1
0
mirror of https://github.com/moparisthebest/davmail synced 2024-12-13 03:02:22 -05:00

LDAP: fix DIGEST-MD5 authentication and adjust dn context for OSX Lion, still experimental

git-svn-id: http://svn.code.sf.net/p/davmail/code/trunk@1800 3d1905a2-6b24-0410-a738-b14d5a86fcbd
This commit is contained in:
mguessan 2011-09-28 09:04:48 +00:00
parent 472b11a608
commit e76582ede7

View File

@ -27,6 +27,7 @@ import davmail.Settings;
import davmail.exception.DavMailException; import davmail.exception.DavMailException;
import davmail.exchange.ExchangeSession; import davmail.exchange.ExchangeSession;
import davmail.exchange.ExchangeSessionFactory; import davmail.exchange.ExchangeSessionFactory;
import davmail.exchange.dav.DavExchangeSession;
import davmail.ui.tray.DavGatewayTray; import davmail.ui.tray.DavGatewayTray;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
@ -60,6 +61,10 @@ public class LdapConnection extends AbstractConnection {
static final String COMPUTER_CONTEXT = "cn=computers, o=od"; static final String COMPUTER_CONTEXT = "cn=computers, o=od";
static final String OD_GROUP_CONTEXT = "cn=groups, o=od"; static final String OD_GROUP_CONTEXT = "cn=groups, o=od";
// TODO: adjust Directory Utility settings
static final String COMPUTER_CONTEXT_LION = "cn=computers,o=od";
static final String OD_USER_CONTEXT_LION = "cn=users, ou=people";
/** /**
* Root DSE naming contexts (default and OpenDirectory) * Root DSE naming contexts (default and OpenDirectory)
*/ */
@ -552,8 +557,7 @@ public class LdapConnection extends AbstractConnection {
} }
}; };
int status; int status;
if (reqBer.bytesLeft() > 0) { if (reqBer.bytesLeft() > 0 && saslServer != null) {
if (saslServer != null) {
byte[] clientResponse = reqBer.parseOctetString(Ber.ASN_OCTET_STR, null); byte[] clientResponse = reqBer.parseOctetString(Ber.ASN_OCTET_STR, null);
serverResponse = saslServer.evaluateResponse(clientResponse); serverResponse = saslServer.evaluateResponse(clientResponse);
status = LDAP_SUCCESS; status = LDAP_SUCCESS;
@ -568,10 +572,6 @@ public class LdapConnection extends AbstractConnection {
DavGatewayTray.debug(new BundleMessage("LOG_LDAP_REQ_BIND_INVALID_CREDENTIALS")); DavGatewayTray.debug(new BundleMessage("LOG_LDAP_REQ_BIND_INVALID_CREDENTIALS"));
} }
} else {
throw new IOException("Invalid authentication sequence");
}
} else { } else {
Map<String, String> properties = new HashMap<String, String>(); Map<String, String> properties = new HashMap<String, String>();
properties.put("javax.security.sasl.qop", "auth,auth-int"); properties.put("javax.security.sasl.qop", "auth,auth-int");
@ -634,7 +634,7 @@ public class LdapConnection extends AbstractConnection {
LdapFilter ldapFilter = parseFilter(reqBer); LdapFilter ldapFilter = parseFilter(reqBer);
Set<String> returningAttributes = parseReturningAttributes(reqBer); Set<String> returningAttributes = parseReturningAttributes(reqBer);
SearchRunnable searchRunnable = new SearchRunnable(currentMessageId, dn, scope, sizeLimit, timelimit, ldapFilter, returningAttributes); SearchRunnable searchRunnable = new SearchRunnable(currentMessageId, dn, scope, sizeLimit, timelimit, ldapFilter, returningAttributes);
if (BASE_CONTEXT.equalsIgnoreCase(dn) || OD_USER_CONTEXT.equalsIgnoreCase(dn)) { if (BASE_CONTEXT.equalsIgnoreCase(dn) || OD_USER_CONTEXT.equalsIgnoreCase(dn) || OD_USER_CONTEXT_LION.equalsIgnoreCase(dn)) {
// launch search in a separate thread // launch search in a separate thread
synchronized (searchThreadMap) { synchronized (searchThreadMap) {
searchThreadMap.put(currentMessageId, searchRunnable); searchThreadMap.put(currentMessageId, searchRunnable);
@ -759,8 +759,8 @@ public class LdapConnection extends AbstractConnection {
String sValue = value.toString(); String sValue = value.toString();
if ("uid".equalsIgnoreCase(attributeName) && sValue.equals(userName)) { if ("uid".equalsIgnoreCase(attributeName) && sValue.equals(userName)) {
// replace with actual alias instead of login name search // replace with actual alias instead of login name search, only in Dav mode
if (sValue.equals(userName)) { if (sValue.equals(userName) && session instanceof DavExchangeSession) {
sValue = session.getAlias(); sValue = session.getAlias();
DavGatewayTray.debug(new BundleMessage("LOG_LDAP_REPLACED_UID_FILTER", userName, sValue)); DavGatewayTray.debug(new BundleMessage("LOG_LDAP_REPLACED_UID_FILTER", userName, sValue));
} }
@ -908,6 +908,8 @@ public class LdapConnection extends AbstractConnection {
addIf(attributes, returningAttributes, "objectClass", objectClasses); addIf(attributes, returningAttributes, "objectClass", objectClasses);
addIf(attributes, returningAttributes, "apple-generateduid", COMPUTER_GUID); addIf(attributes, returningAttributes, "apple-generateduid", COMPUTER_GUID);
addIf(attributes, returningAttributes, "apple-serviceinfo", getServiceInfo()); addIf(attributes, returningAttributes, "apple-serviceinfo", getServiceInfo());
// TODO: remove ?
addIf(attributes, returningAttributes, "apple-xmlplist", getServiceInfo());
addIf(attributes, returningAttributes, "apple-serviceslocator", "::anyService"); addIf(attributes, returningAttributes, "apple-serviceslocator", "::anyService");
addIf(attributes, returningAttributes, "cn", getCurrentHostName()); addIf(attributes, returningAttributes, "cn", getCurrentHostName());
@ -1461,11 +1463,11 @@ public class LdapConnection extends AbstractConnection {
} else { } else {
DavGatewayTray.debug(new BundleMessage("LOG_LDAP_REQ_SEARCH_INVALID_DN", currentMessageId, dn)); DavGatewayTray.debug(new BundleMessage("LOG_LDAP_REQ_SEARCH_INVALID_DN", currentMessageId, dn));
} }
} else if (COMPUTER_CONTEXT.equals(dn)) { } else if (COMPUTER_CONTEXT.equals(dn) || COMPUTER_CONTEXT_LION.equals(dn)) {
size = 1; size = 1;
// computer context for iCal // computer context for iCal
sendComputerContext(currentMessageId, returningAttributes); sendComputerContext(currentMessageId, returningAttributes);
} else if ((BASE_CONTEXT.equalsIgnoreCase(dn) || OD_USER_CONTEXT.equalsIgnoreCase(dn))) { } else if ((BASE_CONTEXT.equalsIgnoreCase(dn) || OD_USER_CONTEXT.equalsIgnoreCase(dn)) || OD_USER_CONTEXT_LION.equalsIgnoreCase(dn)) {
if (session != null) { if (session != null) {
Map<String, ExchangeSession.Contact> persons = new HashMap<String, ExchangeSession.Contact>(); Map<String, ExchangeSession.Contact> persons = new HashMap<String, ExchangeSession.Contact>();
if (ldapFilter.isFullSearch()) { if (ldapFilter.isFullSearch()) {