Merge branch 'master' of github.com:inverse-inc/sogo

SoObjects/SOGo/LDAPSource.m

@@ -586,7 +586,10 @@ andMultipleBookingsField: (NSString *) newMultipleBookingsField
   pass = [plainPassword asCryptedPassUsingScheme: _userPasswordAlgorithm];
 
   if (pass == nil)
-    [self errorWithFormat: @"Unsupported user-password algorithm: %@", _userPasswordAlgorithm];
+    {
+      [self errorWithFormat: @"Unsupported user-password algorithm: %@", _userPasswordAlgorithm];
+      return nil;
+    }
 
   return [NSString stringWithFormat: @"{%@}%@", _userPasswordAlgorithm, pass];
 }
@@ -629,24 +632,34 @@ andMultipleBookingsField: (NSString *) newMultipleBookingsField
 		    NGLdapModification *mod;
 		    NGLdapAttribute *attr;
 		    NSArray *changes;
+           NSString* encryptedPass;
 		    
 		    attr = [[NGLdapAttribute alloc] initWithAttributeName: @"userPassword"];
 		    if ([_userPasswordAlgorithm isEqualToString: @"none"])
-		      [attr addStringValue:  newPassword];
-		    else
-		      [attr addStringValue: [self _encryptPassword: newPassword]];
-		    
-		    mod = [NGLdapModification replaceModification: attr];
-		    changes = [NSArray arrayWithObject: mod];
-		    *perr = PolicyNoError;
+             {
+               encryptedPass = newPassword;
+             }
+           else
+             {
+               encryptedPass = [self _encryptPassword: newPassword];
+             }
+           if(encryptedPass != nil)
+             {
+               [attr addStringValue: encryptedPass];
+               mod = [NGLdapModification replaceModification: attr];
+               changes = [NSArray arrayWithObject: mod];
+               *perr = PolicyNoError;
 
-		    if ([bindConnection bindWithMethod: @"simple"
-					binddn: userDN
-					credentials: oldPassword])
-		      didChange = [bindConnection modifyEntryWithDN: userDN
-						  changes: changes]; 
-		    else
-		      didChange = NO;
+               if ([bindConnection bindWithMethod: @"simple"
+                        binddn: userDN
+                        credentials: oldPassword])
+                 {
+                   didChange = [bindConnection modifyEntryWithDN: userDN
+                                changes: changes];
+                 }
+                else
+                  didChange = NO;
+              }
 		  }
 	      else
 		didChange = [bindConnection changePasswordAtDn: userDN

SoObjects/SOGo/NSString+Crypto.h

@@ -56,7 +56,7 @@ typedef enum {
 - (NSString *) asSHA1String;
 - (NSString *) asMD5String;
 
-+ (keyEncoding) getDefaultEncodingForScheme: (NSString *) passwordScheme;
++ (NSArray *) getDefaultEncodingForScheme: (NSString *) passwordScheme;
 
 @end
 

SoObjects/SOGo/NSString+Crypto.m

@@ -71,8 +71,7 @@
 {
   NSString *scheme;
   NSString *pass;
-  NSArray *schemeComps;
-  keyEncoding encoding;
+  NSArray *encodingAndScheme;
   
   NSRange range;
   int selflen, len;
@@ -88,32 +87,11 @@
   if (len == 0)
     scheme = defaultScheme;
 
-  encoding = [NSString getDefaultEncodingForScheme: scheme];
-
-  // get the encoding which may be part of the scheme
-  // e.g. ssha.hex forces a hex encoded ssha scheme
-  // possible is "b64" or "hex"
-  schemeComps = [scheme componentsSeparatedByString: @"."];
-  if ([schemeComps count] == 2)
-    {
-      NSString *stringEncoding;
-      // scheme without encoding string is the first item
-      scheme = [schemeComps objectAtIndex: 0];
-      // encoding string is second item
-      stringEncoding = [schemeComps objectAtIndex: 1];
-      if ([stringEncoding caseInsensitiveCompare: @"hex"] == NSOrderedSame)
-        {
-          encoding = encHex;
-        }
-      else if ([stringEncoding caseInsensitiveCompare: @"b64"] == NSOrderedSame ||
-               [stringEncoding caseInsensitiveCompare: @"base64"] == NSOrderedSame)
-        {
-          encoding = encBase64;
-        }
-    }
+  encodingAndScheme = [NSString getDefaultEncodingForScheme: scheme];
 
