1 | /* |
2 | This file is part of libkldap. |
3 | Copyright (c) 2004-2006 Szombathelyi György <gyurco@freemail.hu> |
4 | |
5 | This library is free software; you can redistribute it and/or |
6 | modify it under the terms of the GNU Library General Public |
7 | License as published by the Free Software Foundation; either |
8 | version 2 of the License, or (at your option) any later version. |
9 | |
10 | This library is distributed in the hope that it will be useful, |
11 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
13 | Library General Public License for more details. |
14 | |
15 | You should have received a copy of the GNU Library General Public License |
16 | along with this library; see the file COPYING.LIB. If not, write to |
17 | the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, |
18 | Boston, MA 02110-1301, USA. |
19 | */ |
20 | |
21 | #include "ldapconnection.h" |
22 | #include "ldapdefs.h" |
23 | #include "kldap_config.h" // SASL2_FOUND, LDAP_FOUND |
24 | |
25 | #include <stdlib.h> |
26 | #include <klocalizedstring.h> |
27 | #include <kdebug.h> |
28 | |
29 | #ifdef SASL2_FOUND |
30 | #include <sasl/sasl.h> |
31 | static sasl_callback_t callbacks[] = { |
32 | { SASL_CB_ECHOPROMPT, NULL, NULL }, |
33 | { SASL_CB_NOECHOPROMPT, NULL, NULL }, |
34 | { SASL_CB_GETREALM, NULL, NULL }, |
35 | { SASL_CB_USER, NULL, NULL }, |
36 | { SASL_CB_AUTHNAME, NULL, NULL }, |
37 | { SASL_CB_PASS, NULL, NULL }, |
38 | { SASL_CB_CANON_USER, NULL, NULL }, |
39 | { SASL_CB_LIST_END, NULL, NULL } |
40 | }; |
41 | |
42 | static bool ldapoperation_sasl_initialized = false; |
43 | #endif |
44 | |
45 | #ifdef LDAP_FOUND |
46 | # ifndef HAVE_WINLDAP_H |
47 | # include <lber.h> |
48 | # include <ldap.h> |
49 | #else |
50 | # include <w32-ldap-help.h> |
51 | #endif // HAVE_WINLDAP_H |
52 | |
53 | #ifndef LDAP_OPT_SUCCESS |
54 | #define LDAP_OPT_SUCCESS 0 |
55 | #endif |
56 | |
57 | #endif |
58 | |
59 | using namespace KLDAP; |
60 | |
61 | class LdapConnection::LdapConnectionPrivate |
62 | { |
63 | public: |
64 | LdapConnectionPrivate(); |
65 | LdapServer mServer; |
66 | QString mConnectionError; |
67 | |
68 | #ifdef LDAP_FOUND |
69 | LDAP *mLDAP; |
70 | #else |
71 | void *mLDAP; |
72 | #endif |
73 | #ifdef SASL2_FOUND |
74 | sasl_conn_t *mSASLconn; |
75 | #else |
76 | void *mSASLconn; |
77 | #endif |
78 | |
79 | }; |
80 | |
81 | LdapConnection::LdapConnectionPrivate::LdapConnectionPrivate() |
82 | { |
83 | mSASLconn = 0; |
84 | #ifdef SASL2_FOUND |
85 | if ( !ldapoperation_sasl_initialized ) { |
86 | sasl_client_init( NULL ); |
87 | ldapoperation_sasl_initialized = true; |
88 | } |
89 | #endif |
90 | } |
91 | |
92 | LdapConnection::LdapConnection() |
93 | : d( new LdapConnectionPrivate ) |
94 | { |
95 | d->mLDAP = 0; |
96 | } |
97 | |
98 | LdapConnection::LdapConnection( const LdapUrl &url ) |
99 | : d( new LdapConnectionPrivate ) |
100 | { |
101 | d->mLDAP = 0; |
102 | setUrl( url ); |
103 | } |
104 | |
105 | LdapConnection::LdapConnection( const LdapServer &server ) |
106 | : d( new LdapConnectionPrivate ) |
107 | { |
108 | d->mLDAP = 0; |
109 | setServer( server ); |
110 | } |
111 | |
