Permalink
Switch branches/tags
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
155 lines (145 sloc) 5.85 KB
From be87b5fcb39cf4af4f708fe060026b729a8f6ad2 Mon Sep 17 00:00:00 2001
From: "Wang Kang" <i@scateu.me>
Date: Sat, 19 Mar 2016 02:20:49 +0800
Subject: [PATCH 1/1] Add a "require-ldapssl-on-connection" switch to support
LDAPSSL (Port 636)
---
alpine/ldapconf.c | 12 ++++++++++--
pith/ldap.c | 11 ++++++++++-
pith/ldap.h | 1 +
pith/pine.hlp | 21 +++++++++++++++++++++
4 files changed, 42 insertions(+), 3 deletions(-)
diff --git a/alpine/ldapconf.c b/alpine/ldapconf.c
index 714bf0c..4981364 100644
--- a/alpine/ldapconf.c
+++ b/alpine/ldapconf.c
@@ -1145,6 +1145,7 @@ dir_config_edit(struct pine *ps, CONF_S **cl)
#define LDAP_F_NOSUB 3
#define LDAP_F_TLS 4
#define LDAP_F_TLSMUST 5
+#define LDAP_F_LDAPS 6
bitmap_t ldap_option_list;
struct variable *ldap_srch_rule_ptr;
@@ -1351,6 +1352,8 @@ dir_edit_screen(struct pine *ps, LDAP_SERV_S *def, char *title, char **raw_serve
setbitn(LDAP_F_TLS, ldap_option_list);
if(def && def->tlsmust)
setbitn(LDAP_F_TLSMUST, ldap_option_list);
+ if(def && def->ldaps)
+ setbitn(LDAP_F_LDAPS, ldap_option_list);
/* save the old opt_screen before calling scroll screen again */
saved_screen = opt_screen;
@@ -1499,6 +1502,9 @@ dir_edit_screen(struct pine *ps, LDAP_SERV_S *def, char *title, char **raw_serve
case LDAP_F_TLSMUST:
ctmp->help = h_config_ldap_opts_tlsmust;
break;
+ case LDAP_F_LDAPS:
+ ctmp->help = h_config_ldap_opts_ldaps; //TODO: SSL and TLS as radiobutton
+ break;
}
ctmp->tool = ldap_checkbox_tool;
@@ -1919,7 +1925,7 @@ dir_edit_screen(struct pine *ps, LDAP_SERV_S *def, char *title, char **raw_serve
}
}
- snprintf(dir_tmp, sizeof(dir_tmp), "%s%s%s \"/base=%s/binddn=%s/impl=%d/rhs=%d/ref=%d/nosub=%d/tls=%d/tlsm=%d/type=%s/srch=%s%s/time=%s/size=%s/cust=%s/nick=%s/matr=%s/catr=%s/satr=%s/gatr=%s\"",
+ snprintf(dir_tmp, sizeof(dir_tmp), "%s%s%s \"/base=%s/binddn=%s/impl=%d/rhs=%d/ref=%d/nosub=%d/tls=%d/tlsm=%d/ldaps=%d/type=%s/srch=%s%s/time=%s/size=%s/cust=%s/nick=%s/matr=%s/catr=%s/satr=%s/gatr=%s\"",
server ? server : "",
(portval >= 0 && port && *port) ? ":" : "",
(portval >= 0 && port && *port) ? port : "",
@@ -1931,6 +1937,7 @@ dir_edit_screen(struct pine *ps, LDAP_SERV_S *def, char *title, char **raw_serve
bitnset(LDAP_F_NOSUB, ldap_option_list) ? 1 : 0,
bitnset(LDAP_F_TLS, ldap_option_list) ? 1 : 0,
bitnset(LDAP_F_TLSMUST, ldap_option_list) ? 1 : 0,
+ bitnset(LDAP_F_LDAPS, ldap_option_list) ? 1 : 0,
srch_type ? srch_type : "",
srch_rule ? srch_rule : "",
custom_scope,
@@ -2364,7 +2371,8 @@ ldap_feature_list(int index)
{"save-search-criteria-not-result", NULL, LDAP_F_REF},
{"disable-ad-hoc-space-substitution", NULL, LDAP_F_NOSUB},
{"attempt-tls-on-connection", NULL, LDAP_F_TLS},
- {"require-tls-on-connection", NULL, LDAP_F_TLSMUST}
+ {"require-tls-on-connection", NULL, LDAP_F_TLSMUST}, // TODO rename tls to starttls
