X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/6545de78cb822ab5db97a2f16fe7a42cc9488bd8..3ecab1575ef1f45a5e7cd3c48cd937ffa8eb0ad9:/src/src/lookups/ldap.c

diff --git a/src/src/lookups/ldap.c b/src/src/lookups/ldap.c
index 943e431db..244d67561 100644
--- a/src/src/lookups/ldap.c
+++ b/src/src/lookups/ldap.c
@@ -1,10 +1,8 @@
-/* $Cambridge: exim/src/src/lookups/ldap.c,v 1.15 2009/11/16 19:50:38 nm4 Exp $ */
-
 /*************************************************
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) University of Cambridge 1995 - 2009 */
+/* Copyright (c) University of Cambridge 1995 - 2012 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 /* Many thanks to Stuart Lynne for contributing the original code for this
@@ -431,6 +429,60 @@ if (lcp == NULL)
     }
   #endif  /* LDAP_OPT_X_TLS */
 
+  #ifdef LDAP_OPT_X_TLS_CACERTFILE
+  if (eldap_ca_cert_file != NULL)
+    {
+    ldap_set_option(ld, LDAP_OPT_X_TLS_CACERTFILE, eldap_ca_cert_file);
+    }
+  #endif
+  #ifdef LDAP_OPT_X_TLS_CACERTDIR
+  if (eldap_ca_cert_dir != NULL)
+    {
+    ldap_set_option(ld, LDAP_OPT_X_TLS_CACERTDIR, eldap_ca_cert_dir);
+    }
+  #endif
+  #ifdef LDAP_OPT_X_TLS_CERTFILE
+  if (eldap_cert_file != NULL)
+    {
+    ldap_set_option(ld, LDAP_OPT_X_TLS_CERTFILE, eldap_cert_file);
+    }
+  #endif
+  #ifdef LDAP_OPT_X_TLS_KEYFILE
+  if (eldap_cert_key != NULL)
+    {
+    ldap_set_option(ld, LDAP_OPT_X_TLS_KEYFILE, eldap_cert_key);
+    }
+  #endif
+  #ifdef LDAP_OPT_X_TLS_CIPHER_SUITE
+  if (eldap_cipher_suite != NULL)
+    {
+    ldap_set_option(ld, LDAP_OPT_X_TLS_CIPHER_SUITE, eldap_cipher_suite);
+    }
+  #endif
+  #ifdef LDAP_OPT_X_TLS_REQUIRE_CERT
+  if (eldap_require_cert != NULL)
+    {
+    int cert_option = LDAP_OPT_X_TLS_NEVER;
+    if (Ustrcmp(eldap_require_cert, "hard") == 0)
+      {
+      cert_option = LDAP_OPT_X_TLS_HARD;
+      }
+    else if (Ustrcmp(eldap_require_cert, "demand") == 0)
+      {
+      cert_option = LDAP_OPT_X_TLS_DEMAND;
+      }
+    else if (Ustrcmp(eldap_require_cert, "allow") == 0)
+      {
+      cert_option = LDAP_OPT_X_TLS_ALLOW;
+      }
+    else if (Ustrcmp(eldap_require_cert, "try") == 0)
+      {
+      cert_option = LDAP_OPT_X_TLS_TRY;
+      }
+    ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &cert_option);
+    }
+  #endif
+
   /* Now add this connection to the chain of cached connections */
 
   lcp = store_get(sizeof(LDAP_CONNECTION));
@@ -467,6 +519,18 @@ if (!lcp->bound ||
   {
   DEBUG(D_lookup) debug_printf("%sbinding with user=%s password=%s\n",
     (lcp->bound)? "re-" : "", user, password);
+#ifdef LDAP_OPT_X_TLS
+  /* The Oracle LDAP libraries (LDAP_LIB_TYPE=SOLARIS) don't support this: */
+  if (eldap_start_tls)
+    {
+        if ( (rc = ldap_start_tls_s(lcp->ld, NULL, NULL)) != LDAP_SUCCESS) {
+            *errmsg = string_sprintf("failed to initiate TLS processing on an "
+                "LDAP session to server %s%s - ldap_start_tls_s() returned %d:"
+                " %s", host, porttext, rc, ldap_err2string(rc));
+            goto RETURN_ERROR;
+        }
+    }
+#endif
   if ((msgid = ldap_bind(lcp->ld, CS user, CS password, LDAP_AUTH_SIMPLE))
        == -1)
     {
@@ -666,10 +730,10 @@ while ((rc = ldap_result(lcp->ld, msgid, 0, timeoutptr, &result)) ==
             DEBUG(D_lookup) debug_printf("LDAP attr loop %s:%s\n", attr, value);
 
             if (values != firstval)
-              data = string_cat(data, &size, &ptr, US", ", 2);
+              data = string_cat(data, &size, &ptr, US",", 1);
 
             /* For multiple attributes, the data is in quotes. We must escape
-            internal quotes, backslashes, newlines. */
+            internal quotes, backslashes, newlines, and must double commas. */
 
             if (attr_count != 1)
               {
@@ -678,6 +742,8 @@ while ((rc = ldap_result(lcp->ld, msgid, 0, timeoutptr, &result)) ==
                 {
                 if (value[j] == '\n')
                   data = string_cat(data, &size, &ptr, US"\\n", 2);
+                else if (value[j] == ',')
+                  data = string_cat(data, &size, &ptr, US",,", 2);
                 else
                   {
                   if (value[j] == '\"' || value[j] == '\\')
@@ -687,9 +753,20 @@ while ((rc = ldap_result(lcp->ld, msgid, 0, timeoutptr, &result)) ==
                 }
               }
 
-            /* For single attributes, copy the value verbatim */
+            /* For single attributes, just double commas */
+
+	    else
+	      {
+	      int j;
+	      for (j = 0; j < len; j++)
+	        {
+	        if (value[j] == ',')
+	          data = string_cat(data, &size, &ptr, US",,", 2);
+	        else
+	          data = string_cat(data, &size, &ptr, value+j, 1);
+	        }
+	      }
 
-            else data = string_cat(data, &size, &ptr, value, len);
 
             /* Move on to the next value */