search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
2007-01-25 [paul] 2.7.1cvs2-stable
[claws.git] / src / ldaputil.c
blob39e9ea1624a8f543fac83200cc236e647c6cbaf6
1 /*
2 * Sylpheed -- a GTK+ based, lightweight, and fast e-mail client
3 * Copyright (C) 2003-2007 Match Grun and the Claws Mail team
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 */
19
20 /*
21 * Some utility functions to access LDAP servers.
22 */
23
24 #ifdef HAVE_CONFIG_H
25 # include "config.h"
26 #endif
27
28 #ifdef USE_LDAP
29
30 #include <glib.h>
31 #include <string.h>
32 #include <sys/time.h>
33 #include <ldap.h>
34 #include <lber.h>
35 #include <errno.h>
36
37 #define SYLDAP_TEST_FILTER "(objectclass=*)"
38 #define SYLDAP_SEARCHBASE_V2 "cn=config"
39 #define SYLDAP_SEARCHBASE_V3 ""
40 #define SYLDAP_V2_TEST_ATTR "database"
41 #define SYLDAP_V3_TEST_ATTR "namingcontexts"
42
43 /**
44 * Attempt to discover the base DN for a server using LDAP version 3.
45 * \param ld LDAP handle for a connected server.
46 * \param tov Timeout value (seconds), or 0 for none, default 30 secs.
47 * \return List of Base DN's, or NULL if could not read. List should be
48 * g_free() when done.
49 */
50 static GList *ldaputil_test_v3( LDAP *ld, gint tov, gint *errcode ) {
51 GList *baseDN = NULL;
52 gint rc, i;
53 LDAPMessage *result = NULL, *e;
54 gchar *attribs[2];
55 BerElement *ber;
56 gchar *attribute;
57 struct berval **vals;
58 struct timeval timeout;
59
60 /* Set timeout */
61 timeout.tv_usec = 0L;
62 if( tov > 0 ) {
63 timeout.tv_sec = tov;
64 }
65 else {
66 timeout.tv_sec = 30L;
67 }
68
69 /* Test for LDAP version 3 */
70 attribs[0] = SYLDAP_V3_TEST_ATTR;
71 attribs[1] = NULL;
72 rc = ldap_search_ext_s(
73 ld, SYLDAP_SEARCHBASE_V3, LDAP_SCOPE_BASE, SYLDAP_TEST_FILTER,
74 attribs, 0, NULL, NULL, &timeout, 0, &result );
75
76 if( rc == LDAP_SUCCESS ) {
77 /* Process entries */
78 for( e = ldap_first_entry( ld, result );
79 e != NULL;
80 e = ldap_next_entry( ld, e ) )
81 {
82 /* Process attributes */
83 for( attribute = ldap_first_attribute( ld, e, &ber );
84 attribute != NULL;
85 attribute = ldap_next_attribute( ld, e, ber ) )
86 {
87 if( strcasecmp(
88 attribute, SYLDAP_V3_TEST_ATTR ) == 0 )
89 {
90 vals = ldap_get_values_len( ld, e, attribute );
91 if( vals != NULL ) {
92 for( i = 0; vals[i] != NULL; i++ ) {
93 baseDN = g_list_append(
94 baseDN, g_strndup( vals[i]->bv_val, vals[i]->bv_len ) );
95 }
96 }
97 ldap_value_free_len( vals );
98 }
99 ldap_memfree( attribute );
100 }
101 if( ber != NULL ) {
102 ber_free( ber, 0 );
103 }
104 ber = NULL;
105 }
106 }
107 if (errcode)
108 *errcode = rc;
109 if (result)
110 ldap_msgfree( result );
111 return baseDN;
112 }
113
114 /**
115 * Attempt to discover the base DN for a server using LDAP version 2.
116 * \param ld LDAP handle for a connected server.
117 * \param tov Timeout value (seconds), or 0 for none, default 30 secs.