112 | LdapConnection::~LdapConnection() |
113 | { |
114 | close(); |
115 | delete d; |
116 | } |
117 | |
118 | void LdapConnection::setUrl( const LdapUrl &url ) |
119 | { |
120 | d->mServer.setUrl( url ); |
121 | } |
122 | |
123 | void LdapConnection::setServer( const LdapServer &server ) |
124 | { |
125 | d->mServer = server; |
126 | } |
127 | |
128 | const LdapServer &LdapConnection::server() const |
129 | { |
130 | return d->mServer; |
131 | } |
132 | |
133 | void *LdapConnection::handle() const |
134 | { |
135 | return (void *)d->mLDAP; |
136 | } |
137 | |
138 | void *LdapConnection::saslHandle() const |
139 | { |
140 | return (void *)d->mSASLconn; |
141 | } |
142 | |
143 | QString LdapConnection::errorString( int code ) |
144 | { |
145 | //No translated error messages yet |
146 | #ifdef LDAP_FOUND |
147 | return QString::fromUtf8( ldap_err2string( code ) ); |
148 | switch ( code ) { |
149 | case LDAP_OPERATIONS_ERROR: |
150 | return i18n( "LDAP Operations error" ); |
151 | //FIXME: |
152 | /* add the LDAP error codes */ |
153 | } |
154 | #else |
155 | return i18n( "No LDAP Support..." ); |
156 | #endif |
157 | } |
158 | |
159 | QString LdapConnection::saslErrorString() const |
160 | { |
161 | #ifdef SASL2_FOUND |
162 | const char *str; |
163 | str = sasl_errdetail( d->mSASLconn ); |
164 | return QString::fromLocal8Bit( str ); |
165 | #else |
166 | return i18n( "SASL support is not available. Please recompile libkldap with the " |
167 | "Cyrus-SASL (or compatible) client libraries, or complain to your " |
168 | "distribution packagers." ); |
169 | #endif |
170 | } |
171 | |
172 | QString LdapConnection::connectionError() const |
173 | { |
174 | return d->mConnectionError; |
175 | } |
176 | |
177 | #ifdef LDAP_FOUND |
178 | int LdapConnection::getOption( int option, void *value ) const |
179 | { |
180 | Q_ASSERT( d->mLDAP ); |
181 | return ldap_get_option( d->mLDAP, option, value ); |
182 | } |
183 | |
184 | int LdapConnection::setOption( int option, void *value ) |
185 | { |
186 | Q_ASSERT( d->mLDAP ); |
187 | return ldap_set_option( d->mLDAP, option, value ); |
188 | } |
189 | |
190 | int LdapConnection::ldapErrorCode() const |
191 | { |
192 | Q_ASSERT( d->mLDAP ); |
193 | int err; |
194 | ldap_get_option( d->mLDAP, LDAP_OPT_ERROR_NUMBER, &err ); |
195 | return err; |
196 | } |
197 | |
198 | QString LdapConnection::ldapErrorString() const |
199 | { |
200 | Q_ASSERT( d->mLDAP ); |
201 | char *errmsg; |
202 | ldap_get_option( d->mLDAP, LDAP_OPT_ERROR_STRING, &errmsg ); |
203 | QString msg = QString::fromLocal8Bit( errmsg ); |
204 | free( errmsg ); |
205 | return msg; |
206 | } |
207 | |
208 | bool LdapConnection::setSizeLimit( int sizelimit ) |
209 | { |
210 | Q_ASSERT( d->mLDAP ); |
211 | kDebug() << "sizelimit:" << sizelimit; |
212 | if ( setOption( LDAP_OPT_SIZELIMIT, &sizelimit ) != LDAP_OPT_SUCCESS ) { |
213 | return false; |
214 | } |
215 | return true; |
216 | } |
217 | |
218 | int LdapConnection::sizeLimit() const |
219 | { |
220 | Q_ASSERT( d->mLDAP ); |
221 | int sizelimit; |
222 | if ( getOption( LDAP_OPT_SIZELIMIT, &sizelimit ) != LDAP_OPT_SUCCESS ) { |
223 | return -1; |
