Kolab Groupware OBS

cyrus-imapd.spec Changed

cyrus-imapd-2.4.10-bob-ptloader-ldap.patch Deleted

@@ -1,1230 +0,0 @@
-diff --git a/lib/imapoptions b/lib/imapoptions
-index 464de37..98e0341 100644
---- a/lib/imapoptions
-+++ b/lib/imapoptions
-@@ -483,6 +483,9 @@ Blank lines and lines beginning with ``#'' are ignored.
- { "ldap_mech", NULL, STRING }
- /* SASL mechanism for LDAP authentication */
- 
-+{ "ldap_user_attribute", NULL, STRING }
-+/* Specify LDAP attribute to use as canonical user id */
-+
- { "ldap_member_attribute", NULL, STRING }
- /* See ldap_member_method. */
- 
-diff --git a/ptclient/ldap.c b/ptclient/ldap.c
-index 7bd8664..b3507d1 100644
---- a/ptclient/ldap.c
-+++ b/ptclient/ldap.c
-@@ -91,7 +91,7 @@
-  * This may not be restrictive enough.
-  * Here are the reasons for the restrictions:
-  *
-- * &	forbidden because of MUTF-7.  (This could be fixed.)
-+ * &    forbidden because of MUTF-7.  (This could be fixed.)
-  * :    forbidden because it's special in /etc/passwd
-  * /    forbidden because it can't be used in a mailbox name
-  * * %  forbidden because they're IMAP magic in the LIST/LSUB commands
-@@ -158,6 +158,7 @@ typedef struct _ptsm {
-     const char   *tls_cert;
-     const char   *tls_key;
-     int    member_method;
-+    const char   *user_attribute;
-     const char   *member_attribute;
-     const char   *member_filter;
-     const char   *member_base;
-@@ -182,41 +183,41 @@ typedef struct _ptsm {
- static t_ptsm *ptsm = NULL;
- 
- static int ptsmodule_interact(
--	LDAP *ld, 
--	unsigned flags __attribute__((unused)), 
--	void *def, 
--	void *inter)
-+    LDAP *ld,
-+    unsigned flags __attribute__((unused)),
-+    void *def,
-+    void *inter)
- {
--	sasl_interact_t *in = inter;
--	const char *p;
--	t_ptsm *ptsmdef = def;
--
--	for (;in->id != SASL_CB_LIST_END;in++) {
--		p = NULL;
--		switch(in->id) {
--			case SASL_CB_AUTHNAME:
--				if (ISSET(ptsmdef->id))
--					p = ptsmdef->id;
--				break;
--			case SASL_CB_USER:
--				if (ISSET(ptsmdef->authz))
--					p = ptsmdef->authz;
--				break;
--			case SASL_CB_GETREALM:
--				if (ISSET(ptsmdef->realm))
--					p = ptsmdef->realm;
--				break;          
--			case SASL_CB_PASS:
--				if (ISSET(ptsmdef->password))
--					p = ptsmdef->password;
--				break;
--		}
--
--		in->result = p ? p : "";
--		in->len = strlen(in->result);
--	}
--
--	return LDAP_SUCCESS;
-+    sasl_interact_t *in = inter;
-+    const char *p;
-+    t_ptsm *ptsmdef = def;
-+
-+    for (;in->id != SASL_CB_LIST_END;in++) {
-+        p = NULL;
-+        switch(in->id) {
-+            case SASL_CB_AUTHNAME:
-+                if (ISSET(ptsmdef->id))
-+                    p = ptsmdef->id;
-+                break;
-+            case SASL_CB_USER:
-+                if (ISSET(ptsmdef->authz))
-+                    p = ptsmdef->authz;
-+                break;
-+            case SASL_CB_GETREALM:
-+                if (ISSET(ptsmdef->realm))
-+                    p = ptsmdef->realm;
-+                break;
-+            case SASL_CB_PASS:
-+                if (ISSET(ptsmdef->password))
-+                    p = ptsmdef->password;
-+                break;
-+        }
-+
-+        in->result = p ? p : "";
-+        in->len = strlen(in->result);
-+    }
-+
-+    return LDAP_SUCCESS;
- }
- 
- /*
-@@ -259,11 +260,11 @@ static char *ptsmodule_canonifyid(const char *identifier, size_t len)
-         switch (allowedchars[*(unsigned char*) p]) {
-         case 0:
-             return NULL;
--            
-+
-         case 2:
-             sawalpha = 1;
-             /* FALL THROUGH */
--            
-+
-         default:
-             ;
-         }
-@@ -275,149 +276,149 @@ static char *ptsmodule_canonifyid(const char *identifier, size_t len)
- }
- 
- 
--static int ptsmodule_connect(void) 
-+static int ptsmodule_connect(void)
- {
--	int rc = 0;
--
--	if (ptsm == NULL)  // Sanity Check
--		return PTSM_FAIL;
--
--	if (ptsm->ld != NULL)
--		return PTSM_OK;
--
--	if (ISSET(ptsm->tls_cacert_file)) {
--		rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTFILE, ptsm->tls_cacert_file);
--		if (rc != LDAP_SUCCESS) {
--			syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_CACERTFILE (%s).", ldap_err2string (rc));
--		}
--	}
--
--	if (ISSET(ptsm->tls_cacert_dir)) {
--		rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTDIR, ptsm->tls_cacert_dir);
--		if (rc != LDAP_SUCCESS) {
--			syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_CACERTDIR (%s).", ldap_err2string (rc));
--		}
--	}
--
--	if (ptsm->tls_check_peer != 0) {
--		rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &ptsm->tls_check_peer);
--		if (rc != LDAP_SUCCESS) {
--			syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_REQUIRE_CERT (%s).", ldap_err2string (rc));
--		}
--	}
--
--	if (ISSET(ptsm->tls_ciphers)) {
--		/* set cipher suite, certificate and private key: */
--		rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CIPHER_SUITE, ptsm->tls_ciphers);
--		if (rc != LDAP_SUCCESS) {
--			syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_CIPHER_SUITE (%s).", ldap_err2string (rc));
--		}
--	}
--
--	if (ISSET(ptsm->tls_cert)) {
--		rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, ptsm->tls_cert);
--		if (rc != LDAP_SUCCESS) {
--			syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_CERTFILE (%s).", ldap_err2string (rc));
--		}
--	}
--
--	if (ISSET(ptsm->tls_key)) {
--		rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, ptsm->tls_key);
--		if (rc != LDAP_SUCCESS) {
--			syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_KEYFILE (%s).", ldap_err2string (rc));
--		}
--	}
--
--	rc = ldap_initialize(&ptsm->ld, ptsm->uri);
--	if (rc != LDAP_SUCCESS) {
--		syslog(LOG_ERR, "ldap_initialize failed (%s)", ptsm->uri);
--		return PTSM_FAIL;
--	}
--