118 * \return List of Base DN's, or NULL if could not read. List should be
119 * g_free() when done.
120 */
121 static GList *ldaputil_test_v2( LDAP *ld, gint tov ) {
122 GList *baseDN = NULL;
123 gint rc, i;
124 LDAPMessage *result = NULL, *e;
125 gchar *attribs[1];
126 BerElement *ber;
127 gchar *attribute;
128 struct berval **vals;
129 struct timeval timeout;
130
131 /* Set timeout */
132 timeout.tv_usec = 0L;
133 if( tov > 0 ) {
134 timeout.tv_sec = tov;
135 }
136 else {
137 timeout.tv_sec = 30L;
138 }
139
140 attribs[0] = NULL;
141 rc = ldap_search_ext_s(
142 ld, SYLDAP_SEARCHBASE_V2, LDAP_SCOPE_BASE, SYLDAP_TEST_FILTER,
143 attribs, 0, NULL, NULL, &timeout, 0, &result );
144
145 if( rc == LDAP_SUCCESS ) {
146 /* Process entries */
147 for( e = ldap_first_entry( ld, result );
148 e != NULL;
149 e = ldap_next_entry( ld, e ) )
150 {
151 /* Process attributes */
152 for( attribute = ldap_first_attribute( ld, e, &ber );
153 attribute != NULL;
154 attribute = ldap_next_attribute( ld, e, ber ) )
155 {
156 if( strcasecmp(
157 attribute,
158 SYLDAP_V2_TEST_ATTR ) == 0 ) {
159 vals = ldap_get_values_len( ld, e, attribute );
160 if( vals != NULL ) {
161 for( i = 0; vals[i] != NULL; i++ ) {
162 char *ch, *tmp;
163 /*
164 * Strip the 'ldb:' from the
165 * front of the value.
166 */
167 tmp = g_strndup( vals[i]->bv_val, vals[i]->bv_len);
168 ch = ( char * ) strchr( tmp, ':' );
169 if( ch ) {
170 gchar *bn = g_strdup( ++ch );
171 g_strchomp( bn );
172 g_strchug( bn );
173 baseDN = g_list_append(
174 baseDN, g_strdup( bn ) );
175 g_free( bn );
176 }
177 g_free(tmp);
178 }
179 }
180 ldap_value_free_len( vals );
181 }
182 ldap_memfree( attribute );
183 }
184 if( ber != NULL ) {
185 ber_free( ber, 0 );
186 }
187 ber = NULL;
188 }
189 }
190 if (result)
191 ldap_msgfree( result );
192 return baseDN;
193 }
194
195 int claws_ldap_simple_bind_s( LDAP *ld, LDAP_CONST char *dn, LDAP_CONST char *passwd )
196 {
197 struct berval cred;
198
199 if ( passwd != NULL ) {
200 cred.bv_val = (char *) passwd;
201 cred.bv_len = strlen( passwd );
202 } else {
203 cred.bv_val = "";
204 cred.bv_len = 0;
205 }
206
207 return ldap_sasl_bind_s( ld, dn, LDAP_SASL_SIMPLE, &cred,
208 NULL, NULL, NULL );
209 }
210
211 /**
212 * Attempt to discover the base DN for the server.
213 * \param host Host name.
214 * \param port Port number.
215 * \param bindDN Bind DN (optional).
216 * \param bindPW Bind PW (optional).
217 * \param tov Timeout value (seconds), or 0 for none, default 30 secs.
218 * \return List of Base DN's, or NULL if could not read. This list should be
219 * g_free() when done.
