projects / citadel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Disable ldap referrals so Craptastic Directory does not break, thanks beto for the...
[citadel.git] / citadel / ldap.c
diff --git a/citadel/ldap.c b/citadel/ldap.c
index d0b63a5f547a1f4d45d04278ebf0f903255d5460..baa123aebc67441233428f7a90ca1d1668bff012 100644 (file)
--- a/citadel/ldap.c
+++ b/citadel/ldap.c
@@ -1,6 +1,4 @@
 /*
- * $Id$
- *
  * These functions implement the portions of AUTHMODE_LDAP and AUTHMODE_LDAP_AD which
  * actually speak to the LDAP server.
  *
@@ -56,7 +54,6 @@ int ctdl_require_ldap_version = 3;
 #include "citadel.h"
 #include "server.h"
 #include "database.h"
-#include "user_ops.h"
 #include "sysdep_decls.h"
 #include "support.h"
 #include "room_ops.h"
@@ -70,6 +67,7 @@ int ctdl_require_ldap_version = 3;
 #include "threads.h"
 #include "citadel_ldap.h"
 #include "ctdl_module.h"
+#include "user_ops.h"
 
 #ifdef HAVE_LDAP
 #define LDAP_DEPRECATED 1      /* Suppress libldap's warning that we are using deprecated API calls */
@@ -93,7 +91,7 @@ int CtdlTryUserLDAP(char *username,
 
        ldserver = ldap_init(config.c_ldap_host, config.c_ldap_port);
        if (ldserver == NULL) {
-               CtdlLogPrintf(CTDL_ALERT, "LDAP: Could not connect to %s:%d : %s\n",
+               syslog(LOG_ALERT, "LDAP: Could not connect to %s:%d : %s\n",
                        config.c_ldap_host, config.c_ldap_port,
                        strerror(errno)
                );
@@ -101,16 +99,17 @@ int CtdlTryUserLDAP(char *username,
        }
 
        ldap_set_option(ldserver, LDAP_OPT_PROTOCOL_VERSION, &ctdl_require_ldap_version);
+       ldap_set_option(ldserver, LDAP_OPT_REFERRALS, (void *)LDAP_OPT_OFF);
 
        striplt(config.c_ldap_bind_dn);
        striplt(config.c_ldap_bind_pw);
-       CtdlLogPrintf(CTDL_DEBUG, "LDAP bind DN: %s\n", config.c_ldap_bind_dn);
+       syslog(LOG_DEBUG, "LDAP bind DN: %s\n", config.c_ldap_bind_dn);
        i = ldap_simple_bind_s(ldserver,
                (!IsEmptyStr(config.c_ldap_bind_dn) ? config.c_ldap_bind_dn : NULL),
                (!IsEmptyStr(config.c_ldap_bind_pw) ? config.c_ldap_bind_pw : NULL)
        );
        if (i != LDAP_SUCCESS) {
-               CtdlLogPrintf(CTDL_ALERT, "LDAP: Cannot bind: %s (%d)\n", ldap_err2string(i), i);
+               syslog(LOG_ALERT, "LDAP: Cannot bind: %s (%d)\n", ldap_err2string(i), i);
                return(i);
        }
 
@@ -124,7 +123,7 @@ int CtdlTryUserLDAP(char *username,
                sprintf(searchstring, "(&(objectclass=posixAccount)(uid=%s))", username);
        }
 
-       CtdlLogPrintf(CTDL_DEBUG, "LDAP search: %s\n", searchstring);
+       syslog(LOG_DEBUG, "LDAP search: %s\n", searchstring);
        i = ldap_search_ext_s(ldserver,                         /* ld                           */
                config.c_ldap_base_dn,                          /* base                         */
                LDAP_SCOPE_SUBTREE,                             /* scope                        */
@@ -142,7 +141,7 @@ int CtdlTryUserLDAP(char *username,
         * the search succeeds.  Instead, we check to see whether search_result is still NULL.
         */
        if (search_result == NULL) {
-               CtdlLogPrintf(CTDL_DEBUG, "LDAP search: zero results were returned\n");
+               syslog(LOG_DEBUG, "LDAP search: zero results were returned\n");
                ldap_unbind(ldserver);
                return(2);
        }
@@ -155,7 +154,7 @@ int CtdlTryUserLDAP(char *username,
 
                user_dn = ldap_get_dn(ldserver, entry);
                if (user_dn) {
-                       CtdlLogPrintf(CTDL_DEBUG, "dn = %s\n", user_dn);
+                       syslog(LOG_DEBUG, "dn = %s\n", user_dn);
                }
 
