search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
* Create help for explaining how encrypted password file support
[alpine.git] / pith / ldap.c
blob6fc9630374ac2f8c4e36b72dd6e13f21aab38d9d
1 #if !defined(lint) && !defined(DOS)
2 static char rcsid[] = "$Id: ldap.c 1204 2009-02-02 19:54:23Z hubert@u.washington.edu $";
3 #endif
4
5 /*
6 * ========================================================================
7 * Copyright 2006-2008 University of Washington
8 * Copyright 2013-2014 Eduardo Chappa
9 *
10 * Licensed under the Apache License, Version 2.0 (the "License");
11 * you may not use this file except in compliance with the License.
12 * You may obtain a copy of the License at
13 *
14 * http://www.apache.org/licenses/LICENSE-2.0
15 *
16 * ========================================================================
17 */
18
19 #include "../pith/headers.h"
20 #include "../pith/ldap.h"
21 #include "../pith/state.h"
22 #include "../pith/conf.h"
23 #include "../pith/status.h"
24 #include "../pith/util.h"
25 #include "../pith/imap.h"
26 #include "../pith/busy.h"
27 #include "../pith/signal.h"
28 #include "../pith/ablookup.h"
29
30
31 /*
32 * Until we can think of a better way to do this. If user exits from an
33 * ldap address selection screen we want to return -1 so that call_builder
34 * will stay on the same line. Might want to use another return value
35 * for the builder so that call_builder more fully understands what we're
36 * up to.
37 */
38 int wp_exit;
39 int wp_nobail;
40
41
42 #ifdef ENABLE_LDAP
43 /*
44 * Hook to allow user input on whether or not to save chosen LDAP result
45 */
46 void (*pith_opt_save_ldap_entry)(struct pine *, LDAP_CHOOSE_S *, int);
47
48
49 /*
50 * Internal prototypes
51 */
52 LDAP_SERV_RES_S *ldap_lookup(LDAP_SERV_S *, char *, CUSTOM_FILT_S *, WP_ERR_S *, int);
53 LDAP_SERV_S *copy_ldap_serv_info(LDAP_SERV_S *);
54 int our_ldap_get_lderrno(LDAP *, char **, char **);
55 int our_ldap_set_lderrno(LDAP *, int, char *, char *);
56 #endif /* ENABLE_LDAP */
57
58
59 /*
60 * This function does white pages lookups.
61 *
62 * Args string -- the string to use in the lookup
63 *
64 * Returns NULL -- lookup failed
65 * Address -- A single address is returned if lookup was successfull.
66 */
67 ADDRESS *
68 wp_lookups(char *string, WP_ERR_S *wp_err, int recursing)
69 {
70 ADDRESS *ret_a = NULL;
71 char ebuf[200];
72 #ifdef ENABLE_LDAP
73 LDAP_SERV_RES_S *free_when_done = NULL;
74 LDAPLookupStyle style;
75 LDAP_CHOOSE_S *winning_e = NULL;
76 LDAP_SERV_S *info = NULL;
77 static char *fakedomain = "@";
78 char *tmp_a_string;
79 int auwe_rv = 0;
80
81 /*
82 * Runtime ldap lookup of addrbook entry.
83 */
84 if(!strncmp(string, RUN_LDAP, LEN_RL)){
85 LDAP_SERV_RES_S *head_of_result_list;
86
87 info = break_up_ldap_server(string+LEN_RL);
88 head_of_result_list = ldap_lookup(info, "", NULL, wp_err, 1);
89
90 if(head_of_result_list){
91 if(!wp_exit)
92 auwe_rv = ask_user_which_entry(head_of_result_list, string,
93 &winning_e,
94 wp_err,
95 wp_err->wp_err_occurred
96 ? DisplayIfOne : DisplayIfTwo);
97
98 if(auwe_rv != -5)
99 free_when_done = head_of_result_list;
100 }
101 else{
102 wp_err->wp_err_occurred = 1;
103 if(wp_err->error){
104 q_status_message(SM_ORDER, 3, 5, wp_err->error);
105 display_message('x');
106 fs_give((void **)&wp_err->error);
107 }
108
109 /* try using backup email address */
110 if(info && info->mail && *info->mail){
111 tmp_a_string = cpystr(info->mail);
112 rfc822_parse_adrlist(&ret_a, tmp_a_string, fakedomain);
113 fs_give((void **)&tmp_a_string);
114
115 wp_err->error =
116 cpystr(_("Directory lookup failed, using backup email address"));
117 }
118 else{
119 /*
120 * Do this so the awful LDAP: ... string won't show up
121 * in the composer. This shouldn't actually happen in
122 * real life, so we're not too concerned about it. If we
123 * were we'd want to recover the nickname we started with
124 * somehow, or something like that.
125 */
126 ret_a = mail_newaddr();
127 ret_a->mailbox = cpystr("missing-username");
128 wp_err->error = cpystr(_("Directory lookup failed, no backup email address available"));
129 }
130
131 q_status_message(SM_ORDER, 3, 5, wp_err->error);
132 display_message('x');
133 }
134 }
135 else{
136 style = F_ON(F_COMPOSE_REJECTS_UNQUAL, ps_global)
137 ? DisplayIfOne : DisplayIfTwo;
138 auwe_rv = ldap_lookup_all(string, as.n_serv, recursing, style, NULL,
139 &winning_e, wp_err, &free_when_done);
140 }
141
142 if(winning_e && auwe_rv != -5){
143 ret_a = address_from_ldap(winning_e);
144
145 if(pith_opt_save_ldap_entry && ret_a && F_ON(F_ADD_LDAP_TO_ABOOK, ps_global) && !info)
146 (*pith_opt_save_ldap_entry)(ps_global, winning_e, 1);
147
148
149 fs_give((void **)&winning_e);
150 }
151
152 /* Info's only set in the RUN_LDAP case */
153 if(info){
154 if(ret_a && ret_a->host){
155 ADDRESS *backup = NULL;
156
157 if(info->mail && *info->mail)
158 rfc822_parse_adrlist(&backup, info->mail, fakedomain);
159
160 if(!backup || !address_is_same(ret_a, backup)){
161 if(wp_err->error){
162 q_status_message(SM_ORDER, 3, 5, wp_err->error);
163 display_message('x');
164 fs_give((void **)&wp_err->error);
165 }
166
167 snprintf(ebuf, sizeof(ebuf),
168 _("Warning: current address different from saved address (%s)"),
169 info->mail);
170 wp_err->error = cpystr(ebuf);
171 q_status_message(SM_ORDER, 3, 5, wp_err->error);
172 display_message('x');
173 }
174
175 if(backup)
176 mail_free_address(&backup);
177 }
178
179 free_ldap_server_info(&info);
180 }
181
182 if(free_when_done)
183 free_ldap_result_list(&free_when_done);
184 #endif /* ENABLE_LDAP */
185
186 if(ret_a){
187 if(ret_a->mailbox){ /* indicates there was a MAIL attribute */
188 if(!ret_a->host || !ret_a->host[0]){
189 if(ret_a->host)
190 fs_give((void **)&ret_a->host);
191
192 ret_a->host = cpystr("missing-hostname");
193 wp_err->wp_err_occurred = 1;
194 if(wp_err->error)
195 fs_give((void **)&wp_err->error);
196
197 wp_err->error = cpystr(_("Missing hostname in LDAP address"));
198 q_status_message(SM_ORDER, 3, 5, wp_err->error);
199 display_message('x');
200 }
201
202 if(!ret_a->mailbox[0]){
203 if(ret_a->mailbox)
204 fs_give((void **)&ret_a->mailbox);
205
206 ret_a->mailbox = cpystr("missing-username");
207 wp_err->wp_err_occurred = 1;
208 if(wp_err->error)
209 fs_give((void **)&wp_err->error);
210
211 wp_err->error = cpystr(_("Missing username in LDAP address"));
212 q_status_message(SM_ORDER, 3, 5, wp_err->error);
213 display_message('x');
214 }
215 }
216 else{
217 wp_err->wp_err_occurred = 1;
218
219 if(wp_err->error)
220 fs_give((void **)&wp_err->error);
221
222 snprintf(ebuf, sizeof(ebuf), _("No email address available for \"%s\""),
223 (ret_a->personal && *ret_a->personal)
224 ? ret_a->personal
225 : "selected entry");
226 wp_err->error = cpystr(ebuf);
227 q_status_message(SM_ORDER, 3, 5, wp_err->error);
228 display_message('x');
229 mail_free_address(&ret_a);
230 ret_a = NULL;
231 }
232 }
233
234 return(ret_a);
235 }
236
237
238 #ifdef ENABLE_LDAP
239
240 /*
241 * Goes through all servers looking up string.
