LupusNobilis
/
sogo
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Monotone-Parent: 1219e8fa67b77e630542e3726e865fc1bb663c61 

Monotone-Revision: 8068894585ba2c44a0ab1631775f93f547ce5ff6

Monotone-Author: wsourdeau@inverse.ca
Monotone-Date: 2009-04-02T20:51:46
Monotone-Branch: ca.inverse.sogo
maint-2.0.2
Wolfgang Sourdeau 2009-04-02 20:51:46 +00:00
parent 9e45431cd0
commit f12689a73c
5 changed files with 136 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -1,3 +1,9 @@
2009-04-02 Wolfgang Sourdeau <wsourdeau@inverse.ca>
* SoObjects/SOGo/LDAPSource.m: we now support an "encryption"
parameter, having either a value of "ssl" or "starttls" to define
the type of encryption to be used, if any.
2009-04-01 Ludovic Marcotte <lmarcotte@inverse.ca>
* Dropped worthless tools

4
NEWS
View File

@ -1,3 +1,7 @@
1.0.x
-----
- we now support LDAP encryption for binding and for contact lookups
1.0-2009
--------
- when the status of an attendee changes, the event of an organizer is now updated correctly if it doesn't reside in the personal folder

62
SOPE/sope-patchset-r1632.diff
View File

@ -1,3 +1,65 @@
Index: sope-ldap/NGLdap/NGLdapConnection.m
===================================================================
--- sope-ldap/NGLdap/NGLdapConnection.m (revision 1632)
+++ sope-ldap/NGLdap/NGLdapConnection.m (working copy)
@@ -219,6 +219,29 @@
return e;
}
+/* encryption */
+
+- (BOOL)useSSL
+{
+ BOOL rc;
+ int option;
+
+ if (self->handle != NULL) {
+ option = LDAP_OPT_X_TLS_HARD;
+ rc = (ldap_set_option(self->handle, LDAP_OPT_X_TLS, &option) == LDAP_SUCCESS);
+ }
+ else
+ rc = NO;
+
+ return rc;
+}
+
+- (BOOL)startTLS
+{
+ return (self->handle != NULL
+ && ldap_start_tls_s(self->handle, NULL, NULL) == LDAP_SUCCESS);
+}
+
/* binding */
- (BOOL)isBound {
Index: sope-ldap/NGLdap/ChangeLog
===================================================================
--- sope-ldap/NGLdap/ChangeLog (revision 1632)
+++ sope-ldap/NGLdap/ChangeLog (working copy)
@@ -1,3 +1,8 @@
+2009-04-02 Wolfgang Sourdeau <wsourdeau@inverse.ca>
+
+ * NGLdapConnection.m (useSSL,startTLS): new method enabling
+ encryption on the LDAP connection.
+
2007-11-21 Helge Hess <helge.hess@opengroupware.org>
* NGLdapConnection.m: replaced some -cString calls with -UTF8String
Index: sope-ldap/NGLdap/NGLdapConnection.h
===================================================================
--- sope-ldap/NGLdap/NGLdapConnection.h (revision 1632)
+++ sope-ldap/NGLdap/NGLdapConnection.h (working copy)
@@ -53,6 +53,10 @@
- (NSString *)hostName;
- (int)port;
+/* encryption */
+- (BOOL)useSSL;
+- (BOOL)startTLS;
+
/* binding */
- (BOOL)isBound;
Index: sope-gdl1/PostgreSQL/PostgreSQL72Channel.m
===================================================================
--- sope-gdl1/PostgreSQL/PostgreSQL72Channel.m (revision 1632)

4
SoObjects/SOGo/LDAPSource.h
View File

@ -36,6 +36,7 @@
NSString *hostname;
unsigned int port;
NSString *password;
NSString *encryption;
NSString *_filter;
NSString *baseDN;
@ -56,9 +57,10 @@
- (id) initFromUDSource: (NSDictionary *) udSource;
- (void) setBindDN: (NSString *) newBindDN
password: (NSString *) newBindPassword
hostname: (NSString *) newBindHostname
port: (NSString *) newBindPort
andPassword: (NSString *) newBindPassword;
encryption: (NSString *) newEncryption;
- (void) setBaseDN: (NSString *) newBaseDN
IDField: (NSString *) newIDField
CNField: (NSString *) newCNField