--	rc = ldap_set_option(ptsm->ld, LDAP_OPT_PROTOCOL_VERSION, &(ptsm->version));
--	if (rc != LDAP_OPT_SUCCESS) {
--
--		if (ptsm->sasl ||
--		    ptsm->start_tls) {
--			syslog(LOG_ERR, "Failed to set LDAP_OPT_PROTOCOL_VERSION %d, required for ldap_start_tls and ldap_sasl.", ptsm->version);
--			ldap_unbind(ptsm->ld);
-+    int rc = 0;
-+
-+    if (ptsm == NULL)  // Sanity Check
-+        return PTSM_FAIL;
-+
-+    if (ptsm->ld != NULL)
-+        return PTSM_OK;
-+
-+    if (ISSET(ptsm->tls_cacert_file)) {
-+        rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTFILE, ptsm->tls_cacert_file);
-+        if (rc != LDAP_SUCCESS) {
-+            syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_CACERTFILE (%s).", ldap_err2string (rc));
-+        }
-+    }
-+
-+    if (ISSET(ptsm->tls_cacert_dir)) {
-+        rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTDIR, ptsm->tls_cacert_dir);
-+        if (rc != LDAP_SUCCESS) {
-+            syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_CACERTDIR (%s).", ldap_err2string (rc));
-+        }
-+    }
-+
-+    if (ptsm->tls_check_peer != 0) {
-+        rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &ptsm->tls_check_peer);
-+        if (rc != LDAP_SUCCESS) {
-+            syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_REQUIRE_CERT (%s).", ldap_err2string (rc));
-+        }
-+    }
-+
-+    if (ISSET(ptsm->tls_ciphers)) {
-+        /* set cipher suite, certificate and private key: */
-+        rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CIPHER_SUITE, ptsm->tls_ciphers);
-+        if (rc != LDAP_SUCCESS) {
-+            syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_CIPHER_SUITE (%s).", ldap_err2string (rc));
-+        }
-+    }
-+
-+    if (ISSET(ptsm->tls_cert)) {
-+        rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, ptsm->tls_cert);
-+        if (rc != LDAP_SUCCESS) {
-+            syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_CERTFILE (%s).", ldap_err2string (rc));
-+        }
-+    }
-+
-+    if (ISSET(ptsm->tls_key)) {
-+        rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, ptsm->tls_key);
-+        if (rc != LDAP_SUCCESS) {
-+            syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_KEYFILE (%s).", ldap_err2string (rc));
-+        }
-+    }
-+
-+    rc = ldap_initialize(&ptsm->ld, ptsm->uri);
-+    if (rc != LDAP_SUCCESS) {
-+        syslog(LOG_ERR, "ldap_initialize failed (%s)", ptsm->uri);
-+        return PTSM_FAIL;
-+    }
-+
-+    rc = ldap_set_option(ptsm->ld, LDAP_OPT_PROTOCOL_VERSION, &(ptsm->version));
-+    if (rc != LDAP_OPT_SUCCESS) {
-+
-+        if (ptsm->sasl ||
-+            ptsm->start_tls) {
-+            syslog(LOG_ERR, "Failed to set LDAP_OPT_PROTOCOL_VERSION %d, required for ldap_start_tls and ldap_sasl.", ptsm->version);
-+            ldap_unbind(ptsm->ld);
-             ptsm->ld = NULL;
--			return PTSM_FAIL;
--		} else
--			syslog(LOG_WARNING, "Unable to set LDAP_OPT_PROTOCOL_VERSION %d.", ptsm->version);
--
--		ptsm->version = LDAP_VERSION2;
--	}
--
--	rc = ldap_set_option(ptsm->ld, LDAP_OPT_NETWORK_TIMEOUT, &(ptsm->timeout));
--	if (rc != LDAP_OPT_SUCCESS) {
--		syslog(LOG_WARNING, "Unable to set LDAP_OPT_NETWORK_TIMEOUT %d.%d.", ptsm->timeout.tv_sec, ptsm->timeout.tv_usec);
--	}
--
--	rc = ldap_set_option(ptsm->ld, LDAP_OPT_TIMELIMIT, &(ptsm->time_limit));
--	if (rc != LDAP_OPT_SUCCESS) {
--		syslog(LOG_WARNING, "Unable to set LDAP_OPT_TIMELIMIT %d.", ptsm->time_limit);
--	}
--
--	rc = ldap_set_option(ptsm->ld, LDAP_OPT_DEREF, &(ptsm->deref));
--	if (rc != LDAP_OPT_SUCCESS) {
--		syslog(LOG_WARNING, "Unable to set LDAP_OPT_DEREF %d.", ptsm->deref);
--	}
--
--	rc = ldap_set_option(ptsm->ld, LDAP_OPT_REFERRALS, ptsm->referrals ? LDAP_OPT_ON : LDAP_OPT_OFF);
--	if (rc != LDAP_OPT_SUCCESS) {
--		syslog(LOG_WARNING, "Unable to set LDAP_OPT_REFERRALS.");
--	}
--
--	rc = ldap_set_option(ptsm->ld, LDAP_OPT_SIZELIMIT, &(ptsm->size_limit));
--	if (rc != LDAP_OPT_SUCCESS)
--		syslog(LOG_WARNING, "Unable to set LDAP_OPT_SIZELIMIT %d.", ptsm->size_limit);
--
--	rc = ldap_set_option(ptsm->ld, LDAP_OPT_RESTART, ptsm->restart ? LDAP_OPT_ON : LDAP_OPT_OFF);
--	if (rc != LDAP_OPT_SUCCESS) {
--		syslog(LOG_WARNING, "Unable to set LDAP_OPT_RESTART.");
--	}
--
--	if (ptsm->start_tls) {
--
--		rc = ldap_start_tls_s(ptsm->ld, NULL, NULL);
--		if (rc != LDAP_SUCCESS) {
--			syslog(LOG_ERR, "start tls failed (%s).", ldap_err2string(rc));
--			ldap_unbind(ptsm->ld);
-+            return PTSM_FAIL;
-+        } else
-+            syslog(LOG_WARNING, "Unable to set LDAP_OPT_PROTOCOL_VERSION %d.", ptsm->version);
-+
-+        ptsm->version = LDAP_VERSION2;
-+    }
-+
-+    rc = ldap_set_option(ptsm->ld, LDAP_OPT_NETWORK_TIMEOUT, &(ptsm->timeout));
-+    if (rc != LDAP_OPT_SUCCESS) {
-+        syslog(LOG_WARNING, "Unable to set LDAP_OPT_NETWORK_TIMEOUT %d.%d.", ptsm->timeout.tv_sec, ptsm->timeout.tv_usec);
-+    }
-+
-+    rc = ldap_set_option(ptsm->ld, LDAP_OPT_TIMELIMIT, &(ptsm->time_limit));
-+    if (rc != LDAP_OPT_SUCCESS) {
-+        syslog(LOG_WARNING, "Unable to set LDAP_OPT_TIMELIMIT %d.", ptsm->time_limit);
-+    }
-+
-+    rc = ldap_set_option(ptsm->ld, LDAP_OPT_DEREF, &(ptsm->deref));
-+    if (rc != LDAP_OPT_SUCCESS) {
-+        syslog(LOG_WARNING, "Unable to set LDAP_OPT_DEREF %d.", ptsm->deref);
-+    }
-+
-+    rc = ldap_set_option(ptsm->ld, LDAP_OPT_REFERRALS, ptsm->referrals ? LDAP_OPT_ON : LDAP_OPT_OFF);
-+    if (rc != LDAP_OPT_SUCCESS) {
-+        syslog(LOG_WARNING, "Unable to set LDAP_OPT_REFERRALS.");
-+    }
-+
-+    rc = ldap_set_option(ptsm->ld, LDAP_OPT_SIZELIMIT, &(ptsm->size_limit));
-+    if (rc != LDAP_OPT_SUCCESS)
-+        syslog(LOG_WARNING, "Unable to set LDAP_OPT_SIZELIMIT %d.", ptsm->size_limit);
-+
