Monotone-Parent: 1219e8fa67b77e630542e3726e865fc1bb663c61
Monotone-Revision: 8068894585ba2c44a0ab1631775f93f547ce5ff6 Monotone-Author: wsourdeau@inverse.ca Monotone-Date: 2009-04-02T20:51:46 Monotone-Branch: ca.inverse.sogomaint-2.0.2
parent
9e45431cd0
commit
f12689a73c
|
@ -1,3 +1,9 @@
|
|||
2009-04-02 Wolfgang Sourdeau <wsourdeau@inverse.ca>
|
||||
|
||||
* SoObjects/SOGo/LDAPSource.m: we now support an "encryption"
|
||||
parameter, having either a value of "ssl" or "starttls" to define
|
||||
the type of encryption to be used, if any.
|
||||
|
||||
2009-04-01 Ludovic Marcotte <lmarcotte@inverse.ca>
|
||||
|
||||
* Dropped worthless tools
|
||||
|
|
4
NEWS
4
NEWS
|
@ -1,3 +1,7 @@
|
|||
1.0.x
|
||||
-----
|
||||
- we now support LDAP encryption for binding and for contact lookups
|
||||
|
||||
1.0-2009
|
||||
--------
|
||||
- when the status of an attendee changes, the event of an organizer is now updated correctly if it doesn't reside in the personal folder
|
||||
|
|
|
@ -1,3 +1,65 @@
|
|||
Index: sope-ldap/NGLdap/NGLdapConnection.m
|
||||
===================================================================
|
||||
--- sope-ldap/NGLdap/NGLdapConnection.m (revision 1632)
|
||||
+++ sope-ldap/NGLdap/NGLdapConnection.m (working copy)
|
||||
@@ -219,6 +219,29 @@
|
||||
return e;
|
||||
}
|
||||
|
||||
+/* encryption */
|
||||
+
|
||||
+- (BOOL)useSSL
|
||||
+{
|
||||
+ BOOL rc;
|
||||
+ int option;
|
||||
+
|
||||
+ if (self->handle != NULL) {
|
||||
+ option = LDAP_OPT_X_TLS_HARD;
|
||||
+ rc = (ldap_set_option(self->handle, LDAP_OPT_X_TLS, &option) == LDAP_SUCCESS);
|
||||
+ }
|
||||
+ else
|
||||
+ rc = NO;
|
||||
+
|
||||
+ return rc;
|
||||
+}
|
||||
+
|
||||
+- (BOOL)startTLS
|
||||
+{
|
||||
+ return (self->handle != NULL
|
||||
+ && ldap_start_tls_s(self->handle, NULL, NULL) == LDAP_SUCCESS);
|
||||
+}
|
||||
+
|
||||
/* binding */
|
||||
|
||||
- (BOOL)isBound {
|
||||
Index: sope-ldap/NGLdap/ChangeLog
|
||||
===================================================================
|
||||
--- sope-ldap/NGLdap/ChangeLog (revision 1632)
|
||||
+++ sope-ldap/NGLdap/ChangeLog (working copy)
|
||||
@@ -1,3 +1,8 @@
|
||||
+2009-04-02 Wolfgang Sourdeau <wsourdeau@inverse.ca>
|
||||
+
|
||||
+ * NGLdapConnection.m (useSSL,startTLS): new method enabling
|
||||
+ encryption on the LDAP connection.