242 *
243 * Args string -- String to search for
244 * who -- Which servers to look on
245 * style -- Sometimes we want to display no matter what, sometimes
246 * only if more than one entry, sometimes only if email
247 * addresses, ...
248 *
249 * The possible styles are:
250 * AlwaysDisplayAndMailRequired: This happens when user ^T's from
251 * composer to address book screen, and
252 * then queries directory server.
253 * AlwaysDisplay: This happens when user is browsing
254 * in address book maintenance screen and
255 * then queries directory server.
256 * DisplayIfOne: These two come from implicit lookups
257 * DisplayIfTwo: from build_address. If the compose rejects
258 * unqualified feature is on we get the
259 * DisplayIfOne, otherwise IfTwo.
260 *
261 * cust -- Use this custom filter instead of configured filters
262 * winning_e -- Return value
263 * wp_err -- Error handling
264 * free_when_done -- Caller needs to free this
265 *
266 * Returns -- value returned by ask_user_which_entry
267 */
268 int
269 ldap_lookup_all(char *string, int who, int recursing, LDAPLookupStyle style,
270 CUSTOM_FILT_S *cust, LDAP_CHOOSE_S **winning_e,
271 WP_ERR_S *wp_err, LDAP_SERV_RES_S **free_when_done)
272 {
273 int retval = -1;
274 LDAP_SERV_RES_S *head_of_result_list = NULL;
275
276 wp_exit = wp_nobail = 0;
277 if(free_when_done)
278 *free_when_done = NULL;
279
280 head_of_result_list = ldap_lookup_all_work(string, who, recursing,
281 cust, wp_err);
282
283 if(!wp_exit)
284 retval = ask_user_which_entry(head_of_result_list, string, winning_e,
285 wp_err,
286 (wp_err->wp_err_occurred &&
287 style == DisplayIfTwo) ? DisplayIfOne
288 : style);
289
290 /*
291 * Because winning_e probably points into the result list
292 * we need to leave the result list alone and have the caller
293 * free it after they are done with winning_e.
294 */
295 if(retval != -5 && free_when_done)
296 *free_when_done = head_of_result_list;
297
298 return(retval);
299 }
300
301
302 /*
303 * Goes through all servers looking up string.
304 *
305 * Args string -- String to search for
306 * who -- Which servers to look on
307 * cust -- Use this custom filter instead of configured filters
308 * wp_err -- Error handling
309 *
310 * Returns -- list of results that needs to be freed by caller
311 */
312 LDAP_SERV_RES_S *
313 ldap_lookup_all_work(char *string, int who, int recursing,
314 CUSTOM_FILT_S *cust, WP_ERR_S *wp_err)
315 {
316 int i;
317 LDAP_SERV_RES_S *serv_res;
318 LDAP_SERV_RES_S *rr, *head_of_result_list = NULL;
319
320 /* If there is at least one server */
321 if(ps_global->VAR_LDAP_SERVERS && ps_global->VAR_LDAP_SERVERS[0] &&
322 ps_global->VAR_LDAP_SERVERS[0][0]){
323 int how_many_servers;
324
325 for(i = 0; ps_global->VAR_LDAP_SERVERS[i] &&
326 ps_global->VAR_LDAP_SERVERS[i][0]; i++)
327 ;
328
329 how_many_servers = i;
330
331 /* For each server in list */
332 for(i = 0; !wp_exit && ps_global->VAR_LDAP_SERVERS[i] &&
333 ps_global->VAR_LDAP_SERVERS[i][0]; i++){
334 LDAP_SERV_S *info;
335
336 dprint((6, "ldap_lookup_all_work: lookup on server (%.256s)\n",
337 ps_global->VAR_LDAP_SERVERS[i]));
338 info = NULL;
339 if(who == -1 || who == i || who == as.n_serv)
340 info = break_up_ldap_server(ps_global->VAR_LDAP_SERVERS[i]);
341
342 /*
343 * Who tells us which servers to look on.
344 * Who == -1 means all servers.
345 * Who == 0 means server[0].
346 * Who == 1 means server[1].
347 * Who == as.n_serv means query on those with impl set.
348 */
349 if(!(who == -1 || who == i ||
350 (who == as.n_serv && !recursing && info && info->impl) ||
351 (who == as.n_serv && recursing && info && info->rhs))){
352
353 if(info)
354 free_ldap_server_info(&info);
355
356 continue;
357 }
358
359 dprint((6, "ldap_lookup_all_work: ldap_lookup (server: %.20s...)(string: %s)\n",
360 ps_global->VAR_LDAP_SERVERS[i], string));
361 serv_res = ldap_lookup(info, string, cust,
362 wp_err, how_many_servers > 1);
363 if(serv_res){
364 /* Add new one to end of list so they come in the right order */
365 for(rr = head_of_result_list; rr && rr->next; rr = rr->next)
366 ;
367
368 if(rr)
369 rr->next = serv_res;
370 else
371 head_of_result_list = serv_res;
372 }
373
374 if(info)
375 free_ldap_server_info(&info);
376 }
377 }
378
379 return(head_of_result_list);
380 }
381
382
383 /*
384 * Do an LDAP lookup to the server described in the info argument.
385 *
386 * Args info -- LDAP info for server.
387 * string -- String to lookup.
388 * cust -- Possible custom filter description.
389 * wp_err -- We set this is we get a white pages error.
390 * name_in_error -- Caller sets this if they want us to include the server
391 * name in error messages.
392 *
393 * Returns Results of lookup, NULL if lookup failed.
394 */
395 LDAP_SERV_RES_S *
396 ldap_lookup(LDAP_SERV_S *info, char *string, CUSTOM_FILT_S *cust,
397 WP_ERR_S *wp_err, int name_in_error)
398 {
399 char ebuf[900];
400 char buf[900];
401 char *serv, *base, *serv_errstr;
402 char *mailattr, *snattr, *gnattr, *cnattr;
403 int we_cancel = 0, we_turned_on = 0;
404 LDAP_SERV_RES_S *serv_res = NULL;
405 LDAP *ld;
406 long pwdtrial = 0L;
407 int ld_errnum;
408 char *ld_errstr;
409
410
411 if(!info)
412 return(serv_res);
413
414 serv = cpystr((info->serv && *info->serv) ? info->serv : "?");
415
416 if(name_in_error)
417 snprintf(ebuf, sizeof(ebuf), " (%s)",
418 (info->nick && *info->nick) ? info->nick : serv);
419 else
420 ebuf[0] = '\0';
421
422 serv_errstr = cpystr(ebuf);
423 base = cpystr(info->base ? info->base : "");
424
425 if(info->port < 0)
426 info->port = LDAP_PORT;
427
428 if(info->type < 0)
429 info->type = DEF_LDAP_TYPE;
430
431 if(info->srch < 0)
432 info->srch = DEF_LDAP_SRCH;
433
434 if(info->time < 0)
435 info->time = DEF_LDAP_TIME;
436
437 if(info->size < 0)
438 info->size = DEF_LDAP_SIZE;
439
440 if(info->scope < 0)
441 info->scope = DEF_LDAP_SCOPE;
442
443 mailattr = (info->mailattr && info->mailattr[0]) ? info->mailattr
444 : DEF_LDAP_MAILATTR;
445 snattr = (info->snattr && info->snattr[0]) ? info->snattr
446 : DEF_LDAP_SNATTR;
447 gnattr = (info->gnattr && info->gnattr[0]) ? info->gnattr
448 : DEF_LDAP_GNATTR;
449 cnattr = (info->cnattr && info->cnattr[0]) ? info->cnattr
450 : DEF_LDAP_CNATTR;
451
452 /*
453 * We may want to keep ldap handles open, but at least for
454 * now, re-open them every time.
