search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
* Unix-Alpine: Connect securely to a LDAP server on a secure port.
[alpine.git] / pith / ldap.c
blob8bec9c063411c54d2034c9993846835683243c70
1 #if !defined(lint) && !defined(DOS)
2 static char rcsid[] = "$Id: ldap.c 1204 2009-02-02 19:54:23Z hubert@u.washington.edu $";
3 #endif
4
5 /*
6 * ========================================================================
7 * Copyright 2006-2008 University of Washington
8 * Copyright 2013-2016 Eduardo Chappa
9 *
10 * Licensed under the Apache License, Version 2.0 (the "License");
11 * you may not use this file except in compliance with the License.
12 * You may obtain a copy of the License at
13 *
14 * http://www.apache.org/licenses/LICENSE-2.0
15 *
16 * ========================================================================
17 */
18
19 #include "../pith/headers.h"
20 #include "../pith/ldap.h"
21 #include "../pith/state.h"
22 #include "../pith/conf.h"
23 #include "../pith/status.h"
24 #include "../pith/util.h"
25 #include "../pith/imap.h"
26 #include "../pith/busy.h"
27 #include "../pith/signal.h"
28 #include "../pith/ablookup.h"
29 #include "../pith/readfile.h"
30
31 /*
32 * Until we can think of a better way to do this. If user exits from an
33 * ldap address selection screen we want to return -1 so that call_builder
34 * will stay on the same line. Might want to use another return value
35 * for the builder so that call_builder more fully understands what we're
36 * up to.
37 */
38 int wp_exit;
39 int wp_nobail;
40
41
42 #ifdef ENABLE_LDAP
43 /*
44 * Hook to allow user input on whether or not to save chosen LDAP result
45 */
46 void (*pith_opt_save_ldap_entry)(struct pine *, LDAP_CHOOSE_S *, int);
47
48
49 /*
50 * Internal prototypes
51 */
52 LDAP_SERV_RES_S *ldap_lookup(LDAP_SERV_S *, char *, CUSTOM_FILT_S *, WP_ERR_S *, int);
53 LDAP_SERV_S *copy_ldap_serv_info(LDAP_SERV_S *);
54 int our_ldap_get_lderrno(LDAP *, char **, char **);
55 int our_ldap_set_lderrno(LDAP *, int, char *, char *);
56 #endif /* ENABLE_LDAP */
57
58
59 /*
60 * This function does white pages lookups.
61 *
62 * Args string -- the string to use in the lookup
63 *
64 * Returns NULL -- lookup failed
65 * Address -- A single address is returned if lookup was successfull.
66 */
67 ADDRESS *
68 wp_lookups(char *string, WP_ERR_S *wp_err, int recursing)
69 {
70 ADDRESS *ret_a = NULL;
71 char ebuf[200];
72 #ifdef ENABLE_LDAP
73 LDAP_SERV_RES_S *free_when_done = NULL;
74 LDAPLookupStyle style;
75 LDAP_CHOOSE_S *winning_e = NULL;
76 LDAP_SERV_S *info = NULL;
77 static char *fakedomain = "@";
78 char *tmp_a_string;
79 int auwe_rv = 0;
80
81 /*
82 * Runtime ldap lookup of addrbook entry.
83 */
84 if(!strncmp(string, RUN_LDAP, LEN_RL)){
85 LDAP_SERV_RES_S *head_of_result_list;
86
87 info = break_up_ldap_server(string+LEN_RL);
88 head_of_result_list = ldap_lookup(info, "", NULL, wp_err, 1);
89
90 if(head_of_result_list){
91 if(!wp_exit)
92 auwe_rv = ask_user_which_entry(head_of_result_list, string,
93 &winning_e,
94 wp_err,
95 wp_err->wp_err_occurred
96 ? DisplayIfOne : DisplayIfTwo);
97
98 if(auwe_rv != -5)
99 free_when_done = head_of_result_list;
100 }
101 else{
102 wp_err->wp_err_occurred = 1;
103 if(wp_err->error){
104 q_status_message(SM_ORDER, 3, 5, wp_err->error);
105 display_message('x');
106 fs_give((void **)&wp_err->error);
107 }
108
109 /* try using backup email address */
110 if(info && info->mail && *info->mail){
111 tmp_a_string = cpystr(info->mail);
112 rfc822_parse_adrlist(&ret_a, tmp_a_string, fakedomain);
113 fs_give((void **)&tmp_a_string);
114
115 wp_err->error =
116 cpystr(_("Directory lookup failed, using backup email address"));
117 }
118 else{
119 /*
120 * Do this so the awful LDAP: ... string won't show up
121 * in the composer. This shouldn't actually happen in
122 * real life, so we're not too concerned about it. If we
123 * were we'd want to recover the nickname we started with
124 * somehow, or something like that.
125 */
126 ret_a = mail_newaddr();
127 ret_a->mailbox = cpystr("missing-username");
128 wp_err->error = cpystr(_("Directory lookup failed, no backup email address available"));
129 }
130
131 q_status_message(SM_ORDER, 3, 5, wp_err->error);
132 display_message('x');
133 }
134 }
135 else{
136 style = F_ON(F_COMPOSE_REJECTS_UNQUAL, ps_global)
137 ? DisplayIfOne : DisplayIfTwo;
138 auwe_rv = ldap_lookup_all(string, as.n_serv, recursing, style, NULL,
139 &winning_e, wp_err, &free_when_done);
140 }
141
142 if(winning_e && auwe_rv != -5){
143 ret_a = address_from_ldap(winning_e);
144
145 if(pith_opt_save_ldap_entry && ret_a && F_ON(F_ADD_LDAP_TO_ABOOK, ps_global) && !info)
146 (*pith_opt_save_ldap_entry)(ps_global, winning_e, 1);
147
148
149 fs_give((void **)&winning_e);
150 }
151
152 /* Info's only set in the RUN_LDAP case */
153 if(info){
154 if(ret_a && ret_a->host){
155 ADDRESS *backup = NULL;
156
157 if(info->mail && *info->mail)
158 rfc822_parse_adrlist(&backup, info->mail, fakedomain);
159
160 if(!backup || !address_is_same(ret_a, backup)){
161 if(wp_err->error){
162 q_status_message(SM_ORDER, 3, 5, wp_err->error);
163 display_message('x');
164 fs_give((void **)&wp_err->error);
165 }
166
167 snprintf(ebuf, sizeof(ebuf),
168 _("Warning: current address different from saved address (%s)"),
169 info->mail);
170 wp_err->error = cpystr(ebuf);
171 q_status_message(SM_ORDER, 3, 5, wp_err->error);
172 display_message('x');
173 }
174
175 if(backup)
176 mail_free_address(&backup);
177 }
178
179 free_ldap_server_info(&info);
180 }
181
182 if(free_when_done)
183 free_ldap_result_list(&free_when_done);
184 #endif /* ENABLE_LDAP */
185
186 if(ret_a){
187 if(ret_a->mailbox){ /* indicates there was a MAIL attribute */
188 if(!ret_a->host || !ret_a->host[0]){
189 if(ret_a->host)
190 fs_give((void **)&ret_a->host);
191
192 ret_a->host = cpystr("missing-hostname");
193 wp_err->wp_err_occurred = 1;
194 if(wp_err->error)
195 fs_give((void **)&wp_err->error);
196
197 wp_err->error = cpystr(_("Missing hostname in LDAP address"));
198 q_status_message(SM_ORDER, 3, 5, wp_err->error);
199 display_message('x');
200 }
201
202 if(!ret_a->mailbox[0]){
203 if(ret_a->mailbox)
204 fs_give((void **)&ret_a->mailbox);
205
206 ret_a->mailbox = cpystr("missing-username");
207 wp_err->wp_err_occurred = 1;
208 if(wp_err->error)
209 fs_give((void **)&wp_err->error);
210
211 wp_err->error = cpystr(_("Missing username in LDAP address"));
212 q_status_message(SM_ORDER, 3, 5, wp_err->error);
213 display_message('x');
214 }
215 }
216 else{
217 wp_err->wp_err_occurred = 1;
218
219 if(wp_err->error)
220 fs_give((void **)&wp_err->error);
221
222 snprintf(ebuf, sizeof(ebuf), _("No email address available for \"%s\""),
223 (ret_a->personal && *ret_a->personal)
224 ? ret_a->personal
225 : "selected entry");
226 wp_err->error = cpystr(ebuf);
227 q_status_message(SM_ORDER, 3, 5, wp_err->error);
228 display_message('x');
229 mail_free_address(&ret_a);
230 ret_a = NULL;
231 }
232 }
233
234 return(ret_a);
235 }
236
237
238 #ifdef ENABLE_LDAP
239
240 /*
241 * Goes through all servers looking up string.
