From cf2028a1ae99e49cb126d5ddb1160c82a8373e1a Mon Sep 17 00:00:00 2001
From: Chris Toshok <toshok@ximian.com>
Date: Mon, 2 Dec 2002 21:41:27 +0000
Subject: only enable the LDAPv3 stuff if TLS is being used. Also, deal with
 naming

2002-11-30  Chris Toshok  <toshok@ximian.com>

	* backend/pas/pas-backend-ldap.c (pas_backend_ldap_connect): only
	enable the LDAPv3 stuff if TLS is being used.  Also, deal with
	naming errors returned from query_ldap_root_dse, as some servers
	(older openldap servers among others i'm sure) don't have a root
	dse at all.

svn path=/trunk/; revision=18989
---
 addressbook/ChangeLog                      |  8 ++++
 addressbook/backend/pas/pas-backend-ldap.c | 72 +++++++++++++++++-------------
 2 files changed, 50 insertions(+), 30 deletions(-)

diff --git a/addressbook/ChangeLog b/addressbook/ChangeLog
index 433aca980b..faa71cc119 100644
--- a/addressbook/ChangeLog
+++ b/addressbook/ChangeLog
@@ -1,3 +1,11 @@
+2002-11-30  Chris Toshok  <toshok@ximian.com>
+
+	* backend/pas/pas-backend-ldap.c (pas_backend_ldap_connect): only
+	enable the LDAPv3 stuff if TLS is being used.  Also, deal with
+	naming errors returned from query_ldap_root_dse, as some servers
+	(older openldap servers among others i'm sure) don't have a root
+	dse at all.
+	
 2002-12-02  Not Zed  <NotZed@Ximian.com>
 
 	* gui/widgets/e-addressbook-view.c (e_contact_print_button):
diff --git a/addressbook/backend/pas/pas-backend-ldap.c b/addressbook/backend/pas/pas-backend-ldap.c
index 9a44ee6aad..5161ae0b63 100644
--- a/addressbook/backend/pas/pas-backend-ldap.c
+++ b/addressbook/backend/pas/pas-backend-ldap.c
@@ -564,7 +564,7 @@ query_ldap_root_dse (PASBackendLDAP *bl)
 					"(objectclass=*)",
 					attrs, 0, NULL, NULL, &timeout, LDAP_NO_LIMIT, &resp);
 	if (ldap_error != LDAP_SUCCESS) {
-		g_warning ("could not perform query on Root DSE");
+		g_warning ("could not perform query on Root DSE (ldap_error 0x%02x)", ldap_error);
 		return ldap_error;
 	}
 
@@ -634,34 +634,43 @@ pas_backend_ldap_connect (PASBackendLDAP *bl)
 	if (NULL != blpriv->ldap) {
 		int ldap_error;
 
