[Commits] editldap.c 1.8.2.47 1.8.2.48 ldapctrl.c 1.2.2.26 1.2.2.27 ldapserver.c 1.4.2.25 1.4.2.26

colin at claws-mail.org colin at claws-mail.org
Wed Dec 19 17:52:12 CET 2012 

Update of /home/claws-mail/claws/src
In directory srv:/tmp/cvs-serv16710/src

Modified Files:
      Tag: gtk2
	editldap.c ldapctrl.c ldapserver.c 
Log Message:
2012-12-19 [colin]	3.9.0cvs50

	* src/editldap.c
	* src/ldapctrl.c
	* src/ldapserver.c
		Make LDAP over SSL work on Win32 - but not TLS,
		unfortunately. Also, it requires the certificate
		to be trusted.

Index: editldap.c
===================================================================
RCS file: /home/claws-mail/claws/src/editldap.c,v
retrieving revision 1.8.2.47
retrieving revision 1.8.2.48
diff -u -d -r1.8.2.47 -r1.8.2.48
--- editldap.c	19 Sep 2012 15:13:59 -0000	1.8.2.47
+++ editldap.c	19 Dec 2012 16:52:10 -0000	1.8.2.48
@@ -76,7 +76,7 @@
 	GtkWidget *spinbtn_queryage;
 	GtkWidget *check_dynsearch;
 	GtkWidget *check_matchoption;
-#ifdef USE_LDAP_TLS
+#if (defined USE_LDAP_TLS || defined G_OS_WIN32)
 	GtkWidget *enable_ssl;
 	GtkWidget *enable_tls;
 #endif
@@ -231,7 +231,7 @@
 	sPass = gtk_editable_get_chars( GTK_EDITABLE(ldapedit.entry_bindPW), 0, -1 );
 	iPort = gtk_spin_button_get_value_as_int( GTK_SPIN_BUTTON( ldapedit.spinbtn_port ) );
 	iTime = gtk_spin_button_get_value_as_int( GTK_SPIN_BUTTON( ldapedit.spinbtn_timeout ) );
-#ifdef USE_LDAP_TLS
+#if (defined USE_LDAP_TLS || defined G_OS_WIN32)
 	tls = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(ldapedit.enable_tls));
 	ssl = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(ldapedit.enable_ssl));
 #endif
@@ -294,7 +294,7 @@
 	sPass = gtk_editable_get_chars( GTK_EDITABLE(ldapedit.entry_bindPW), 0, -1 );
 	iPort = gtk_spin_button_get_value_as_int( GTK_SPIN_BUTTON( ldapedit.spinbtn_port ) );
 	iTime = gtk_spin_button_get_value_as_int( GTK_SPIN_BUTTON( ldapedit.spinbtn_timeout ) );
-#ifdef USE_LDAP_TLS
+#if (defined USE_LDAP_TLS || defined G_OS_WIN32)
 	tls = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(ldapedit.enable_tls));
 	ssl = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(ldapedit.enable_ssl));
 #endif
@@ -399,7 +399,7 @@
 	GtkWidget *hbox_spin;
 	GtkAdjustment *spinbtn_port_adj;
 	GtkWidget *spinbtn_port;
-#ifdef USE_LDAP_TLS
+#if (defined USE_LDAP_TLS || defined G_OS_WIN32)
 	GtkWidget *enable_ssl_checkbtn, *enable_tls_checkbtn;
 #endif
 	GtkWidget *entry_baseDN;
@@ -466,7 +466,7 @@
 	gtk_widget_set_size_request (spinbtn_port, 64, -1);
 	gtk_spin_button_set_numeric (GTK_SPIN_BUTTON (spinbtn_port), TRUE);
 	
-#ifdef USE_LDAP_TLS
+#if (defined USE_LDAP_TLS || defined G_OS_WIN32)
 	enable_tls_checkbtn = gtk_check_button_new_with_label(_("TLS"));
 	enable_ssl_checkbtn = gtk_check_button_new_with_label(_("SSL"));
 	SET_TOGGLE_SENSITIVITY_REVERSE(enable_tls_checkbtn, enable_ssl_checkbtn);
@@ -480,7 +480,9 @@
 		"If connection fails, be sure to check the correct "
 		"configuration in ldap.conf (TLS_CACERTDIR and TLS_REQCERT fields)." ));
 