                if (config.c_auth_mode == AUTHMODE_LDAP_AD) {
@@ -163,7 +162,7 @@ int CtdlTryUserLDAP(char *username,
                        if (values) {
                                if (values[0]) {
                                        if (fullname) safestrncpy(fullname, values[0], fullname_size);
-                                       CtdlLogPrintf(CTDL_DEBUG, "displayName = %s\n", values[0]);
+                                       syslog(LOG_DEBUG, "displayName = %s\n", values[0]);
                                }
                                ldap_value_free(values);
                        }
@@ -173,7 +172,7 @@ int CtdlTryUserLDAP(char *username,
                        if (values) {
                                if (values[0]) {
                                        if (fullname) safestrncpy(fullname, values[0], fullname_size);
-                                       CtdlLogPrintf(CTDL_DEBUG, "cn = %s\n", values[0]);
+                                       syslog(LOG_DEBUG, "cn = %s\n", values[0]);
                                }
                                ldap_value_free(values);
                        }
@@ -185,7 +184,7 @@ int CtdlTryUserLDAP(char *username,
                                if (values[0]) {
                                        if (uid != NULL) {
                                                *uid = abs(HashLittle(values[0], strlen(values[0])));
-                                               CtdlLogPrintf(CTDL_DEBUG, "uid hashed from objectGUID = %d\n", *uid);
+                                               syslog(LOG_DEBUG, "uid hashed from objectGUID = %d\n", *uid);
                                        }
                                }
                                ldap_value_free(values);
@@ -195,7 +194,7 @@ int CtdlTryUserLDAP(char *username,
                        values = ldap_get_values(ldserver, search_result, "uidNumber");
                        if (values) {
                                if (values[0]) {
-                                       CtdlLogPrintf(CTDL_DEBUG, "uidNumber = %s\n", values[0]);
+                                       syslog(LOG_DEBUG, "uidNumber = %s\n", values[0]);
                                        if (uid != NULL) {
                                                *uid = atoi(values[0]);
                                        }
@@ -213,7 +212,7 @@ int CtdlTryUserLDAP(char *username,
        ldap_unbind(ldserver);
 
        if (!user_dn) {
-               CtdlLogPrintf(CTDL_DEBUG, "No such user was found.\n");
+               syslog(LOG_DEBUG, "No such user was found.\n");
                return(4);
        }
 
@@ -223,22 +222,28 @@ int CtdlTryUserLDAP(char *username,
 }
 
 
-int CtdlTryPasswordLDAP(char *user_dn, char *password)
+int CtdlTryPasswordLDAP(char *user_dn, const char *password)
 {
        LDAP *ldserver = NULL;
        int i = (-1);
 
-       CtdlLogPrintf(CTDL_DEBUG, "LDAP: trying to bind as %s\n", user_dn);
+       if (IsEmptyStr(password)) {
+               syslog(LOG_DEBUG, "LDAP: empty passwords are not permitted\n");
+               return(1);
+       }
+
+       syslog(LOG_DEBUG, "LDAP: trying to bind as %s\n", user_dn);
        ldserver = ldap_init(config.c_ldap_host, config.c_ldap_port);
        if (ldserver) {
                ldap_set_option(ldserver, LDAP_OPT_PROTOCOL_VERSION, &ctdl_require_ldap_version);
                i = ldap_simple_bind_s(ldserver, user_dn, password);
                if (i == LDAP_SUCCESS) {
-                       CtdlLogPrintf(CTDL_DEBUG, "LDAP: bind succeeded\n");
+                       syslog(LOG_DEBUG, "LDAP: bind succeeded\n");
                }
                else {
-                       CtdlLogPrintf(CTDL_DEBUG, "LDAP: Cannot bind: %s (%d)\n", ldap_err2string(i), i);
+                       syslog(LOG_DEBUG, "LDAP: Cannot bind: %s (%d)\n", ldap_err2string(i), i);
                }
+               ldap_set_option(ldserver, LDAP_OPT_REFERRALS, (void *)LDAP_OPT_OFF);
                ldap_unbind(ldserver);
        }
 
@@ -256,7 +261,7 @@ int CtdlTryPasswordLDAP(char *user_dn, char *password)
  */
 int Ctdl_LDAP_to_vCard(char *ldap_dn, struct vCard *v)
 {
-       changed_something = 0;
+       int changed_something = 0;
 
        if (!ldap_dn) return(0);
        if (!v) return(0);
Citadel server, clients, utilities