242 *
243 * Args string -- String to search for
244 * who -- Which servers to look on
245 * style -- Sometimes we want to display no matter what, sometimes
246 * only if more than one entry, sometimes only if email
247 * addresses, ...
248 *
249 * The possible styles are:
250 * AlwaysDisplayAndMailRequired: This happens when user ^T's from
251 * composer to address book screen, and
252 * then queries directory server.
253 * AlwaysDisplay: This happens when user is browsing
254 * in address book maintenance screen and
255 * then queries directory server.
256 * DisplayIfOne: These two come from implicit lookups
257 * DisplayIfTwo: from build_address. If the compose rejects
258 * unqualified feature is on we get the
259 * DisplayIfOne, otherwise IfTwo.
260 *
261 * cust -- Use this custom filter instead of configured filters
262 * winning_e -- Return value
263 * wp_err -- Error handling
264 * free_when_done -- Caller needs to free this
265 *
266 * Returns -- value returned by ask_user_which_entry
267 */
268 int
269 ldap_lookup_all(char *string, int who, int recursing, LDAPLookupStyle style,
270 CUSTOM_FILT_S *cust, LDAP_CHOOSE_S **winning_e,
271 WP_ERR_S *wp_err, LDAP_SERV_RES_S **free_when_done)
272 {
273 int retval = -1;
274 LDAP_SERV_RES_S *head_of_result_list = NULL;
275
276 wp_exit = wp_nobail = 0;
277 if(free_when_done)
278 *free_when_done = NULL;
279
280 head_of_result_list = ldap_lookup_all_work(string, who, recursing,
281 cust, wp_err);
282
283 if(!wp_exit)
284 retval = ask_user_which_entry(head_of_result_list, string, winning_e,
285 wp_err,
286 (wp_err->wp_err_occurred &&
287 style == DisplayIfTwo) ? DisplayIfOne
288 : style);
289
290 /*
291 * Because winning_e probably points into the result list
292 * we need to leave the result list alone and have the caller
293 * free it after they are done with winning_e.
294 */
295 if(retval != -5 && free_when_done)
296 *free_when_done = head_of_result_list;
297
298 return(retval);
299 }
300
301
302 /*
303 * Goes through all servers looking up string.
304 *
305 * Args string -- String to search for
306 * who -- Which servers to look on
307 * cust -- Use this custom filter instead of configured filters
308 * wp_err -- Error handling
309 *
310 * Returns -- list of results that needs to be freed by caller
311 */
312 LDAP_SERV_RES_S *
313 ldap_lookup_all_work(char *string, int who, int recursing,
314 CUSTOM_FILT_S *cust, WP_ERR_S *wp_err)
315 {
316 int i;
317 LDAP_SERV_RES_S *serv_res;
318 LDAP_SERV_RES_S *rr, *head_of_result_list = NULL;
319
320 /* If there is at least one server */
321 if(ps_global->VAR_LDAP_SERVERS && ps_global->VAR_LDAP_SERVERS[0] &&
322 ps_global->VAR_LDAP_SERVERS[0][0]){
323 int how_many_servers;
324
325 for(i = 0; ps_global->VAR_LDAP_SERVERS[i] &&
326 ps_global->VAR_LDAP_SERVERS[i][0]; i++)
327 ;
328
329 how_many_servers = i;
330
331 /* For each server in list */
332 for(i = 0; !wp_exit && ps_global->VAR_LDAP_SERVERS[i] &&
333 ps_global->VAR_LDAP_SERVERS[i][0]; i++){
334 LDAP_SERV_S *info;
335
336 dprint((6, "ldap_lookup_all_work: lookup on server (%.256s)\n",
337 ps_global->VAR_LDAP_SERVERS[i]));
338 info = NULL;
339 if(who == -1 || who == i || who == as.n_serv)
340 info = break_up_ldap_server(ps_global->VAR_LDAP_SERVERS[i]);
341
342 /*
343 * Who tells us which servers to look on.
344 * Who == -1 means all servers.
345 * Who == 0 means server[0].
346 * Who == 1 means server[1].
347 * Who == as.n_serv means query on those with impl set.
348 */
349 if(!(who == -1 || who == i ||
350 (who == as.n_serv && !recursing && info && info->impl) ||
351 (who == as.n_serv && recursing && info && info->rhs))){
352
353 if(info)
354 free_ldap_server_info(&info);
355
356 continue;
357 }
358
359 dprint((6, "ldap_lookup_all_work: ldap_lookup (server: %.20s...)(string: %s)\n",
360 ps_global->VAR_LDAP_SERVERS[i], string));
361 serv_res = ldap_lookup(info, string, cust,
362 wp_err, how_many_servers > 1);
363 if(serv_res){
364 /* Add new one to end of list so they come in the right order */
365 for(rr = head_of_result_list; rr && rr->next; rr = rr->next)
366 ;
367
368 if(rr)
369 rr->next = serv_res;
370 else
371 head_of_result_list = serv_res;
372 }
373
374 if(info)
375 free_ldap_server_info(&info);
376 }
377 }
378
379 return(head_of_result_list);
380 }
381
382
383 /*
384 * Do an LDAP lookup to the server described in the info argument.
385 *
386 * Args info -- LDAP info for server.
387 * string -- String to lookup.
388 * cust -- Possible custom filter description.
389 * wp_err -- We set this is we get a white pages error.
390 * name_in_error -- Caller sets this if they want us to include the server
391 * name in error messages.
392 *
393 * Returns Results of lookup, NULL if lookup failed.
394 */
395 LDAP_SERV_RES_S *
396 ldap_lookup(LDAP_SERV_S *info, char *string, CUSTOM_FILT_S *cust,
397 WP_ERR_S *wp_err, int name_in_error)
398 {
399 char ebuf[900];
400 char buf[900];
401 char *serv, *base, *serv_errstr;
402 char *mailattr, *snattr, *gnattr, *cnattr;
403 int we_cancel = 0, we_turned_on = 0;
404 LDAP_SERV_RES_S *serv_res = NULL;
405 LDAP *ld = NULL;
406 long pwdtrial = 0L;
407 int ld_errnum;
408 char *ld_errstr;
409
410
411 if(!info)
412 return(serv_res);
413
414 serv = cpystr((info->serv && *info->serv) ? info->serv : "?");
415
416 if(name_in_error)
417 snprintf(ebuf, sizeof(ebuf), " (%s)",
418 (info->nick && *info->nick) ? info->nick : serv);
419 else
420 ebuf[0] = '\0';
421
422 serv_errstr = cpystr(ebuf);
423 base = cpystr(info->base ? info->base : "");
424
425 if(info->port < 0)
426 info->port = LDAP_PORT;
427
428 if(info->type < 0)
429 info->type = DEF_LDAP_TYPE;
430
431 if(info->srch < 0)
432 info->srch = DEF_LDAP_SRCH;
433
434 if(info->time < 0)
435 info->time = DEF_LDAP_TIME;
436
437 if(info->size < 0)
438 info->size = DEF_LDAP_SIZE;
439
440 if(info->scope < 0)
441 info->scope = DEF_LDAP_SCOPE;
442
443 mailattr = (info->mailattr && info->mailattr[0]) ? info->mailattr
444 : DEF_LDAP_MAILATTR;
445 snattr = (info->snattr && info->snattr[0]) ? info->snattr
446 : DEF_LDAP_SNATTR;
447 gnattr = (info->gnattr && info->gnattr[0]) ? info->gnattr
448 : DEF_LDAP_GNATTR;
449 cnattr = (info->cnattr && info->cnattr[0]) ? info->cnattr
450 : DEF_LDAP_CNATTR;
451
452 /*
453 * We may want to keep ldap handles open, but at least for
454 * now, re-open them every time.
455 */
456
457 dprint((3, "ldap_lookup(%s,%d)\n", serv ? serv : "?", info->port));
458
459 snprintf(ebuf, sizeof(ebuf), "Searching%s%s%s on %s",
460 (string && *string) ? " for \"" : "",
461 (string && *string) ? string : "",
462 (string && *string) ? "\"" : "",
463 serv);
464 we_turned_on = intr_handling_on(); /* this erases keymenu */
465 we_cancel = busy_cue(ebuf, NULL, 0);
466 if(wp_err->mangled)
467 *(wp_err->mangled) = 1;
468
469 #ifdef _SOLARIS_SDK
470 if(info->tls || info->tlsmust)
471 ldapssl_client_init(NULL, NULL);
472 if((ld = ldap_init(serv, info->port)) == NULL)
473 #else
474 #if (LDAPAPI >= 11)
475 #ifdef _WINDOWS
476 if((ld = ldap_init(serv, info->port)) == NULL)
477 #else
478 #ifdef SMIME_SSLCERTS
479 /* If we are attempting a ldaps secure connection, we need to tell
480 * ldap that we have certificates. There are many ways to do so.
