressbook_BookListener_OtherError: return E_BOOK_STATUS_OTHER_ERROR; default: diff --git a/addressbook/backend/ebook/e-book-types.h b/addressbook/backend/ebook/e-book-types.h index 9ce3323bdf..398e46d74c 100644 --- a/addressbook/backend/ebook/e-book-types.h +++ b/addressbook/backend/ebook/e-book-types.h @@ -26,6 +26,7 @@ typedef enum { E_BOOK_STATUS_PROTOCOL_NOT_SUPPORTED, E_BOOK_STATUS_CANCELLED, E_BOOK_STATUS_AUTHENTICATION_FAILED, + E_BOOK_STATUS_TLS_NOT_AVAILABLE, E_BOOK_STATUS_OTHER_ERROR } EBookStatus; diff --git a/addressbook/backend/idl/addressbook.idl b/addressbook/backend/idl/addressbook.idl index 21479d1de2..fe2870fcde 100644 --- a/addressbook/backend/idl/addressbook.idl +++ b/addressbook/backend/idl/addressbook.idl @@ -99,6 +99,9 @@ module Addressbook { AuthenticationFailed, AuthenticationRequired, UnsupportedField, + + TLSNotAvailable, + OtherError }; diff --git a/addressbook/backend/pas/pas-backend-ldap.c b/addressbook/backend/pas/pas-backend-ldap.c index aebe05d98d..f9f092117d 100644 --- a/addressbook/backend/pas/pas-backend-ldap.c +++ b/addressbook/backend/pas/pas-backend-ldap.c @@ -46,6 +46,11 @@ #include +typedef enum { + PAS_BACKEND_LDAP_TLS_NO, + PAS_BACKEND_LDAP_TLS_ALWAYS, + PAS_BACKEND_LDAP_TLS_WHEN_POSSIBLE, +} PASBackendLDAPUseTLS; /* interval for our poll_ldap timeout */ #define LDAP_POLL_INTERVAL 20 @@ -77,6 +82,7 @@ typedef struct _PASBackendLDAPCursorPrivate PASBackendLDAPCursorPrivate; typedef struct _PASBackendLDAPBookView PASBackendLDAPBookView; typedef struct LDAPOp LDAPOp; + struct _PASBackendLDAPPrivate { char *uri; gboolean connected; @@ -91,6 +97,11 @@ struct _PASBackendLDAPPrivate { gboolean ldap_v3; /* TRUE if the server supports protocol revision 3 (necessary for TLS) */ + gboolean starttls; /* TRUE if the *library* supports + starttls. will be false if openssl + was not built into openldap. */ + PASBackendLDAPUseTLS use_tls; + GList *book_views; LDAP *ldap; @@ -522,7 +533,7 @@ query_ldap_root_dse (PASBackendLDAP *bl) } -static void +static GNOME_Evolution_Addressbook_BookListener_CallStatus pas_backend_ldap_connect (PASBackendLDAP *bl) { PASBackendLDAPPrivate *blpriv = bl->priv; @@ -532,7 +543,7 @@ pas_backend_ldap_connect (PASBackendLDAP *bl) ldap_unbind (blpriv->ldap); blpriv->ldap = ldap_init (blpriv->ldap_host, blpriv->ldap_port); -#ifdef DEBUG +#if defined (DEBUG) && defined (LDAP_OPT_DEBUG_LEVEL) { int debug_level = 4; ldap_set_option (blpriv->ldap, LDAP_OPT_DEBUG_LEVEL, &debug_level); @@ -552,23 +563,32 @@ pas_backend_ldap_connect (PASBackendLDAP *bl) } } -#if notyet - if (TRUE /* the user wants to use TLS */) { + if (bl->priv->use_tls) { if (bl->priv->ldap_v3 /* the server supports v3 */) { ldap_error = ldap_start_tls_s (blpriv->ldap, NULL, NULL); if (LDAP_SUCCESS != ldap_error) { - g_warning ("ldap_start_tls_s failed with ldap_error 0x%2x (%s)", - ldap_error, - ldap_err2string (ldap_error)); + if (bl->priv->use_tls == PAS_BACKEND_LDAP_TLS_ALWAYS) { + g_message ("TLS not available (fatal version), (ldap_error 0x%02x)", ldap_error); + ldap_unbind (blpriv->ldap); + blpriv->ldap = NULL; + return GNOME_Evolution_Addressbook_BookListener_TLSNotAvailable; + } + else { + g_message ("TLS not available (ldap_error 