[evolution] I#1605 - LDAP: Use also set security when searching the root DSE
- From: Milan Crha <mcrha src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [evolution] I#1605 - LDAP: Use also set security when searching the root DSE
- Date: Fri, 17 Sep 2021 10:04:47 +0000 (UTC)
commit 6fb5da543c717549dc09c2c88f755ad159947ff7
Author: Milan Crha <mcrha redhat com>
Date: Fri Sep 17 12:04:06 2021 +0200
I#1605 - LDAP: Use also set security when searching the root DSE
Closes https://gitlab.gnome.org/GNOME/evolution/-/issues/1605
src/e-util/e-collection-account-wizard.c | 21 ++++++++++--
src/e-util/e-misc-utils.c | 38 ++++++++++++++++++++++
src/e-util/e-misc-utils.h | 1 +
.../book-config-ldap/evolution-book-config-ldap.c | 11 ++++---
4 files changed, 65 insertions(+), 6 deletions(-)
---
diff --git a/src/e-util/e-collection-account-wizard.c b/src/e-util/e-collection-account-wizard.c
index f790f9660d..6fd06b4903 100644
--- a/src/e-util/e-collection-account-wizard.c
+++ b/src/e-util/e-collection-account-wizard.c
@@ -1189,13 +1189,28 @@ collection_account_wizard_write_changes_thread (ESimpleAsyncResult *result,
if (!root_dn || !*root_dn) {
gchar **root_dse = NULL;
+ ESourceLDAPSecurity security;
+ gboolean success;
camel_operation_push_message (cancellable, "%s", _("Looking up LDAP server’s search
base…"));
- if (e_util_query_ldap_root_dse_sync (
+ security = e_source_ldap_get_security (ldap_extension);
+ success = e_util_query_ldap_root_dse_sync (
e_source_authentication_get_host (auth_extension),
e_source_authentication_get_port (auth_extension),
- &root_dse, cancellable, NULL)) {
+ security,
+ &root_dse, cancellable, &local_error);
+
+ if (!success && security != E_SOURCE_LDAP_SECURITY_NONE &&
+ g_error_matches (local_error, G_IO_ERROR, G_IO_ERROR_CONNECTION_REFUSED)) {
+ success = e_util_query_ldap_root_dse_sync (
+ e_source_authentication_get_host (auth_extension),
+ e_source_authentication_get_port (auth_extension),
+ E_SOURCE_LDAP_SECURITY_NONE,
+ &root_dse, cancellable, NULL);
+ }
+
+ if (success) {
if (root_dse && root_dse[0])
e_source_ldap_set_root_dn (ldap_extension, root_dse[0]);
@@ -1203,6 +1218,8 @@ collection_account_wizard_write_changes_thread (ESimpleAsyncResult *result,
}
camel_operation_pop_message (cancellable);
+
+ g_clear_error (&local_error);
}
}
diff --git a/src/e-util/e-misc-utils.c b/src/e-util/e-misc-utils.c
index fdfca25572..2caf35c835 100644
--- a/src/e-util/e-misc-utils.c
+++ b/src/e-util/e-misc-utils.c
@@ -3935,6 +3935,7 @@ e_util_resize_window_for_screen (GtkWindow *window,
* e_util_query_ldap_root_dse_sync:
* @host: an LDAP server host name
* @port: an LDAP server port
+ * @security: an %ESourceLDAPSecurity to use for the connection
* @out_root_dse: (out) (transfer full): NULL-terminated array of the server root DSE-s, or %NULL on error
* @cancellable: optional #GCancellable object, or %NULL
* @error: return location for a #GError, or %NULL
@@ -3954,6 +3955,7 @@ e_util_resize_window_for_screen (GtkWindow *window,
gboolean
e_util_query_ldap_root_dse_sync (const gchar *host,
guint16 port,
+ ESourceLDAPSecurity security,
gchar ***out_root_dse,
GCancellable *cancellable,
GError **error)