-+    rc = ldap_set_option(ptsm->ld, LDAP_OPT_RESTART, ptsm->restart ? LDAP_OPT_ON : LDAP_OPT_OFF);
-+    if (rc != LDAP_OPT_SUCCESS) {
-+        syslog(LOG_WARNING, "Unable to set LDAP_OPT_RESTART.");
-+    }
-+
-+    if (ptsm->start_tls) {
-+
-+        rc = ldap_start_tls_s(ptsm->ld, NULL, NULL);
-+        if (rc != LDAP_SUCCESS) {
-+            syslog(LOG_ERR, "start tls failed (%s).", ldap_err2string(rc));
-+            ldap_unbind(ptsm->ld);
-             ptsm->ld = NULL;
--			return PTSM_FAIL;
--		}
--	}
--	
--	if (ptsm->sasl) {
--
--		if (EMPTY(ptsm->mech))
--			ldap_get_option(ptsm->ld, LDAP_OPT_X_SASL_MECH, &(ptsm->mech));
--
--		if (EMPTY(ptsm->realm))
--			ldap_get_option(ptsm->ld, LDAP_OPT_X_SASL_REALM, &(ptsm->realm));
--
--		if (ISSET(ptsm->sasl_secprops)) {
--			rc = ldap_set_option(ptsm->ld, LDAP_OPT_X_SASL_SECPROPS, (void *) ptsm->sasl_secprops);
--			if( rc != LDAP_OPT_SUCCESS ) {
--				syslog(LOG_ERR, "Unable to set LDAP_OPT_X_SASL_SECPROPS.");
--				ldap_unbind(ptsm->ld);
-+            return PTSM_FAIL;
-+        }
-+    }
-+
-+    if (ptsm->sasl) {
-+
-+        if (EMPTY(ptsm->mech))
-+            ldap_get_option(ptsm->ld, LDAP_OPT_X_SASL_MECH, &(ptsm->mech));
-+
-+        if (EMPTY(ptsm->realm))
-+            ldap_get_option(ptsm->ld, LDAP_OPT_X_SASL_REALM, &(ptsm->realm));
-+
-+        if (ISSET(ptsm->sasl_secprops)) {
-+            rc = ldap_set_option(ptsm->ld, LDAP_OPT_X_SASL_SECPROPS, (void *) ptsm->sasl_secprops);
-+            if( rc != LDAP_OPT_SUCCESS ) {
-+                syslog(LOG_ERR, "Unable to set LDAP_OPT_X_SASL_SECPROPS.");
-+                ldap_unbind(ptsm->ld);
-                 ptsm->ld = NULL;
--				return PTSM_FAIL;
--			}
--		}
--
--		rc = ldap_sasl_interactive_bind_s(
--			ptsm->ld, 
--			ptsm->bind_dn,
--			ptsm->mech, 
--			NULL, 
--			NULL, 
--			LDAP_SASL_QUIET, 
--			ptsmodule_interact, 
--			ptsm);
--	} else
--		rc = ldap_simple_bind_s(ptsm->ld, ptsm->bind_dn, ptsm->password);
-+                return PTSM_FAIL;
-+            }
-+        }
-+
-+        rc = ldap_sasl_interactive_bind_s(
-+            ptsm->ld,
-+            ptsm->bind_dn,
-+            ptsm->mech,
-+            NULL,
-+            NULL,
-+            LDAP_SASL_QUIET,
-+            ptsmodule_interact,
-+            ptsm);
-+    } else
-+        rc = ldap_simple_bind_s(ptsm->ld, ptsm->bind_dn, ptsm->password);
- 
-     if (rc != LDAP_SUCCESS) {
-         syslog(LOG_ERR,
-@@ -425,14 +426,14 @@ static int ptsmodule_connect(void)
-         ldap_unbind(ptsm->ld);
-         ptsm->ld = NULL;
-         return (rc == LDAP_SERVER_DOWN ? PTSM_RETRY : PTSM_FAIL);
--	}
-+    }
- 
--	return PTSM_OK;
-+    return PTSM_OK;
- }
- 
- /* API */
- 
--static void myinit(void) 
-+static void myinit(void)
- {
-     const char *p = NULL;
- 
-@@ -444,7 +445,7 @@ static void myinit(void)
-         fatal("xmalloc() failed", EC_CONFIG);
-     }
- 
--    ptsm->uri = (config_getstring(IMAPOPT_LDAP_URI) ? 
-+    ptsm->uri = (config_getstring(IMAPOPT_LDAP_URI) ?
-         config_getstring(IMAPOPT_LDAP_URI) : config_getstring(IMAPOPT_LDAP_SERVERS));
-     ptsm->version = (config_getint(IMAPOPT_LDAP_VERSION) == 2 ? LDAP_VERSION2 : LDAP_VERSION3);
-     ptsm->timeout.tv_sec = config_getint(IMAPOPT_LDAP_TIME_LIMIT);
-@@ -473,15 +474,15 @@ static void myinit(void)
-     }
-     ptsm->bind_dn = config_getstring(IMAPOPT_LDAP_BIND_DN);
-     ptsm->sasl = config_getswitch(IMAPOPT_LDAP_SASL);
--    ptsm->id = (config_getstring(IMAPOPT_LDAP_ID) ? 
-+    ptsm->id = (config_getstring(IMAPOPT_LDAP_ID) ?
-         config_getstring(IMAPOPT_LDAP_ID) : config_getstring(IMAPOPT_LDAP_SASL_AUTHC));
--    ptsm->authz = (config_getstring(IMAPOPT_LDAP_AUTHZ) ? 
-+    ptsm->authz = (config_getstring(IMAPOPT_LDAP_AUTHZ) ?
-         config_getstring(IMAPOPT_LDAP_AUTHZ) : config_getstring(IMAPOPT_LDAP_SASL_AUTHZ));
--    ptsm->mech = (config_getstring(IMAPOPT_LDAP_MECH) ? 
-+    ptsm->mech = (config_getstring(IMAPOPT_LDAP_MECH) ?
-         config_getstring(IMAPOPT_LDAP_MECH) : config_getstring(IMAPOPT_LDAP_SASL_MECH));
--    ptsm->realm = (config_getstring(IMAPOPT_LDAP_REALM) ? 
-+    ptsm->realm = (config_getstring(IMAPOPT_LDAP_REALM) ?
-         config_getstring(IMAPOPT_LDAP_REALM) : config_getstring(IMAPOPT_LDAP_SASL_REALM));
--    ptsm->password = (config_getstring(IMAPOPT_LDAP_PASSWORD) ? 
-+    ptsm->password = (config_getstring(IMAPOPT_LDAP_PASSWORD) ?
-         config_getstring(IMAPOPT_LDAP_PASSWORD) : config_getstring(IMAPOPT_LDAP_SASL_PASSWORD));
-     ptsm->start_tls = config_getswitch(IMAPOPT_LDAP_START_TLS);
-     ptsm->tls_check_peer = config_getswitch(IMAPOPT_LDAP_TLS_CHECK_PEER);
-@@ -508,6 +509,8 @@ static void myinit(void)
-     ptsm->member_base = config_getstring(IMAPOPT_LDAP_MEMBER_BASE);
-     ptsm->member_attribute = (config_getstring(IMAPOPT_LDAP_MEMBER_ATTRIBUTE) ?
-         config_getstring(IMAPOPT_LDAP_MEMBER_ATTRIBUTE) : config_getstring(IMAPOPT_LDAP_MEMBER_ATTRIBUTE));
-+    ptsm->user_attribute = (config_getstring(IMAPOPT_LDAP_USER_ATTRIBUTE) ?
-+        config_getstring(IMAPOPT_LDAP_USER_ATTRIBUTE) : config_getstring(IMAPOPT_LDAP_USER_ATTRIBUTE));
-     p = config_getstring(IMAPOPT_LDAP_GROUP_SCOPE);
-     if (!strcasecmp(p, "one")) {
-         ptsm->group_scope = LDAP_SCOPE_ONELEVEL;
-@@ -521,10 +524,10 @@ static void myinit(void)
-     ptsm->filter = config_getstring(IMAPOPT_LDAP_FILTER);
-     ptsm->base = config_getstring(IMAPOPT_LDAP_BASE);
- 
--	if (ptsm->version != LDAP_VERSION3 && 
--	    (ptsm->sasl ||
--	     ptsm->start_tls))
--	    ptsm->version = LDAP_VERSION3;
-+    if (ptsm->version != LDAP_VERSION3 &&
-+        (ptsm->sasl ||
-+         ptsm->start_tls))
-+        ptsm->version = LDAP_VERSION3;
- 
-     ptsm->ld = NULL;
- }
-@@ -533,98 +536,98 @@ static void myinit(void)
-  * Note: calling function must free memory.
