diff --git a/ChangeLog b/ChangeLog index c7186867e..3dab657ab 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,7 @@ 2011-07-05 Ludovic Marcotte * UI/MailPartViewers/UIxMailPartICalActions.m - (_setupChosenEventAndEventObject:) we now correctly + (-_setupChosenEventAndEventObject:) we now correctly update the right event in the database in order to update major properties coming from external invitations during updates. @@ -14,9 +14,13 @@ bug #1344 - which fixes Sieve script generation errors for reject filters. * SOPE/GDLContentStore/GCSFolderManager.m ( - _reallyCreateFolderWithName:andFolderType:...): Fix + -_reallyCreateFolderWithName:andFolderType:...): Fix path handling for recent GNUstep base versions. This fixes bug #1327. + * SoObjects/SOGo/LDAPSource.m (-checkLogin:password:...) + We now make sure to use the original source's bindDN/password + when looking up the user's DN for indirect binds. This should + fix bug #1342. 2011-07-02 Ludovic Marcotte diff --git a/SoObjects/SOGo/LDAPSource.h b/SoObjects/SOGo/LDAPSource.h index 3be52ee1d..0f7929527 100644 --- a/SoObjects/SOGo/LDAPSource.h +++ b/SoObjects/SOGo/LDAPSource.h @@ -41,16 +41,18 @@ int queryTimeout; NSString *sourceID; - NSString *bindDN; + NSString *bindDN; // The bindDN/password could be either the source's one + NSString *password; // or the current user if _bindAsCurrentUser is set to YES + NSString *sourceBindDN; // while sourceBindDN/sourceBindPassword always belong to the source + NSString *sourceBindPassword; NSString *hostname; unsigned int port; - NSString *password; NSString *encryption; NSString *_filter; NSString *_scope; NSString *baseDN; - NSString *IDField; /* the first part of a user DN */ + NSString *IDField; // the first part of a user DN NSString *CNField; NSString *UIDField; NSArray *mailFields, *searchFields; diff --git a/SoObjects/SOGo/LDAPSource.m b/SoObjects/SOGo/LDAPSource.m index 7e966fa46..abb45190e 100644 --- a/SoObjects/SOGo/LDAPSource.m +++ b/SoObjects/SOGo/LDAPSource.m @@ -129,6 +129,9 @@ static NSArray *commonSearchFields; } } +// +// +// + (id) sourceFromUDSource: (NSDictionary *) udSource inDomain: (NSString *) sourceDomain { @@ -141,15 +144,20 @@ static NSArray *commonSearchFields; return newSource; } +// +// +// - (id) init { if ((self = [super init])) { bindDN = nil; + password = nil; + sourceBindDN = nil; + sourceBindPassword = nil; hostname = nil; port = 389; encryption = nil; - password = nil; sourceID = nil; domain = nil; @@ -179,12 +187,17 @@ static NSArray *commonSearchFields; return self; } +// +// +// - (void) dealloc { [bindDN release]; + [password release]; + [sourceBindDN release]; + [sourceBindPassword release]; [hostname release]; [encryption release]; - [password release]; [baseDN release]; [IDField release]; [CNField release]; @@ -206,6 +219,9 @@ static NSArray *commonSearchFields; [super dealloc]; } +// +// +// - (id) initFromUDSource: (NSDictionary *) udSource inDomain: (NSString *) sourceDomain { @@ -214,7 +230,7 @@ static NSArray *commonSearchFields; if ((self = [self init])) { - ASSIGN (sourceID, [udSource objectForKey: @"id"]); + ASSIGN(sourceID, [udSource objectForKey: @"id"]); [self setBindDN: [udSource objectForKey: @"bindDN"] password: [udSource objectForKey: @"bindPassword"] @@ -261,10 +277,10 @@ static NSArray *commonSearchFields; else queryTimeout = [dd ldapQueryTimeout]; - ASSIGN (modulesConstraints, - [udSource objectForKey: @"ModulesConstraints"]); - ASSIGN (_filter, [udSource objectForKey: @"filter"]); - ASSIGN (_scope, ([udSource objectForKey: @"scope"] + ASSIGN(modulesConstraints, + [udSource objectForKey: @"ModulesConstraints"]); + ASSIGN(_filter, [udSource objectForKey: @"filter"]); + ASSIGN(_scope, ([udSource objectForKey: @"scope"] ? [udSource