+ {"require-ldaps-on-connection", NULL, LDAP_F_LDAPS}
};
return((index >= 0 &&
diff --git a/pith/ldap.c b/pith/ldap.c
index a007873..7af48ea 100644
--- a/pith/ldap.c
+++ b/pith/ldap.c
@@ -472,7 +472,12 @@ ldap_lookup(LDAP_SERV_S *info, char *string, CUSTOM_FILT_S *cust,
if((ld = ldap_init(serv, info->port)) == NULL)
#else
#if (LDAPAPI >= 11)
- if((ld = ldap_init(serv, info->port)) == NULL)
+ char _URI[900];
+ if(info->ldaps)
+ snprintf(_URI, sizeof(_URI), "ldaps://%s:%d", serv, info->port);
+ else
+ snprintf(_URI, sizeof(_URI), "ldap://%s:%d", serv, info->port);
+ if(ldap_initialize(&ld, _URI) != LDAP_SUCCESS)
#else
if((ld = ldap_open(serv, info->port)) == NULL)
#endif
@@ -1345,6 +1350,10 @@ break_up_ldap_server(char *serv_str)
if((q = srchstr(tail, "/tlsm=1")) != NULL)
info->tlsmust = 1;
+ /* get the ldaps parameter */
+ if((q = srchstr(tail, "/ldaps=1")) != NULL)
+ info->ldaps = 1;
+
/* get the search type value */
if((q = srchstr(tail, "/type=")) != NULL){
NAMEVAL_S *v;
diff --git a/pith/ldap.h b/pith/ldap.h
index 2168e5f..d6c7e28 100644
--- a/pith/ldap.h
+++ b/pith/ldap.h
@@ -48,6 +48,7 @@ typedef struct ldap_serv {
nosub, /* Disable space sub feature */
tls, /* Attempt TLS */
tlsmust, /* Require TLS */
+ ldaps, /* Require LDAPS */
type, /* Search type (surname...) */
srch, /* Search rule (contains...) */
scope; /* Scope of search (base...) */
diff --git a/pith/pine.hlp b/pith/pine.hlp
index 19d86d4..7aa2111 100644
--- a/pith/pine.hlp
+++ b/pith/pine.hlp
@@ -3355,6 +3355,7 @@ There are also additional details on
<li><a href="h_config_ldap_opts_nosub">LDAP FEATURE: Disable-Ad-Hoc-Space-Substitution</a>
<li><a href="h_config_ldap_opts_rhs">LDAP FEATURE: Lookup-Addrbook-Contents</a>
<li><a href="h_config_ldap_opts_tlsmust">LDAP FEATURE: Require-TLS-On-Connection</a>
+<li><a href="h_config_ldap_opts_ldaps">LDAP FEATURE: Require-LDAPS-On-Connection</a>
<li><a href="h_config_ldap_opts_ref">LDAP FEATURE: Save-Search-Criteria-Not-Result</a>
<li><a href="h_config_ldap_opts_impl">LDAP FEATURE: Use-Implicitly-From-Composer</a>
<li><a href="h_config_ldap_binddn">LDAP OPTION: Bind-DN</a>
@@ -14290,6 +14291,26 @@ If the StartTLS operation fails then the connection will not be used.
&lt;End of help on this topic&gt;
</BODY>
</HTML>
+======= h_config_ldap_opts_ldaps =======
+<HTML>
+<HEAD>
+<TITLE>LDAP FEATURE: Require-LDAPS-On-Connection</TITLE>
+</HEAD>
+<BODY>
+<H1>LDAP FEATURE: Require-LDAPS-On-Connection</H1>
+
+When connecting to this server Alpine will use LDAPS (LDAP over SSL/TLS)
+on the connection.
+
+This feature shouldn't be used along with
+<A HREF="h_config_ldap_opts_tlsmust">&quot;Require-TLS-On-Connection&quot;</A>
+ or
+<A HREF="h_config_ldap_opts_tls">&quot;Attempt-TLS-On-Connection&quot;</A>
+
+<P>
+&lt;End of help on this topic&gt;
+</BODY>
+</HTML>
====== h_config_ldap_opts_rhs =====
<HTML>
<HEAD>
--
1.9.1