455 */
456
457 dprint((3, "ldap_lookup(%s,%d)\n", serv ? serv : "?", info->port));
458
459 snprintf(ebuf, sizeof(ebuf), "Searching%s%s%s on %s",
460 (string && *string) ? " for \"" : "",
461 (string && *string) ? string : "",
462 (string && *string) ? "\"" : "",
463 serv);
464 we_turned_on = intr_handling_on(); /* this erases keymenu */
465 we_cancel = busy_cue(ebuf, NULL, 0);
466 if(wp_err->mangled)
467 *(wp_err->mangled) = 1;
468
469 #ifdef _SOLARIS_SDK
470 if(info->tls || info->tlsmust)
471 ldapssl_client_init(NULL, NULL);
472 if((ld = ldap_init(serv, info->port)) == NULL)
473 #else
474 #if (LDAPAPI >= 11)
475 if((ld = ldap_init(serv, info->port)) == NULL)
476 #else
477 if((ld = ldap_open(serv, info->port)) == NULL)
478 #endif
479 #endif
480 {
481 /* TRANSLATORS: All of the three args together are an error message */
482 snprintf(ebuf, sizeof(ebuf), _("Access to LDAP server failed: %s%s(%s)"),
483 errno ? error_description(errno) : "",
484 errno ? " " : "",
485 serv);
486 wp_err->wp_err_occurred = 1;
487 if(wp_err->error)
488 fs_give((void **)&wp_err->error);
489
490 wp_err->error = cpystr(ebuf);
491 if(we_cancel)
492 cancel_busy_cue(-1);
493
494 q_status_message(SM_ORDER, 3, 5, wp_err->error);
495 display_message('x');
496 dprint((2, "%s\n", ebuf));
497 }
498 else if(!ps_global->intr_pending){
499 int proto = 3, tlsmustbail = 0;
500 char pwd[NETMAXPASSWD], user[NETMAXUSER];
501 char *passwd = NULL;
502 char hostbuf[1024];
503 NETMBX mb;
504 #ifndef _WINDOWS
505 int rc;
506 #endif
507
508 memset(&mb, 0, sizeof(mb));
509
510 #ifdef _SOLARIS_SDK
511 if(info->tls || info->tlsmust)
512 rc = ldapssl_install_routines(ld);
513 #endif
514
515 if(ldap_v3_is_supported(ld) &&
516 our_ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &proto) == 0){
517 dprint((5, "ldap: using version 3 protocol\n"));
518 }
519
520 /*
521 * If we don't set RESTART then the select() waiting for the answer
522 * in libldap will be interrupted and stopped by our busy_cue.
523 */
524 our_ldap_set_option(ld, LDAP_OPT_RESTART, LDAP_OPT_ON);
525
526 /*
527 * If we need to authenticate, get the password. We are not
528 * supporting SASL authentication, just LDAP simple.
529 */
530 if(info->binddn && info->binddn[0]){
531 char pmt[500];
532 char *space;
533
534 snprintf(hostbuf, sizeof(hostbuf), "{%s}dummy", info->serv ? info->serv : "?");
535
536 /*
537 * We don't handle multiple space-delimited hosts well.
538 * We don't know which we're asking for a password for.
539 * We're not connected yet so we can't know.
540 */
541 if((space=strindex(hostbuf, ' ')) != NULL)
542 *space = '\0';
543
544 mail_valid_net_parse_work(hostbuf, &mb, "ldap");
545 mb.port = info->port;
546 mb.tlsflag = (info->tls || info->tlsmust) ? 1 : 0;
547
548 try_password_again:
549
550 if(mb.tlsflag
551 && (pwdtrial > 0 ||
552 #ifndef _WINDOWS
553 #ifdef _SOLARIS_SDK
554 (rc == LDAP_SUCCESS)
555 #else /* !_SOLARIS_SDK */
556 ((rc=ldap_start_tls_s(ld, NULL, NULL)) == LDAP_SUCCESS)
557 #endif /* !_SOLARIS_SDK */
558 #else /* _WINDOWS */
559 0 /* TODO: find a way to do this in Windows */
560 #endif /* _WINDOWS */
561 ))
562 mb.tlsflag = 1;
563 else
564 mb.tlsflag = 0;
565
566 if((info->tls || info->tlsmust) && !mb.tlsflag){
567 q_status_message(SM_ORDER, 3, 5, "Not able to start TLS encryption for LDAP server");
568 if(info->tlsmust)
569 tlsmustbail++;
570 }
571
572 if(!tlsmustbail){
573 snprintf(pmt, sizeof(pmt), " %s", (info->nick && *info->nick) ? info->nick : serv);
574 mm_login_work(&mb, user, pwd, pwdtrial, pmt, info->binddn);
575 if(pwd && pwd[0])
576 passwd = pwd;
577 }
578 }
579
580
581 /*
582 * LDAPv2 requires the bind. v3 doesn't require it but we want
583 * to tell the server we're v3 if the server supports v3, and if the
584 * server doesn't support v3 the bind is required.
585 */
586 if(tlsmustbail || ldap_simple_bind_s(ld, info->binddn, passwd) != LDAP_SUCCESS){
587 wp_err->wp_err_occurred = 1;
588
589 ld_errnum = our_ldap_get_lderrno(ld, NULL, &ld_errstr);
590
591 if(!tlsmustbail && info->binddn && info->binddn[0] && pwdtrial < 2L
592 && ld_errnum == LDAP_INVALID_CREDENTIALS){
593 pwdtrial++;
594 q_status_message(SM_ORDER, 3, 5, _("Invalid password"));
595 goto try_password_again;
596 }
597
598 snprintf(ebuf, sizeof(ebuf), _("LDAP server failed: %s%s%s%s"),
599 ldap_err2string(ld_errnum),
600 serv_errstr,
601 (ld_errstr && *ld_errstr) ? ": " : "",
602 (ld_errstr && *ld_errstr) ? ld_errstr : "");
603
604 if(wp_err->error)
605 fs_give((void **)&wp_err->error);
606
607 if(we_cancel)
608 cancel_busy_cue(-1);
609
610 ldap_unbind(ld);
611 wp_err->error = cpystr(ebuf);
612 q_status_message(SM_ORDER, 3, 5, wp_err->error);
613 display_message('x');
614 dprint((2, "%s\n", ebuf));
615 }
616 else if(!ps_global->intr_pending){
617 int srch_res, args, slen, flen;
618 #define TEMPLATELEN 512
619 char filt_template[TEMPLATELEN + 1];
620 char filt_format[2*TEMPLATELEN + 1];
621 char filter[2*TEMPLATELEN + 1];
622 char scp[2*TEMPLATELEN + 1];
623 char *p, *q;
624 LDAPMessage *res = NULL;
625 int intr_happened = 0;
626 int tl;
627
628 tl = (info->time == 0) ? info->time : info->time + 10;
629
630 our_ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &tl);
631 our_ldap_set_option(ld, LDAP_OPT_SIZELIMIT, &info->size);
632
633 /*
634 * If a custom filter has been passed in and it doesn't include a
635 * request to combine it with the configured filter, then replace
636 * any configured filter with the passed in filter.
