-/* $Cambridge: exim/src/src/lookups/ldap.c,v 1.15 2009/11/16 19:50:38 nm4 Exp $ */
-
/*************************************************
* Exim - an Internet mail transport agent *
*************************************************/
}
#endif /* LDAP_OPT_X_TLS */
+ #ifdef LDAP_OPT_X_TLS_CACERTFILE
+ if (eldap_ca_cert_file != NULL)
+ {
+ ldap_set_option(ld, LDAP_OPT_X_TLS_CACERTFILE, eldap_ca_cert_file);
+ }
+ #endif
+ #ifdef LDAP_OPT_X_TLS_CACERTDIR
+ if (eldap_ca_cert_dir != NULL)
+ {
+ ldap_set_option(ld, LDAP_OPT_X_TLS_CACERTDIR, eldap_ca_cert_dir);
+ }
+ #endif
+ #ifdef LDAP_OPT_X_TLS_CERTFILE
+ if (eldap_cert_file != NULL)
+ {
+ ldap_set_option(ld, LDAP_OPT_X_TLS_CERTFILE, eldap_cert_file);
+ }
+ #endif
+ #ifdef LDAP_OPT_X_TLS_KEYFILE
+ if (eldap_cert_key != NULL)
+ {
+ ldap_set_option(ld, LDAP_OPT_X_TLS_KEYFILE, eldap_cert_key);
+ }
+ #endif
+ #ifdef LDAP_OPT_X_TLS_CIPHER_SUITE
+ if (eldap_cipher_suite != NULL)
+ {
+ ldap_set_option(ld, LDAP_OPT_X_TLS_CIPHER_SUITE, eldap_cipher_suite);
+ }
+ #endif
+ #ifdef LDAP_OPT_X_TLS_REQUIRE_CERT
+ if (eldap_require_cert != NULL)
+ {
+ int cert_option = LDAP_OPT_X_TLS_NEVER;
+ if (Ustrcmp(eldap_require_cert, "hard") == 0)
+ {
+ cert_option = LDAP_OPT_X_TLS_HARD;
+ }
+ else if (Ustrcmp(eldap_require_cert, "demand") == 0)
+ {
+ cert_option = LDAP_OPT_X_TLS_DEMAND;
+ }
+ else if (Ustrcmp(eldap_require_cert, "allow") == 0)
+ {
+ cert_option = LDAP_OPT_X_TLS_ALLOW;
+ }
+ else if (Ustrcmp(eldap_require_cert, "try") == 0)
+ {
+ cert_option = LDAP_OPT_X_TLS_TRY;
+ }
+ ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &cert_option);
+ }
+ #endif
+
/* Now add this connection to the chain of cached connections */
lcp = store_get(sizeof(LDAP_CONNECTION));
{
DEBUG(D_lookup) debug_printf("%sbinding with user=%s password=%s\n",
(lcp->bound)? "re-" : "", user, password);
+#ifdef LDAP_OPT_X_TLS
+ /* The Oracle LDAP libraries (LDAP_LIB_TYPE=SOLARIS) don't support this: */
+ if (eldap_start_tls)
+ {
+ if ( (rc = ldap_start_tls_s(lcp->ld, NULL, NULL)) != LDAP_SUCCESS) {
+ *errmsg = string_sprintf("failed to initiate TLS processing on an "
+ "LDAP session to server %s%s - ldap_start_tls_s() returned %d:"
+ " %s", host, porttext, rc, ldap_err2string(rc));
+ goto RETURN_ERROR;
+ }
+ }
+#endif
if ((msgid = ldap_bind(lcp->ld, CS user, CS password, LDAP_AUTH_SIMPLE))
== -1)
{
DEBUG(D_lookup) debug_printf("LDAP attr loop %s:%s\n", attr, value);
if (values != firstval)
- data = string_cat(data, &size, &ptr, US", ", 2);
+ data = string_cat(data, &size, &ptr, US",", 1);
/* For multiple attributes, the data is in quotes. We must escape
- internal quotes, backslashes, newlines. */
+ internal quotes, backslashes, newlines, and must double commas. */
if (attr_count != 1)
{
{
if (value[j] == '\n')
data = string_cat(data, &size, &ptr, US"\\n", 2);
+ else if (value[j] == ',')
+ data = string_cat(data, &size, &ptr, US",,", 2);
else
{
if (value[j] == '\"' || value[j] == '\\')
}
}
- /* For single attributes, copy the value verbatim */
+ /* For single attributes, just double commas */
+
+ else
+ {
+ int j;
+ for (j = 0; j < len; j++)
+ {
+ if (value[j] == ',')
+ data = string_cat(data, &size, &ptr, US",,", 2);
+ else
+ data = string_cat(data, &size, &ptr, value+j, 1);
+ }
+ }
- else data = string_cat(data, &size, &ptr, value, len);
/* Move on to the next value */
return quoted;
}
+
+
+/*************************************************
+* Version reporting entry point *
+*************************************************/
+
+/* See local README for interface description. */
+
+#include "../version.h"
+
+void
+ldap_version_report(FILE *f)
+{
+#ifdef DYNLOOKUP
+fprintf(f, "Library version: LDAP: Exim version %s\n", EXIM_VERSION_STR);
+#endif
+}
+
+
static lookup_info ldap_lookup_info = {
US"ldap", /* lookup name */
lookup_querystyle, /* query-style lookup */
eldap_find, /* find function */
NULL, /* no close function */
eldap_tidy, /* tidy function */
- eldap_quote /* quoting function */
+ eldap_quote, /* quoting function */
+ ldap_version_report /* version reporting */
};
static lookup_info ldapdn_lookup_info = {
eldapdn_find, /* find function */
NULL, /* no close function */
eldap_tidy, /* sic */ /* tidy function */
- eldap_quote /* sic */ /* quoting function */
+ eldap_quote, /* sic */ /* quoting function */
+ NULL /* no version reporting (redundant) */
};
static lookup_info ldapm_lookup_info = {
eldapm_find, /* find function */
NULL, /* no close function */
eldap_tidy, /* sic */ /* tidy function */
- eldap_quote /* sic */ /* quoting function */
+ eldap_quote, /* sic */ /* quoting function */
+ NULL /* no version reporting (redundant) */
};
#ifdef DYNLOOKUP