89
SoObjects/SOGo/LDAPSource.m
View File

@ -26,6 +26,7 @@
#import <Foundation/NSString.h>
#import <Foundation/NSUserDefaults.h>
#import <NGExtensions/NSObject+Logs.h>
#import <EOControl/EOControl.h>
#import <NGLdap/NGLdapConnection.h>
#import <NGLdap/NGLdapAttribute.h>
@ -155,6 +156,7 @@ static NSLock *lock;
bindDN = nil;
hostname = nil;
port = 389;
encryption = nil;
password = nil;
sourceID = nil;
@ -178,6 +180,7 @@ static NSLock *lock;
{
[bindDN release];
[hostname release];
[encryption release];
[password release];
[baseDN release];
[IDField release];
@ -196,30 +199,35 @@ static NSLock *lock;
{
self = [self init];
ASSIGN(sourceID, [udSource objectForKey: @"id"]);
ASSIGN (sourceID, [udSource objectForKey: @"id"]);
[self setBindDN: [udSource objectForKey: @"bindDN"]
password: [udSource objectForKey: @"bindPassword"]
hostname: [udSource objectForKey: @"hostname"]
port: [udSource objectForKey: @"port"]
andPassword: [udSource objectForKey: @"bindPassword"]];
encryption: [udSource objectForKey: @"encryption"]];
[self setBaseDN: [udSource objectForKey: @"baseDN"]
IDField: [udSource objectForKey: @"IDFieldName"]
CNField: [udSource objectForKey: @"CNFieldName"]
UIDField: [udSource objectForKey: @"UIDFieldName"]
mailFields: [udSource objectForKey: @"MailFieldNames"]
andBindFields: [udSource objectForKey: @"bindFields"]];
ASSIGN(modulesConstraints, [udSource objectForKey: @"ModulesConstraints"]);
ASSIGN(_filter, [udSource objectForKey: @"filter"]);
ASSIGN (modulesConstraints, [udSource objectForKey: @"ModulesConstraints"]);
ASSIGN (_filter, [udSource objectForKey: @"filter"]);
return self;
}
- (void) setBindDN: (NSString *) newBindDN
password: (NSString *) newBindPassword
hostname: (NSString *) newBindHostname
port: (NSString *) newBindPort
andPassword: (NSString *) newBindPassword
encryption: (NSString *) newEncryption
{
ASSIGN (bindDN, newBindDN);
ASSIGN (encryption, [newEncryption uppercaseString]);
if ([encryption isEqualToString: @"SSL"])
port = 636;
ASSIGN (hostname, newBindHostname);
if (newBindPort)
port = [newBindPort intValue];
@ -246,6 +254,23 @@ static NSLock *lock;
ASSIGN (bindFields, newBindFields);
}
- (BOOL) _setupEncryption: (NGLdapConnection *) encryptedConn
{
BOOL rc;
if ([encryption isEqualToString: @"SSL"])
rc = [encryptedConn useSSL];
else if ([encryption isEqualToString: @"SSL"])
rc = [encryptedConn startTLS];
else
{
[self errorWithFormat: @"encryption scheme '%@' not supported: use 'SSL' or 'STARTTLS'"];
rc = NO;
}
return rc;
}
- (BOOL) _initLDAPConnection
{
BOOL b;
@ -254,14 +279,19 @@ static NSLock *lock;
{
ldapConnection = [[NGLdapConnection alloc] initWithHostName: hostname
port: port];
[ldapConnection bindWithMethod: @"simple"
binddn: bindDN
credentials: password];
if (sizeLimit > 0)
[ldapConnection setQuerySizeLimit: sizeLimit];
if (timeLimit > 0)
[ldapConnection setQueryTimeLimit: timeLimit];
b = YES;
if (![encryption length] || [self _setupEncryption: ldapConnection])
{
[ldapConnection bindWithMethod: @"simple"
binddn: bindDN
credentials: password];
if (sizeLimit > 0)
[ldapConnection setQuerySizeLimit: sizeLimit];
if (timeLimit > 0)
[ldapConnection setQueryTimeLimit: timeLimit];
b = YES;
}
else
b = NO;
}
NS_HANDLER
{
@ -338,23 +368,26 @@ static NSLock *lock;
{
bindConnection = [[NGLdapConnection alloc] initWithHostName: hostname
port: port];
if (timeLimit > 0)
[ldapConnection setQueryTimeLimit: timeLimit];
if (bindFields)
userDN = [self _fetchUserDNForLogin: loginToCheck];
else
userDN = [NSString stringWithFormat: @"%@=%@,%@",
IDField, loginToCheck, baseDN];
if (userDN)
if (![encryption length] || [self _setupEncryption: bindConnection])
{
NS_DURING
didBind = [bindConnection bindWithMethod: @"simple"
binddn: userDN
credentials: passwordToCheck];
NS_HANDLER
NS_ENDHANDLER
if (timeLimit > 0)
[ldapConnection setQueryTimeLimit: timeLimit];
if (bindFields)
userDN = [self _fetchUserDNForLogin: loginToCheck];
else
userDN = [NSString stringWithFormat: @"%@=%@,%@",
IDField, loginToCheck, baseDN];
if (userDN)
{
NS_DURING
didBind = [bindConnection bindWithMethod: @"simple"
binddn: userDN
credentials: passwordToCheck];
NS_HANDLER
NS_ENDHANDLER
}
[bindConnection release];
}
[bindConnection release];
}
#if defined(THREADSAFE)