224 | } |
225 | return sizelimit; |
226 | } |
227 | |
228 | bool LdapConnection::setTimeLimit( int timelimit ) |
229 | { |
230 | Q_ASSERT( d->mLDAP ); |
231 | kDebug() << "timelimit:" << timelimit; |
232 | if ( setOption( LDAP_OPT_TIMELIMIT, &timelimit ) != LDAP_OPT_SUCCESS ) { |
233 | return false; |
234 | } |
235 | return true; |
236 | } |
237 | |
238 | int LdapConnection::timeLimit() const |
239 | { |
240 | Q_ASSERT( d->mLDAP ); |
241 | int timelimit; |
242 | if ( getOption( LDAP_OPT_TIMELIMIT, &timelimit ) != LDAP_OPT_SUCCESS ) { |
243 | return -1; |
244 | } |
245 | return timelimit; |
246 | } |
247 | |
248 | int LdapConnection::connect() |
249 | { |
250 | int ret; |
251 | QString url; |
252 | if ( d->mLDAP ) { |
253 | close(); |
254 | } |
255 | |
256 | int version = d->mServer.version(); |
257 | int timeout = d->mServer.timeout(); |
258 | |
259 | url = d->mServer.security() == LdapServer::SSL ? QLatin1String("ldaps" ) : QLatin1String("ldap" ); |
260 | url += QLatin1String("://" ); |
261 | url += d->mServer.host(); |
262 | url += QLatin1Char(':'); |
263 | url += QString::number( d->mServer.port() ); |
264 | kDebug() << "ldap url:" << url; |
265 | #ifdef HAVE_LDAP_INITIALIZE |
266 | ret = ldap_initialize( &d->mLDAP, url.toLatin1() ); |
267 | #else |
268 | d->mLDAP = ldap_init( d->mServer.host().toLatin1().data(), d->mServer.port() ); |
269 | if ( d->mLDAP == 0 ) { |
270 | ret = -1; |
271 | } else { |
272 | ret = LDAP_SUCCESS; |
273 | } |
274 | #endif |
275 | if ( ret != LDAP_SUCCESS ) { |
276 | d->mConnectionError = i18n( "An error occurred during the connection initialization phase." ); |
277 | return ret; |
278 | } |
279 | |
280 | kDebug() << "setting version to:" << version; |
281 | if ( setOption( LDAP_OPT_PROTOCOL_VERSION, &version ) != LDAP_OPT_SUCCESS ) { |
282 | ret = ldapErrorCode(); |
283 | d->mConnectionError = i18n( "Cannot set protocol version to %1." , version ); |
284 | close(); |
285 | return ret; |
286 | } |
287 | |
288 | #if defined(LDAP_OPT_TIMEOUT) |
289 | kDebug() << "setting timeout to:" << timeout; |
290 | |
291 | if ( timeout ) { |
292 | if ( setOption( LDAP_OPT_TIMEOUT, &timeout ) != LDAP_OPT_SUCCESS ) { |
293 | ret = ldapErrorCode(); |
294 | d->mConnectionError = i18np( "Cannot set timeout to %1 second." , |
295 | "Cannot set timeout to %1 seconds." , |
296 | timeout ); |
297 | close(); |
298 | return ret; |
299 | } |
300 | } |
301 | #endif |
302 | |
303 | //FIXME: accessing to certificate handling would be good |
304 | kDebug() << "setting security to:" << d->mServer.security(); |
305 | if ( d->mServer.security() == LdapServer::TLS ) { |
306 | kDebug() << "start TLS" ; |
307 | #ifdef HAVE_LDAP_START_TLS_S |
308 | if ( ( ret = ldap_start_tls_s( d->mLDAP, NULL, NULL ) ) != LDAP_SUCCESS ) { |
309 | d->mConnectionError = ldapErrorString(); |
310 | close(); |
311 | return ret; |
312 | } |
313 | #else |
314 | close(); |
315 | d->mConnectionError = i18n( "TLS support not available in the LDAP client libraries." ); |
316 | return -1; |
317 | #endif |
318 | } |
319 | |
320 | kDebug() << "setting sizelimit to:" << d->mServer.sizeLimit(); |