-  */
- static int ptsmodule_escape(
--	const char *s, 
--	const unsigned int n, 
--	char **result) 
-+    const char *s,
-+    const unsigned int n,
-+    char **result)
- {
--	char *buf;
--	char *end, *ptr, *temp;
--
--	if (n > strlen(s))  // Sanity check, just in case
--		return PTSM_FAIL;
--
--	buf = xmalloc(n * 5 + 1);
--	if (buf == NULL) {
--		return PTSM_NOMEM;
--	}
--
--	buf[0] = '\0';
--	ptr = (char *)s;
--	end = ptr + n;
--
--	while (((temp = strpbrk(ptr, "*()\\\0"))!=NULL) && (temp<end)) {
--
--		if (temp>ptr)
--			strncat(buf, ptr, temp-ptr);
--
--		switch (*temp) {
--			case '*':
--				strcat(buf, "\\2a");
--				break;
--			case '(':
--				strcat(buf, "\\28");
--				break;
--			case ')':
--				strcat(buf, "\\29");
--				break;
--			case '\\':
--				strcat(buf, "\\5c");
--				break;
--			case '\0':
--				strcat(buf, "\\00");
--				break;
--		}
--		ptr=temp+1;
--	}
--	if (ptr<end)
--		strncat(buf, ptr, end-ptr);
--
--	*result = buf;
--
--	return PTSM_OK;
-+    char *buf;
-+    char *end, *ptr, *temp;
-+
-+    if (n > strlen(s))  // Sanity check, just in case
-+        return PTSM_FAIL;
-+
-+    buf = xmalloc(n * 5 + 1);
-+    if (buf == NULL) {
-+        return PTSM_NOMEM;
-+    }
-+
-+    buf[0] = '\0';
-+    ptr = (char *)s;
-+    end = ptr + n;
-+
-+    while (((temp = strpbrk(ptr, "*()\\\0"))!=NULL) && (temp<end)) {
-+
-+        if (temp>ptr)
-+            strncat(buf, ptr, temp-ptr);
-+
-+        switch (*temp) {
-+            case '*':
-+                strcat(buf, "\\2a");
-+                break;
-+            case '(':
-+                strcat(buf, "\\28");
-+                break;
-+            case ')':
-+                strcat(buf, "\\29");
-+                break;
-+            case '\\':
-+                strcat(buf, "\\5c");
-+                break;
-+            case '\0':
-+                strcat(buf, "\\00");
-+                break;
-+        }
-+        ptr=temp+1;
-+    }
-+    if (ptr<end)
-+        strncat(buf, ptr, end-ptr);
-+
-+    *result = buf;
-+
-+    return PTSM_OK;
- }
- 
- static int ptsmodule_tokenize_domains(
--	const char *d, 
--	int n, 
--	char **result)
-+    const char *d,
-+    int n,
-+    char **result)
- {
--	char *s, *s1;
--	char *lasts;
--	int nt, i, rc;
--
--	*result = NULL;
--
--	if (d == NULL || n < 1 || n > 9)
--		return PTSM_FAIL;
--
--	s = strdup(d);
--	if (s == NULL)
--		return PTSM_NOMEM;
--
--	for( nt=0, s1=s; *s1; s1++ )
--		if( *s1 == '.' ) nt++;
--	nt++;
--
--	if (n > nt) {
--		free(s);
--		return PTSM_FAIL;
--	}
--
--	i = nt - n;
--	s1 = (char *)strtok_r(s, ".", &lasts);
--	while(s1) {
--		if (i == 0) {
--			rc = ptsmodule_escape(s1, strlen(s1), result);
--			free(s);
--			return rc;
--		}
--		s1 = (char *)strtok_r(NULL, ".", &lasts);
--		i--;
--	}
--
--	free(s);
--	return PTSM_FAIL;
-+    char *s, *s1;
-+    char *lasts;
-+    int nt, i, rc;
-+
-+    *result = NULL;
-+
-+    if (d == NULL || n < 1 || n > 9)
-+        return PTSM_FAIL;
-+
-+    s = strdup(d);
-+    if (s == NULL)
-+        return PTSM_NOMEM;
-+
-+    for( nt=0, s1=s; *s1; s1++ )
-+        if( *s1 == '.' ) nt++;
-+    nt++;
-+
-+    if (n > nt) {
-+        free(s);
-+        return PTSM_FAIL;
-+    }
-+
-+    i = nt - n;
-+    s1 = (char *)strtok_r(s, ".", &lasts);
-+    while(s1) {
-+        if (i == 0) {
-+            rc = ptsmodule_escape(s1, strlen(s1), result);
-+            free(s);
-+            return rc;
-+        }
-+        s1 = (char *)strtok_r(NULL, ".", &lasts);
-+        i--;
-+    }
-+
-+    free(s);
-+    return PTSM_FAIL;
- }
- 
- #define PTSM_MAX(a,b) (a>b?a:b)
-@@ -642,137 +645,137 @@ static int ptsmodule_tokenize_domains(
-  * Note: calling function must free memory.