objectForKey: @"scope"] : (id)@"sub")); @@ -277,6 +293,7 @@ static NSArray *commonSearchFields; - (void) setBindDN: (NSString *) theDN { + //NSLog(@"Setting bind DN to %@", theDN); ASSIGN(bindDN, theDN); } @@ -297,17 +314,23 @@ static NSArray *commonSearchFields; encryption: (NSString *) newEncryption bindAsCurrentUser: (NSString *) bindAsCurrentUser { - ASSIGN (bindDN, newBindDN); - ASSIGN (encryption, [newEncryption uppercaseString]); + ASSIGN(bindDN, newBindDN); + ASSIGN(password, newBindPassword); + ASSIGN(sourceBindDN, newBindDN); + ASSIGN(sourceBindPassword, newBindPassword); + + ASSIGN(encryption, [newEncryption uppercaseString]); if ([encryption isEqualToString: @"SSL"]) port = 636; - ASSIGN (hostname, newBindHostname); + ASSIGN(hostname, newBindHostname); if (newBindPort) port = [newBindPort intValue]; - ASSIGN (password, newBindPassword); _bindAsCurrentUser = [bindAsCurrentUser boolValue]; } +// +// +// - (void) setBaseDN: (NSString *) newBaseDN IDField: (NSString *) newIDField CNField: (NSString *) newCNField @@ -320,21 +343,21 @@ static NSArray *commonSearchFields; kindField: (NSString *) newKindField andMultipleBookingsField: (NSString *) newMultipleBookingsField { - ASSIGN (baseDN, [newBaseDN lowercaseString]); + ASSIGN(baseDN, [newBaseDN lowercaseString]); if (newIDField) - ASSIGN (IDField, newIDField); + ASSIGN(IDField, newIDField); if (newCNField) - ASSIGN (CNField, newCNField); + ASSIGN(CNField, newCNField); if (newUIDField) - ASSIGN (UIDField, newUIDField); + ASSIGN(UIDField, newUIDField); if (newIMAPHostField) - ASSIGN (IMAPHostField, newIMAPHostField); + ASSIGN(IMAPHostField, newIMAPHostField); if (newIMAPLoginField) - ASSIGN (IMAPLoginField, newIMAPLoginField); + ASSIGN(IMAPLoginField, newIMAPLoginField); if (newMailFields) - ASSIGN (mailFields, newMailFields); + ASSIGN(mailFields, newMailFields); if (newSearchFields) - ASSIGN (searchFields, newSearchFields); + ASSIGN(searchFields, newSearchFields); if (newBindFields) { // Before SOGo v1.2.0, bindFields was a comma-separated list @@ -364,6 +387,9 @@ andMultipleBookingsField: (NSString *) newMultipleBookingsField ASSIGN(multipleBookingsField, newMultipleBookingsField); } +// +// +// - (BOOL) _setupEncryption: (NGLdapConnection *) encryptedConn { BOOL rc; @@ -383,6 +409,9 @@ andMultipleBookingsField: (NSString *) newMultipleBookingsField return rc; } +// +// +// - (NGLdapConnection *) _ldapConnection { NGLdapConnection *ldapConnection; @@ -417,6 +446,9 @@ andMultipleBookingsField: (NSString *) newMultipleBookingsField return ldapConnection; } +// +// +// - (NSString *) domain { return domain; @@ -476,6 +508,9 @@ andMultipleBookingsField: (NSString *) newMultipleBookingsField return userDN; } +// +// +// - (BOOL) checkLogin: (NSString *) _login password: (NSString *) _pwd perr: (SOGoPasswordPolicyError *) _perr @@ -502,7 +537,16 @@ andMultipleBookingsField: (NSString *) newMultipleBookingsField if (!userDN) { if (bindFields) - userDN = [self _fetchUserDNForLogin: _login]; + { + // We MUST always use the source's bindDN/password in + // order to lookup the user's DN. This is important since + // if we use bindAsCurrentUser, we could stay bound and + // lookup the user's DN (for an other user that is trying + // to log in) but not be able to do so due to ACLs in LDAP. + [self setBindDN: sourceBindDN]; + [self setBindPassword: sourceBindPassword]; + userDN = [self _fetchUserDNForLogin: _login]; + } else userDN = [NSString stringWithFormat: @"%@=%@,%@", IDField, _login, baseDN]; @@ -537,6 +581,9 @@ andMultipleBookingsField: (NSString *) newMultipleBookingsField return didBind; } +// +// +// - (BOOL) changePasswordForLogin: (NSString *) login oldPassword: (NSString *) oldPassword newPassword: (NSString *) newPassword