   pass = [self substringWithRange: range];
-  return [NSArray arrayWithObjects: scheme, pass, [NSNumber numberWithInt: encoding], nil];
+  // return array with [scheme, password, encoding]
+  return [NSArray arrayWithObjects: [encodingAndScheme objectAtIndex: 1], pass, [encodingAndScheme objectAtIndex: 0], nil];
 }
 
 /**
@@ -147,7 +125,7 @@
   if (encoding == encHex)
     {
       decodedData = [NSData decodeDataFromHexString: pass];
-      
+
       if(decodedData == nil)
         {
           decodedData = [NSData data];
@@ -208,8 +186,10 @@
  *
  * @param passwordScheme The scheme to use
  * @param theSalt The binary data of the salt
- * @param userEncoding The encoding (plain, hex, base64) to be used
- * @return If successful, the encrypted and encoded NSString of the format {scheme}pass, or nil if the scheme did not exists or an error occured
+ * @param userEncoding The encoding (plain, hex, base64) to be used. If set to
+ *        encDefault, the encoding will be detected from scheme name.
+ * @return If successful, the encrypted and encoded NSString of the format {scheme}pass,
+ *         or nil if the scheme did not exists or an error occured.
  */
 - (NSString *) asCryptedPassUsingScheme: (NSString *) passwordScheme
                                withSalt: (NSData *) theSalt
@@ -217,6 +197,22 @@
 {
   keyEncoding dataEncoding;
   NSData* cryptedData;
+
+  // use default encoding scheme, when set to default
+  if (userEncoding == encDefault)
+    {
+      // the encoding needs to be detected before crypting,
+      // to get the plain scheme (without encoding identifier)
+      NSArray* encodingAndScheme;
+      encodingAndScheme = [NSString getDefaultEncodingForScheme: passwordScheme];
+      dataEncoding = [[encodingAndScheme objectAtIndex: 0] intValue];
+      passwordScheme = [encodingAndScheme objectAtIndex: 1];
+    }
+  else
+    {
+      dataEncoding = userEncoding;
+    }
+
   // convert NSString to NSData and apply encryption scheme
   cryptedData = [self dataUsingEncoding: NSUTF8StringEncoding];
   cryptedData = [cryptedData asCryptedPassUsingScheme: passwordScheme  withSalt: theSalt];
@@ -224,12 +220,6 @@
   if (cryptedData == nil)
     return nil;
 