-  */
- static int ptsmodule_expand_tokens(
--	const char *pattern,
--	const char *username, 
--	const char *dn,
--	char **result) 
-+    const char *pattern,
-+    const char *username,
-+    const char *dn,
-+    char **result)
- {
--	char *buf; 
--	char *end, *ptr, *temp;
--	char *ebuf, *user;
--	char *domain;
--	int rc;
--
--	/* to permit multiple occurences of username and/or realm in filter */
--	/* and avoid memory overflow in filter build [eg: (|(uid=%u)(userid=%u)) ] */
--	int percents, user_len, dn_len, maxparamlength;
--	
--	if (pattern == NULL) {
--		syslog(LOG_ERR, "filter pattern not setup");
--		return PTSM_FAIL;
--	}
--
--	/* find the longest param of username and realm, 
--	   do not worry about domain because it is always shorter 
--	   then username                                           */
--	user_len=username ? strlen(username) : 0;
--	dn_len=dn ? strlen(dn) : 0;
--
--	maxparamlength = PTSM_MAX(user_len+1, dn_len); /* +1 for %R when '@' is prepended */
--
--	/* find the number of occurences of percent sign in filter */
--	for( percents=0, buf=(char *)pattern; *buf; buf++ ) {
--		if( *buf == '%' ) percents++;
--	}
--
--	/* percents * 3 * maxparamlength because we need to account for
-+    char *buf;
-+    char *end, *ptr, *temp;
-+    char *ebuf, *user;
-+    char *domain;
-+    int rc;
-+
-+    /* to permit multiple occurences of username and/or realm in filter */
-+    /* and avoid memory overflow in filter build [eg: (|(uid=%u)(userid=%u)) ] */
-+    int percents, user_len, dn_len, maxparamlength;
-+
-+    if (pattern == NULL) {
-+        syslog(LOG_ERR, "filter pattern not setup");
-+        return PTSM_FAIL;
-+    }
-+
-+    /* find the longest param of username and realm,
-+       do not worry about domain because it is always shorter
-+       then username                                           */
-+    user_len=username ? strlen(username) : 0;
-+    dn_len=dn ? strlen(dn) : 0;
-+
-+    maxparamlength = PTSM_MAX(user_len+1, dn_len); /* +1 for %R when '@' is prepended */
-+
-+    /* find the number of occurences of percent sign in filter */
-+    for( percents=0, buf=(char *)pattern; *buf; buf++ ) {
-+        if( *buf == '%' ) percents++;
-+    }
-+
-+    /* percents * 3 * maxparamlength because we need to account for
-          * an entirely-escaped worst-case-length parameter */
--	buf=xmalloc(strlen(pattern) + (percents * 3 * maxparamlength) +1);
--	if(buf == NULL)
--		return PTSM_NOMEM;
--	buf[0] = '\0';
--	
--	ptr = (char *)pattern;
--	end = ptr + strlen(ptr);
--
--	while ((temp=strchr(ptr,'%'))!=NULL ) {
--
--		if ((temp-ptr) > 0)
--			strncat(buf, ptr, temp-ptr);
--
--		if ((temp+1) >= end) {
--			syslog(LOG_DEBUG, "Incomplete lookup substitution format");
--			break;
--		}
--
--		switch (*(temp+1)) {
--			case '%':
--				strncat(buf,temp+1,1);
--				break;
--			case 'u':
--				if (ISSET(username)) {
--					rc=ptsmodule_escape(username, strlen(username), &ebuf);
--					if (rc == PTSM_OK) {
--						strcat(buf,ebuf);
--						free(ebuf);
--					}
--				} else
--					syslog(LOG_DEBUG, "Username not available.");
--				break;
--			case 'U':
--				if (ISSET(username)) {
--					
--					user = strchr(username, '@');
--					rc=ptsmodule_escape(username, (user ? user - username : strlen(username)), &ebuf);
--					if (rc == PTSM_OK) {
--						strcat(buf,ebuf);
--						free(ebuf);
--					}
--				} else
--					syslog(LOG_DEBUG, "Username not available.");
--				break;
--			case '1':
--			case '2':
--			case '3':
--			case '4':
--			case '5':
--			case '6':
--			case '7':
--			case '8':
--			case '9':
--				if (ISSET(username) && (domain = strchr(username, '@')) && domain[1]!='\0') {
--					rc=ptsmodule_tokenize_domains(domain+1, (int) *(temp+1)-48, &ebuf);
--					if (rc == PTSM_OK) {
--						strcat(buf,ebuf);
--						free(ebuf);
--					}
--				} else
--					syslog(LOG_DEBUG, "Domain tokens not available.");
--				break;
--			case 'R':
--			case 'd':
--				if (ISSET(username) && (domain = strchr(username, '@')) && domain[1]!='\0') {
--					rc=ptsmodule_escape(domain+1, strlen(domain+1), &ebuf);
--					if (rc == PTSM_OK) {
--						if (*(temp+1) == 'R')
--							strcat(buf,"@");
--						strcat(buf,ebuf);
--						free(ebuf);
--					}
--					break;
--				} 
--				break;
--			case 'D':
--				if (ISSET(dn)) {
--					rc = ptsmodule_escape(dn, strlen(dn), &ebuf);
--					if (rc == PTSM_OK) {
--						strcat(buf,ebuf);
--						free(ebuf);
--					}
--				} else
--					syslog(LOG_DEBUG, "dn not available.");
--				break;
--			default:
--				break;
--		}
--		ptr=temp+2;
--	}
--	if (temp<end)
--		strcat(buf, ptr);
--
--	*result = buf;
--
--	return PTSM_OK;
-+    buf=xmalloc(strlen(pattern) + (percents * 3 * maxparamlength) +1);
-+    if(buf == NULL)
-+        return PTSM_NOMEM;
-+    buf[0] = '\0';
-+
-+    ptr = (char *)pattern;
-+    end = ptr + strlen(ptr);
-+
-+    while ((temp=strchr(ptr,'%'))!=NULL ) {
-+
-+        if ((temp-ptr) > 0)
-+            strncat(buf, ptr, temp-ptr);
-+
-+        if ((temp+1) >= end) {
-+            syslog(LOG_DEBUG, "Incomplete lookup substitution format");
-+            break;
-+        }
-+
-+        switch (*(temp+1)) {
-+            case '%':
-+                strncat(buf,temp+1,1);
-+                break;
-+            case 'u':
-+                if (ISSET(username)) {
-+                    rc=ptsmodule_escape(username, strlen(username), &ebuf);
-+                    if (rc == PTSM_OK) {
-+                        strcat(buf,ebuf);
-+                        free(ebuf);
-+                    }
-+                } else
-+                    syslog(LOG_DEBUG, "Username not available.");
-+                break;
-+            case 'U':
-+                if (ISSET(username)) {
-+
-+                    user = strchr(username, '@');
-+                    rc=ptsmodule_escape(username, (user ? user - username : strlen(username)), &ebuf);
-+                    if (rc == PTSM_OK) {
-+                        strcat(buf,ebuf);
-+                        free(ebuf);
-+                    }
-+                } else
-+                    syslog(LOG_DEBUG, "Username not available.");
-+                break;
-+            case '1':
-+            case '2':
-+            case '3':
-+            case '4':
-+            case '5':
-+            case '6':
-+            case '7':
-+            case '8':
-+            case '9':
-+                if (ISSET(username) && (domain = strchr(username, '@')) && domain[1]!='\0') {
-+                    rc=ptsmodule_tokenize_domains(domain+1, (int) *(temp+1)-48, &ebuf);
-+                    if (rc == PTSM_OK) {
-+                        strcat(buf,ebuf);
-+                        free(ebuf);
-+                    }
-+                } else
-+                    syslog(LOG_DEBUG, "Domain tokens not available.");
-+                break;
-+            case 'R':
-+            case 'd':
-+                if (ISSET(username) && (domain = strchr(username, '@')) && domain[1]!='\0') {
-+                    rc=ptsmodule_escape(domain+1, strlen(domain+1), &ebuf);
-+                    if (rc == PTSM_OK) {
-+                        if (*(temp+1) == 'R')
-+                            strcat(buf,"@");
-+                        strcat(buf,ebuf);
-+                        free(ebuf);
-+                    }
-+                    break;
-+                }
-+                break;
-+            case 'D':
-+                if (ISSET(dn)) {
-+                    rc = ptsmodule_escape(dn, strlen(dn), &ebuf);
-+                    if (rc == PTSM_OK) {
-+                        strcat(buf,ebuf);
-+                        free(ebuf);
-+                    }
-+                } else
-+                    syslog(LOG_DEBUG, "dn not available.");
-+                break;
-+            default:
-+                break;
-+        }
-+        ptr=temp+2;
-+    }
-+    if (temp<end)
-+        strcat(buf, ptr);
-+
-+    *result = buf;
-+
-+    return PTSM_OK;
- }
- 
- 
-@@ -790,7 +793,7 @@ static int ptsmodule_get_dn(
-     char *authzid;
- #endif
-     char *base = NULL, *filter = NULL;
--    char *attrs[] = {NULL};
-+    char *attrs[] = {LDAP_NO_ATTRS,NULL}; //do not return all attrs!
-     LDAPMessage *res;
-     LDAPMessage *entry;
-     char *attr, **vals;
-@@ -859,14 +862,14 @@ static int ptsmodule_get_dn(
-             return PTSM_FAIL;
-         }
- 
--	/*
--	 * We don't want to return the *first* entry found, we want to return
--	 * the *only* entry found.
--	 */
--	if ( ldap_count_entries(ptsm->ld, res) == 1 ) {
--	    if ( (entry = ldap_first_entry(ptsm->ld, res)) != NULL )
--		*ret = ldap_get_dn(ptsm->ld, entry);
--	}
-+    /*
-+     * We don't want to return the *first* entry found, we want to return
-+     * the *only* entry found.