220 */
221 GList *ldaputil_read_basedn(
222 const gchar *host, const gint port, const gchar *bindDN,
223 const gchar *bindPW, const gint tov, int ssl, int tls )
224 {
225 GList *baseDN = NULL;
226 LDAP *ld = NULL;
227 gint rc;
228 gchar *uri = NULL;
229 #ifdef USE_LDAP_TLS
230 gint version;
231 #endif
232
233 if( host == NULL ) return baseDN;
234 if( port < 1 ) return baseDN;
235
236 /* Connect to server. */
237
238 uri = g_strdup_printf("ldap%s://%s:%d",
239 ssl?"s":"",
240 host, port);
241 rc = ldap_initialize(&ld, uri);
242 g_free(uri);
243
244 if( ld == NULL ) {
245 return baseDN;
246 }
247 #ifdef USE_LDAP_TLS
248 if( tls && !ssl ) {
249 /* Handle TLS */
250 version = LDAP_VERSION3;
251 rc = ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version );
252 if( rc != LDAP_OPT_SUCCESS ) {
253 ldap_unbind_ext( ld, NULL, NULL );
254 return baseDN;
255 }
256 rc = ldap_start_tls_s( ld, NULL, NULL );
257 if (rc != 0) {
258 ldap_unbind_ext( ld, NULL, NULL );
259 return baseDN;
260 }
261 }
262 #endif
263
264 /* Bind to the server, if required */
265 if( bindDN ) {
266 if( *bindDN != '\0' ) {
267 rc = claws_ldap_simple_bind_s( ld, bindDN, bindPW );
268 if( rc != LDAP_SUCCESS ) {
269 ldap_unbind_ext( ld, NULL, NULL );
270 return baseDN;
271 }
272 }
273 }
274
275 /* Test for LDAP version 3 */
276 baseDN = ldaputil_test_v3( ld, tov, &rc );
277
278 if( baseDN == NULL && !LDAP_API_ERROR(rc) ) {
279 baseDN = ldaputil_test_v2( ld, tov );
280 }
281 if (ld && !LDAP_API_ERROR(rc))
282 ldap_unbind_ext( ld, NULL, NULL );
283
284 return baseDN;
285 }
286
287 /**
288 * Attempt to connect to the server.
289 * Enter:
290 * \param host Host name.
291 * \param port Port number.
292 * \return <i>TRUE</i> if connected successfully.
293 */
294 gboolean ldaputil_test_connect( const gchar *host, const gint port, int ssl, int tls ) {
295 gboolean retVal = FALSE;
296 LDAP *ld;
297 #ifdef USE_LDAP_TLS
298 gint rc;
299 gint version;
300 #endif
301 gchar *uri = NULL;
302
303 if( host == NULL ) return retVal;
304 if( port < 1 ) return retVal;
305
306 uri = g_strdup_printf("ldap%s://%s:%d",
307 ssl?"s":"",
308 host, port);
309 ldap_initialize(&ld, uri);
310 g_free(uri);
311 if (ld == NULL)
312 return FALSE;
313
314 #ifdef USE_LDAP_TLS
315 if (ssl) {
316 GList *dummy = ldaputil_test_v3( ld, 10, &rc );
317 if (dummy)
318 g_list_free(dummy);
319 if (LDAP_API_ERROR(rc))
320 return FALSE;
321 }
322
323 if( tls && !ssl ) {
324 /* Handle TLS */
325 version = LDAP_VERSION3;
326 rc = ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version );
327 if( rc != LDAP_OPT_SUCCESS ) {
328 ldap_unbind_ext( ld, NULL, NULL );
329 return FALSE;
330 }
331
332 rc = ldap_start_tls_s( ld, NULL, NULL );
333 if (rc != 0) {
334 ldap_unbind_ext( ld, NULL, NULL );
335 return FALSE;
336 }
337 }
338 #endif
339 if( ld != NULL ) {
340 ldap_unbind_ext( ld, NULL, NULL );
341 retVal = TRUE;
342 }
343 return retVal;
344 }
345
346 /**
347 * Test whether LDAP libraries installed.
348 * Return: TRUE if library available.
349 */
350 gboolean ldaputil_test_ldap_lib( void ) {
351 return TRUE;
352 }
353
354 #endif /* USE_LDAP */
355
356 /*
357 * End of Source.
358 */