637 */
638 if(cust && cust->filt && !cust->combine){
639 if(info->cust)
640 fs_give((void **)&info->cust);
641
642 info->cust = cpystr(cust->filt);
643 }
644
645 if(info->cust && *info->cust){ /* use custom filter if present */
646 strncpy(filt_template, info->cust, sizeof(filt_template));
647 filt_template[sizeof(filt_template)-1] = '\0';
648 }
649 else{ /* else use configured filter */
650 switch(info->type){
651 case LDAP_TYPE_SUR:
652 snprintf(filt_template, sizeof(filt_template), "(%s=%%s)", snattr);
653 break;
654 case LDAP_TYPE_GIVEN:
655 snprintf(filt_template, sizeof(filt_template), "(%s=%%s)", gnattr);
656 break;
657 case LDAP_TYPE_EMAIL:
658 snprintf(filt_template, sizeof(filt_template), "(%s=%%s)", mailattr);
659 break;
660 case LDAP_TYPE_CN_EMAIL:
661 snprintf(filt_template, sizeof(filt_template), "(|(%s=%%s)(%s=%%s))", cnattr,
662 mailattr);
663 break;
664 case LDAP_TYPE_SUR_GIVEN:
665 snprintf(filt_template, sizeof(filt_template), "(|(%s=%%s)(%s=%%s))",
666 snattr, gnattr);
667 break;
668 case LDAP_TYPE_SEVERAL:
669 snprintf(filt_template, sizeof(filt_template),
670 "(|(%s=%%s)(%s=%%s)(%s=%%s)(%s=%%s))",
671 cnattr, mailattr, snattr, gnattr);
672 break;
673 default:
674 case LDAP_TYPE_CN:
675 snprintf(filt_template, sizeof(filt_template), "(%s=%%s)", cnattr);
676 break;
677 }
678 }
679
680 /* just copy if custom */
681 if(info->cust && *info->cust)
682 info->srch = LDAP_SRCH_EQUALS;
683
684 p = filt_template;
685 q = filt_format;
686 memset((void *)filt_format, 0, sizeof(filt_format));
687 args = 0;
688 while(*p && (q - filt_format) + 4 < sizeof(filt_format)){
689 if(*p == '%' && *(p+1) == 's'){
690 args++;
691 switch(info->srch){
692 /* Exact match */
693 case LDAP_SRCH_EQUALS:
694 *q++ = *p++;
695 *q++ = *p++;
696 break;
697
698 /* Append wildcard after %s */
699 case LDAP_SRCH_BEGINS:
700 *q++ = *p++;
701 *q++ = *p++;
702 *q++ = '*';
703 break;
704
705 /* Insert wildcard before %s */
706 case LDAP_SRCH_ENDS:
707 *q++ = '*';
708 *q++ = *p++;
709 *q++ = *p++;
710 break;
711
712 /* Put wildcard before and after %s */
713 default:
714 case LDAP_SRCH_CONTAINS:
715 *q++ = '*';
716 *q++ = *p++;
717 *q++ = *p++;
718 *q++ = '*';
719 break;
720 }
721 }
722 else
723 *q++ = *p++;
724 }
725
726 if(q - filt_format < sizeof(filt_format))
727 *q = '\0';
728
729 filt_format[sizeof(filt_format)-1] = '\0';
730
731 /*
732 * If combine is lit we put the custom filter and the filt_format
733 * filter and combine them with an &.
734 */
735 if(cust && cust->filt && cust->combine){
736 char *combined;
737 size_t l;
738
739 l = strlen(filt_format) + strlen(cust->filt) + 3;
740 combined = (char *) fs_get((l+1) * sizeof(char));
741 snprintf(combined, l+1, "(&%s%s)", cust->filt, filt_format);
742 strncpy(filt_format, combined, sizeof(filt_format));
743 filt_format[sizeof(filt_format)-1] = '\0';
744 fs_give((void **) &combined);
745 }
746
747 /*
748 * Ad hoc attempt to make "Steve Hubert" match
749 * Steven Hubert but not Steven Shubert.
750 * We replace a <SPACE> with * <SPACE> (not * <SPACE> *).
751 */
752 memset((void *)scp, 0, sizeof(scp));
753 if(info->nosub)
754 strncpy(scp, string, sizeof(scp));
755 else{
756 p = string;
757 q = scp;
758 while(*p && (q - scp) + 1 < sizeof(scp)){
759 if(*p == SPACE && *(p+1) != SPACE){
760 *q++ = '*';
761 *q++ = *p++;
762 }
763 else
764 *q++ = *p++;
765 }
766 }
767
768 scp[sizeof(scp)-1] = '\0';
769
770 slen = strlen(scp);
771 flen = strlen(filt_format);
772 /* truncate string if it will overflow filter */
773 if(args*slen + flen - 2*args > sizeof(filter)-1)
774 scp[(sizeof(filter)-1 - flen)/args] = '\0';
775
776 /*
777 * Replace %s's with scp.
778 */
779 switch(args){
780 case 0:
781 snprintf(filter, sizeof(filter), "%s", filt_format);
782 break;
783 case 1:
784 snprintf(filter, sizeof(filter), filt_format, scp);
785 break;
786 case 2:
787 snprintf(filter, sizeof(filter), filt_format, scp, scp);
788 break;
789 case 3:
790 snprintf(filter, sizeof(filter), filt_format, scp, scp, scp);
791 break;
792 case 4:
793 snprintf(filter, sizeof(filter), filt_format, scp, scp, scp, scp);
794 break;
795 case 5:
796 snprintf(filter, sizeof(filter), filt_format, scp, scp, scp, scp, scp);
797 break;
798 case 6:
799 snprintf(filter, sizeof(filter), filt_format, scp, scp, scp, scp, scp, scp);
800 break;
801 case 7:
802 snprintf(filter, sizeof(filter), filt_format, scp, scp, scp, scp, scp, scp, scp);
803 break;
804 case 8:
805 snprintf(filter, sizeof(filter), filt_format, scp, scp, scp, scp, scp, scp, scp,
806 scp);
807 break;
808 case 9:
809 snprintf(filter, sizeof(filter), filt_format, scp, scp, scp, scp, scp, scp, scp,
810 scp, scp);
811 break;
812 case 10:
813 default:
814 snprintf(filter, sizeof(filter), filt_format, scp, scp, scp, scp, scp, scp, scp,
815 scp, scp, scp);
816 break;
817 }
818
819 /* replace double *'s with single *'s in filter */
820 for(p = q = filter; *p; p++)
821 if(*p != '*' || p == filter || *(p-1) != '*')
822 *q++ = *p;
823
824 *q = '\0';
825
826 (void) removing_double_quotes(base);
827 dprint((5, "about to ldap_search(\"%s\", %s)\n",
828 base ? base : "?", filter ? filter : "?"));
829 if(ps_global->intr_pending)
830 srch_res = LDAP_PROTOCOL_ERROR;
831 else{
832 int msgid;
833 time_t start_time;
834
835 start_time = time((time_t *)0);
836
837 dprint((6, "ldap_lookup: calling ldap_search\n"));
838 msgid = ldap_search(ld, base, info->scope, filter, NULL, 0);
839
840 if(msgid == -1)
841 srch_res = our_ldap_get_lderrno(ld, NULL, NULL);
842 else{
843 int lres;
844 /*
845 * Warning: struct timeval is not portable. However, since it is
846 * part of LDAP api it must be portable to all platforms LDAP
847 * has been ported to.
