diff --git a/SoObjects/SOGo/LDAPSource.m b/SoObjects/SOGo/LDAPSource.m index 8948e5f9e..c65ae5d2f 100644 --- a/SoObjects/SOGo/LDAPSource.m +++ b/SoObjects/SOGo/LDAPSource.m @@ -193,12 +193,12 @@ static Class NSStringK; CNField: [udSource objectForKey: @"CNFieldName"] UIDField: [udSource objectForKey: @"UIDFieldName"] mailFields: [udSource objectForKey: @"MailFieldNames"] - searchFields: [udSource objectForKey: @"SearchFieldNames"] - IMAPHostField: [udSource objectForKey: @"IMAPHostFieldName"] + searchFields: [udSource objectForKey: @"SearchFieldNames"] + IMAPHostField: [udSource objectForKey: @"IMAPHostFieldName"] IMAPLoginField: [udSource objectForKey: @"IMAPLoginFieldName"] SieveHostField: [udSource objectForKey: @"SieveHostFieldName"] - bindFields: [udSource objectForKey: @"bindFields"] - kindField: [udSource objectForKey: @"KindFieldName"] + bindFields: [udSource objectForKey: @"bindFields"] + kindField: [udSource objectForKey: @"KindFieldName"] andMultipleBookingsField: [udSource objectForKey: @"MultipleBookingsFieldName"]]; dotValue = [udSource objectForKey: @"listRequiresDot"]; @@ -237,7 +237,7 @@ static Class NSStringK; queryTimeout = [dd ldapQueryTimeout]; ASSIGN(modulesConstraints, - [udSource objectForKey: @"ModulesConstraints"]); + [udSource objectForKey: @"ModulesConstraints"]); ASSIGN(_filter, [udSource objectForKey: @"filter"]); ASSIGN(_userPasswordAlgorithm, [udSource objectForKey: @"userPasswordAlgorithm"]); ASSIGN(_scope, ([udSource objectForKey: @"scope"] @@ -245,10 +245,10 @@ static Class NSStringK; : (id)@"sub")); if (!_userPasswordAlgorithm) - _userPasswordAlgorithm = @"none"; + _userPasswordAlgorithm = @"none"; if ([udSource objectForKey: @"passwordPolicy"]) - passwordPolicy = [[udSource objectForKey: @"passwordPolicy"] boolValue]; + passwordPolicy = [[udSource objectForKey: @"passwordPolicy"] boolValue]; ASSIGN(MSExchangeHostname, [udSource objectForKey: @"MSExchangeHostname"]); } @@ -283,10 +283,10 @@ static Class NSStringK; } - (void) setBindDN: (NSString *) newBindDN - password: (NSString *) newBindPassword - hostname: (NSString *) newBindHostname - port: (NSString *) newBindPort - encryption: (NSString *) newEncryption + password: (NSString *) newBindPassword + hostname: (NSString *) newBindHostname + port: (NSString *) newBindPort + encryption: (NSString *) newEncryption bindAsCurrentUser: (NSString *) bindAsCurrentUser { ASSIGN(bindDN, newBindDN); @@ -307,17 +307,17 @@ static Class NSStringK; // // - (void) setBaseDN: (NSString *) newBaseDN - IDField: (NSString *) newIDField - CNField: (NSString *) newCNField - UIDField: (NSString *) newUIDField - mailFields: (NSArray *) newMailFields + IDField: (NSString *) newIDField + CNField: (NSString *) newCNField + UIDField: (NSString *) newUIDField + mailFields: (NSArray *) newMailFields searchFields: (NSArray *) newSearchFields IMAPHostField: (NSString *) newIMAPHostField IMAPLoginField: (NSString *) newIMAPLoginField SieveHostField: (NSString *) newSieveHostField - bindFields: (id) newBindFields - kindField: (NSString *) newKindField -andMultipleBookingsField: (NSString *) newMultipleBookingsField + bindFields: (id) newBindFields + kindField: (NSString *) newKindField + andMultipleBookingsField: (NSString *) newMultipleBookingsField { ASSIGN(baseDN, [newBaseDN lowercaseString]); if (newIDField) @@ -352,12 +352,12 @@ andMultipleBookingsField: (NSString *) newMultipleBookingsField // // We check for the old format and we support it. if ([newBindFields isKindOfClass: [NSArray class]]) - ASSIGN(bindFields, newBindFields); + ASSIGN(bindFields, newBindFields); else - { - [self logWithFormat: @"WARNING: using old bindFields format - please update it"]; - ASSIGN(bindFields, [newBindFields componentsSeparatedByString: @","]); - } + { + [self logWithFormat: @"WARNING: using old bindFields format - please update it"]; + ASSIGN(bindFields, [newBindFields componentsSeparatedByString: @","]); + } } if (newKindField) ASSIGN(kindField, [newKindField lowercaseString]); @@ -396,8 +396,8 @@ andMultipleBookingsField: (NSString *) newMultipleBookingsField else { [self errorWithFormat: - @"encryption scheme '%@' not supported:" - @" use 'SSL' or 'STARTTLS'", encryption]; + @"encryption scheme '%@' not supported:" + @" use 'SSL' or 'STARTTLS'", encryption]; rc = NO; } @@ -416,31 +416,30 @@ andMultipleBookingsField: (NSString *) newMultipleBookingsField //NSLog(@"Creating NGLdapConnection instance for bindDN '%@'", bindDN); ldapConnection = [[NGLdapConnection alloc] initWithHostName: hostname - port: port]; + port: port]; [ldapConnection autorelease]; if (![encryption length] || [self _setupEncryption: ldapConnection]) - { - [ldapConnection bindWithMethod: @"simple" - binddn: bindDN - credentials: password]; - if (queryLimit > 0) - [ldapConnection setQuerySizeLimit: queryLimit]; - if (queryTimeout > 0) - [ldapConnection setQueryTimeLimit: queryTimeout]; + { + [ldapConnection bindWithMethod: @"simple" + binddn: bindDN + credentials: password]; + if (queryLimit > 0) + [ldapConnection setQuerySizeLimit: queryLimit]; + if (queryTimeout > 0) + [ldapConnection setQueryTimeLimit: queryTimeout]; if (!schema) { schema = [LDAPSourceSchema new]; [schema readSchemaFromConnection: ldapConnection]; } - } + } else - ldapConnection = nil; + ldapConnection = nil; } NS_HANDLER { - [self errorWithFormat: @"Could not bind to the LDAP server %@ (%d)" - @" using the bind DN: %@", - hostname, port, bindDN]; + [self errorWithFormat: @"Could not bind to the LDAP server %@ (%d) " + @"using the bind DN: %@", hostname, port, bindDN]; ldapConnection = nil; } NS_ENDHANDLER; @@ -511,10 +510,10 @@ andMultipleBookingsField: (NSString *) newMultipleBookingsField // // - (BOOL) checkLogin: (NSString *) _login - password: (NSString *) _pwd - perr: (SOGoPasswordPolicyError *) _perr - expire: (int *) _expire - grace: (int *) _grace + password: (NSString *) _pwd + perr: (SOGoPasswordPolicyError *) _perr + expire: (int *) _expire + grace: (int *) _grace { NGLdapConnection *bindConnection; NSString *userDN; @@ -525,55 +524,55 @@ andMultipleBookingsField: (NSString *) newMultipleBookingsField if ([_login length] > 0 && [_pwd length] > 0) { bindConnection = [[NGLdapConnection alloc] initWithHostName: hostname - port: port]; + port: port]; if (![encryption length] || [self _setupEncryption: bindConnection]) - { - if (queryTimeout > 0) - [bindConnection setQueryTimeLimit: queryTimeout]; + { + if (queryTimeout > 0) + [bindConnection setQueryTimeLimit: queryTimeout]; - userDN = [_dnCache objectForKey: _login]; + userDN = [_dnCache objectForKey: _login]; - if (!userDN) - { - if (bindFields) - { - // We MUST always use the source's bindDN/password in - // order to lookup the user's DN. This is important since - // if we use bindAsCurrentUser, we could stay bound and - // lookup the user's DN (for an other user that is trying - // to log in) but not be able to do so due to ACLs in LDAP. - [self setBindDN: sourceBindDN]; - [self setBindPassword: sourceBindPassword]; - userDN = [self _fetchUserDNForLogin: _login]; - } - else - userDN = [NSString stringWithFormat: @"%@=%@,%@", - IDField, [_login escapedForLDAPDN], baseDN]; - } + if (!userDN) + { + if (bindFields) + { + // We MUST always use the source's bindDN/password in + // order to lookup the user's DN. This is important since + // if we use bindAsCurrentUser, we could stay bound and + // lookup the user's DN (for an other user that is trying + // to log in) but not be able to do so due to ACLs in LDAP. + [self setBindDN: sourceBindDN]; + [self setBindPassword: sourceBindPassword]; + userDN = [self _fetchUserDNForLogin: _login]; + } + else + userDN = [NSString