-+     */
-+    if ( ldap_count_entries(ptsm->ld, res) == 1 ) {
-+        if ( (entry = ldap_first_entry(ptsm->ld, res)) != NULL )
-+        *ret = ldap_get_dn(ptsm->ld, entry);
-+    }
- 
-         ldap_msgfree(res);
-         res = NULL;
-@@ -879,16 +882,17 @@ static int ptsmodule_get_dn(
- static int ptsmodule_make_authstate_attribute(
-     const char *canon_id,
-     size_t size,
--    const char **reply, 
-+    const char **reply,
-     int *dsize,
--    struct auth_state **newstate) 
-+    struct auth_state **newstate)
- {
-     char *dn = NULL;
-     LDAPMessage *res = NULL;
-     LDAPMessage *entry = NULL;
-     char **vals = NULL;
-+    char **rdn = NULL;
-     int rc;
--    char *attrs[] = {(char *)ptsm->member_attribute,NULL};
-+    char *attrs[] = {(char *)ptsm->member_attribute,(char *)ptsm->user_attribute,NULL};
- 
-     rc = ptsmodule_connect();
-     if (rc != PTSM_OK) {
-@@ -915,37 +919,69 @@ static int ptsmodule_make_authstate_attribute(
-     }
- 
-     if ((entry = ldap_first_entry(ptsm->ld, res)) != NULL) {
--	int i, numvals;
--
--	vals = ldap_get_values(ptsm->ld, entry, (char *)ptsm->member_attribute);
--	if (vals != NULL) {
--	    numvals = ldap_count_values( vals );
--
--	    *dsize = sizeof(struct auth_state) +
--		     (numvals * sizeof(struct auth_ident));
--	    *newstate = xmalloc(*dsize);
--	    if (*newstate == NULL) {
--		*reply = "no memory";
--		rc = PTSM_FAIL;
--		goto done;
--	    }
--	    (*newstate)->ngroups = numvals;
--
--	    for (i = 0; i < numvals; i++) {
--		int j;
--		strcpy((*newstate)->groups[i].id, "group:");
--		for(j =0; j < strlen(vals[i]); j++) {
--		  if(Uisupper(vals[i][j]))
--		    vals[i][j]=tolower(vals[i][j]);
--		}
--		strlcat((*newstate)->groups[i].id, vals[i], 
--		    sizeof((*newstate)->groups[i].id));
--		(*newstate)->groups[i].hash = strhash((*newstate)->groups[i].id);
--	    }
--
--	    ldap_value_free(vals);
--	    vals = NULL;
--	}
-+    int i, numvals;
-+
-+    vals = ldap_get_values(ptsm->ld, entry, (char *)ptsm->member_attribute);
-+    if (vals != NULL) {
-+        numvals = ldap_count_values( vals );
-+
-+        *dsize = sizeof(struct auth_state) +
-+             (numvals * sizeof(struct auth_ident));
-+        *newstate = xmalloc(*dsize);
-+        if (*newstate == NULL) {
-+            *reply = "no memory";
-+            rc = PTSM_FAIL;
-+            goto done;
-+        }
-+
-+        (*newstate)->ngroups = numvals;
-+        (*newstate)->userid.id[0] = '\0';
-+        for (i = 0; i < numvals; i++) {
-+            int j;
-+            strcpy((*newstate)->groups[i].id, "group:");
-+            rdn = ldap_explode_rdn(vals[i],1);
-+            for (j = 0; j < strlen(rdn[0]); j++) {
-+              if (Uisupper(rdn[0][j]))
-+                  rdn[0][j]=tolower(rdn[0][j]);
-+            }
-+            strlcat((*newstate)->groups[i].id, rdn[0],
-+                sizeof((*newstate)->groups[i].id));
-+            (*newstate)->groups[i].hash = strhash((*newstate)->groups[i].id);
-+        }
-+
-+        ldap_value_free(rdn);
-+        ldap_value_free(vals);
-+        vals = NULL;
-+    }
-+
-+    if ((char *)ptsm->user_attribute) {
-+        vals = ldap_get_values(ptsm->ld, entry, (char *)ptsm->user_attribute);
-+        if (vals != NULL) {
-+            numvals = ldap_count_values( vals );
-+
-+                if (numvals==1) {
-+                    if(!*newstate) {
-+                        *dsize = sizeof(struct auth_state);
-+                        *newstate = xmalloc(*dsize);
-+
-+                        if (*newstate == NULL) {
-+                            *reply = "no memory";
-+                            rc = PTSM_FAIL;
-+                            goto done;
-+                        }
-+
-+                        (*newstate)->ngroups = 0;
-+                    }
-+
-+                    size=strlen(vals[0]);
-+                    strcpy((*newstate)->userid.id, ptsmodule_canonifyid(vals[0],size));
-+                    (*newstate)->userid.hash = strhash((*newstate)->userid.id);
-+                }
-+
-+                ldap_value_free(vals);
-+                vals = NULL;
-+            }
-+        }
-     }
- 
-     if(!*newstate) {
-@@ -957,11 +993,14 @@ static int ptsmodule_make_authstate_attribute(
-             goto done;
-         }
-         (*newstate)->ngroups = 0;
-+        (*newstate)->userid.id[0] = '\0';
-     }
--    
-+
-     /* fill in the rest of our new state structure */
--    strcpy((*newstate)->userid.id, canon_id);
--    (*newstate)->userid.hash = strhash(canon_id);
-+    if ((*newstate)->userid.id[0]=='\0') {
-+        strcpy((*newstate)->userid.id, canon_id);
-+        (*newstate)->userid.hash = strhash(canon_id);
-+    }
-     (*newstate)->mark = time(0);
- 
-     rc = PTSM_OK;
-@@ -981,9 +1020,9 @@ done:;
- static int ptsmodule_make_authstate_filter(
-     const char *canon_id,
-     size_t size,
--    const char **reply, 
-+    const char **reply,
-     int *dsize,
--    struct auth_state **newstate) 
-+    struct auth_state **newstate)
- {
-     char *base = NULL, *filter = NULL;
-     int rc;
-@@ -1053,32 +1092,32 @@ static int ptsmodule_make_authstate_filter(
-     for (i = 0, entry = ldap_first_entry(ptsm->ld, res); entry != NULL;
-          i++, entry = ldap_next_entry(ptsm->ld, entry)) {
- 
--	vals = ldap_get_values(ptsm->ld, entry, (char *)ptsm->member_attribute);
--	if (vals == NULL)
--	    continue;
-+    vals = ldap_get_values(ptsm->ld, entry, (char *)ptsm->member_attribute);
-+    if (vals == NULL)
-+        continue;
- 
--	if ( ldap_count_values( vals ) != 1 ) {
--	    *reply = "too many values";
--	    rc = PTSM_FAIL;
--	    ldap_value_free(vals);
--	    vals = NULL;
--	    goto done;
--	}
-+    if ( ldap_count_values( vals ) != 1 ) {
-+        *reply = "too many values";
-+        rc = PTSM_FAIL;
-+        ldap_value_free(vals);
-+        vals = NULL;
-+        goto done;
-+    }
- 
--	strcpy((*newstate)->groups[i].id, "group:");
-+    strcpy((*newstate)->groups[i].id, "group:");
- 
--	int j;
--	for(j =0; j < strlen(vals[0]); j++) {
--	  if(Uisupper(vals[0][j]))
--	    vals[0][j]=tolower(vals[0][j]);
--	}
-+    int j;
-+    for(j =0; j < strlen(vals[0]); j++) {