848 */
849 struct timeval t;
850
851 t.tv_sec = 1; t.tv_usec = 0;
852
853 do {
854 if(ps_global->intr_pending)
855 intr_happened = 1;
856
857 dprint((6, "ldap_result(id=%d): ", msgid));
858 if((lres=ldap_result(ld, msgid, LDAP_MSG_ALL, &t, &res)) == -1){
859 /* error */
860 srch_res = our_ldap_get_lderrno(ld, NULL, NULL);
861 dprint((6, "error (-1 returned): ld_errno=%d\n",
862 srch_res));
863 }
864 else if(lres == 0){ /* timeout, no results available */
865 if(intr_happened){
866 ldap_abandon(ld, msgid);
867 srch_res = LDAP_PROTOCOL_ERROR;
868 if(our_ldap_get_lderrno(ld, NULL, NULL) == LDAP_SUCCESS)
869 our_ldap_set_lderrno(ld, LDAP_PROTOCOL_ERROR, NULL, NULL);
870
871 dprint((6, "timeout, intr: srch_res=%d\n",
872 srch_res));
873 }
874 else if(info->time > 0 &&
875 ((long)time((time_t *)0) - start_time) > info->time){
876 /* try for partial results */
877 t.tv_sec = 0; t.tv_usec = 0;
878 lres = ldap_result(ld, msgid, LDAP_MSG_RECEIVED, &t, &res);
879 if(lres > 0 && lres != LDAP_RES_SEARCH_RESULT){
880 srch_res = LDAP_SUCCESS;
881 dprint((6, "partial result: lres=0x%x\n", lres));
882 }
883 else{
884 if(lres == 0)
885 ldap_abandon(ld, msgid);
886
887 srch_res = LDAP_TIMEOUT;
888 if(our_ldap_get_lderrno(ld, NULL, NULL) == LDAP_SUCCESS)
889 our_ldap_set_lderrno(ld, LDAP_TIMEOUT, NULL, NULL);
890
891 dprint((6,
892 "timeout, total_time (%d), srch_res=%d\n",
893 info->time, srch_res));
894 }
895 }
896 else{
897 dprint((6, "timeout\n"));
898 }
899 }
900 else{
901 srch_res = ldap_result2error(ld, res, 0);
902 dprint((6, "lres=0x%x, srch_res=%d\n", lres,
903 srch_res));
904 }
905 }while(lres == 0 &&
906 !(intr_happened ||
907 (info->time > 0 &&
908 ((long)time((time_t *)0) - start_time) > info->time)));
909 }
910 }
911
912 if(intr_happened){
913 wp_exit = 1;
914 if(we_cancel)
915 cancel_busy_cue(-1);
916
917 if(wp_err->error)
918 fs_give((void **)&wp_err->error);
919 else{
920 q_status_message(SM_ORDER, 0, 1, "Interrupt");
921 display_message('x');
922 fflush(stdout);
923 }
924
925 if(res)
926 ldap_msgfree(res);
927 if(ld)
928 ldap_unbind(ld);
929
930 res = NULL; ld = NULL;
931 }
932 else if(srch_res != LDAP_SUCCESS &&
933 srch_res != LDAP_TIMELIMIT_EXCEEDED &&
934 srch_res != LDAP_RESULTS_TOO_LARGE &&
935 srch_res != LDAP_TIMEOUT &&
936 srch_res != LDAP_SIZELIMIT_EXCEEDED){
937 wp_err->wp_err_occurred = 1;
938
939 ld_errnum = our_ldap_get_lderrno(ld, NULL, &ld_errstr);
940
941 snprintf(ebuf, sizeof(ebuf), _("LDAP search failed: %s%s%s%s"),
942 ldap_err2string(ld_errnum),
943 serv_errstr,
944 (ld_errstr && *ld_errstr) ? ": " : "",
945 (ld_errstr && *ld_errstr) ? ld_errstr : "");
946
947 if(wp_err->error)
948 fs_give((void **)&wp_err->error);
949
950 wp_err->error = cpystr(ebuf);
951 if(we_cancel)
952 cancel_busy_cue(-1);
953
954 q_status_message(SM_ORDER, 3, 5, wp_err->error);
955 display_message('x');
956 dprint((2, "%s\n", ebuf));
957 if(res)
958 ldap_msgfree(res);
959 if(ld)
960 ldap_unbind(ld);
961
962 res = NULL; ld = NULL;
963 }
964 else{
965 int cnt;
966
967 cnt = ldap_count_entries(ld, res);
968
969 if(cnt > 0){
970
971 if(srch_res == LDAP_TIMELIMIT_EXCEEDED ||
972 srch_res == LDAP_RESULTS_TOO_LARGE ||
973 srch_res == LDAP_TIMEOUT ||
974 srch_res == LDAP_SIZELIMIT_EXCEEDED){
975 wp_err->wp_err_occurred = 1;
976 ld_errnum = our_ldap_get_lderrno(ld, NULL, &ld_errstr);
977
978 snprintf(ebuf, sizeof(ebuf), _("LDAP partial results: %s%s%s%s"),
979 ldap_err2string(ld_errnum),
980 serv_errstr,
981 (ld_errstr && *ld_errstr) ? ": " : "",
982 (ld_errstr && *ld_errstr) ? ld_errstr : "");
983 dprint((2, "%s\n", ebuf));
984 if(wp_err->error)
985 fs_give((void **)&wp_err->error);
986
987 wp_err->error = cpystr(ebuf);
988 if(we_cancel)
989 cancel_busy_cue(-1);
990
991 q_status_message(SM_ORDER, 3, 5, wp_err->error);
992 display_message('x');
993 }
994
995 dprint((5, "Matched %d entries on %s\n",
996 cnt, serv ? serv : "?"));
997
998 serv_res = (LDAP_SERV_RES_S *)fs_get(sizeof(LDAP_SERV_RES_S));
999 memset((void *)serv_res, 0, sizeof(*serv_res));
1000 serv_res->ld = ld;
1001 serv_res->res = res;
1002 serv_res->info_used = copy_ldap_serv_info(info);
1003 /* Save by reference? */
1004 if(info->ref){
1005 snprintf(buf, sizeof(buf), "%s:%s", serv, comatose(info->port));
1006 serv_res->serv = cpystr(buf);
1007 }
1008 else
1009 serv_res->serv = NULL;
1010
1011 serv_res->next = NULL;
1012 }
1013 else{
1014 if(srch_res == LDAP_TIMELIMIT_EXCEEDED ||
1015 srch_res == LDAP_RESULTS_TOO_LARGE ||
1016 srch_res == LDAP_TIMEOUT ||
1017 srch_res == LDAP_SIZELIMIT_EXCEEDED){
1018 wp_err->wp_err_occurred = 1;
1019 wp_err->ldap_errno = srch_res;
1020
1021 ld_errnum = our_ldap_get_lderrno(ld, NULL, &ld_errstr);
1022
1023 snprintf(ebuf, sizeof(ebuf), _("LDAP search failed: %s%s%s%s"),
1024 ldap_err2string(ld_errnum),
1025 serv_errstr,
1026 (ld_errstr && *ld_errstr) ? ": " : "",
1027 (ld_errstr && *ld_errstr) ? ld_errstr : "");
1028
1029 if(wp_err->error)
1030 fs_give((void **)&wp_err->error);
1031
1032 wp_err->error = cpystr(ebuf);
1033 if(we_cancel)
1034 cancel_busy_cue(-1);
1035
1036 q_status_message(SM_ORDER, 3, 5, wp_err->error);
1037 display_message('x');
1038 dprint((2, "%s\n", ebuf));
1039 }
1040
1041 dprint((5, "Matched 0 entries on %s\n",
1042 serv ? serv : "?"));
1043 if(res)
1044 ldap_msgfree(res);
1045 if(ld)
1046 ldap_unbind(ld);
1047
1048 res = NULL; ld = NULL;
1049 }
1050 }
1051 }
1052 }
1053
1054 if(we_cancel)
1055 cancel_busy_cue(-1);
1056
1057 if(we_turned_on)
1058 intr_handling_off();
1059
1060 if(serv)
1061 fs_give((void **)&serv);
1062 if(base)
1063 fs_give((void **)&base);
1064 if(serv_errstr)
1065 fs_give((void **)&serv_errstr);
1066
1067 return(serv_res);
1068 }
1069
1070
1071 /*
1072 * Given a list of entries, present them to user so user may
1073 * select one.