@@ -4004,6 +4006,42 @@ e_util_query_ldap_root_dse_sync (const gchar *host,
goto exit;
}
+ if (g_cancellable_set_error_if_cancelled (cancellable, error))
+ goto exit;
+
+ if (security == E_SOURCE_LDAP_SECURITY_LDAPS) {
+#ifdef SUNLDAP
+ if (ldap_error == LDAP_SUCCESS) {
+ ldap_set_option (ldap, LDAP_OPT_RECONNECT, LDAP_OPT_ON );
+ }
+#else
+#if defined (LDAP_OPT_X_TLS_HARD) && defined (LDAP_OPT_X_TLS)
+ gint tls_level = LDAP_OPT_X_TLS_HARD;
+ ldap_set_option (ldap, LDAP_OPT_X_TLS, &tls_level);
+
+ /* setup this on the global option set */
+ tls_level = LDAP_OPT_X_TLS_ALLOW;
+ ldap_set_option (NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &tls_level);
+#elif defined (G_OS_WIN32)
+ ldap_set_option (ldap, LDAP_OPT_SSL, LDAP_OPT_ON);
+#endif
+#endif
+ } else if (security == E_SOURCE_LDAP_SECURITY_STARTTLS) {
+#ifdef SUNLDAP
+ if (ldap_error == LDAP_SUCCESS) {
+ ldap_set_option (ldap, LDAP_OPT_RECONNECT, LDAP_OPT_ON);
+ }
+#else
+ ldap_error = ldap_start_tls_s (ldap, NULL, NULL);
+#endif
+ if (ldap_error != LDAP_SUCCESS) {
+ g_set_error (error, G_IO_ERROR, G_IO_ERROR_CONNECTION_REFUSED,
+ _("Failed to use STARTTLS (%d): %s"), ldap_error,
+ ldap_err2string (ldap_error) ? ldap_err2string (ldap_error) : _("Unknown
error"));
+ goto exit;
+ }
+ }
+
if (g_cancellable_set_error_if_cancelled (cancellable, error))
goto exit;
diff --git a/src/e-util/e-misc-utils.h b/src/e-util/e-misc-utils.h
index 41683262e6..85f73e8fa4 100644
--- a/src/e-util/e-misc-utils.h
+++ b/src/e-util/e-misc-utils.h
@@ -316,6 +316,7 @@ void e_util_resize_window_for_screen (GtkWindow *window,
const GSList *children); /* GtkWidget * */
gboolean e_util_query_ldap_root_dse_sync (const gchar *host,
guint16 port,
+ ESourceLDAPSecurity security,
gchar ***out_root_dse,
GCancellable *cancellable,
GError **error);
diff --git a/src/modules/book-config-ldap/evolution-book-config-ldap.c
b/src/modules/book-config-ldap/evolution-book-config-ldap.c
index 554337e422..1d3015d8ba 100644
--- a/src/modules/book-config-ldap/evolution-book-config-ldap.c
+++ b/src/modules/book-config-ldap/evolution-book-config-ldap.c
@@ -292,7 +292,8 @@ book_config_ldap_search_base_thread (ESimpleAsyncResult *result,
gpointer source_object,
GCancellable *cancellable)
{
- ESourceAuthentication *extension;
+ ESourceAuthentication *auth_extension;
+ ESourceLDAP *ldap_extension;
SearchBaseData *sbd;
g_return_if_fail (E_IS_SIMPLE_ASYNC_RESULT (result));
@@ -301,11 +302,13 @@ book_config_ldap_search_base_thread (ESimpleAsyncResult *result,
g_return_if_fail (sbd != NULL);
- extension = e_source_get_extension (sbd->source, E_SOURCE_EXTENSION_AUTHENTICATION);
+ auth_extension = e_source_get_extension (sbd->source, E_SOURCE_EXTENSION_AUTHENTICATION);
+ ldap_extension = e_source_get_extension (sbd->source, E_SOURCE_EXTENSION_LDAP_BACKEND);
if (!e_util_query_ldap_root_dse_sync (
- e_source_authentication_get_host (extension),
- e_source_authentication_get_port (extension),
+ e_source_authentication_get_host (auth_extension),
+ e_source_authentication_get_port (auth_extension),
+ e_source_ldap_get_security (ldap_extension),
&sbd->root_dse, cancellable, &sbd->error)) {
sbd->root_dse = NULL;
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