481 * OpenLDAP has many ways to configure this through configuration
482 * files. For example the global (to the system) ldap.conf file, or the
483 * personal ldaprc or .ldaprc files. Setting the location of the
484 * certificates must happen at the time we call ldap_initialize, we
485 * cannot set it up before that call, nor after, so what we are going
486 * to do is to test for a .ldaprc file in the home directory. If such
487 * file exists we read it, if not we create it and if it does not have
488 * a line for the location of the certificates in the system, we add one.
489 * (so we ignore all other configuration files)
490 */
491 if(info->ldaps && ps_global->home_dir){
492 int done = 0;
493 char *text, *tls_conf;
494 char filename[MAXPATH+1];
495
496 build_path(filename, ps_global->home_dir, ".ldaprc", sizeof(filename));
497
498 if((text = read_file(filename, 0)) != NULL)
499 while(done == 0
500 && (tls_conf = strstr(text, "TLS_CACERTDIR")) != NULL
501 && (tls_conf == text || *(tls_conf - 1) == '\n')){
502 tls_conf += 13; /* 13 = strlen("TLS_CACERTDIR") */
503 while (isspace(*tls_conf))
504 tls_conf++;
505 if(!strncmp(tls_conf, SMIME_SSLCERTS, strlen(SMIME_SSLCERTS)))
506 done++;
507 }
508
509 if(!done){
510 STORE_S *so;
511
512 if((so = so_get(FileStar, filename, WRITE_ACCESS)) != NULL){
513 if(text != NULL){
514 so_puts(so, text);
515 so_puts(so, NEWLINE);
516 }
517 so_puts(so, "TLS_CACERTDIR");
518 so_puts(so, " ");
519 so_puts(so, SMIME_SSLCERTS);
520 so_puts(so, NEWLINE);
521 so_give(&so);
522 }
523 }
524 if(text != NULL)
525 fs_give((void **)&text);
526 }
527 #endif /* SMIME_SSLCERTS */
528
529 snprintf(tmp_20k_buf, SIZEOF_20KBUF, "%s://%s:%d",
530 info->ldaps ? "ldaps" : "ldap ", serv, info->port);
531 tmp_20k_buf[SIZEOF_20KBUF-1] = '\0';
532
533 if(ldap_initialize(&ld, tmp_20k_buf) != LDAP_SUCCESS)
534 #endif
535 #else
536 if((ld = ldap_open(serv, info->port)) == NULL)
537 #endif
538 #endif
539 {
540 /* TRANSLATORS: All of the three args together are an error message */
541 snprintf(ebuf, sizeof(ebuf), _("Access to LDAP server failed: %s%s(%s)"),
542 errno ? error_description(errno) : "",
543 errno ? " " : "",
544 serv);
545 wp_err->wp_err_occurred = 1;
546 if(wp_err->error)
547 fs_give((void **)&wp_err->error);
548
549 wp_err->error = cpystr(ebuf);
550 if(we_cancel)
551 cancel_busy_cue(-1);
552
553 q_status_message(SM_ORDER, 3, 5, wp_err->error);
554 display_message('x');
555 dprint((2, "%s\n", ebuf));
556 }
557 else if(!ps_global->intr_pending){
558 int proto = 3, tlsmustbail = 0;
559 char pwd[NETMAXPASSWD], user[NETMAXUSER];
560 #ifdef _WINDOWS
561 char *passwd = NULL;
562 #else
563 struct berval passwd = { 0 };
564 #endif
565 char hostbuf[1024];
566 NETMBX mb;
567 #ifndef _WINDOWS
568 int rc;
569 #endif
570
571 memset(&mb, 0, sizeof(mb));
572
573 #ifdef _SOLARIS_SDK
574 if(info->tls || info->tlsmust)
575 rc = ldapssl_install_routines(ld);
576 #endif
577
578 if(ldap_v3_is_supported(ld) &&
579 our_ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &proto) == 0){
580 dprint((5, "ldap: using version 3 protocol\n"));
581 }
582
583 /*
584 * If we don't set RESTART then the select() waiting for the answer
585 * in libldap will be interrupted and stopped by our busy_cue.
586 */
587 our_ldap_set_option(ld, LDAP_OPT_RESTART, LDAP_OPT_ON);
588
589 /*
590 * If we need to authenticate, get the password
591 */
592 if(info->binddn && info->binddn[0]){
593 char pmt[500];
594 char *space;
595
596 snprintf(hostbuf, sizeof(hostbuf), "{%s}dummy", info->serv ? info->serv : "?");
597
598 /*
599 * We don't handle multiple space-delimited hosts well.
600 * We don't know which we're asking for a password for.
601 * We're not connected yet so we can't know.
602 */
603 if((space=strindex(hostbuf, ' ')) != NULL)
604 *space = '\0';
605
606 mail_valid_net_parse_work(hostbuf, &mb, info->ldaps ? "ldaps" : "ldap");
607 mb.port = info->port;
608 mb.tlsflag = (info->tls || info->tlsmust) ? 1 : 0;
609 mb.sslflag = info->ldaps ? 1 : 0;
610
611 try_password_again:
612
613 if(mb.tlsflag
614 && (pwdtrial > 0 ||
615 #ifndef _WINDOWS
616 #ifdef _SOLARIS_SDK
617 (rc == LDAP_SUCCESS)
618 #else /* !_SOLARIS_SDK */
619 ((rc=ldap_start_tls_s(ld, NULL, NULL)) == LDAP_SUCCESS)
620 #endif /* !_SOLARIS_SDK */
621 #else /* _WINDOWS */
622 0 /* TODO: find a way to do this in Windows */
623 #endif /* _WINDOWS */
624 ))
625 mb.tlsflag = 1;
626 else
627 mb.tlsflag = 0;
628
629 if((info->tls || info->tlsmust) && !mb.tlsflag){
630 q_status_message(SM_ORDER, 3, 5, "Not able to start TLS encryption for LDAP server");
631 if(info->tlsmust)
632 tlsmustbail++;
633 }
634
635 if(!tlsmustbail){
636 snprintf(pmt, sizeof(pmt), " %s", (info->nick && *info->nick) ? info->nick : serv);
637 mm_login_work(&mb, user, pwd, pwdtrial, pmt, info->binddn);
638 if(pwd && pwd[0])
639 #ifdef _WINDOWS
640 passwd = pwd;
641 #else
642 passwd.bv_len = strlen(pwd);
643 passwd.bv_val = pwd;
644 #endif
645 }
646 }
647
648
649 /*
650 * LDAPv2 requires the bind. v3 doesn't require it but we want
651 * to tell the server we're v3 if the server supports v3, and if the
652 * server doesn't support v3 the bind is required.
653 */
654 if(tlsmustbail
655 #ifdef _WINDOWS
656 || ldap_simple_bind_s(ld, info->binddn, passwd) != LDAP_SUCCESS){
657 #else
658 || ldap_sasl_bind_s(ld, info->binddn, LDAP_SASL_SIMPLE, &passwd, NULL, NULL, NULL) != LDAP_SUCCESS){
659 #endif
660 wp_err->wp_err_occurred = 1;
661
662 ld_errnum = our_ldap_get_lderrno(ld, NULL, &ld_errstr);
663
664 if(!tlsmustbail && info->binddn && info->binddn[0] && pwdtrial < 2L
665 && ld_errnum == LDAP_INVALID_CREDENTIALS){
666 pwdtrial++;
667 q_status_message(SM_ORDER, 3, 5, _("Invalid password"));
668 goto try_password_again;
669 }
670
671 snprintf(ebuf, sizeof(ebuf), _("LDAP server failed: %s%s%s%s"),
672 ldap_err2string(ld_errnum),
673 serv_errstr,
674 (ld_errstr && *ld_errstr) ? ": " : "",
675 (ld_errstr && *ld_errstr) ? ld_errstr : "");
676
677 if(wp_err->error)
678 fs_give((void **)&wp_err->error);
679
680 if(we_cancel)
681 cancel_busy_cue(-1);
682 #ifdef _WINDOWS
683 ldap_unbind(ld);
684 #else
685 ldap_unbind_ext(ld, NULL, NULL);
686 #endif
687 wp_err->error = cpystr(ebuf);
688 q_status_message(SM_ORDER, 3, 5, wp_err->error);
689 display_message('x');
690 dprint((2, "%s\n", ebuf));
691 }
692 else if(!ps_global->intr_pending){
693 int srch_res, args, slen, flen;
694 #define TEMPLATELEN 512
695 char filt_template[TEMPLATELEN + 1];
696 char filt_format[2*TEMPLATELEN + 1];
697 char filter[2*TEMPLATELEN + 1];
698 char scp[2*TEMPLATELEN + 1];
699 char *p, *q;
700 LDAPMessage *res = NULL;
701 int intr_happened = 0;
702 int tl;
703
704 tl = (info->time == 0) ? info->time : info->time + 10;
705
706 our_ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &tl);
707 our_ldap_set_option(ld, LDAP_OPT_SIZELIMIT, &info->size);
708
709 /*
710 * If a custom filter has been passed in and it doesn't include a
711 * request to combine it with the configured filter, then replace
712 * any configured filter with the passed in filter.
