#include "user_ops.h"
#ifdef HAVE_LDAP
-#define LDAP_DEPRECATED 1 // Suppress libldap's warning that we are using deprecated API calls
+#define LDAP_DEPRECATED 1 /* Suppress libldap's warning that we are using deprecated API calls */
#include <ldap.h>
int CtdlTryUserLDAP(char *username,
tv.tv_usec = 0;
if (config.c_auth_mode == AUTHMODE_LDAP_AD) {
- sprintf(searchstring, "(sAMAccountName=%s)", username);
+ snprintf(searchstring, sizeof(searchstring), "(sAMAccountName=%s)", username);
}
else {
- sprintf(searchstring, "(&(objectclass=posixAccount)(uid=%s))", username);
+ snprintf(searchstring, sizeof(searchstring), "(&(objectclass=posixAccount)(uid=%s))", username);
}
syslog(LOG_DEBUG, "LDAP search: %s", searchstring);
return(1);
}
-
-// return !0 iff property changed.
-//
+//return !0 iff property changed.
int vcard_set_props_iff_different(struct vCard *v,char *propname,int numvals, char **vals) {
int i;
char *oldval;
}
-// return !0 iff property changed.
-//
+//return !0 iff property changed.
int vcard_set_one_prop_iff_different(struct vCard *v,char *propname, char *newfmt, ...) {
va_list args;
char *newvalue;
int changed_something;
va_start(args,newfmt);
if (-1==vasprintf(&newvalue,newfmt,args)) {
- syslog(LOG_ALERT, "Out of memory!");
+ syslog(LOG_ALERT, "Out of memory!\n");
return 0;
}
changed_something = vcard_set_props_iff_different(v,propname,1,&newvalue);
return changed_something;
}
-
-// Learn LDAP attributes and stuff them into the vCard.
-// Returns nonzero if we changed anything.
-//
+/*
+ * Learn LDAP attributes and stuff them into the vCard.
+ * Returns nonzero if we changed anything.
+ */
int Ctdl_LDAP_to_vCard(char *ldap_dn, struct vCard *v)
{
int changed_something = 0;
syslog(LOG_DEBUG, "LDAP search: %s", ldap_dn);
(void) ldap_search_ext_s(
- ldserver, // ld
- ldap_dn, // base
- LDAP_SCOPE_SUBTREE, // scope
- NULL, // filter
- attrs, // attrs (all attributes)
- 0, // attrsonly (attrs + values)
- NULL, // serverctrls (none)
- NULL, // clientctrls (none)
- &tv, // timeout
- 1, // sizelimit (1 result max)
- &search_result // res
+ ldserver, /* ld */
+ ldap_dn, /* base */
+ LDAP_SCOPE_SUBTREE, /* scope */
+ NULL, /* filter */
+ attrs, /* attrs (all attributes) */
+ 0, /* attrsonly (attrs + values) */
+ NULL, /* serverctrls (none) */
+ NULL, /* clientctrls (none) */
+ &tv, /* timeout */
+ 1, /* sizelimit (1 result max) */
+ &search_result /* res */
);
- // Ignore the return value of ldap_search_ext_s(). Sometimes it returns an error even when
- // the search succeeds. Instead, we check to see whether search_result is still NULL.
+ /* Ignore the return value of ldap_search_ext_s(). Sometimes it returns an error even when
+ * the search succeeds. Instead, we check to see whether search_result is still NULL.
+ */
if (search_result == NULL) {
syslog(LOG_DEBUG, "LDAP search: zero results were returned");
return(0);
}
- // At this point we've got at least one result from our query. If there are multiple
- // results, we still only look at the first one.
+ /* At this point we've got at least one result from our query. If there are multiple
+ * results, we still only look at the first one.