-  // use default encoding scheme, when set to default
-  if (userEncoding == encDefault)
-    dataEncoding = [NSString getDefaultEncodingForScheme: passwordScheme];
-  else
-    dataEncoding = userEncoding;
-
   if (dataEncoding == encHex)
     {
       // hex encoding
@@ -250,19 +240,49 @@
 /**
  * Returns the encoding for a specified scheme
  *
- * @param passwordScheme The scheme for which to get the encoding.
+ * @param passwordScheme The scheme for which to get the encoding. Can be "scheme.encoding" in which case the encoding is returned
  * @see keyEncoding
- * @return returns the encoding, if unknown returns encPlain
+ * @return returns NSArray with elements {NSNumber encoding, NSString* scheme} where scheme is the 'real' scheme without the ".encoding" part.
+ * 'encoding' is stored as NSNumber in the array. If the encoding was not detected, encPlain is used for encoding.
  */
-+ (keyEncoding) getDefaultEncodingForScheme: (NSString *) passwordScheme
++ (NSArray *) getDefaultEncodingForScheme: (NSString *) passwordScheme
 {
+  NSArray *schemeComps;
+  NSString *trueScheme;
+  keyEncoding encoding = encPlain;
+
+  // get the encoding which may be part of the scheme
+  // e.g. ssha.hex forces a hex encoded ssha scheme
+  // possible is "b64" or "hex"
+  schemeComps = [passwordScheme componentsSeparatedByString: @"."];
+  if ([schemeComps count] == 2)
+    {
+      trueScheme = [schemeComps objectAtIndex: 0];
+      NSString *stringEncoding;
+      // encoding string is second item
+      stringEncoding = [schemeComps objectAtIndex: 1];
+      if ([stringEncoding caseInsensitiveCompare: @"hex"] == NSOrderedSame)
+        {
+          encoding = encHex;
+        }
+      else if ([stringEncoding caseInsensitiveCompare: @"b64"] == NSOrderedSame ||
+               [stringEncoding caseInsensitiveCompare: @"base64"] == NSOrderedSame)
+        {
+          encoding = encBase64;
+        }
+    }
+   else
+    {
+      trueScheme = passwordScheme;
+    }
+
   // in order to keep backwards-compatibility, hex encoding is used for sha1 here
   if ([passwordScheme caseInsensitiveCompare: @"md5"] == NSOrderedSame ||
       [passwordScheme caseInsensitiveCompare: @"plain-md5"] == NSOrderedSame ||
       [passwordScheme caseInsensitiveCompare: @"sha"] == NSOrderedSame ||
       [passwordScheme caseInsensitiveCompare: @"cram-md5"] == NSOrderedSame)
     {
-      return encHex;
+      encoding = encHex;
     }
   else if ([passwordScheme caseInsensitiveCompare: @"smd5"] == NSOrderedSame ||
            [passwordScheme caseInsensitiveCompare: @"ldap-md5"] == NSOrderedSame ||
@@ -272,9 +292,9 @@
            [passwordScheme caseInsensitiveCompare: @"sha512"] == NSOrderedSame ||
            [passwordScheme caseInsensitiveCompare: @"ssha512"] == NSOrderedSame)
     {
-      return encBase64;
+      encoding = encBase64;
     }
-  return encPlain;
+  return [NSArray arrayWithObjects: [NSNumber numberWithInt: encoding], trueScheme, nil];
 }
 
 /**

SoObjects/SOGo/SOGoGCSFolder.m

@@ -1,7 +1,7 @@
 /* SOGoGCSFolder.m - this file is part of SOGo
  *
  * Copyright (C) 2004-2005 SKYRIX Software AG
- * Copyright (C) 2006-2010 Inverse inc.
+ * Copyright (C) 2006-2012 Inverse inc.
  *
  * Author: Wolfgang Sourdeau <wsourdeau@inverse.ca>
  *
@@ -835,7 +835,7 @@ static NSArray *childRecordFields = nil;
 - (BOOL) subscribeUserOrGroup: (NSString *) theIdentifier
 		     reallyDo: (BOOL) reallyDo
 {
-  NSMutableDictionary *moduleSettings;
+  NSMutableDictionary *moduleSettings, *folderShowAlarms;
   NSMutableArray *folderSubscription;
   NSString *subscriptionPointer;
   NSMutableArray *allUsers;
@@ -886,6 +886,8 @@ static NSArray *childRecordFields = nil;
       folderSubscription
         = [moduleSettings objectForKey: @"SubscribedFolders"];
       subscriptionPointer = [self folderReference];
+      
+      folderShowAlarms = [moduleSettings objectForKey: @"FolderShowAlarms"];
 
       if (reallyDo)
         {
@@ -897,14 +899,26 @@ static NSArray *childRecordFields = nil;
                                  forKey: @"SubscribedFolders"];
             }
 