-+      if(Uisupper(vals[0][j]))
-+        vals[0][j]=tolower(vals[0][j]);
-+    }
- 
--	strlcat((*newstate)->groups[i].id, vals[0], 
--	    sizeof((*newstate)->groups[i].id));
--	(*newstate)->groups[i].hash = strhash((*newstate)->groups[i].id);
-+    strlcat((*newstate)->groups[i].id, vals[0],
-+        sizeof((*newstate)->groups[i].id));
-+    (*newstate)->groups[i].hash = strhash((*newstate)->groups[i].id);
- 
--	ldap_value_free(vals);
--	vals = NULL;
-+    ldap_value_free(vals);
-+    vals = NULL;
-     }
- 
-     rc = PTSM_OK;
-@@ -1100,9 +1139,9 @@ done:;
- static int ptsmodule_make_authstate_group(
-     const char *canon_id,
-     size_t size,
--    const char **reply, 
-+    const char **reply,
-     int *dsize,
--    struct auth_state **newstate) 
-+    struct auth_state **newstate)
- {
-     char *base = NULL, *filter = NULL;
-     int rc;
-@@ -1184,8 +1223,8 @@ done:;
- static struct auth_state *myauthstate(
-     const char *identifier,
-     size_t size,
--    const char **reply, 
--    int *dsize) 
-+    const char **reply,
-+    int *dsize)
- {
-     const char *canon_id;
-     struct auth_state *newstate = NULL;
-@@ -1224,23 +1263,23 @@ retry:;
- 
- static void myinit(void)
- {
--	fatal("PTS module (ldap) not compiled in", EC_CONFIG);
-+    fatal("PTS module (ldap) not compiled in", EC_CONFIG);
- }
- 
- static struct auth_state *myauthstate(
-     const char *identifier __attribute__((unused)),
-     size_t size __attribute__((unused)),
--    const char **reply __attribute__((unused)), 
--    int *dsize __attribute__((unused))) 
-+    const char **reply __attribute__((unused)),
-+    int *dsize __attribute__((unused)))
- {
--	fatal("PTS module (ldap) not compiled in", EC_CONFIG);
-+    fatal("PTS module (ldap) not compiled in", EC_CONFIG);
- }
- 
- #endif /* HAVE_LDAP */
- 
--struct pts_module pts_ldap = 
-+struct pts_module pts_ldap =
- {
--    "ldap",		/* name */
-+    "ldap",        /* name */
- 
-     &myinit,
-     &myauthstate,

cyrus-imapd-2.4.10-ptloader-ldap_user_attribute.patch Added

@@ -0,0 +1,1230 @@
+diff --git a/lib/imapoptions b/lib/imapoptions
+index 464de37..98e0341 100644
+--- a/lib/imapoptions
++++ b/lib/imapoptions
+@@ -483,6 +483,9 @@ Blank lines and lines beginning with ``#'' are ignored.
+ { "ldap_mech", NULL, STRING }
+ /* SASL mechanism for LDAP authentication */
+ 
++{ "ldap_user_attribute", NULL, STRING }
++/* Specify LDAP attribute to use as canonical user id */
++
+ { "ldap_member_attribute", NULL, STRING }
+ /* See ldap_member_method. */
+ 
+diff --git a/ptclient/ldap.c b/ptclient/ldap.c
+index 7bd8664..b3507d1 100644
+--- a/ptclient/ldap.c
++++ b/ptclient/ldap.c
+@@ -91,7 +91,7 @@
+  * This may not be restrictive enough.
+  * Here are the reasons for the restrictions:
+  *
+- * &	forbidden because of MUTF-7.  (This could be fixed.)
++ * &    forbidden because of MUTF-7.  (This could be fixed.)
+  * :    forbidden because it's special in /etc/passwd
+  * /    forbidden because it can't be used in a mailbox name
+  * * %  forbidden because they're IMAP magic in the LIST/LSUB commands
+@@ -158,6 +158,7 @@ typedef struct _ptsm {
+     const char   *tls_cert;
+     const char   *tls_key;
+     int    member_method;
++    const char   *user_attribute;
+     const char   *member_attribute;
+     const char   *member_filter;
+     const char   *member_base;
+@@ -182,41 +183,41 @@ typedef struct _ptsm {
+ static t_ptsm *ptsm = NULL;
+ 
+ static int ptsmodule_interact(
+-	LDAP *ld, 
+-	unsigned flags __attribute__((unused)), 
+-	void *def, 
+-	void *inter)
++    LDAP *ld,
++    unsigned flags __attribute__((unused)),
++    void *def,
++    void *inter)
+ {
+-	sasl_interact_t *in = inter;
+-	const char *p;
+-	t_ptsm *ptsmdef = def;
+-
+-	for (;in->id != SASL_CB_LIST_END;in++) {
+-		p = NULL;
+-		switch(in->id) {
+-			case SASL_CB_AUTHNAME:
+-				if (ISSET(ptsmdef->id))
+-					p = ptsmdef->id;
+-				break;
+-			case SASL_CB_USER:
+-				if (ISSET(ptsmdef->authz))
+-					p = ptsmdef->authz;
+-				break;
+-			case SASL_CB_GETREALM:
+-				if (ISSET(ptsmdef->realm))
+-					p = ptsmdef->realm;
+-				break;          
+-			case SASL_CB_PASS:
+-				if (ISSET(ptsmdef->password))
+-					p = ptsmdef->password;
+-				break;
+-		}
+-
+-		in->result = p ? p : "";
+-		in->len = strlen(in->result);
+-	}
+-
+-	return LDAP_SUCCESS;
++    sasl_interact_t *in = inter;
++    const char *p;
++    t_ptsm *ptsmdef = def;
++
++    for (;in->id != SASL_CB_LIST_END;in++) {
++        p = NULL;
++        switch(in->id) {
++            case SASL_CB_AUTHNAME:
++                if (ISSET(ptsmdef->id))
++                    p = ptsmdef->id;
++                break;
++            case SASL_CB_USER:
++                if (ISSET(ptsmdef->authz))
++                    p = ptsmdef->authz;
++                break;
++            case SASL_CB_GETREALM:
++                if (ISSET(ptsmdef->realm))
++                    p = ptsmdef->realm;
++                break;
++            case SASL_CB_PASS:
++                if (ISSET(ptsmdef->password))
++                    p = ptsmdef->password;
++                break;
++        }
++
++        in->result = p ? p : "";
++        in->len = strlen(in->result);
++    }
++
++    return LDAP_SUCCESS;
+ }
+ 
+ /*
+@@ -259,11 +260,11 @@ static char *ptsmodule_canonifyid(const char *identifier, size_t len)
+         switch (allowedchars[*(unsigned char*) p]) {
+         case 0:
+             return NULL;
+-            
++
+         case 2:
+             sawalpha = 1;
+             /* FALL THROUGH */
+-            
++
+         default:
+             ;
+         }
+@@ -275,149 +276,149 @@ static char *ptsmodule_canonifyid(const char *identifier, size_t len)
+ }
+ 
+ 
+-static int ptsmodule_connect(void) 
++static int ptsmodule_connect(void)
+ {
+-	int rc = 0;
+-
+-	if (ptsm == NULL)  // Sanity Check
+-		return PTSM_FAIL;
+-
+-	if (ptsm->ld != NULL)
+-		return PTSM_OK;
+-
+-	if (ISSET(ptsm->tls_cacert_file)) {
+-		rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTFILE, ptsm->tls_cacert_file);
+-		if (rc != LDAP_SUCCESS) {
+-			syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_CACERTFILE (%s).", ldap_err2string (rc));
+-		}
+-	}
+-
+-	if (ISSET(ptsm->tls_cacert_dir)) {