321 | if ( d->mServer.sizeLimit() ) { |
322 | if ( !setSizeLimit( d->mServer.sizeLimit() ) ) { |
323 | ret = ldapErrorCode(); |
324 | close(); |
325 | d->mConnectionError = i18n( "Cannot set size limit." ); |
326 | return ret; |
327 | } |
328 | } |
329 | |
330 | kDebug() << "setting timelimit to:" << d->mServer.timeLimit(); |
331 | if ( d->mServer.timeLimit() ) { |
332 | if ( !setTimeLimit( d->mServer.timeLimit() ) ) { |
333 | ret = ldapErrorCode(); |
334 | close(); |
335 | d->mConnectionError = i18n( "Cannot set time limit." ); |
336 | return ret; |
337 | } |
338 | } |
339 | |
340 | #ifdef SASL2_FOUND |
341 | kDebug() << "initializing SASL client" ; |
342 | int saslresult = sasl_client_new( "ldap" , d->mServer.host().toLatin1(), |
343 | 0, 0, callbacks, 0, &d->mSASLconn ); |
344 | if ( saslresult != SASL_OK ) { |
345 | d->mConnectionError = i18n( "Cannot initialize the SASL client." ); |
346 | return KLDAP_SASL_ERROR; |
347 | } |
348 | #endif |
349 | |
350 | return 0; |
351 | } |
352 | |
353 | void LdapConnection::close() |
354 | { |
355 | if ( d->mLDAP ) { |
356 | #ifdef HAVE_LDAP_UNBIND_EXT |
357 | ldap_unbind_ext( d->mLDAP, 0, 0 ); |
358 | #else |
359 | ldap_unbind( d->mLDAP ); |
360 | #endif |
361 | } |
362 | d->mLDAP = 0; |
363 | #ifdef SASL2_FOUND |
364 | if ( d->mSASLconn ) { |
365 | sasl_dispose( &d->mSASLconn ); |
366 | d->mSASLconn = 0; |
367 | } |
368 | #endif |
369 | kDebug() << "connection closed!" ; |
370 | } |
371 | #else //LDAP_FOUND |
372 | |
373 | int LdapConnection::getOption( int option, void *value ) const |
374 | { |
375 | kError() << "No LDAP support..." ; |
376 | return -1; |
377 | } |
378 | |
379 | int LdapConnection::setOption( int option, void *value ) |
380 | { |
381 | kError() << "No LDAP support..." ; |
382 | return -1; |
383 | } |
384 | |
385 | int LdapConnection::ldapErrorCode() const |
386 | { |
387 | kError() << "No LDAP support..." ; |
388 | return -1; |
389 | } |
390 | |
391 | QString LdapConnection::ldapErrorString() const |
392 | { |
393 | kError() << "No LDAP support..." ; |
394 | return QString(); |
395 | } |
396 | |
397 | bool LdapConnection::setSizeLimit( int sizelimit ) |
398 | { |
399 | kError() << "No LDAP support..." ; |
400 | return false; |
401 | } |
402 | |
403 | int LdapConnection::sizeLimit() const |
404 | { |
405 | kError() << "No LDAP support..." ; |
406 | return -1; |
407 | } |
408 | |
409 | bool LdapConnection::setTimeLimit( int timelimit ) |
410 | { |
411 | kError() << "No LDAP support..." ; |
412 | return false; |
413 | } |
414 | |
415 | int LdapConnection::timeLimit() const |
416 | { |
417 | kError() << "No LDAP support..." ; |
418 | return -1; |
419 | } |
420 | |
421 | int LdapConnection::connect( ) |
422 | { |
423 | d->mConnectionError = |
424 | i18n( "LDAP support not compiled in. Please recompile libkldap with the " |
425 | "OpenLDAP (or compatible) client libraries, or complain to your " |
426 | "distribution packagers." ); |
427 | kError() << "No LDAP support..." ; |
428 | return -1; |
429 | } |
430 | |
431 | void LdapConnection::close() |
432 | { |
433 | kError() << "No LDAP support..." ; |
434 | } |
435 | |
436 | #endif |
437 | |