713 */
714 if(cust && cust->filt && !cust->combine){
715 if(info->cust)
716 fs_give((void **)&info->cust);
717
718 info->cust = cpystr(cust->filt);
719 }
720
721 if(info->cust && *info->cust){ /* use custom filter if present */
722 strncpy(filt_template, info->cust, sizeof(filt_template));
723 filt_template[sizeof(filt_template)-1] = '\0';
724 }
725 else{ /* else use configured filter */
726 switch(info->type){
727 case LDAP_TYPE_SUR:
728 snprintf(filt_template, sizeof(filt_template), "(%s=%%s)", snattr);
729 break;
730 case LDAP_TYPE_GIVEN:
731 snprintf(filt_template, sizeof(filt_template), "(%s=%%s)", gnattr);
732 break;
733 case LDAP_TYPE_EMAIL:
734 snprintf(filt_template, sizeof(filt_template), "(%s=%%s)", mailattr);
735 break;
736 case LDAP_TYPE_CN_EMAIL:
737 snprintf(filt_template, sizeof(filt_template), "(|(%s=%%s)(%s=%%s))", cnattr,
738 mailattr);
739 break;
740 case LDAP_TYPE_SUR_GIVEN:
741 snprintf(filt_template, sizeof(filt_template), "(|(%s=%%s)(%s=%%s))",
742 snattr, gnattr);
743 break;
744 case LDAP_TYPE_SEVERAL:
745 snprintf(filt_template, sizeof(filt_template),
746 "(|(%s=%%s)(%s=%%s)(%s=%%s)(%s=%%s))",
747 cnattr, mailattr, snattr, gnattr);
748 break;
749 default:
750 case LDAP_TYPE_CN:
751 snprintf(filt_template, sizeof(filt_template), "(%s=%%s)", cnattr);
752 break;
753 }
754 }
755
756 /* just copy if custom */
757 if(info->cust && *info->cust)
758 info->srch = LDAP_SRCH_EQUALS;
759
760 p = filt_template;
761 q = filt_format;
762 memset((void *)filt_format, 0, sizeof(filt_format));
763 args = 0;
764 while(*p && (q - filt_format) + 4 < sizeof(filt_format)){
765 if(*p == '%' && *(p+1) == 's'){
766 args++;
767 switch(info->srch){
768 /* Exact match */
769 case LDAP_SRCH_EQUALS:
770 *q++ = *p++;
771 *q++ = *p++;
772 break;
773
774 /* Append wildcard after %s */
775 case LDAP_SRCH_BEGINS:
776 *q++ = *p++;
777 *q++ = *p++;
778 *q++ = '*';
779 break;
780
781 /* Insert wildcard before %s */
782 case LDAP_SRCH_ENDS:
783 *q++ = '*';
784 *q++ = *p++;
785 *q++ = *p++;
786 break;
787
788 /* Put wildcard before and after %s */
789 default:
790 case LDAP_SRCH_CONTAINS:
791 *q++ = '*';
792 *q++ = *p++;
793 *q++ = *p++;
794 *q++ = '*';
795 break;
796 }
797 }
798 else
799 *q++ = *p++;
800 }
801
802 if(q - filt_format < sizeof(filt_format))
803 *q = '\0';
804
805 filt_format[sizeof(filt_format)-1] = '\0';
806
807 /*
808 * If combine is lit we put the custom filter and the filt_format
809 * filter and combine them with an &.
810 */
811 if(cust && cust->filt && cust->combine){
812 char *combined;
813 size_t l;
814
815 l = strlen(filt_format) + strlen(cust->filt) + 3;
816 combined = (char *) fs_get((l+1) * sizeof(char));
817 snprintf(combined, l+1, "(&%s%s)", cust->filt, filt_format);
818 strncpy(filt_format, combined, sizeof(filt_format));
819 filt_format[sizeof(filt_format)-1] = '\0';
820 fs_give((void **) &combined);
821 }
822
823 /*
824 * Ad hoc attempt to make "Steve Hubert" match
825 * Steven Hubert but not Steven Shubert.
826 * We replace a <SPACE> with * <SPACE> (not * <SPACE> *).
827 */
828 memset((void *)scp, 0, sizeof(scp));
829 if(info->nosub)
830 strncpy(scp, string, sizeof(scp));
831 else{
832 p = string;
833 q = scp;
834 while(*p && (q - scp) + 1 < sizeof(scp)){
835 if(*p == SPACE && *(p+1) != SPACE){
836 *q++ = '*';
837 *q++ = *p++;
838 }
839 else
840 *q++ = *p++;
841 }
842 }
843
844 scp[sizeof(scp)-1] = '\0';
845
846 slen = strlen(scp);
847 flen = strlen(filt_format);
848 /* truncate string if it will overflow filter */
849 if(args*slen + flen - 2*args > sizeof(filter)-1)
850 scp[(sizeof(filter)-1 - flen)/args] = '\0';
851
852 /*
853 * Replace %s's with scp.
854 */
855 switch(args){
856 case 0:
857 snprintf(filter, sizeof(filter), "%s", filt_format);
858 break;
859 case 1:
860 snprintf(filter, sizeof(filter), filt_format, scp);
861 break;
862 case 2:
863 snprintf(filter, sizeof(filter), filt_format, scp, scp);
864 break;
865 case 3:
866 snprintf(filter, sizeof(filter), filt_format, scp, scp, scp);
867 break;
868 case 4:
869 snprintf(filter, sizeof(filter), filt_format, scp, scp, scp, scp);
870 break;
871 case 5:
872 snprintf(filter, sizeof(filter), filt_format, scp, scp, scp, scp, scp);
873 break;
874 case 6:
875 snprintf(filter, sizeof(filter), filt_format, scp, scp, scp, scp, scp, scp);
876 break;
877 case 7:
878 snprintf(filter, sizeof(filter), filt_format, scp, scp, scp, scp, scp, scp, scp);
879 break;
880 case 8:
881 snprintf(filter, sizeof(filter), filt_format, scp, scp, scp, scp, scp, scp, scp,
882 scp);
883 break;
884 case 9:
885 snprintf(filter, sizeof(filter), filt_format, scp, scp, scp, scp, scp, scp, scp,
886 scp, scp);
887 break;
888 case 10:
889 default:
890 snprintf(filter, sizeof(filter), filt_format, scp, scp, scp, scp, scp, scp, scp,
891 scp, scp, scp);
892 break;
893 }
894
895 /* replace double *'s with single *'s in filter */
896 for(p = q = filter; *p; p++)
897 if(*p != '*' || p == filter || *(p-1) != '*')
898 *q++ = *p;
899
900 *q = '\0';
901
902 (void) removing_double_quotes(base);
903 dprint((5, "about to ldap_search(\"%s\", %s)\n",
904 base ? base : "?", filter ? filter : "?"));
905 if(ps_global->intr_pending)
906 srch_res = LDAP_PROTOCOL_ERROR;
907 else{
908 int msgid;
909 time_t start_time;
910 struct timeval tv = {0}, *tvp = NULL;
911
912 memset((void *)&tv, 0, sizeof(struct timeval));
913 tv.tv_sec = info->time;
914 tvp = &tv;
915
916 start_time = time((time_t *)0);
917
918 dprint((6, "ldap_lookup: calling ldap_search\n"));
919 #ifdef _WINDOWS
920 msgid = ldap_search(ld, base, info->scope, filter, NULL, 0);
921 #else
922 if(ldap_search_ext(ld, base, info->scope, filter, NULL, 0,
923 NULL, NULL, tvp, info->size, &msgid) != LDAP_SUCCESS)
924 msgid = -1;
925 #endif
926
927 if(msgid == -1)
928 srch_res = our_ldap_get_lderrno(ld, NULL, NULL);
929 else{
930 int lres;
931 /*
932 * Warning: struct timeval is not portable. However, since it is
933 * part of LDAP api it must be portable to all platforms LDAP
934 * has been ported to.