|
||||
+
|
||||
2007-11-21 Helge Hess <helge.hess@opengroupware.org>
|
||||
|
||||
* NGLdapConnection.m: replaced some -cString calls with -UTF8String
|
||||
Index: sope-ldap/NGLdap/NGLdapConnection.h
|
||||
===================================================================
|
||||
--- sope-ldap/NGLdap/NGLdapConnection.h (revision 1632)
|
||||
+++ sope-ldap/NGLdap/NGLdapConnection.h (working copy)
|
||||
@@ -53,6 +53,10 @@
|
||||
- (NSString *)hostName;
|
||||
- (int)port;
|
||||
|
||||
+/* encryption */
|
||||
+- (BOOL)useSSL;
|
||||
+- (BOOL)startTLS;
|
||||
+
|
||||
/* binding */
|
||||
|
||||
- (BOOL)isBound;
|
||||
Index: sope-gdl1/PostgreSQL/PostgreSQL72Channel.m
|
||||
===================================================================
|
||||
--- sope-gdl1/PostgreSQL/PostgreSQL72Channel.m (revision 1632)
|
||||
|
|
|
@ -36,6 +36,7 @@
|
|||
NSString *hostname;
|
||||
unsigned int port;
|
||||
NSString *password;
|
||||
NSString *encryption;
|
||||
NSString *_filter;
|
||||
|
||||
NSString *baseDN;
|
||||
|
@ -56,9 +57,10 @@
|
|||
- (id) initFromUDSource: (NSDictionary *) udSource;
|
||||
|
||||
- (void) setBindDN: (NSString *) newBindDN
|
||||
password: (NSString *) newBindPassword
|
||||
hostname: (NSString *) newBindHostname
|
||||
port: (NSString *) newBindPort
|
||||
andPassword: (NSString *) newBindPassword;
|
||||
encryption: (NSString *) newEncryption;
|
||||
- (void) setBaseDN: (NSString *) newBaseDN
|
||||
IDField: (NSString *) newIDField
|
||||
CNField: (NSString *) newCNField
|
||||
|
|
|
@ -26,6 +26,7 @@
|
|||
#import <Foundation/NSString.h>
|
||||
#import <Foundation/NSUserDefaults.h>
|
||||
|
||||
#import <NGExtensions/NSObject+Logs.h>
|
||||
#import <EOControl/EOControl.h>
|
||||
#import <NGLdap/NGLdapConnection.h>
|
||||
#import <NGLdap/NGLdapAttribute.h>
|
||||
|
@ -155,6 +156,7 @@ static NSLock *lock;
|
|||
bindDN = nil;
|
||||
hostname = nil;
|
||||
port = 389;
|
||||
encryption = nil;
|
||||
password = nil;
|
||||
sourceID = nil;
|
||||
|
||||
|
@ -178,6 +180,7 @@ static NSLock *lock;
|
|||
{
|
||||
[bindDN release];
|
||||
[hostname release];
|
||||
[encryption release];
|
||||
[password release];
|
||||
[baseDN release];
|
||||
[IDField release];
|
||||
|
@ -196,30 +199,35 @@ static NSLock *lock;
|
|||
{
|
||||
self = [self init];
|
||||
|
||||
ASSIGN(sourceID, [udSource objectForKey: @"id"]);
|
||||
ASSIGN (sourceID, [udSource objectForKey: @"id"]);
|
||||
|
||||
[self setBindDN: [udSource objectForKey: @"bindDN"]
|
||||
password: [udSource objectForKey: @"bindPassword"]
|
||||
hostname: [udSource objectForKey: @"hostname"]
|
||||
port: [udSource objectForKey: @"port"]
|
||||
andPassword: [udSource objectForKey: @"bindPassword"]];
|
||||
encryption: [udSource objectForKey: @"encryption"]];
|
||||
[self setBaseDN: [udSource objectForKey: @"baseDN"]
|
||||
IDField: [udSource objectForKey: @"IDFieldName"]
|
||||
CNField: [udSource objectForKey: @"CNFieldName"]
|
||||
UIDField: [udSource objectForKey: @"UIDFieldName"]
|
||||
mailFields: [udSource objectForKey: @"MailFieldNames"]
|
||||
andBindFields: [udSource objectForKey: @"bindFields"]];
|
||||
ASSIGN(modulesConstraints, [udSource objectForKey: @"ModulesConstraints"]);
|
||||
ASSIGN(_filter, [udSource objectForKey: @"filter"]);
|
||||
ASSIGN (modulesConstraints, [udSource objectForKey: @"ModulesConstraints"]);
|
||||
ASSIGN (_filter, [udSource objectForKey: @"filter"]);
|
||||
|
||||
return self;
