evolution-data-server r9492 - in trunk/addressbook: . backends/ldap
- From: msuman svn gnome org
- To: svn-commits-list gnome org
- Subject: evolution-data-server r9492 - in trunk/addressbook: . backends/ldap
- Date: Mon, 8 Sep 2008 03:59:44 +0000 (UTC)
Author: msuman
Date: Mon Sep 8 03:59:44 2008
New Revision: 9492
URL: http://svn.gnome.org/viewvc/evolution-data-server?rev=9492&view=rev
Log:
Milan Crha <mcrha redhat com> ** Fix for bug #361413 (Report to user the server requires authentication if server returns 'unwilling to response'. Also do not try to connect anonymously if authentication is required).
Modified:
trunk/addressbook/ChangeLog
trunk/addressbook/backends/ldap/e-book-backend-ldap.c
Modified: trunk/addressbook/backends/ldap/e-book-backend-ldap.c
==============================================================================
--- trunk/addressbook/backends/ldap/e-book-backend-ldap.c (original)
+++ trunk/addressbook/backends/ldap/e-book-backend-ldap.c Mon Sep 8 03:59:44 2008
@@ -711,7 +711,7 @@
attrs, 0, NULL, NULL, &timeout, LDAP_NO_LIMIT, &resp);
g_static_rec_mutex_unlock (&eds_ldap_handler_lock);
if (ldap_error != LDAP_SUCCESS) {
- g_warning ("could not perform query on Root DSE (ldap_error 0x%02x)", ldap_error);
+ g_warning ("could not perform query on Root DSE (ldap_error 0x%02x/%s)", ldap_error, ldap_err2string (ldap_error) ? ldap_err2string (ldap_error) : "Unknown error");
return ldap_error;
}
@@ -905,7 +905,7 @@
authenticate the user properly later (in
authenticate_user) if they've selected
authentication */
- ldap_error = ldap_simple_bind_s (blpriv->ldap, NULL, NULL);
+ ldap_error = ldap_simple_bind_s (blpriv->ldap, blpriv->auth_dn, blpriv->auth_passwd);
if (ldap_error == LDAP_PROTOCOL_ERROR) {
g_warning ("failed to bind using v3. trying v2.");
/* server doesn't support v3 binds, so let's
@@ -915,7 +915,7 @@
protocol_version = LDAP_VERSION2;
ldap_set_option (blpriv->ldap, LDAP_OPT_PROTOCOL_VERSION, &protocol_version);
- ldap_error = ldap_simple_bind_s (blpriv->ldap, NULL, NULL);
+ ldap_error = ldap_simple_bind_s (blpriv->ldap, blpriv->auth_dn, blpriv->auth_passwd);
}
if (ldap_error == LDAP_PROTOCOL_ERROR) {
@@ -971,8 +971,10 @@
diff/1000,diff%1000);
}
return GNOME_Evolution_Addressbook_Success;
- }
- else
+ } else if (ldap_error == LDAP_UNWILLING_TO_PERFORM) {
+ e_book_backend_notify_auth_required (E_BOOK_BACKEND (bl));
+ return GNOME_Evolution_Addressbook_AuthenticationRequired;
+ } else
g_warning ("Failed to perform root dse query anonymously, (ldap_error 0x%02x)", ldap_error);
}
else {
@@ -4570,19 +4572,6 @@
return;
}
- g_static_rec_mutex_lock (&eds_ldap_handler_lock);
- if (!bl->priv->connected || !bl->priv->ldap) {
- g_static_rec_mutex_unlock (&eds_ldap_handler_lock);
-
- status = e_book_backend_ldap_connect (bl);
- if (status != GNOME_Evolution_Addressbook_Success) {
- e_data_book_respond_authenticate_user (book,
- opid, status);
- return ;
- }
- }
- g_static_rec_mutex_unlock (&eds_ldap_handler_lock);
-
if (!g_ascii_strncasecmp (auth_method, LDAP_SIMPLE_PREFIX, strlen (LDAP_SIMPLE_PREFIX))) {
if (!strcmp (auth_method, "ldap/simple-email")) {
@@ -4632,20 +4621,35 @@
dn = g_strdup (user);
}
+ g_free (bl->priv->auth_dn);
+ g_free (bl->priv->auth_passwd);
+
+ bl->priv->auth_dn = dn;
+ bl->priv->auth_passwd = g_strdup (passwd);
+
/* now authenticate against the DN we were either supplied or queried for */
printf ("simple auth as %s\n", dn);
g_static_rec_mutex_lock (&eds_ldap_handler_lock);
+ if (!bl->priv->connected || !bl->priv->ldap) {
+ g_static_rec_mutex_unlock (&eds_ldap_handler_lock);
+
+ status = e_book_backend_ldap_connect (bl);
+ if (status != GNOME_Evolution_Addressbook_Success) {
+ e_data_book_respond_authenticate_user (book,
+ opid, status);
+ return ;
+ }
+ }
+
ldap_error = ldap_simple_bind_s(bl->priv->ldap,
- dn,
- passwd);
+ bl->priv->auth_dn,
+ bl->priv->auth_passwd);
g_static_rec_mutex_unlock (&eds_ldap_handler_lock);
/* Some ldap servers are returning (ex active directory ones) LDAP_SERVER_DOWN
* when we try to do an ldap operation after being idle
* for some time. This error is handled by poll_ldap in case of search operations
* We need to handle it explicitly for this bind call. We call reconnect so that
* we get a fresh ldap handle Fixes #67541 */
- bl->priv->auth_dn = dn;
- bl->priv->auth_passwd = g_strdup (passwd);
if (ldap_error == LDAP_SERVER_DOWN) {
EDataBookView *view = find_book_view (bl);
@@ -4664,6 +4668,16 @@
else if (!g_ascii_strncasecmp (auth_method, SASL_PREFIX, strlen (SASL_PREFIX))) {
g_print ("sasl bind (mech = %s) as %s", auth_method + strlen (SASL_PREFIX), user);
g_static_rec_mutex_lock (&eds_ldap_handler_lock);
+ if (!bl->priv->connected || !bl->priv->ldap) {
+ g_static_rec_mutex_unlock (&eds_ldap_handler_lock);
+
+ status = e_book_backend_ldap_connect (bl);
+ if (status != GNOME_Evolution_Addressbook_Success) {
+ e_data_book_respond_authenticate_user (book,
+ opid, status);
+ return ;
+ }
+ }
ldap_error = ldap_sasl_bind_s (bl->priv->ldap,
NULL,
auth_method + strlen (SASL_PREFIX),
@@ -4893,8 +4907,18 @@
e_book_backend_notify_connection_status (backend, TRUE);
}
- /* Online */
+ str = e_source_get_property (source, "auth");
+ if (str && *str && !g_str_equal (str, "none") && !g_str_equal (str, "0")) {
+ /* Requires authentication, do not try to bind without it,
+ but report success instead, as we are loaded. */
+ if (enable_debug)
+ printf ("e_book_backend_ldap_load_source ... skipping anonymous bind, because auth required\n");
+ e_book_backend_notify_auth_required (E_BOOK_BACKEND (bl));
+ return GNOME_Evolution_Addressbook_Success;
+ }
+
+ /* Online */
result = e_book_backend_ldap_connect (bl);
if (result != GNOME_Evolution_Addressbook_Success) {
if (enable_debug)
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