935 */
936 struct timeval t;
937
938 t.tv_sec = 1; t.tv_usec = 0;
939
940 do {
941 if(ps_global->intr_pending)
942 intr_happened = 1;
943
944 dprint((6, "ldap_result(id=%d): ", msgid));
945 if((lres=ldap_result(ld, msgid, LDAP_MSG_ALL, &t, &res)) == -1){
946 /* error */
947 srch_res = our_ldap_get_lderrno(ld, NULL, NULL);
948 dprint((6, "error (-1 returned): ld_errno=%d\n",
949 srch_res));
950 }
951 else if(lres == 0){ /* timeout, no results available */
952 if(intr_happened){
953 #ifdef _WINDOWS
954 ldap_abandon(ld, msgid);
955 #else
956 ldap_abandon_ext(ld, msgid, NULL, NULL);
957 #endif
958 srch_res = LDAP_PROTOCOL_ERROR;
959 if(our_ldap_get_lderrno(ld, NULL, NULL) == LDAP_SUCCESS)
960 our_ldap_set_lderrno(ld, LDAP_PROTOCOL_ERROR, NULL, NULL);
961
962 dprint((6, "timeout, intr: srch_res=%d\n",
963 srch_res));
964 }
965 else if(info->time > 0 &&
966 ((long)time((time_t *)0) - start_time) > info->time){
967 /* try for partial results */
968 t.tv_sec = 0; t.tv_usec = 0;
969 lres = ldap_result(ld, msgid, LDAP_MSG_RECEIVED, &t, &res);
970 if(lres > 0 && lres != LDAP_RES_SEARCH_RESULT){
971 srch_res = LDAP_SUCCESS;
972 dprint((6, "partial result: lres=0x%x\n", lres));
973 }
974 else{
975 if(lres == 0)
976 #ifdef _WINDOWS
977 ldap_abandon(ld, msgid);
978 #else
979 ldap_abandon_ext(ld, msgid, NULL, NULL);
980 #endif
981
982 srch_res = LDAP_TIMEOUT;
983 if(our_ldap_get_lderrno(ld, NULL, NULL) == LDAP_SUCCESS)
984 our_ldap_set_lderrno(ld, LDAP_TIMEOUT, NULL, NULL);
985
986 dprint((6,
987 "timeout, total_time (%d), srch_res=%d\n",
988 info->time, srch_res));
989 }
990 }
991 else{
992 dprint((6, "timeout\n"));
993 }
994 }
995 else{
996 #ifdef _WINDOWS
997 srch_res = ldap_result2error(ld, res, 0);
998 dprint((6, "lres=0x%x, srch_res=%d\n", lres,
999 srch_res));
1000 #else
1001 int err;
1002 char *dn, *text, **ref;
1003 LDAPControl **srv;
1004
1005 dn = text = NULL; ref = NULL; srv = NULL;
1006 srch_res = ldap_parse_result(ld, res,
1007 &err, &dn, &text, &ref, &srv, 0);
1008 dprint((6, "lres=0x%x, srch_res=%d, dn=%s, text=%s\n", lres,
1009 srch_res, dn ? dn : "", text ? text : ""));
1010 if(dn) ber_memfree(dn);
1011 if(text) ber_memfree(text);
1012 if(ref) ber_memvfree((void **) ref);
1013 if(srv) ldap_controls_free(srv);
1014 #endif
1015 }
1016 }while(lres == 0 &&
1017 !(intr_happened ||
1018 (info->time > 0 &&
1019 ((long)time((time_t *)0) - start_time) > info->time)));
1020 }
1021 }
1022
1023 if(intr_happened){
1024 wp_exit = 1;
1025 if(we_cancel)
1026 cancel_busy_cue(-1);
1027
1028 if(wp_err->error)
1029 fs_give((void **)&wp_err->error);
1030 else{
1031 q_status_message(SM_ORDER, 0, 1, "Interrupt");
1032 display_message('x');
1033 fflush(stdout);
1034 }
1035
1036 if(res)
1037 ldap_msgfree(res);
1038 if(ld)
1039 #ifdef _WINDOWS
1040 ldap_unbind(ld);
1041 #else
1042 ldap_unbind_ext(ld, NULL, NULL);
1043 #endif
1044
1045 res = NULL; ld = NULL;
1046 }
1047 else if(srch_res != LDAP_SUCCESS &&
1048 srch_res != LDAP_TIMELIMIT_EXCEEDED &&
1049 srch_res != LDAP_RESULTS_TOO_LARGE &&
1050 srch_res != LDAP_TIMEOUT &&
1051 srch_res != LDAP_SIZELIMIT_EXCEEDED){
1052 wp_err->wp_err_occurred = 1;
1053
1054 ld_errnum = our_ldap_get_lderrno(ld, NULL, &ld_errstr);
1055
1056 snprintf(ebuf, sizeof(ebuf), _("LDAP search failed: %s%s%s%s"),
1057 ldap_err2string(ld_errnum),
1058 serv_errstr,
1059 (ld_errstr && *ld_errstr) ? ": " : "",
1060 (ld_errstr && *ld_errstr) ? ld_errstr : "");
1061
1062 if(wp_err->error)
1063 fs_give((void **)&wp_err->error);
1064
1065 wp_err->error = cpystr(ebuf);
1066 if(we_cancel)
1067 cancel_busy_cue(-1);
1068
1069 q_status_message(SM_ORDER, 3, 5, wp_err->error);
1070 display_message('x');
1071 dprint((2, "%s\n", ebuf));
1072 if(res)
1073 ldap_msgfree(res);
1074 if(ld)
1075 #ifdef _WINDOWS
1076 ldap_unbind(ld);
1077 #else
1078 ldap_unbind_ext(ld, NULL, NULL);
1079 #endif
1080
1081 res = NULL; ld = NULL;
1082 }
1083 else{
1084 int cnt;
1085
1086 cnt = ldap_count_entries(ld, res);
1087
1088 if(cnt > 0){
1089
1090 if(srch_res == LDAP_TIMELIMIT_EXCEEDED ||
1091 srch_res == LDAP_RESULTS_TOO_LARGE ||
1092 srch_res == LDAP_TIMEOUT ||
1093 srch_res == LDAP_SIZELIMIT_EXCEEDED){
1094 wp_err->wp_err_occurred = 1;
1095 ld_errnum = our_ldap_get_lderrno(ld, NULL, &ld_errstr);
1096
1097 snprintf(ebuf, sizeof(ebuf), _("LDAP partial results: %s%s%s%s"),
1098 ldap_err2string(ld_errnum),
1099 serv_errstr,
1100 (ld_errstr && *ld_errstr) ? ": " : "",
1101 (ld_errstr && *ld_errstr) ? ld_errstr : "");
1102 dprint((2, "%s\n", ebuf));
1103 if(wp_err->error)
1104 fs_give((void **)&wp_err->error);
1105
1106 wp_err->error = cpystr(ebuf);
1107 if(we_cancel)
1108 cancel_busy_cue(-1);
1109
1110 q_status_message(SM_ORDER, 3, 5, wp_err->error);
1111 display_message('x');
1112 }
1113
1114 dprint((5, "Matched %d entries on %s\n",
1115 cnt, serv ? serv : "?"));
1116
1117 serv_res = (LDAP_SERV_RES_S *)fs_get(sizeof(LDAP_SERV_RES_S));
1118 memset((void *)serv_res, 0, sizeof(*serv_res));
1119 serv_res->ld = ld;
1120 serv_res->res = res;
1121 serv_res->info_used = copy_ldap_serv_info(info);
1122 /* Save by reference? */
1123 if(info->ref){
1124 snprintf(buf, sizeof(buf), "%s:%s", serv, comatose(info->port));
1125 serv_res->serv = cpystr(buf);
1126 }
1127 else
1128 serv_res->serv = NULL;
1129
1130 serv_res->next = NULL;
1131 }
1132 else{
1133 if(srch_res == LDAP_TIMELIMIT_EXCEEDED ||
1134 srch_res == LDAP_RESULTS_TOO_LARGE ||
1135 srch_res == LDAP_TIMEOUT ||
1136 srch_res == LDAP_SIZELIMIT_EXCEEDED){
1137 wp_err->wp_err_occurred = 1;
1138 wp_err->ldap_errno = srch_res;
1139
1140 ld_errnum = our_ldap_get_lderrno(ld, NULL, &ld_errstr);
1141
1142 snprintf(ebuf, sizeof(ebuf), _("LDAP search failed: %s%s%s%s"),
1143 ldap_err2string(ld_errnum),
1144 serv_errstr,
1145 (ld_errstr && *ld_errstr) ? ": " : "",
1146 (ld_errstr && *ld_errstr) ? ld_errstr : "");
1147
1148 if(wp_err->error)
1149 fs_give((void **)&wp_err->error);
1150
1151 wp_err->error = cpystr(ebuf);
1152 if(we_cancel)
1153 cancel_busy_cue(-1);
1154
1155 q_status_message(SM_ORDER, 3, 5, wp_err->error);
1156 display_message('x');
1157 dprint((2, "%s\n", ebuf));
1158 }
1159
1160 dprint((5, "Matched 0 entries on %s\n",
1161 serv ? serv : "?"));
1162 if(res)
1163 ldap_msgfree(res);
1164 if(ld)
1165 #ifdef _WINDOWS
1166 ldap_unbind(ld);
1167 #else
1168 ldap_unbind_ext(ld, NULL, NULL);
1169 #endif
1170
1171 res = NULL; ld = NULL;
1172 }
1173 }
1174 }
1175 }
1176
1177 if(we_cancel)
1178 cancel_busy_cue(-1);
1179
1180 if(we_turned_on)
1181 intr_handling_off();
1182
1183 if(serv)
1184 fs_give((void **)&serv);
1185 if(base)
1186 fs_give((void **)&base);
1187 if(serv_errstr)
1188 fs_give((void **)&serv_errstr);
1189
1190 return(serv_res);
1191 }
1192
1193
1194 /*
1195 * Given a list of entries, present them to user so user may
1196 * select one.