1074 *
1075 * Args head -- The head of the list of results
1076 * orig -- The string the user was searching for
1077 * result -- Returned pointer to chosen LDAP_SEARCH_WINNER or NULL
1078 * wp_err -- Error handling
1079 * style --
1080 *
1081 * Returns 0 ok
1082 * -1 Exit chosen by user
1083 * -2 None of matched entries had an email address
1084 * -3 No matched entries
1085 * -4 Goback to Abook List chosen by user
1086 * -5 caller shouldn't free head
1087 */
1088 int
1089 ask_user_which_entry(LDAP_SERV_RES_S *head, char *orig, LDAP_CHOOSE_S **result,
1090 WP_ERR_S *wp_err, LDAPLookupStyle style)
1091 {
1092 ADDR_CHOOSE_S ac;
1093 char t[200];
1094 int retval;
1095
1096 dprint((3, "ask_user_which(style=%s)\n",
1097 style == AlwaysDisplayAndMailRequired ? "AlwaysDisplayAndMailRequired" :
1098 style == AlwaysDisplay ? "AlwaysDisplay" :
1099 style == DisplayIfTwo ? "DisplayIfTwo" :
1100 style == DisplayForURL ? "DisplayForURL" :
1101 style == DisplayIfOne ? "DisplayIfOne" : "?"));
1102
1103 /*
1104 * Set up a screen for user to choose one entry.
1105 */
1106
1107 if(style == AlwaysDisplay || style == DisplayForURL)
1108 snprintf(t, sizeof(t), "SEARCH RESULTS INDEX");
1109 else{
1110 int len;
1111
1112 len = strlen(orig);
1113 snprintf(t, sizeof(t), _("SELECT ONE ADDRESS%s%s%s"),
1114 (orig && *orig && len < 40) ? " FOR \"" : "",
1115 (orig && *orig && len < 40) ? orig : "",
1116 (orig && *orig && len < 40) ? "\"" : "");
1117 }
1118
1119 memset(&ac, 0, sizeof(ADDR_CHOOSE_S));
1120 ac.title = cpystr(t);
1121 ac.res_head = head;
1122
1123 retval = ldap_addr_select(ps_global, &ac, result, style, wp_err, orig);
1124
1125 switch(retval){
1126 case 0: /* Ok */
1127 break;
1128
1129 case -1: /* Exit chosen by user */
1130 wp_exit = 1;
1131 break;
1132
1133 case -4: /* GoBack to AbookList chosen by user */
1134 break;
1135
1136 case -5:
1137 wp_nobail = 1;
1138 break;
1139
1140 case -2:
1141 if(style != AlwaysDisplay){
1142 if(wp_err->error)
1143 fs_give((void **)&wp_err->error);
1144
1145 wp_err->error =
1146 cpystr(_("None of the names matched on directory server has an email address"));
1147 q_status_message(SM_ORDER, 3, 5, wp_err->error);
1148 display_message('x');
1149 }
1150
1151 break;
1152
1153 case -3:
1154 if(style == AlwaysDisplayAndMailRequired){
1155 if(wp_err->error)
1156 fs_give((void **)&wp_err->error);
1157
1158 wp_err->error = cpystr(_("No matches on directory server"));
1159 q_status_message(SM_ORDER, 3, 5, wp_err->error);
1160 display_message('x');
1161 }
1162
1163 break;
1164 }
1165
1166 fs_give((void **)&ac.title);
1167
1168 return(retval);
1169 }
1170
1171
1172 ADDRESS *
1173 address_from_ldap(LDAP_CHOOSE_S *winning_e)
1174 {
1175 ADDRESS *ret_a = NULL;
1176
1177 if(winning_e){
1178 char *a;
1179 BerElement *ber;
1180
1181 ret_a = mail_newaddr();
1182 for(a = ldap_first_attribute(winning_e->ld, winning_e->selected_entry, &ber);
1183 a != NULL;
1184 a = ldap_next_attribute(winning_e->ld, winning_e->selected_entry, ber)){
1185 int i;
1186 char *p;
1187 char **vals;
1188
1189 dprint((9, "attribute: %s\n", a ? a : "?"));
1190 if(!ret_a->personal &&
1191 strcmp(a, winning_e->info_used->cnattr) == 0){
1192 dprint((9, "Got cnattr:"));
1193 vals = ldap_get_values(winning_e->ld, winning_e->selected_entry, a);
1194 for(i = 0; vals[i] != NULL; i++)
1195 dprint((9, " %s\n",
1196 vals[i] ? vals[i] : "?"));
1197
1198 if(vals && vals[0])
1199 ret_a->personal = cpystr(vals[0]);
1200
1201 ldap_value_free(vals);
1202 }
1203 else if(!ret_a->mailbox &&
1204 strcmp(a, winning_e->info_used->mailattr) == 0){
1205 dprint((9, "Got mailattr:"));
1206 vals = ldap_get_values(winning_e->ld, winning_e->selected_entry, a);
1207 for(i = 0; vals[i] != NULL; i++)
1208 dprint((9, " %s\n",
1209 vals[i] ? vals[i] : "?"));
1210
1211 /* use first one */
1212 if(vals && vals[0]){
1213 if((p = strindex(vals[0], '@')) != NULL){
1214 ret_a->host = cpystr(p+1);
1215 *p = '\0';
1216 }
1217
1218 ret_a->mailbox = cpystr(vals[0]);
1219 }
1220
1221 ldap_value_free(vals);
1222 }
1223
1224 our_ldap_memfree(a);
1225 }
1226 }
1227
1228 return(ret_a);
1229 }
1230
1231
1232 /*
1233 * Break up the ldap-server string stored in the pinerc into its
1234 * parts. The structure is allocated here and should be freed by the caller.
1235 *
1236 * The original string looks like
1237 * <servername>[:port] <SPACE> "/base=<base>/impl=1/..."
1238 *
1239 * Args serv_str -- The original string from the pinerc to parse.
1240 *
1241 * Returns A pointer to a structure with filled in answers.
1242 *
1243 * Some of the members have defaults. If port is -1, that means to use
1244 * the default LDAP_PORT. If base is NULL, use "". Type and srch have
1245 * defaults defined in alpine.h. If cust is non-NULL, it overrides type and
1246 * srch.
1247 */
1248 LDAP_SERV_S *
1249 break_up_ldap_server(char *serv_str)
1250 {
1251 char *lserv;
1252 char *q, *p, *tail;
1253 int i, only_one = 1;
1254 LDAP_SERV_S *info = NULL;
1255
1256 if(!serv_str)
1257 return(info);
1258
1259 info = (LDAP_SERV_S *)fs_get(sizeof(LDAP_SERV_S));
1260
1261 /*
1262 * Initialize to defaults.