stringWithFormat: @"%@=%@,%@", + IDField, [_login escapedForLDAPDN], baseDN]; + } - if (userDN) - { - // We cache the _login <-> userDN entry to speed up things - [_dnCache setObject: userDN forKey: _login]; - - NS_DURING - if (!passwordPolicy) - didBind = [bindConnection bindWithMethod: @"simple" - binddn: userDN - credentials: _pwd]; - else - didBind = [bindConnection bindWithMethod: @"simple" - binddn: userDN - credentials: _pwd - perr: (void *)_perr - expire: _expire - grace: _grace]; - NS_HANDLER + if (userDN) + { + // We cache the _login <-> userDN entry to speed up things + [_dnCache setObject: userDN forKey: _login]; + + NS_DURING + if (!passwordPolicy) + didBind = [bindConnection bindWithMethod: @"simple" + binddn: userDN + credentials: _pwd]; + else + didBind = [bindConnection bindWithMethod: @"simple" + binddn: userDN + credentials: _pwd + perr: (void *)_perr + expire: _expire + grace: _grace]; + NS_HANDLER ; NS_ENDHANDLER ; } - } + } [bindConnection release]; } @@ -604,9 +603,9 @@ andMultipleBookingsField: (NSString *) newMultipleBookingsField // // - (BOOL) changePasswordForLogin: (NSString *) login - oldPassword: (NSString *) oldPassword - newPassword: (NSString *) newPassword - perr: (SOGoPasswordPolicyError *) perr + oldPassword: (NSString *) oldPassword + newPassword: (NSString *) newPassword + perr: (SOGoPasswordPolicyError *) perr { NGLdapConnection *bindConnection; @@ -618,66 +617,66 @@ andMultipleBookingsField: (NSString *) newMultipleBookingsField if ([login length] > 0) { bindConnection = [[NGLdapConnection alloc] initWithHostName: hostname - port: port]; - if (![encryption length] || [self _setupEncryption: bindConnection]) - { - if (queryTimeout > 0) - [bindConnection setQueryTimeLimit: queryTimeout]; - if (bindFields) - userDN = [self _fetchUserDNForLogin: login]; - else - userDN = [NSString stringWithFormat: @"%@=%@,%@", - IDField, [login escapedForLDAPDN], baseDN]; - if (userDN) - { - NS_DURING - if (!passwordPolicy) - { - // We don't use a password policy - we simply use - // a modify-op to change the password - NGLdapModification *mod; - NGLdapAttribute *attr; - NSArray *changes; - NSString* encryptedPass; - - attr = [[NGLdapAttribute alloc] initWithAttributeName: @"userPassword"]; - if ([_userPasswordAlgorithm isEqualToString: @"none"]) - { - encryptedPass = newPassword; - } - else - { - encryptedPass = [self _encryptPassword: newPassword]; - } - if(encryptedPass != nil) - { - [attr addStringValue: encryptedPass]; - mod = [NGLdapModification replaceModification: attr]; - changes = [NSArray arrayWithObject: mod]; - *perr = PolicyNoError; + port: port]; + if (![encryption length] || [self _setupEncryption: bindConnection]) + { + if (queryTimeout > 0) + [bindConnection setQueryTimeLimit: queryTimeout]; + if (bindFields) + userDN = [self _fetchUserDNForLogin: login]; + else + userDN = [NSString stringWithFormat: @"%@=%@,%@", + IDField, [login escapedForLDAPDN], baseDN]; + if (userDN) + { + NS_DURING + if (!passwordPolicy) + { + // We don't use a password policy - we simply use + // a modify-op to change the password + NGLdapModification *mod; + NGLdapAttribute *attr; + NSArray *changes; + NSString* encryptedPass; - if ([bindConnection bindWithMethod: @"simple" - binddn: userDN - credentials: oldPassword]) - { - didChange = [bindConnection modifyEntryWithDN: userDN - changes: changes]; - } + attr = [[NGLdapAttribute alloc] initWithAttributeName: @"userPassword"]; + if ([_userPasswordAlgorithm isEqualToString: @"none"]) + { + encryptedPass = newPassword; + } + else + { + encryptedPass = [self _encryptPassword: newPassword]; + } + if(encryptedPass != nil) + { + [attr addStringValue: encryptedPass]; + mod = [NGLdapModification replaceModification: attr]; + changes = [NSArray arrayWithObject: mod]; + *perr = PolicyNoError; + + if ([bindConnection bindWithMethod: @"simple" + binddn: userDN + credentials: oldPassword]) + { + didChange = [bindConnection modifyEntryWithDN: userDN + changes: changes]; + } + else + didChange = NO; + } + } else - didChange = NO; - } - } - else - didChange = [bindConnection changePasswordAtDn: userDN - oldPassword: oldPassword - newPassword: newPassword - perr: (void *)perr]; - NS_HANDLER + didChange = [bindConnection changePasswordAtDn: userDN + oldPassword: oldPassword + newPassword: newPassword + perr: (void *)perr]; + NS_HANDLER ; NS_ENDHANDLER ; } - } + } [bindConnection release]; } @@ -705,18 +704,18 @@ andMultipleBookingsField: (NSString *) newMultipleBookingsField if ([escapedFilter isEqualToString: @"."]) [qs appendFormat: @"(%@='*')", CNField]; else - { - fieldFormat = [NSString stringWithFormat: @"(%%@='%@*')", escapedFilter]; - fields = [NSMutableArray arrayWithArray: searchFields]; - [fields addObjectsFromArray: mailFields]; - [fields addObject: CNField]; - searchFormat = [[[fields uniqueObjects] stringsWithFormat: fieldFormat] - componentsJoinedByString: @" OR "]; - [qs appendString: searchFormat]; - } + { + fieldFormat = [NSString stringWithFormat: @"(%%@='%@*')", escapedFilter]; + fields = [NSMutableArray arrayWithArray: searchFields]; + [fields addObjectsFromArray: mailFields]; + [fields addObject: CNField]; + searchFormat = [[[fields uniqueObjects] stringsWithFormat: fieldFormat] + componentsJoinedByString: @" OR "]; + [qs appendString: searchFormat]; + } if (_filter && [_filter length]) - [qs appendFormat: @" AND %@", _filter]; + [qs appendFormat: @" AND %@", _filter]; qualifier = [EOQualifier qualifierWithQualifierFormat: qs]; } @@ -724,7 +723,7 @@ andMultipleBookingsField: (NSString *) newMultipleBookingsField { qs = [NSMutableString stringWithFormat: @"(%@='*')", CNField]; if ([_filter length]) - [qs appendFormat: @" AND %@", _filter]; + [qs appendFormat: @" AND %@", _filter]; qualifier = [EOQualifier qualifierWithQualifierFormat: qs]; } else @@ -743,18 +742,18 @@ andMultipleBookingsField: (NSString *) newMultipleBookingsField fieldFormat = [NSString stringWithFormat: @"(%%@='%@')", escapedUid]; mailFormat = [[mailFields stringsWithFormat: fieldFormat] - componentsJoinedByString: @" OR "]; + componentsJoinedByString: @" OR "]; qs = [NSMutableString stringWithFormat: @"(%@='%@') OR %@", UIDField, escapedUid, mailFormat]; if (bindFields) { bindFieldsEnum = [bindFields objectEnumerator]; while ((currentField = [bindFieldsEnum nextObject])) - { - if ([currentField caseInsensitiveCompare: UIDField] != NSOrderedSame - && ![mailFields containsObject: currentField]) - [qs appendFormat: @" OR (%@='%@')", [currentField stringByTrimmingSpaces], escapedUid]; - } + { + if ([currentField caseInsensitiveCompare: UIDField] != NSOrderedSame + && ![mailFields containsObject: currentField]) + [qs appendFormat: @" OR (%@='%@')", [currentField stringByTrimmingSpaces], escapedUid]; + } } if (_filter && [_filter length]) @@ -814,7 +813,7 @@ andMultipleBookingsField: (NSString *) newMultipleBookingsField while ((currentEntry = [entries nextObject])) { value = [[currentEntry attributeWithName: IDField] - stringValueAtIndex: 0]; + stringValueAtIndex: 0]; if ([value length] > 0) [ids addObject: value]; } @@ -835,7 +834,7 @@ andMultipleBookingsField: (NSString *) newMultipleBookingsField while ((currentFieldName = [emailFields nextObject])) { allValues = [[ldapEntry attributeWithName: currentFieldName] - allStringValues]; + allStringValues]; [emails addObjectsFromArray: allValues]; } [ldifRecord setObject: emails forKey: @"c_emails"]; @@ -845,26 +844,26 @@ andMultipleBookingsField: (NSString *) newMultipleBookingsField { ldapValue = [[ldapEntry attributeWithName: IMAPHostField] stringValueAtIndex: 0]; if ([ldapValue length] > 0) - [ldifRecord setObject: ldapValue forKey: @"c_imaphostname"]; + [ldifRecord setObject: ldapValue forKey: @"c_imaphostname"]; } if (IMAPLoginField) { ldapValue = [[ldapEntry attributeWithName: IMAPLoginField] stringValueAtIndex: 0]; if ([ldapValue length] > 0) - [ldifRecord setObject: ldapValue forKey: @"c_imaplogin"]; + [ldifRecord setObject: ldapValue forKey: @"c_imaplogin"]; } if (SieveHostField) { ldapValue = [[ldapEntry attributeWithName: SieveHostField] stringValueAtIndex: 0]; if ([ldapValue length] > 0) - [ldifRecord setObject: ldapValue forKey: @"c_sievehostname"]; + [ldifRecord setObject: ldapValue forKey: @"c_sievehostname"]; } } - (void) _fillConstraints: (NGLdapEntry *) ldapEntry - forModule: (NSString *) module + forModule: (NSString *) module intoLDIFRecord: (NSMutableDictionary *) ldifRecord { NSDictionary *constraints; @@ -880,15 +879,15 @@ andMultipleBookingsField: (NSString *) newMultipleBookingsField matches = [[constraints allKeys] objectEnumerator]; currentMatch = [matches nextObject]; while (result && currentMatch) - { - ldapValue = [[ldapEntry attributeWithName: currentMatch] - stringValueAtIndex: 0]; - currentValue = [constraints objectForKey: currentMatch]; - if ([ldapValue caseInsensitiveMatches: currentValue]) - currentMatch = [matches nextObject]; - else - result = NO; - } + { + ldapValue = [[ldapEntry attributeWithName: currentMatch] + stringValueAtIndex: 0]; + currentValue = [constraints objectForKey: currentMatch]; + if ([ldapValue caseInsensitiveMatches: currentValue]) + currentMatch = [matches nextObject]; + else + result = NO; + } } [ldifRecord setObject: [NSNumber numberWithBool: result] @@ -993,8 +992,8 @@ andMultipleBookingsField: (NSString *) newMultipleBookingsField classes = [NSMutableArray arrayWithArray: o]; c = [classes count]; for (i = 0; i < c; i++) - [classes replaceObjectAtIndex: i - withObject: [[classes objectAtIndex: i] lowercaseString]]; + [classes replaceObjectAtIndex: i + withObject: [[classes objectAtIndex: i] lowercaseString]]; } if (classes) @@ -1002,26 +1001,26 @@ andMultipleBookingsField: (NSString *) newMultipleBookingsField // We check if our entry is a group. If so, we set the // 'isGroup' custom attribute. if ([classes containsObject: @"group"] || - [classes containsObject: @"groupofnames"] || - [classes containsObject: @"groupofuniquenames"] || - [classes containsObject: @"posixgroup"]) - { - [ldifRecord setObject: [NSNumber numberWithInt: 1] + [classes containsObject: @"groupofnames"] || + [classes containsObject: @"groupofuniquenames"] || + [classes containsObject: @"posixgroup"]) + { + [ldifRecord setObject: [NSNumber numberWithInt: 1] forKey: @"isGroup"]; - } + } // We check if our entry is a resource. We also support // determining resources based on the KindFieldName attribute // value - see below. else if ([classes containsObject: @"calendarresource"]) - { - [ldifRecord setObject: [NSNumber numberWithInt: 1] + { + [ldifRecord setObject: [NSNumber numberWithInt: 1] forKey: @"isResource"]; - } + } } // We check if that entry corresponds to a resource. For this, // kindField must be defined and it must hold one of those values - // + // // location // thing // group @@ -1226,19 +1225,19 @@ andMultipleBookingsField: (NSString *) newMultipleBookingsField - (NGLdapEntry *) lookupGroupEntryByUID: (NSString *) theUID { return [self lookupGroupEntryByAttribute: UIDField - andValue: theUID]; + andValue: theUID]; } - (NGLdapEntry *) lookupGroupEntryByEmail: (NSString *) theEmail { #warning We should support MailFieldNames return [self lookupGroupEntryByAttribute: @"mail" - andValue: theEmail]; + andValue: theEmail]; } // This method should accept multiple attributes - (NGLdapEntry *) lookupGroupEntryByAttribute: (NSString *) theAttribute - andValue: (NSString *) theValue + andValue: (NSString *) theValue { EOQualifier *qualifier; NSString *s;