+#ifdef G_OS_UNIX /* Win32's ldap_start_tls_s() does not work, for some reason. */
 	gtk_box_pack_start (GTK_BOX (hbox_spin), enable_tls_checkbtn, TRUE, FALSE, 0);
+#endif
 	gtk_box_pack_start (GTK_BOX (hbox_spin), enable_ssl_checkbtn, TRUE, FALSE, 0);
 #endif
 
@@ -535,7 +537,7 @@
 	ldapedit.entry_server = entry_server;
 	ldapedit.spinbtn_port = spinbtn_port;
 	ldapedit.entry_baseDN = entry_baseDN;
-#ifdef USE_LDAP_TLS
+#if (defined USE_LDAP_TLS || defined G_OS_WIN32)
 	ldapedit.enable_ssl = enable_ssl_checkbtn;
 	ldapedit.enable_tls = enable_tls_checkbtn;
 
@@ -875,7 +877,7 @@
 		GTK_TOGGLE_BUTTON( ldapedit.check_dynsearch), TRUE );
 	gtk_toggle_button_set_active(
 		GTK_TOGGLE_BUTTON( ldapedit.check_matchoption), FALSE );
-#ifdef USE_LDAP_TLS
+#if (defined USE_LDAP_TLS || defined G_OS_WIN32)
 	gtk_toggle_button_set_active(
 		GTK_TOGGLE_BUTTON( ldapedit.enable_ssl), FALSE );
 	gtk_toggle_button_set_active(
@@ -915,7 +917,7 @@
 		GTK_SPIN_BUTTON(ldapedit.spinbtn_timeout), ctl->timeOut );
 	gtk_spin_button_set_value(
 		GTK_SPIN_BUTTON(ldapedit.spinbtn_maxentry), ctl->maxEntries );
-#ifdef USE_LDAP_TLS
+#if (defined USE_LDAP_TLS || defined G_OS_WIN32)
 	gtk_toggle_button_set_active(
 		GTK_TOGGLE_BUTTON(ldapedit.enable_tls), ctl->enableTLS );
 	gtk_toggle_button_set_active(
@@ -1012,7 +1014,7 @@
 			GTK_TOGGLE_BUTTON( ldapedit.check_dynsearch ) );
 	bMatch = gtk_toggle_button_get_active(
 			GTK_TOGGLE_BUTTON( ldapedit.check_matchoption ) );
-#ifdef USE_LDAP_TLS
+#if (defined USE_LDAP_TLS || defined G_OS_WIN32)
 	ssl = gtk_toggle_button_get_active(
 			GTK_TOGGLE_BUTTON( ldapedit.enable_ssl ) );
 	tls = gtk_toggle_button_get_active(

Index: ldapctrl.c
===================================================================
RCS file: /home/claws-mail/claws/src/ldapctrl.c,v
retrieving revision 1.2.2.26
retrieving revision 1.2.2.27
diff -u -d -r1.2.2.26 -r1.2.2.27
--- ldapctrl.c	7 Jul 2012 07:09:27 -0000	1.2.2.26
+++ ldapctrl.c	19 Dec 2012 16:52:10 -0000	1.2.2.27
@@ -295,14 +295,14 @@
  * \param value <i>TRUE</i> to enable TLS.
  */
 void ldapctl_set_tls( LdapControl* ctl, const gboolean value ) {
-#ifdef USE_LDAP_TLS
+#if (defined USE_LDAP_TLS || defined G_OS_WIN32)
 	ctl->enableTLS = value;
 	debug_print("setting TLS: %d\n", ctl->enableTLS);
 #endif
 }
 
 void ldapctl_set_ssl( LdapControl* ctl, const gboolean value ) {
-#ifdef USE_LDAP_TLS
+#if (defined USE_LDAP_TLS || defined G_OS_WIN32)
 	ctl->enableSSL = value;
 	debug_print("setting SSL: %d\n", ctl->enableSSL);
 #endif

Index: ldapserver.c
===================================================================
RCS file: /home/claws-mail/claws/src/ldapserver.c,v
retrieving revision 1.4.2.25
retrieving revision 1.4.2.26
diff -u -d -r1.4.2.25 -r1.4.2.26
--- ldapserver.c	7 Jul 2012 07:09:27 -0000	1.4.2.25
+++ ldapserver.c	19 Dec 2012 16:52:10 -0000	1.4.2.26
@@ -738,6 +738,17 @@
 #endif
 }
 