1263 */
1264 memset((void *)info, 0, sizeof(*info));
1265 info->port = -1;
1266 info->srch = -1;
1267 info->type = -1;
1268 info->time = -1;
1269 info->size = -1;
1270 info->scope = -1;
1271
1272 /* copy the whole string to work on */
1273 lserv = cpystr(serv_str);
1274 if(lserv)
1275 removing_trailing_white_space(lserv);
1276
1277 if(!lserv || !*lserv || *lserv == '"'){
1278 if(lserv)
1279 fs_give((void **)&lserv);
1280
1281 if(info)
1282 free_ldap_server_info(&info);
1283
1284 return(NULL);
1285 }
1286
1287 tail = lserv;
1288 while((tail = strindex(tail, SPACE)) != NULL){
1289 tail++;
1290 if(*tail == '"' || *tail == '/'){
1291 *(tail-1) = '\0';
1292 break;
1293 }
1294 else
1295 only_one = 0;
1296 }
1297
1298 /* tail is the part after server[:port] <SPACE> */
1299 if(tail && *tail){
1300 removing_leading_white_space(tail);
1301 (void)removing_double_quotes(tail);
1302 }
1303
1304 /* get the optional port number */
1305 if(only_one && (q = strindex(lserv, ':')) != NULL){
1306 int ldapport = -1;
1307
1308 *q = '\0';
1309 if((ldapport = atoi(q+1)) >= 0)
1310 info->port = ldapport;
1311 }
1312
1313 /* use lserv for serv even though it has a few extra bytes alloced */
1314 info->serv = lserv;
1315
1316 if(tail && *tail){
1317 /* get the search base */
1318 if((q = srchstr(tail, "/base=")) != NULL)
1319 info->base = remove_backslash_escapes(q+6);
1320
1321 if((q = srchstr(tail, "/binddn=")) != NULL)
1322 info->binddn = remove_backslash_escapes(q+8);
1323
1324 /* get the implicit parameter */
1325 if((q = srchstr(tail, "/impl=1")) != NULL)
1326 info->impl = 1;
1327
1328 /* get the rhs parameter */
1329 if((q = srchstr(tail, "/rhs=1")) != NULL)
1330 info->rhs = 1;
1331
1332 /* get the ref parameter */
1333 if((q = srchstr(tail, "/ref=1")) != NULL)
1334 info->ref = 1;
1335
1336 /* get the nosub parameter */
1337 if((q = srchstr(tail, "/nosub=1")) != NULL)
1338 info->nosub = 1;
1339
1340 /* get the tls parameter */
1341 if((q = srchstr(tail, "/tls=1")) != NULL)
1342 info->tls = 1;
1343
1344 /* get the tlsmust parameter */
1345 if((q = srchstr(tail, "/tlsm=1")) != NULL)
1346 info->tlsmust = 1;
1347
1348 /* get the search type value */
1349 if((q = srchstr(tail, "/type=")) != NULL){
1350 NAMEVAL_S *v;
1351
1352 q += 6;
1353 if((p = strindex(q, '/')) != NULL)
1354 *p = '\0';
1355
1356 for(i = 0; (v = ldap_search_types(i)); i++)
1357 if(!strucmp(q, v->name)){
1358 info->type = v->value;
1359 break;
1360 }
1361
1362 if(p)
1363 *p = '/';
1364 }
1365
1366 /* get the search rule value */
1367 if((q = srchstr(tail, "/srch=")) != NULL){
1368 NAMEVAL_S *v;
1369
1370 q += 6;
1371 if((p = strindex(q, '/')) != NULL)
1372 *p = '\0';
1373
1374 for(i = 0; (v = ldap_search_rules(i)); i++)
1375 if(!strucmp(q, v->name)){
1376 info->srch = v->value;
1377 break;
1378 }
1379
1380 if(p)
1381 *p = '/';
1382 }
1383
1384 /* get the scope */
1385 if((q = srchstr(tail, "/scope=")) != NULL){
1386 NAMEVAL_S *v;
1387
1388 q += 7;
1389 if((p = strindex(q, '/')) != NULL)
1390 *p = '\0';
1391
1392 for(i = 0; (v = ldap_search_scope(i)); i++)
1393 if(!strucmp(q, v->name)){
1394 info->scope = v->value;
1395 break;
1396 }
1397
1398 if(p)
1399 *p = '/';
1400 }
1401
1402 /* get the time limit */
1403 if((q = srchstr(tail, "/time=")) != NULL){
1404 q += 6;
1405 if((p = strindex(q, '/')) != NULL)
1406 *p = '\0';
1407
1408 /* This one's a number */
1409 if(*q){
1410 char *err;
1411
1412 err = strtoval(q, &i, 0, 500, 0, tmp_20k_buf, SIZEOF_20KBUF, "ldap timelimit");
1413 if(err){
1414 dprint((1, "%s\n", err ? err : "?"));
1415 }
1416 else
1417 info->time = i;
1418 }
1419
1420 if(p)
1421 *p = '/';
1422 }
1423
1424 /* get the size limit */
1425 if((q = srchstr(tail, "/size=")) != NULL){
1426 q += 6;
1427 if((p = strindex(q, '/')) != NULL)
1428 *p = '\0';
1429
1430 /* This one's a number */
1431 if(*q){
1432 char *err;
1433
1434 err = strtoval(q, &i, 0, 500, 0, tmp_20k_buf, SIZEOF_20KBUF, "ldap sizelimit");
1435 if(err){
1436 dprint((1, "%s\n", err ? err : "?"));
1437 }
1438 else
1439 info->size = i;
1440 }
1441
1442 if(p)
1443 *p = '/';
1444 }
1445
1446 /* get the custom search filter */
1447 if((q = srchstr(tail, "/cust=")) != NULL)
1448 info->cust = remove_backslash_escapes(q+6);
1449
1450 /* get the nickname */
1451 if((q = srchstr(tail, "/nick=")) != NULL)
1452 info->nick = remove_backslash_escapes(q+6);
1453
1454 /* get the mail attribute name */
1455 if((q = srchstr(tail, "/matr=")) != NULL)
1456 info->mailattr = remove_backslash_escapes(q+6);
1457
1458 /* get the sn attribute name */
1459 if((q = srchstr(tail, "/satr=")) != NULL)
1460 info->snattr = remove_backslash_escapes(q+6);
1461
1462 /* get the gn attribute name */
1463 if((q = srchstr(tail, "/gatr=")) != NULL)
1464 info->gnattr = remove_backslash_escapes(q+6);
1465
1466 /* get the cn attribute name */
1467 if((q = srchstr(tail, "/catr=")) != NULL)
1468 info->cnattr = remove_backslash_escapes(q+6);
1469
1470 /* get the backup mail address */
1471 if((q = srchstr(tail, "/mail=")) != NULL)
1472 info->mail = remove_backslash_escapes(q+6);
1473 }
1474
1475 return(info);
1476 }
1477
1478
1479 void
1480 free_ldap_server_info(LDAP_SERV_S **info)
1481 {
1482 if(info && *info){
1483 if((*info)->serv)
1484 fs_give((void **)&(*info)->serv);
1485
1486 if((*info)->base)
1487 fs_give((void **)&(*info)->base);
1488
1489 if((*info)->cust)
1490 fs_give((void **)&(*info)->cust);
1491
1492 if((*info)->binddn)
1493 fs_give((void **)&(*info)->binddn);
1494
1495 if((*info)->nick)
1496 fs_give((void **)&(*info)->nick);
1497
1498 if((*info)->mail)
1499 fs_give((void **)&(*info)->mail);
1500
1501 if((*info)->mailattr)
1502 fs_give((void **)&(*info)->mailattr);
1503
1504 if((*info)->snattr)
1505 fs_give((void **)&(*info)->snattr);
1506
1507 if((*info)->gnattr)
1508 fs_give((void **)&(*info)->gnattr);
1509
1510 if((*info)->cnattr)
1511 fs_give((void **)&(*info)->cnattr);
1512
1513 fs_give((void **)info);
1514 *info = NULL;
1515 }
1516 }
1517
1518
1519 LDAP_SERV_S *
1520 copy_ldap_serv_info(LDAP_SERV_S *src)
1521 {
1522 LDAP_SERV_S *info = NULL;
1523
1524 if(src){
1525 info = (LDAP_SERV_S *) fs_get(sizeof(*info));
1526
1527 /*
1528 * Initialize to defaults.
1529 */
1530 memset((void *)info, 0, sizeof(*info));
1531
1532 info->serv = src->serv ? cpystr(src->serv) : NULL;
1533 info->base = src->base ? cpystr(src->base) : NULL;
1534 info->cust = src->cust ? cpystr(src->cust) : NULL;
1535 info->binddn = src->binddn ? cpystr(src->binddn) : NULL;
1536 info->nick = src->nick ? cpystr(src->nick) : NULL;
1537 info->mail = src->mail ? cpystr(src->mail) : NULL;
1538 info->mailattr = cpystr((src->mailattr && src->mailattr[0])
1539 ? src->mailattr : DEF_LDAP_MAILATTR);
1540 info->snattr = cpystr((src->snattr && src->snattr[0])
1541 ? src->snattr : DEF_LDAP_SNATTR);
1542 info->gnattr = cpystr((src->gnattr && src->gnattr[0])
1543 ? src->gnattr : DEF_LDAP_GNATTR);
1544 info->cnattr = cpystr((src->cnattr && src->cnattr[0])
1545 ? src->cnattr : DEF_LDAP_CNATTR);
1546
1547 info->port = (src->port < 0) ? LDAP_PORT : src->port;
1548 info->time = (src->time < 0) ? DEF_LDAP_TIME : src->time;
1549 info->size = (src->size < 0) ? DEF_LDAP_SIZE : src->size;
1550 info->type = (src->type < 0) ? DEF_LDAP_TYPE : src->type;
1551 info->srch = (src->srch < 0) ? DEF_LDAP_SRCH : src->srch;
1552 info->scope = (src->scope < 0) ? DEF_LDAP_SCOPE : src->scope;
1553 info->impl = src->impl;
1554 info->rhs = src->rhs;
1555 info->ref = src->ref;
1556 info->nosub = src->nosub;
1557 info->tls = src->tls;
1558 }
1559
1560 return(info);
1561 }
1562
1563
1564 void
1565 free_ldap_result_list(LDAP_SERV_RES_S **r)
1566 {
1567 if(r && *r){
1568 free_ldap_result_list(&(*r)->next);
1569 if((*r)->res)
1570 ldap_msgfree((*r)->res);
1571 if((*r)->ld)
1572 ldap_unbind((*r)->ld);
1573 if((*r)->info_used)
1574 free_ldap_server_info(&(*r)->info_used);
1575 if((*r)->serv)
1576 fs_give((void **) &(*r)->serv);
1577
1578 fs_give((void **) r);
1579 }
1580 }
1581
1582
1583 /*
1584 * Mask API differences.