|
||||
}
|
||||
|
||||
- (void) setBindDN: (NSString *) newBindDN
|
||||
password: (NSString *) newBindPassword
|
||||
hostname: (NSString *) newBindHostname
|
||||
port: (NSString *) newBindPort
|
||||
andPassword: (NSString *) newBindPassword
|
||||
encryption: (NSString *) newEncryption
|
||||
{
|
||||
ASSIGN (bindDN, newBindDN);
|
||||
ASSIGN (encryption, [newEncryption uppercaseString]);
|
||||
if ([encryption isEqualToString: @"SSL"])
|
||||
port = 636;
|
||||
ASSIGN (hostname, newBindHostname);
|
||||
if (newBindPort)
|
||||
port = [newBindPort intValue];
|
||||
|
@ -246,6 +254,23 @@ static NSLock *lock;
|
|||
ASSIGN (bindFields, newBindFields);
|
||||
}
|
||||
|
||||
- (BOOL) _setupEncryption: (NGLdapConnection *) encryptedConn
|
||||
{
|
||||
BOOL rc;
|
||||
|
||||
if ([encryption isEqualToString: @"SSL"])
|
||||
rc = [encryptedConn useSSL];
|
||||
else if ([encryption isEqualToString: @"SSL"])
|
||||
rc = [encryptedConn startTLS];
|
||||
else
|
||||
{
|
||||
[self errorWithFormat: @"encryption scheme '%@' not supported: use 'SSL' or 'STARTTLS'"];
|
||||
rc = NO;
|
||||
}
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
- (BOOL) _initLDAPConnection
|
||||
{
|
||||
BOOL b;
|
||||
|
@ -254,14 +279,19 @@ static NSLock *lock;
|
|||
{
|
||||
ldapConnection = [[NGLdapConnection alloc] initWithHostName: hostname
|
||||
port: port];
|
||||
[ldapConnection bindWithMethod: @"simple"
|
||||
binddn: bindDN
|
||||
credentials: password];
|
||||
if (sizeLimit > 0)
|
||||
[ldapConnection setQuerySizeLimit: sizeLimit];
|
||||
if (timeLimit > 0)
|
||||
[ldapConnection setQueryTimeLimit: timeLimit];
|
||||
b = YES;
|
||||
if (![encryption length] || [self _setupEncryption: ldapConnection])
|
||||
{
|
||||
[ldapConnection bindWithMethod: @"simple"
|
||||
binddn: bindDN
|
||||
credentials: password];
|
||||
if (sizeLimit > 0)
|
||||
[ldapConnection setQuerySizeLimit: sizeLimit];
|
||||
if (timeLimit > 0)
|
||||
[ldapConnection setQueryTimeLimit: timeLimit];
|
||||
b = YES;
|
||||
}
|
||||
else
|
||||
b = NO;
|
||||
}
|
||||
NS_HANDLER
|
||||
{
|
||||
|
@ -338,23 +368,26 @@ static NSLock *lock;
|
|||
{
|
||||
bindConnection = [[NGLdapConnection alloc] initWithHostName: hostname
|
||||
port: port];
|
||||
if (timeLimit > 0)
|
||||
[ldapConnection setQueryTimeLimit: timeLimit];
|
||||
if (bindFields)
|
||||
userDN = [self _fetchUserDNForLogin: loginToCheck];
|
||||
else
|
||||
userDN = [NSString stringWithFormat: @"%@=%@,%@",
|
||||
IDField, loginToCheck, baseDN];
|
||||
if (userDN)
|
||||
if (![encryption length] || [self _setupEncryption: bindConnection])
|
||||
{
|
||||
NS_DURING
|
||||
didBind = [bindConnection bindWithMethod: @"simple"
|
||||
binddn: userDN
|
||||
credentials: passwordToCheck];
|
||||
NS_HANDLER
|
||||
NS_ENDHANDLER
|
||||
if (timeLimit > 0)
|
||||
[ldapConnection setQueryTimeLimit: timeLimit];
|
||||
if (bindFields)
|
||||
userDN = [self _fetchUserDNForLogin: loginToCheck];
|
||||
else
|
||||
userDN = [NSString stringWithFormat: @"%@=%@,%@",
|
||||
IDField, loginToCheck, baseDN];
|
||||
if (userDN)
|
||||
{
|
||||
NS_DURING
|
||||
didBind = [bindConnection bindWithMethod: @"simple"
|
||||
binddn: userDN
|
||||
credentials: passwordToCheck];
|
||||
NS_HANDLER
|
||||
NS_ENDHANDLER
|
||||
}
|
||||
[bindConnection release];
|
||||
}
|
||||
[bindConnection release];
|
||||
}
|
||||
|
||||
#if defined(THREADSAFE)
|
||||
|
|
Loading…
Reference in New Issue