+#ifdef G_OS_WIN32
+#if LDAP_UNICODE
+#define LDAP_START_TLS_S "ldap_start_tls_sW"
+typedef ULONG (* PFldap_start_tls_s) (LDAP *, PULONG, LDAPMessage **, PLDAPControlW *, PLDAPControlW *);
+#else
+#define LDAP_START_TLS_S "ldap_start_tls_sA"
+typedef ULONG (* PFldap_start_tls_s) (LDAP *, PULONG, LDAPMessage **, PLDAPControlA *, PLDAPControlA *);
+#endif /* LDAP_UNICODE */
+PFldap_start_tls_s Win32_ldap_start_tls_s = NULL;
+#endif
+
 /**
  * Connect to LDAP server.
  * \param  ctl Control object to process.
@@ -760,13 +771,30 @@
 	ldap_initialize(&ld, uri);
 #else
 	ld = ldap_sslinit(ctl->hostName, ctl->port, ctl->enableSSL);
-	if (ctl->enableSSL) {
-		ldap_get_option(ld,LDAP_OPT_SSL,(void*)&rc);
+	if (ld && ctl->enableSSL) {
+		version = LDAP_VERSION3;
+		debug_print("Setting version 3\n");
+		rc = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, (void *)&version);
+		if (rc == LDAP_SUCCESS)
+			ctl->version = LDAP_VERSION3;
+		else
+			debug_print("Failed: %s\n", ldaputil_get_error(ld));
+
+		if (ldap_get_option(ld,LDAP_OPT_SSL,(void*)&rc) != LDAP_SUCCESS)
+			debug_print("Can't get SSL state\n");
+
 		if ((void *)rc != LDAP_OPT_ON) {
 			debug_print("Enabling SSL\n");
-			if (ldap_set_option(ld,LDAP_OPT_SSL,LDAP_OPT_ON) != 0)
+			if (ldap_set_option(ld,LDAP_OPT_SSL,LDAP_OPT_ON) != LDAP_SUCCESS)
 				debug_print("Failed: %s\n", ldaputil_get_error(ld));
+			else {
+				ldap_get_option(ld,LDAP_OPT_SSL,(void*)&rc);
+				debug_print("SSL now %d\n", rc);
+			}
+
 		}
+		if (!ld || (rc = ldap_connect(ld, NULL)) != LDAP_SUCCESS)
+			debug_print("ldap_connect failed: %d %s\n", rc, ldaputil_get_error(ld));
 	}
 #endif
 	g_free(uri);
@@ -778,22 +806,43 @@
 	debug_print("Got handle to LDAP host %s on port %d\n", ctl->hostName, ctl->port);
 
 	version = LDAP_VERSION3;
+	debug_print("Setting version 3\n");
 	rc = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version);
 	if (rc == LDAP_OPT_SUCCESS) {
 		ctl->version = LDAP_VERSION3;
 	} else
 		g_printerr("LDAP: Error %d (%s)\n",
 			rc, ldaputil_get_error(ld));
-#ifdef USE_LDAP_TLS
+
+#if (defined USE_LDAP_TLS || defined G_OS_WIN32)
 	/* Handle TLS */
 	if (ctl->version == LDAP_VERSION3) {
 		if (ctl->enableTLS && !ctl->enableSSL) {
+#ifdef G_OS_WIN32
+			ULONG serv_rc;
+			if (Win32_ldap_start_tls_s == NULL) {
+				void *lib = LoadLibrary("wldap32.dll");
+				if (!lib || (Win32_ldap_start_tls_s = (PFldap_start_tls_s) GetProcAddress(lib, LDAP_START_TLS_S)) == NULL) {
+					g_printerr("LDAP Error(tls): ldap_start_tls_s: not supported on this platform");
+					if (lib)
+						FreeLibrary(lib);
+					return NULL;
+				}
+			}
+			debug_print("Setting TLS\n");
+			rc = Win32_ldap_start_tls_s(ld, &serv_rc, NULL, NULL, NULL);
+			debug_print("ldap_start_tls_s: %d server %d %s\n",
+					rc, serv_rc, ldaputil_get_error(ld));
+#else
+			debug_print("Setting TLS\n");
 			rc = ldap_start_tls_s(ld, NULL, NULL);
-			
+#endif
 			if (rc != LDAP_SUCCESS) {
-				g_printerr("LDAP Error(tls): ldap_simple_bind_s: %s\n",
-					ldaputil_get_error(ld));
+				g_printerr("LDAP Error(tls): ldap_start_tls_s: %d %s\n",
+					rc, ldaputil_get_error(ld));
 				return NULL;
+			} else {
+				debug_print("Done\n");
 			}
 		}
 	}

More information about the Commits mailing list