+ */
entry = ldap_first_entry(ldserver, search_result);
if (entry) {
if (o) changed_something |= vcard_set_one_prop_iff_different(v,"org","%s",o[0]);
if (cn) changed_something |= vcard_set_one_prop_iff_different(v,"fn","%s",cn[0]);
if (title) changed_something |= vcard_set_one_prop_iff_different(v,"title","%s",title[0]);
+
if (givenName) ldap_value_free(givenName);
if (initials) ldap_value_free(initials);
if (sn) ldap_value_free(sn);
if (title) ldap_value_free(title);
if (uuid) ldap_value_free(uuid);
}
+ /* free the results */
+ ldap_msgfree(search_result);
- ldap_msgfree(search_result); // free the results
- ldap_unbind(ldserver); // unbind so we can go back in as the authenticating user
- return(changed_something); // tell the caller whether we made any changes
+ /* unbind so we can go back in as the authenticating user */
+ ldap_unbind(ldserver);
+
+ return(changed_something); /* tell the caller whether we made any changes */
}
#endif /* HAVE_LDAP */
int yes_my_citadel_config = 0;
int yes_any_vcard_room = 0;
- if (!CCC->logged_in) return(0); /* Only do this if logged in. */
+ if ((!CCC->logged_in) && (CCC->vcard_updated_by_ldap==0)) return(0); /* Only do this if logged in, or if ldap changed the vcard. */
/* Is this some user's "My Citadel Config" room? */
if (((CCC->room.QRflags & QR_MAILBOX) != 0) &&
(!strcasecmp(&CCC->room.QRname[11], USERCONFIGROOM)) ) {
/* Yes, we want to do this */
yes_my_citadel_config = 1;
-
#ifdef VCARD_SAVES_BY_AIDES_ONLY
- /* Prevent non-aides from performing registration changes */
- if (CCC->user.axlevel < AxAideU) {
+ /* Prevent non-aides from performing registration changes, but ldap is ok. */
+ if ((CCC->user.axlevel < AxAideU) && (CCC->vcard_updated_by_ldap==0)) {
return(1);
}
#endif
if (v == NULL) return(0); /* no vCards were found in this message */
/* If users cannot create their own accounts, they cannot re-register either. */
- if ( (yes_my_citadel_config) && (config.c_disable_newu) && (CCC->user.axlevel < AxAideU) ) {
+ if ( (yes_my_citadel_config) &&
+ (config.c_disable_newu) &&
+ (CCC->user.axlevel < AxAideU) &&
+ (CCC->vcard_updated_by_ldap==0) )
+ {
return(1);
}
vcard_get_prop(v, "fn", 1, 0, 0);
+
if (yes_my_citadel_config) {
/* Bingo! The user is uploading a new vCard, so
* delete the old one. First, figure out which user
char roomname[ROOMNAMELEN];
if (msg->cm_format_type != 4) return(0);
- if (!CCC->logged_in) return(0); /* Only do this if logged in. */
+ if ((!CCC->logged_in) && (CCC->vcard_updated_by_ldap==0)) return(0); /* Only do this if logged in, or if ldap changed the vcard. */
/* We're interested in user config rooms only. */
ptr = msg->cm_fields[eMesageText];
+ CCC->vcard_updated_by_ldap=0; /* As this will write LDAP's previous changes, disallow LDAP change auth until next LDAP change. */
+
NewStrBufDupAppendFlush(&CCC->StatusMessage, NULL, NULL, 0);
StrBufPrintf(CCC->StatusMessage, "%d\n", LISTING_FOLLOWS);
}
vcard_add_prop(v, "email;internet", buf);
+#ifdef HAVE_LDAP
+ /*
+ * Is this an LDAP session? If so, copy various LDAP attributes from the directory entry
+ * into the user's vCard.
+ */
+ if ((config.c_auth_mode == AUTHMODE_LDAP) || (config.c_auth_mode == AUTHMODE_LDAP_AD)) {
+ uid_t ldap_uid;
+ int found_user;
+ char ldap_cn[512];
+ char ldap_dn[512];
+ found_user = CtdlTryUserLDAP(usbuf->fullname, ldap_dn, sizeof ldap_dn, ldap_cn, sizeof ldap_cn, &ldap_uid);
+ if (found_user == 0) {
+ if (Ctdl_LDAP_to_vCard(ldap_dn, v)) {
+ /* Allow global address book and internet directory update without login long enough to write this. */
+ CC->vcard_updated_by_ldap++; /* Otherwise we'll only update the user config. */
+ syslog(LOG_DEBUG, "LDAP Created Initial Vcard for %s\n",usbuf->fullname);
+ }
+ }
+ }
+#endif
vcard_write_user(usbuf, v);
vcard_free(v);
v = vcard_get_user(&CCC->user);
if (v) {
if (Ctdl_LDAP_to_vCard(CCC->ldap_dn, v)) {
+ CCC->vcard_updated_by_ldap++; /* Make sure changes make it to the global address book and internet directory, not just the user config. */
+ syslog(LOG_DEBUG, "LDAP Detected vcard change.\n");
vcard_write_user(&CCC->user, v);
}
}