+	  if (!(folderShowAlarms
+                && [folderShowAlarms isKindOfClass: [NSMutableDictionary class]]))
+            {
+              folderShowAlarms = [NSMutableDictionary dictionary];
+              [moduleSettings setObject: folderShowAlarms
+                                 forKey: @"FolderShowAlarms"];
+            }
+
           [folderSubscription addObjectUniquely: subscriptionPointer];
+	  
+	  // By default, we disable alarms on subscribed calendars
+	  [folderShowAlarms setObject: [NSNumber numberWithBool: NO]
+			       forKey: subscriptionPointer];
         }
       else
         {
           [self removeFolderSettings: moduleSettings
                        withReference: subscriptionPointer];
           [folderSubscription removeObject: subscriptionPointer];
-        
+	  [folderShowAlarms removeObjectForKey: subscriptionPointer];
 	}
 
       [us synchronize];

SoObjects/SOGo/SQLSource.m

@@ -187,7 +187,10 @@
   pass = [plainPassword asCryptedPassUsingScheme: _userPasswordAlgorithm];
 
   if (pass == nil)
-    [self errorWithFormat: @"Unsupported user-password algorithm: %@", _userPasswordAlgorithm];
+    {
+      [self errorWithFormat: @"Unsupported user-password algorithm: %@", _userPasswordAlgorithm];
+      return nil;
+    }
 
   if (_prependPasswordScheme)
     result = [NSString stringWithFormat: @"{%@}%@", _userPasswordAlgorithm, pass];
@@ -308,18 +311,20 @@
   NSString *sqlstr;
   BOOL didChange;
   BOOL isOldPwdOk;
-  
+
   isOldPwdOk = NO;
   didChange = NO;
-  
+
   // Verify current password
   isOldPwdOk = [self checkLogin:login password:oldPassword perr:perr expire:0 grace:0];
-  
+
   if (isOldPwdOk)
     {
       // Encrypt new password
       NSString *encryptedPassword = [self _encryptPassword: newPassword];
-      
+      if(encryptedPassword == nil)
+        return NO;
+
       // Save new password
       login = [login stringByReplacingString: @"'"  withString: @"''"];
       cm = [GCSChannelManager defaultChannelManager];

UI/WebServerResources/SchedulerUI.js

@@ -1986,8 +1986,8 @@ function calendarDisplayCallback(http) {
                              "-",
                              deleteEvent,
                              copyEventToPersonalCalendar,
-			     onMenuRawEvent
-			     );
+                             onMenuRawEvent
+                            );
         var observer;
         if (currentView == 'dayview') {
             observer = $("daysView");
@@ -2669,7 +2669,7 @@ function onTasksListMenuPrepareVisibility() {
     var options = $(this).down("ul");
     var rawOption = options.down("li", 6);
 
-    var selectedTasks = $$("UL#tasksList LI._selected");
+    var selectedTasks = $$("#tasksList ._selected");
     if (selectedTasks.length == 1)
         rawOption.removeClassName("disabled");
     else

packaging/rhel/sogo.spec

@@ -28,6 +28,10 @@ BuildRequires:  gcc-objc gnustep-base gnustep-make sope%{sope_major_version}%{so
 %{?el6:Requires: libcurl}
 %{?el6:BuildRequires: libcurl-devel}
 
+# saml is enabled everywhere except on el5 since its glib2 is prehistoric
+%define saml2_cfg_opts "--enable-saml2"
+%{?el5:%define saml2_cfg_opts ""}
+
 %description
 SOGo is a groupware server built around OpenGroupware.org (OGo) and
 the SOPE application server.  It focuses on scalability.
@@ -146,7 +150,7 @@ rm -fr ${RPM_BUILD_ROOT}
 # ****************************** build ********************************
 %build
 . /usr/share/GNUstep/Makefiles/GNUstep.sh
-./configure --enable-saml2
+./configure %saml2_cfg_opts
 
 case %{_target_platform} in
 ppc64-*) 
@@ -322,6 +326,9 @@ fi
 
 # ********************************* changelog *************************
 %changelog
+* Mon Nov 05 2012 Jean Raby <jraby@inverse.ca>
+- Disable saml2 on rhel5 - glib2 too old
+
 * Fri Nov 02 2012 Jean Raby <jraby@inverse.ca>
 - Enable saml2