1197 *
1198 * Args head -- The head of the list of results
1199 * orig -- The string the user was searching for
1200 * result -- Returned pointer to chosen LDAP_SEARCH_WINNER or NULL
1201 * wp_err -- Error handling
1202 * style --
1203 *
1204 * Returns 0 ok
1205 * -1 Exit chosen by user
1206 * -2 None of matched entries had an email address
1207 * -3 No matched entries
1208 * -4 Goback to Abook List chosen by user
1209 * -5 caller shouldn't free head
1210 */
1211 int
1212 ask_user_which_entry(LDAP_SERV_RES_S *head, char *orig, LDAP_CHOOSE_S **result,
1213 WP_ERR_S *wp_err, LDAPLookupStyle style)
1214 {
1215 ADDR_CHOOSE_S ac;
1216 char t[200];
1217 int retval;
1218
1219 dprint((3, "ask_user_which(style=%s)\n",
1220 style == AlwaysDisplayAndMailRequired ? "AlwaysDisplayAndMailRequired" :
1221 style == AlwaysDisplay ? "AlwaysDisplay" :
1222 style == DisplayIfTwo ? "DisplayIfTwo" :
1223 style == DisplayForURL ? "DisplayForURL" :
1224 style == DisplayIfOne ? "DisplayIfOne" : "?"));
1225
1226 /*
1227 * Set up a screen for user to choose one entry.
1228 */
1229
1230 if(style == AlwaysDisplay || style == DisplayForURL)
1231 snprintf(t, sizeof(t), "SEARCH RESULTS INDEX");
1232 else{
1233 int len;
1234
1235 len = strlen(orig);
1236 snprintf(t, sizeof(t), _("SELECT ONE ADDRESS%s%s%s"),
1237 (orig && *orig && len < 40) ? " FOR \"" : "",
1238 (orig && *orig && len < 40) ? orig : "",
1239 (orig && *orig && len < 40) ? "\"" : "");
1240 }
1241
1242 memset(&ac, 0, sizeof(ADDR_CHOOSE_S));
1243 ac.title = cpystr(t);
1244 ac.res_head = head;
1245
1246 retval = ldap_addr_select(ps_global, &ac, result, style, wp_err, orig);
1247
1248 switch(retval){
1249 case 0: /* Ok */
1250 break;
1251
1252 case -1: /* Exit chosen by user */
1253 wp_exit = 1;
1254 break;
1255
1256 case -4: /* GoBack to AbookList chosen by user */
1257 break;
1258
1259 case -5:
1260 wp_nobail = 1;
1261 break;
1262
1263 case -2:
1264 if(style != AlwaysDisplay){
1265 if(wp_err->error)
1266 fs_give((void **)&wp_err->error);
1267
1268 wp_err->error =
1269 cpystr(_("None of the names matched on directory server has an email address"));
1270 q_status_message(SM_ORDER, 3, 5, wp_err->error);
1271 display_message('x');
1272 }
1273
1274 break;
1275
1276 case -3:
1277 if(style == AlwaysDisplayAndMailRequired){
1278 if(wp_err->error)
1279 fs_give((void **)&wp_err->error);
1280
1281 wp_err->error = cpystr(_("No matches on directory server"));
1282 q_status_message(SM_ORDER, 3, 5, wp_err->error);
1283 display_message('x');
1284 }
1285
1286 break;
1287 }
1288
1289 fs_give((void **)&ac.title);
1290
1291 return(retval);
1292 }
1293
1294
1295 ADDRESS *
1296 address_from_ldap(LDAP_CHOOSE_S *winning_e)
1297 {
1298 ADDRESS *ret_a = NULL;
1299
1300 if(winning_e){
1301 char *a;
1302 BerElement *ber;
1303
1304 ret_a = mail_newaddr();
1305 for(a = ldap_first_attribute(winning_e->ld, winning_e->selected_entry, &ber);
1306 a != NULL;
1307 a = ldap_next_attribute(winning_e->ld, winning_e->selected_entry, ber)){
1308 int i;
1309 char *p;
1310 struct berval **vals;
1311
1312 dprint((9, "attribute: %s\n", a ? a : "?"));
1313 if(!ret_a->personal &&
1314 strcmp(a, winning_e->info_used->cnattr) == 0){
1315 dprint((9, "Got cnattr:"));
1316 vals = ldap_get_values_len(winning_e->ld, winning_e->selected_entry, a);
1317 for(i = 0; i < ldap_count_values_len(vals); i++)
1318 dprint((9, " %s\n",
1319 vals[i] ? vals[i]->bv_val : "?"));
1320
1321 if(ALPINE_LDAP_can_use(vals))
1322 ret_a->personal = cpystr(vals[0]->bv_val);
1323
1324 ldap_value_free_len(vals);
1325 }
1326 else if(!ret_a->mailbox &&
1327 strcmp(a, winning_e->info_used->mailattr) == 0){
1328 dprint((9, "Got mailattr:"));
1329 vals = ldap_get_values_len(winning_e->ld, winning_e->selected_entry, a);
1330 for(i = 0; i < ldap_count_values_len(vals); i++)
1331 dprint((9, " %s\n",
1332 vals[i] ? vals[i]->bv_val : "?"));
1333
1334 /* use first one */
1335 if(ALPINE_LDAP_can_use(vals)){
1336 if((p = strindex(vals[0]->bv_val, '@')) != NULL){
1337 ret_a->host = cpystr(p+1);
1338 *p = '\0';
1339 }
1340
1341 ret_a->mailbox = cpystr(vals[0]->bv_val);
1342 }
1343
1344 ldap_value_free_len(vals);
1345 }
1346
1347 our_ldap_memfree(a);
1348 }
1349 }
1350
1351 return(ret_a);
1352 }
1353
1354
1355 /*
1356 * Break up the ldap-server string stored in the pinerc into its
1357 * parts. The structure is allocated here and should be freed by the caller.
1358 *
1359 * The original string looks like
1360 * <servername>[:port] <SPACE> "/base=<base>/impl=1/..."
1361 *
1362 * Args serv_str -- The original string from the pinerc to parse.
1363 *
1364 * Returns A pointer to a structure with filled in answers.
1365 *
1366 * Some of the members have defaults. If port is -1, that means to use
1367 * the default LDAP_PORT. If base is NULL, use "". Type and srch have
1368 * defaults defined in alpine.h. If cust is non-NULL, it overrides type and
1369 * srch.
1370 */
1371 LDAP_SERV_S *
1372 break_up_ldap_server(char *serv_str)
1373 {
1374 char *lserv;
1375 char *q, *p, *tail;
1376 int i, only_one = 1;
1377 LDAP_SERV_S *info = NULL;
1378
1379 if(!serv_str)
1380 return(info);
1381
1382 info = (LDAP_SERV_S *)fs_get(sizeof(LDAP_SERV_S));
1383
1384 /*
1385 * Initialize to defaults.