-		int protocol_version = LDAP_VERSION3;
-		ldap_error = ldap_set_option (blpriv->ldap, LDAP_OPT_PROTOCOL_VERSION, &protocol_version);
-		if (LDAP_OPT_SUCCESS != ldap_error) {
-			g_warning ("failed to set protocol version to LDAPv3");
-			bl->priv->ldap_v3 = FALSE;
-		}
-		else
-			bl->priv->ldap_v3 = TRUE;
-
-		if (bl->priv->ldap_port == LDAPS_PORT && bl->priv->use_tls == PAS_BACKEND_LDAP_TLS_ALWAYS) {
-			int tls_level = LDAP_OPT_X_TLS_HARD;
-			ldap_set_option (blpriv->ldap, LDAP_OPT_X_TLS, &tls_level);
-		}
-		else if (bl->priv->use_tls) {
-			ldap_error = ldap_start_tls_s (blpriv->ldap, NULL, NULL);
-			if (LDAP_SUCCESS != ldap_error) {
-				if (bl->priv->use_tls == PAS_BACKEND_LDAP_TLS_ALWAYS) {
-					g_message ("TLS not available (fatal version), (ldap_error 0x%02x)", ldap_error);
-					ldap_unbind (blpriv->ldap);
-					blpriv->ldap = NULL;
-					return GNOME_Evolution_Addressbook_BookListener_TLSNotAvailable;
-				}
-				else {
-					g_message ("TLS not available (ldap_error 0x%02x)", ldap_error);
-				}
+		if (bl->priv->use_tls != PAS_BACKEND_LDAP_TLS_NO) {
+			int protocol_version = LDAP_VERSION3;
+			ldap_error = ldap_set_option (blpriv->ldap, LDAP_OPT_PROTOCOL_VERSION, &protocol_version);
+			if (LDAP_OPT_SUCCESS != ldap_error) {
+				g_warning ("failed to set protocol version to LDAPv3");
+				bl->priv->ldap_v3 = FALSE;
 			}
 			else
-				g_message ("TLS active");
+				bl->priv->ldap_v3 = TRUE;
+
+			if (!bl->priv->ldap_v3 && bl->priv->use_tls == PAS_BACKEND_LDAP_TLS_ALWAYS) {
+				g_message ("TLS not available (fatal version), v3 protocol could not be established (ldap_error 0x%02x)", ldap_error);
+				ldap_unbind (blpriv->ldap);
+				blpriv->ldap = NULL;
+				return GNOME_Evolution_Addressbook_BookListener_TLSNotAvailable;
+			}
+
+			if (bl->priv->ldap_port == LDAPS_PORT && bl->priv->use_tls == PAS_BACKEND_LDAP_TLS_ALWAYS) {
+				int tls_level = LDAP_OPT_X_TLS_HARD;
+				ldap_set_option (blpriv->ldap, LDAP_OPT_X_TLS, &tls_level);
+			}
+			else if (bl->priv->use_tls) {
+				ldap_error = ldap_start_tls_s (blpriv->ldap, NULL, NULL);
+				if (LDAP_SUCCESS != ldap_error) {
+					if (bl->priv->use_tls == PAS_BACKEND_LDAP_TLS_ALWAYS) {
+						g_message ("TLS not available (fatal version), (ldap_error 0x%02x)", ldap_error);
+						ldap_unbind (blpriv->ldap);
+						blpriv->ldap = NULL;
+						return GNOME_Evolution_Addressbook_BookListener_TLSNotAvailable;
+					}
+					else {
+						g_message ("TLS not available (ldap_error 0x%02x)", ldap_error);
+					}
+				}
+				else
+					g_message ("TLS active");
+			}
 		}
 
 		ldap_error = query_ldap_root_dse (bl);
@@ -669,7 +678,11 @@ pas_backend_ldap_connect (PASBackendLDAP *bl)
 		   connect(), so any tcpip problems will show up
 		   here */
 
-		if (LDAP_SUCCESS == ldap_error) {
+		/* we can't just check for LDAP_SUCCESS here since in
+		   older servers (namely openldap1.x servers), there's
+		   not a root DSE at all, so the query will fail with
+		   LDAP_NO_SUCH_OBJECT. */
+		if (ldap_error == LDAP_SUCCESS || LDAP_NAME_ERROR (ldap_error)) {
 			blpriv->connected = TRUE;
 
 			/* check to see if evolutionPerson is supported, if we can (me
@@ -682,7 +695,6 @@ pas_backend_ldap_connect (PASBackendLDAP *bl)
 		}
 		else
 			g_warning ("Failed to perform root dse query anonymously, (ldap_error 0x%02x)", ldap_error);
-
 	}
 
 	g_warning ("pas_backend_ldap_connect failed for "
@@ -3295,7 +3307,7 @@ pas_backend_ldap_load_uri (PASBackend             *backend,
 				else if (!strncmp (value, "whenever_possible", 3)) {
 					bl->priv->use_tls = PAS_BACKEND_LDAP_TLS_WHEN_POSSIBLE;
 				}
-				else {
+				else if (strncmp (value, "never", 5)) {
 					g_warning ("unhandled value for use_tls, not using it");
 				}
 			}
-- 
cgit v1.2.3