1585 */
1586 void
1587 our_ldap_memfree(void *a)
1588 {
1589 #if (LDAPAPI >= 15)
1590 if(a)
1591 ldap_memfree(a);
1592 #endif
1593 }
1594
1595
1596 /*
1597 * Mask API differences.
1598 */
1599 void
1600 our_ldap_dn_memfree(void *a)
1601 {
1602 #if defined(_WINDOWS)
1603 if(a)
1604 ldap_memfree(a);
1605 #else
1606 #if (LDAPAPI >= 15)
1607 if(a)
1608 ldap_memfree(a);
1609 #else
1610 if(a)
1611 free(a);
1612 #endif
1613 #endif
1614 }
1615
1616
1617 /*
1618 * More API masking.
1619 */
1620 int
1621 our_ldap_get_lderrno(LDAP *ld, char **m, char **s)
1622 {
1623 int ret = 0;
1624
1625 #if (LDAPAPI >= 2000)
1626 if(ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, (void *)&ret) == 0){
1627 if(s)
1628 ldap_get_option(ld, LDAP_OPT_ERROR_STRING, (void *)s);
1629 }
1630 #elif (LDAPAPI >= 15)
1631 ret = ldap_get_lderrno(ld, m, s);
1632 #else
1633 ret = ld->ld_errno;
1634 if(s)
1635 *s = ld->ld_error;
1636 #endif
1637
1638 return(ret);
1639 }
1640
1641
1642 /*
1643 * More API masking.
1644 */
1645 int
1646 our_ldap_set_lderrno(LDAP *ld, int e, char *m, char *s)
1647 {
1648 int ret;
1649
1650 #if (LDAPAPI >= 2000)
1651 if(ldap_set_option(ld, LDAP_OPT_ERROR_NUMBER, (void *)&e) == 0)
1652 ret = LDAP_SUCCESS;
1653 else
1654 (void)ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, (void *)&ret);
1655 #elif (LDAPAPI >= 15)
1656 ret = ldap_set_lderrno(ld, e, m, s);
1657 #else
1658 /* this is all we care about */
1659 ld->ld_errno = e;
1660 ret = LDAP_SUCCESS;
1661 #endif
1662
1663 return(ret);
1664 }
1665
1666
1667 /*
1668 * More API masking.
1669 */
1670 int
1671 our_ldap_set_option(LDAP *ld, int option, void *optdata)
1672 {
1673 int ret;
1674
1675 #if (LDAPAPI >= 15)
1676 ret = ldap_set_option(ld, option, optdata);
1677 #else
1678 switch(option){
1679 case LDAP_OPT_TIMELIMIT:
1680 ld->ld_timelimit = *(int *)optdata;
1681 break;
1682
1683 case LDAP_OPT_SIZELIMIT:
1684 ld->ld_sizelimit = *(int *)optdata;
1685 break;
1686
1687 case LDAP_OPT_RESTART:
1688 if((int)optdata)
1689 ld->ld_options |= LDAP_OPT_RESTART;
1690 else
1691 ld->ld_options &= ~LDAP_OPT_RESTART;
1692
1693 break;
1694
1695 /*
1696 * Does nothing here. There is only one protocol version supported.
1697 */
1698 case LDAP_OPT_PROTOCOL_VERSION:
1699 ret = -1;
1700 break;
1701
1702 default:
1703 panic("LDAP function not implemented");
1704 }
1705 #endif
1706
1707 return(ret);
1708 }
1709
1710
1711 /*
1712 * Returns 1 if we can use LDAP version 3 protocol.
1713 */
1714 int
1715 ldap_v3_is_supported(LDAP *ld)
1716 {
1717 return(1);
1718 }
1719
1720 struct tl_table {
1721 char *ldap_ese;
1722 char *translated;
1723 };
1724
1725 static struct tl_table ldap_trans_table[]={
1726 /*
1727 * TRANSLATORS: This is a list of LDAP attributes with translations to present
1728 * to the user. For example the attribute mail is Email Address and the attribute
1729 * cn is Name.
1730 */
1731 {"mail", N_("Email Address")},
1732 #define LDAP_MAIL_ATTR 0
1733 {"sn", N_("Surname")},
1734 #define LDAP_SN_ATTR 1
1735 {"givenName", N_("Given Name")},
1736 #define LDAP_GN_ATTR 2
1737 {"cn", N_("Name")},
1738 #define LDAP_CN_ATTR 3
1739 {"electronicmail", N_("Email Address")},
1740 #define LDAP_EMAIL_ATTR 4
1741 {"o", N_("Organization")},
1742 {"ou", N_("Unit")},
1743 {"c", N_("Country")},
1744 {"st", N_("State or Province")},
1745 {"l", N_("Locality")},
1746 {"objectClass", N_("Object Class")},
1747 {"title", N_("Title")},
1748 {"departmentNumber", N_("Department")},
1749 {"postalAddress", N_("Postal Address")},
1750 {"homePostalAddress", N_("Home Address")},
1751 {"mailStop", N_("Mail Stop")},
1752 {"telephoneNumber", N_("Voice Telephone")},
1753 {"homePhone", N_("Home Telephone")},
1754 {"officePhone", N_("Office Telephone")},
1755 {"facsimileTelephoneNumber", N_("FAX Telephone")},
1756 {"mobile", N_("Mobile Telephone")},
1757 {"pager", N_("Pager")},
1758 {"roomNumber", N_("Room Number")},
1759 {"uid", N_("User ID")},
1760 {NULL, NULL}
1761 };
1762
1763 char *
1764 ldap_translate(char *a, LDAP_SERV_S *info_used)
1765 {
1766 int i;
1767
1768 if(info_used){
1769 if(info_used->mailattr && strucmp(info_used->mailattr, a) == 0)
1770 return(_(ldap_trans_table[LDAP_MAIL_ATTR].translated));
1771 else if(info_used->snattr && strucmp(info_used->snattr, a) == 0)
1772 return(_(ldap_trans_table[LDAP_SN_ATTR].translated));
1773 else if(info_used->gnattr && strucmp(info_used->gnattr, a) == 0)
1774 return(_(ldap_trans_table[LDAP_GN_ATTR].translated));
1775 else if(info_used->cnattr && strucmp(info_used->cnattr, a) == 0)
1776 return(_(ldap_trans_table[LDAP_CN_ATTR].translated));
1777 }
1778
1779 for(i = 0; ldap_trans_table[i].ldap_ese; i++){
1780 if(info_used)
1781 switch(i){
1782 case LDAP_MAIL_ATTR:
1783 case LDAP_SN_ATTR:
1784 case LDAP_GN_ATTR:
1785 case LDAP_CN_ATTR:
1786 case LDAP_EMAIL_ATTR:
1787 continue;
1788 }
1789
1790 if(strucmp(ldap_trans_table[i].ldap_ese, a) == 0)
1791 return(_(ldap_trans_table[i].translated));
1792 }
1793
1794 return(a);
1795 }
1796
1797
1798 #endif /* ENABLE_LDAP */
Alpine is a program to manage e-mail