1386 */
1387 memset((void *)info, 0, sizeof(*info));
1388 info->port = -1;
1389 info->srch = -1;
1390 info->type = -1;
1391 info->time = -1;
1392 info->size = -1;
1393 info->scope = -1;
1394
1395 /* copy the whole string to work on */
1396 lserv = cpystr(serv_str);
1397 if(lserv)
1398 removing_trailing_white_space(lserv);
1399
1400 if(!lserv || !*lserv || *lserv == '"'){
1401 if(lserv)
1402 fs_give((void **)&lserv);
1403
1404 if(info)
1405 free_ldap_server_info(&info);
1406
1407 return(NULL);
1408 }
1409
1410 tail = lserv;
1411 while((tail = strindex(tail, SPACE)) != NULL){
1412 tail++;
1413 if(*tail == '"' || *tail == '/'){
1414 *(tail-1) = '\0';
1415 break;
1416 }
1417 else
1418 only_one = 0;
1419 }
1420
1421 /* tail is the part after server[:port] <SPACE> */
1422 if(tail && *tail){
1423 removing_leading_white_space(tail);
1424 (void)removing_double_quotes(tail);
1425 }
1426
1427 /* get the optional port number */
1428 if(only_one && (q = strindex(lserv, ':')) != NULL){
1429 int ldapport = -1;
1430
1431 *q = '\0';
1432 if((ldapport = atoi(q+1)) >= 0)
1433 info->port = ldapport;
1434 }
1435
1436 /* use lserv for serv even though it has a few extra bytes alloced */
1437 info->serv = lserv;
1438
1439 if(tail && *tail){
1440 /* get the search base */
1441 if((q = srchstr(tail, "/base=")) != NULL)
1442 info->base = remove_backslash_escapes(q+6);
1443
1444 if((q = srchstr(tail, "/binddn=")) != NULL)
1445 info->binddn = remove_backslash_escapes(q+8);
1446
1447 /* get the implicit parameter */
1448 if((q = srchstr(tail, "/impl=1")) != NULL)
1449 info->impl = 1;
1450
1451 /* get the rhs parameter */
1452 if((q = srchstr(tail, "/rhs=1")) != NULL)
1453 info->rhs = 1;
1454
1455 /* get the ref parameter */
1456 if((q = srchstr(tail, "/ref=1")) != NULL)
1457 info->ref = 1;
1458
1459 /* get the nosub parameter */
1460 if((q = srchstr(tail, "/nosub=1")) != NULL)
1461 info->nosub = 1;
1462
1463 /* get the tls parameter */
1464 if((q = srchstr(tail, "/tls=1")) != NULL)
1465 info->tls = 1;
1466
1467 /* get the tlsmust parameter */
1468 if((q = srchstr(tail, "/tlsm=1")) != NULL)
1469 info->tlsmust = 1;
1470
1471 /* get the ldaps parameter */
1472 if((q = srchstr(tail, "/ldaps=1")) != NULL)
1473 info->ldaps = 1;
1474
1475 /* get the search type value */
1476 if((q = srchstr(tail, "/type=")) != NULL){
1477 NAMEVAL_S *v;
1478
1479 q += 6;
1480 if((p = strindex(q, '/')) != NULL)
1481 *p = '\0';
1482
1483 for(i = 0; (v = ldap_search_types(i)); i++)
1484 if(!strucmp(q, v->name)){
1485 info->type = v->value;
1486 break;
1487 }
1488
1489 if(p)
1490 *p = '/';
1491 }
1492
1493 /* get the search rule value */
1494 if((q = srchstr(tail, "/srch=")) != NULL){
1495 NAMEVAL_S *v;
1496
1497 q += 6;
1498 if((p = strindex(q, '/')) != NULL)
1499 *p = '\0';
1500
1501 for(i = 0; (v = ldap_search_rules(i)); i++)
1502 if(!strucmp(q, v->name)){
1503 info->srch = v->value;
1504 break;
1505 }
1506
1507 if(p)
1508 *p = '/';
1509 }
1510
1511 /* get the scope */
1512 if((q = srchstr(tail, "/scope=")) != NULL){
1513 NAMEVAL_S *v;
1514
1515 q += 7;
1516 if((p = strindex(q, '/')) != NULL)
1517 *p = '\0';
1518
1519 for(i = 0; (v = ldap_search_scope(i)); i++)
1520 if(!strucmp(q, v->name)){
1521 info->scope = v->value;
1522 break;
1523 }
1524
1525 if(p)
1526 *p = '/';
1527 }
1528
1529 /* get the time limit */
1530 if((q = srchstr(tail, "/time=")) != NULL){
1531 q += 6;
1532 if((p = strindex(q, '/')) != NULL)
1533 *p = '\0';
1534
1535 /* This one's a number */
1536 if(*q){
1537 char *err;
1538
1539 err = strtoval(q, &i, 0, 500, 0, tmp_20k_buf, SIZEOF_20KBUF, "ldap timelimit");
1540 if(err){
1541 dprint((1, "%s\n", err ? err : "?"));
1542 }
1543 else
1544 info->time = i;
1545 }
1546
1547 if(p)
1548 *p = '/';
1549 }
1550
1551 /* get the size limit */
1552 if((q = srchstr(tail, "/size=")) != NULL){
1553 q += 6;
1554 if((p = strindex(q, '/')) != NULL)
1555 *p = '\0';
1556
1557 /* This one's a number */
1558 if(*q){
1559 char *err;
1560
1561 err = strtoval(q, &i, 0, 500, 0, tmp_20k_buf, SIZEOF_20KBUF, "ldap sizelimit");
1562 if(err){
1563 dprint((1, "%s\n", err ? err : "?"));
1564 }
1565 else
1566 info->size = i;
1567 }
1568
1569 if(p)
1570 *p = '/';
1571 }
1572
1573 /* get the custom search filter */
1574 if((q = srchstr(tail, "/cust=")) != NULL)
1575 info->cust = remove_backslash_escapes(q+6);
1576
1577 /* get the nickname */
1578 if((q = srchstr(tail, "/nick=")) != NULL)
1579 info->nick = remove_backslash_escapes(q+6);
1580
1581 /* get the mail attribute name */
1582 if((q = srchstr(tail, "/matr=")) != NULL)
1583 info->mailattr = remove_backslash_escapes(q+6);
1584
1585 /* get the sn attribute name */
1586 if((q = srchstr(tail, "/satr=")) != NULL)
1587 info->snattr = remove_backslash_escapes(q+6);
1588
1589 /* get the gn attribute name */
1590 if((q = srchstr(tail, "/gatr=")) != NULL)
1591 info->gnattr = remove_backslash_escapes(q+6);
1592
1593 /* get the cn attribute name */
1594 if((q = srchstr(tail, "/catr=")) != NULL)
1595 info->cnattr = remove_backslash_escapes(q+6);
1596
1597 /* get the backup mail address */
1598 if((q = srchstr(tail, "/mail=")) != NULL)
1599 info->mail = remove_backslash_escapes(q+6);
1600 }
1601
1602 return(info);
1603 }
1604
1605
1606 void
1607 free_ldap_server_info(LDAP_SERV_S **info)
1608 {
1609 if(info && *info){
1610 if((*info)->serv)
1611 fs_give((void **)&(*info)->serv);
1612
1613 if((*info)->base)
1614 fs_give((void **)&(*info)->base);
1615
1616 if((*info)->cust)
1617 fs_give((void **)&(*info)->cust);
1618
1619 if((*info)->binddn)
1620 fs_give((void **)&(*info)->binddn);
1621
1622 if((*info)->nick)
1623 fs_give((void **)&(*info)->nick);
1624
1625 if((*info)->mail)
1626 fs_give((void **)&(*info)->mail);
1627
1628 if((*info)->mailattr)
1629 fs_give((void **)&(*info)->mailattr);
1630
1631 if((*info)->snattr)
1632 fs_give((void **)&(*info)->snattr);
1633
1634 if((*info)->gnattr)
1635 fs_give((void **)&(*info)->gnattr);
1636
1637 if((*info)->cnattr)
1638 fs_give((void **)&(*info)->cnattr);
1639
1640 fs_give((void **)info);
1641 *info = NULL;
1642 }
1643 }
1644
1645
1646 LDAP_SERV_S *
1647 copy_ldap_serv_info(LDAP_SERV_S *src)
1648 {
1649 LDAP_SERV_S *info = NULL;
1650
1651 if(src){
1652 info = (LDAP_SERV_S *) fs_get(sizeof(*info));
1653
1654 /*
1655 * Initialize to defaults.
1656 */
1657 memset((void *)info, 0, sizeof(*info));
1658
1659 info->serv = src->serv ? cpystr(src->serv) : NULL;
1660 info->base = src->base ? cpystr(src->base) : NULL;
1661 info->cust = src->cust ? cpystr(src->cust) : NULL;
1662 info->binddn = src->binddn ? cpystr(src->binddn) : NULL;
1663 info->nick = src->nick ? cpystr(src->nick) : NULL;
1664 info->mail = src->mail ? cpystr(src->mail) : NULL;
1665 info->mailattr = cpystr((src->mailattr && src->mailattr[0])
1666 ? src->mailattr : DEF_LDAP_MAILATTR);
1667 info->snattr = cpystr((src->snattr && src->snattr[0])
1668 ? src->snattr : DEF_LDAP_SNATTR);
1669 info->gnattr = cpystr((src->gnattr && src->gnattr[0])
1670 ? src->gnattr : DEF_LDAP_GNATTR);
1671 info->cnattr = cpystr((src->cnattr && src->cnattr[0])
1672 ? src->cnattr : DEF_LDAP_CNATTR);
1673
1674 info->port = (src->port < 0) ? LDAP_PORT : src->port;
1675 info->time = (src->time < 0) ? DEF_LDAP_TIME : src->time;
1676 info->size = (src->size < 0) ? DEF_LDAP_SIZE : src->size;
1677 info->type = (src->type < 0) ? DEF_LDAP_TYPE : src->type;
1678 info->srch = (src->srch < 0) ? DEF_LDAP_SRCH : src->srch;
1679 info->scope = (src->scope < 0) ? DEF_LDAP_SCOPE : src->scope;
1680 info->impl = src->impl;
1681 info->rhs = src->rhs;
1682 info->ref = src->ref;
1683 info->nosub = src->nosub;
1684 info->tls = src->tls;
1685 }
1686
1687 return(info);
1688 }
1689
1690
1691 void
1692 free_ldap_result_list(LDAP_SERV_RES_S **r)
1693 {
1694 if(r && *r){
1695 free_ldap_result_list(&(*r)->next);
1696 if((*r)->res)
1697 ldap_msgfree((*r)->res);
1698 if((*r)->ld)
1699 #ifdef _WINDOWS
1700 ldap_unbind((*r)->ld);
1701 #else
1702 ldap_unbind_ext((*r)->ld, NULL, NULL);
1703 #endif
1704 if((*r)->info_used)
1705 free_ldap_server_info(&(*r)->info_used);
1706 if((*r)->serv)
1707 fs_give((void **) &(*r)->serv);
1708
1709 fs_give((void **) r);
1710 }
1711 }
1712
1713
1714 /*
1715 * Mask API differences.