0x%02x)", ldap_error); + } } else g_message ("TLS active"); } else { g_warning ("user wants to use TLS, but server doesn't support LDAPv3"); + if (bl->priv->use_tls == PAS_BACKEND_LDAP_TLS_ALWAYS) { + ldap_unbind (blpriv->ldap); + blpriv->ldap = NULL; + return GNOME_Evolution_Addressbook_BookListener_TLSNotAvailable; + } } } -#endif blpriv->connected = TRUE; @@ -576,6 +596,8 @@ pas_backend_ldap_connect (PASBackendLDAP *bl) might not be able to if we can't authenticate. if we can't, try again in auth_user.) */ check_schema_support (bl); + + return GNOME_Evolution_Addressbook_BookListener_Success; } else { g_warning ("pas_backend_ldap_connect failed for " @@ -584,6 +606,7 @@ pas_backend_ldap_connect (PASBackendLDAP *bl) blpriv->ldap_port, blpriv->ldap_rootdn ? blpriv->ldap_rootdn : ""); blpriv->connected = FALSE; + return GNOME_Evolution_Addressbook_BookListener_RepositoryOffline; } } @@ -2317,7 +2340,13 @@ func_beginswith(struct _ESExp *f, int argc, struct _ESExpResult **argv, void *da the right thing if the server supports them or not, and for entries that have no fileAs attribute. */ if (ldap_attr) { - if (!strcmp (ldap_attr, "fileAs")) { + if (!strcmp (propname, "full_name")) { + ldap_data->list = g_list_prepend(ldap_data->list, + g_strdup_printf( + "(|(cn=%s*)(sn=%s*))", + str, str)); + } + else if (!strcmp (ldap_attr, "fileAs")) { ldap_data->list = g_list_prepend(ldap_data->list, g_strdup_printf( "(|(fileAs=%s*)(&(!(fileAs=*))(sn=%s*)))", @@ -2966,6 +2995,22 @@ pas_backend_ldap_load_uri (PASBackend *backend, if (value) limit = atoi(value); } + else if (key_length == strlen("use_tls") && !strncmp (attributes[i], "use_tls", key_length)) { + if (value) { + if (!strncmp (value, "always", 6)) { + bl->priv->use_tls = PAS_BACKEND_LDAP_TLS_ALWAYS; + } + else if (!strncmp (value, "when-possible", 3)) { + bl->priv->use_tls = PAS_BACKEND_LDAP_TLS_WHEN_POSSIBLE; + } + else { + g_warning ("unhandled value for use_tls, not using it"); + } + } + else { + bl->priv->use_tls = PAS_BACKEND_LDAP_TLS_WHEN_POSSIBLE; + } + } } ldap_error = ldap_url_parse ((char*)attributes[0], &lud); @@ -2985,11 +3030,7 @@ pas_backend_ldap_load_uri (PASBackend *backend, ldap_free_urldesc(lud); - pas_backend_ldap_connect (bl); - if (bl->priv->ldap == NULL) - return GNOME_Evolution_Addressbook_BookListener_RepositoryOffline; - else - return GNOME_Evolution_Addressbook_BookListener_Success; + return pas_backend_ldap_connect (bl); } else return GNOME_Evolution_Addressbook_BookListener_OtherError; } @@ -3088,7 +3129,7 @@ pas_backend_ldap_remove_client (PASBackend *backend, } static char * -pas_backend_ldap_get_static_capabilites (PASBackend *backend) +pas_backend_ldap_get_static_capabilities (PASBackend *backend) { return g_strdup("net"); } @@ -3173,7 +3214,7 @@ pas_backend_ldap_class_init (PASBackendLDAPClass *klass) parent_class->get_uri = pas_backend_ldap_get_uri; parent_class->add_client = pas_backend_ldap_add_client; parent_class->remove_client = pas_backend_ldap_remove_client; - parent_class->get_static_capabilities = pas_backend_ldap_get_static_capabilites; + parent_class->get_static_capabilities = pas_backend_ldap_get_static_capabilities; object_class->destroy = pas_backend_ldap_destroy; } -- cgit v1.2.3