1716 */
1717 void
1718 our_ldap_memfree(void *a)
1719 {
1720 #if (LDAPAPI >= 15)
1721 if(a)
1722 ldap_memfree(a);
1723 #endif
1724 }
1725
1726
1727 /*
1728 * Mask API differences.
1729 */
1730 void
1731 our_ldap_dn_memfree(void *a)
1732 {
1733 #if defined(_WINDOWS)
1734 if(a)
1735 ldap_memfree(a);
1736 #else
1737 #if (LDAPAPI >= 15)
1738 if(a)
1739 ldap_memfree(a);
1740 #else
1741 if(a)
1742 free(a);
1743 #endif
1744 #endif
1745 }
1746
1747
1748 /*
1749 * More API masking.
1750 */
1751 int
1752 our_ldap_get_lderrno(LDAP *ld, char **m, char **s)
1753 {
1754 int ret = 0;
1755
1756 #if (LDAPAPI >= 2000)
1757 if(ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, (void *)&ret) == 0){
1758 if(s)
1759 ldap_get_option(ld, LDAP_OPT_ERROR_STRING, (void *)s);
1760 }
1761 #elif (LDAPAPI >= 15)
1762 ret = ldap_get_lderrno(ld, m, s);
1763 #else
1764 ret = ld->ld_errno;
1765 if(s)
1766 *s = ld->ld_error;
1767 #endif
1768
1769 return(ret);
1770 }
1771
1772
1773 /*
1774 * More API masking.
1775 */
1776 int
1777 our_ldap_set_lderrno(LDAP *ld, int e, char *m, char *s)
1778 {
1779 int ret;
1780
1781 #if (LDAPAPI >= 2000)
1782 if(ldap_set_option(ld, LDAP_OPT_ERROR_NUMBER, (void *)&e) == 0)
1783 ret = LDAP_SUCCESS;
1784 else
1785 (void)ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, (void *)&ret);
1786 #elif (LDAPAPI >= 15)
1787 ret = ldap_set_lderrno(ld, e, m, s);
1788 #else
1789 /* this is all we care about */
1790 ld->ld_errno = e;
1791 ret = LDAP_SUCCESS;
1792 #endif
1793
1794 return(ret);
1795 }
1796
1797
1798 /*
1799 * More API masking.
1800 */
1801 int
1802 our_ldap_set_option(LDAP *ld, int option, void *optdata)
1803 {
1804 int ret;
1805
1806 #if (LDAPAPI >= 15)
1807 ret = ldap_set_option(ld, option, optdata);
1808 #else
1809 switch(option){
1810 case LDAP_OPT_TIMELIMIT:
1811 ld->ld_timelimit = *(int *)optdata;
1812 break;
1813
1814 case LDAP_OPT_SIZELIMIT:
1815 ld->ld_sizelimit = *(int *)optdata;
1816 break;
1817
1818 case LDAP_OPT_RESTART:
1819 if((int)optdata)
1820 ld->ld_options |= LDAP_OPT_RESTART;
1821 else
1822 ld->ld_options &= ~LDAP_OPT_RESTART;
1823
1824 break;
1825
1826 /*
1827 * Does nothing here. There is only one protocol version supported.
1828 */
1829 case LDAP_OPT_PROTOCOL_VERSION:
1830 ret = -1;
1831 break;
1832
1833 default:
1834 alpine_panic("LDAP function not implemented");
1835 }
1836 #endif
1837
1838 return(ret);
1839 }
1840
1841
1842 /*
1843 * Returns 1 if we can use LDAP version 3 protocol.
1844 */
1845 int
1846 ldap_v3_is_supported(LDAP *ld)
1847 {
1848 return(1);
1849 }
1850
1851 struct tl_table {
1852 char *ldap_ese;
1853 char *translated;
1854 };
1855
1856 static struct tl_table ldap_trans_table[]={
1857 /*
1858 * TRANSLATORS: This is a list of LDAP attributes with translations to present
1859 * to the user. For example the attribute mail is Email Address and the attribute
1860 * cn is Name.
1861 */
1862 {"mail", N_("Email Address")},
1863 #define LDAP_MAIL_ATTR 0
1864 {"sn", N_("Surname")},
1865 #define LDAP_SN_ATTR 1
1866 {"givenName", N_("Given Name")},
1867 #define LDAP_GN_ATTR 2
1868 {"cn", N_("Name")},
1869 #define LDAP_CN_ATTR 3
1870 {"electronicmail", N_("Email Address")},
1871 #define LDAP_EMAIL_ATTR 4
1872 {"o", N_("Organization")},
1873 {"ou", N_("Unit")},
1874 {"c", N_("Country")},
1875 {"st", N_("State or Province")},
1876 {"l", N_("Locality")},
1877 {"objectClass", N_("Object Class")},
1878 {"title", N_("Title")},
1879 {"departmentNumber", N_("Department")},
1880 {"postalAddress", N_("Postal Address")},
1881 {"homePostalAddress", N_("Home Address")},
1882 {"mailStop", N_("Mail Stop")},
1883 {"telephoneNumber", N_("Voice Telephone")},
1884 {"homePhone", N_("Home Telephone")},
1885 {"officePhone", N_("Office Telephone")},
1886 {"facsimileTelephoneNumber", N_("FAX Telephone")},
1887 {"mobile", N_("Mobile Telephone")},
1888 {"pager", N_("Pager")},
1889 {"roomNumber", N_("Room Number")},
1890 {"uid", N_("User ID")},
1891 {NULL, NULL}
1892 };
1893
1894 char *
1895 ldap_translate(char *a, LDAP_SERV_S *info_used)
1896 {
1897 int i;
1898
1899 if(info_used){
1900 if(info_used->mailattr && strucmp(info_used->mailattr, a) == 0)
1901 return(_(ldap_trans_table[LDAP_MAIL_ATTR].translated));
1902 else if(info_used->snattr && strucmp(info_used->snattr, a) == 0)
1903 return(_(ldap_trans_table[LDAP_SN_ATTR].translated));
1904 else if(info_used->gnattr && strucmp(info_used->gnattr, a) == 0)
1905 return(_(ldap_trans_table[LDAP_GN_ATTR].translated));
1906 else if(info_used->cnattr && strucmp(info_used->cnattr, a) == 0)
1907 return(_(ldap_trans_table[LDAP_CN_ATTR].translated));
1908 }
1909
1910 for(i = 0; ldap_trans_table[i].ldap_ese; i++){
1911 if(info_used)
1912 switch(i){
1913 case LDAP_MAIL_ATTR:
1914 case LDAP_SN_ATTR:
1915 case LDAP_GN_ATTR:
1916 case LDAP_CN_ATTR:
1917 case LDAP_EMAIL_ATTR:
1918 continue;
1919 }
1920
1921 if(strucmp(ldap_trans_table[i].ldap_ese, a) == 0)
1922 return(_(ldap_trans_table[i].translated));
1923 }
1924
1925 return(a);
1926 }
1927
1928 char **
1929 berval_to_array(struct berval **v)
1930 {
1931 char **rv = NULL;
1932 int i, len;
1933
1934 if(v == NULL) return rv;
1935 len = ldap_count_values_len(v);
1936
1937 rv = fs_get((len+1)*sizeof(char *));
1938 for(i = 0; i < len; i++)
1939 if(ALPINE_LDAP_can_use_num(v, i))
1940 rv[i] = cpystr(v[i]->bv_val);
1941 else
1942 rv[i] = NULL;
1943 rv[len] = NULL;
1944
1945 return rv;
1946 }
1947
1948 #endif /* ENABLE_LDAP */
Alpine is a program to manage e-mail