+-		rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTDIR, ptsm->tls_cacert_dir);
+-		if (rc != LDAP_SUCCESS) {
+-			syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_CACERTDIR (%s).", ldap_err2string (rc));
+-		}
+-	}
+-
+-	if (ptsm->tls_check_peer != 0) {
+-		rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &ptsm->tls_check_peer);
+-		if (rc != LDAP_SUCCESS) {
+-			syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_REQUIRE_CERT (%s).", ldap_err2string (rc));
+-		}
+-	}
+-
+-	if (ISSET(ptsm->tls_ciphers)) {
+-		/* set cipher suite, certificate and private key: */
+-		rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CIPHER_SUITE, ptsm->tls_ciphers);
+-		if (rc != LDAP_SUCCESS) {
+-			syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_CIPHER_SUITE (%s).", ldap_err2string (rc));
+-		}
+-	}
+-
+-	if (ISSET(ptsm->tls_cert)) {
+-		rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, ptsm->tls_cert);
+-		if (rc != LDAP_SUCCESS) {
+-			syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_CERTFILE (%s).", ldap_err2string (rc));
+-		}
+-	}
+-
+-	if (ISSET(ptsm->tls_key)) {
+-		rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, ptsm->tls_key);
+-		if (rc != LDAP_SUCCESS) {
+-			syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_KEYFILE (%s).", ldap_err2string (rc));
+-		}
+-	}
+-
+-	rc = ldap_initialize(&ptsm->ld, ptsm->uri);
+-	if (rc != LDAP_SUCCESS) {
+-		syslog(LOG_ERR, "ldap_initialize failed (%s)", ptsm->uri);
+-		return PTSM_FAIL;
+-	}
+-
+-	rc = ldap_set_option(ptsm->ld, LDAP_OPT_PROTOCOL_VERSION, &(ptsm->version));
+-	if (rc != LDAP_OPT_SUCCESS) {
+-
+-		if (ptsm->sasl ||
+-		    ptsm->start_tls) {
+-			syslog(LOG_ERR, "Failed to set LDAP_OPT_PROTOCOL_VERSION %d, required for ldap_start_tls and ldap_sasl.", ptsm->version);
+-			ldap_unbind(ptsm->ld);
++    int rc = 0;
++
++    if (ptsm == NULL)  // Sanity Check
++        return PTSM_FAIL;
++
++    if (ptsm->ld != NULL)
++        return PTSM_OK;
++
++    if (ISSET(ptsm->tls_cacert_file)) {
++        rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTFILE, ptsm->tls_cacert_file);
++        if (rc != LDAP_SUCCESS) {
++            syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_CACERTFILE (%s).", ldap_err2string (rc));
++        }
++    }
++
++    if (ISSET(ptsm->tls_cacert_dir)) {
++        rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTDIR, ptsm->tls_cacert_dir);
++        if (rc != LDAP_SUCCESS) {
++            syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_CACERTDIR (%s).", ldap_err2string (rc));
++        }
++    }
++
++    if (ptsm->tls_check_peer != 0) {
++        rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &ptsm->tls_check_peer);
++        if (rc != LDAP_SUCCESS) {
++            syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_REQUIRE_CERT (%s).", ldap_err2string (rc));
++        }
++    }
++
++    if (ISSET(ptsm->tls_ciphers)) {
++        /* set cipher suite, certificate and private key: */
++        rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CIPHER_SUITE, ptsm->tls_ciphers);
++        if (rc != LDAP_SUCCESS) {
++            syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_CIPHER_SUITE (%s).", ldap_err2string (rc));
++        }
++    }
++
++    if (ISSET(ptsm->tls_cert)) {
++        rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, ptsm->tls_cert);
++        if (rc != LDAP_SUCCESS) {
++            syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_CERTFILE (%s).", ldap_err2string (rc));
++        }
++    }
++
++    if (ISSET(ptsm->tls_key)) {
++        rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, ptsm->tls_key);
++        if (rc != LDAP_SUCCESS) {
++            syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_KEYFILE (%s).", ldap_err2string (rc));
++        }
++    }
++
++    rc = ldap_initialize(&ptsm->ld, ptsm->uri);
++    if (rc != LDAP_SUCCESS) {
++        syslog(LOG_ERR, "ldap_initialize failed (%s)", ptsm->uri);
++        return PTSM_FAIL;
++    }
++
++    rc = ldap_set_option(ptsm->ld, LDAP_OPT_PROTOCOL_VERSION, &(ptsm->version));
++    if (rc != LDAP_OPT_SUCCESS) {
++
++        if (ptsm->sasl ||
++            ptsm->start_tls) {
++            syslog(LOG_ERR, "Failed to set LDAP_OPT_PROTOCOL_VERSION %d, required for ldap_start_tls and ldap_sasl.", ptsm->version);
++            ldap_unbind(ptsm->ld);
+             ptsm->ld = NULL;
+-			return PTSM_FAIL;
+-		} else
+-			syslog(LOG_WARNING, "Unable to set LDAP_OPT_PROTOCOL_VERSION %d.", ptsm->version);
+-
+-		ptsm->version = LDAP_VERSION2;
+-	}
+-
+-	rc = ldap_set_option(ptsm->ld, LDAP_OPT_NETWORK_TIMEOUT, &(ptsm->timeout));
+-	if (rc != LDAP_OPT_SUCCESS) {
+-		syslog(LOG_WARNING, "Unable to set LDAP_OPT_NETWORK_TIMEOUT %d.%d.", ptsm->timeout.tv_sec, ptsm->timeout.tv_usec);
+-	}
+-
+-	rc = ldap_set_option(ptsm->ld, LDAP_OPT_TIMELIMIT, &(ptsm->time_limit));
+-	if (rc != LDAP_OPT_SUCCESS) {
+-		syslog(LOG_WARNING, "Unable to set LDAP_OPT_TIMELIMIT %d.", ptsm->time_limit);
+-	}
+-
+-	rc = ldap_set_option(ptsm->ld, LDAP_OPT_DEREF, &(ptsm->deref));
+-	if (rc != LDAP_OPT_SUCCESS) {
+-		syslog(LOG_WARNING, "Unable to set LDAP_OPT_DEREF %d.", ptsm->deref);
+-	}
+-
+-	rc = ldap_set_option(ptsm->ld, LDAP_OPT_REFERRALS, ptsm->referrals ? LDAP_OPT_ON : LDAP_OPT_OFF);
+-	if (rc != LDAP_OPT_SUCCESS) {
+-		syslog(LOG_WARNING, "Unable to set LDAP_OPT_REFERRALS.");
+-	}
+-
+-	rc = ldap_set_option(ptsm->ld, LDAP_OPT_SIZELIMIT, &(ptsm->size_limit));
+-	if (rc != LDAP_OPT_SUCCESS)
+-		syslog(LOG_WARNING, "Unable to set LDAP_OPT_SIZELIMIT %d.", ptsm->size_limit);
+-
+-	rc = ldap_set_option(ptsm->ld, LDAP_OPT_RESTART, ptsm->restart ? LDAP_OPT_ON : LDAP_OPT_OFF);
+-	if (rc != LDAP_OPT_SUCCESS) {
+-		syslog(LOG_WARNING, "Unable to set LDAP_OPT_RESTART.");
+-	}
+-
+-	if (ptsm->start_tls) {
+-
+-		rc = ldap_start_tls_s(ptsm->ld, NULL, NULL);
+-		if (rc != LDAP_SUCCESS) {
+-			syslog(LOG_ERR, "start tls failed (%s).", ldap_err2string(rc));
+-			ldap_unbind(ptsm->ld);
++            return PTSM_FAIL;
++        } else
++            syslog(LOG_WARNING, "Unable to set LDAP_OPT_PROTOCOL_VERSION %d.", ptsm->version);
++
++        ptsm->version = LDAP_VERSION2;
++    }
++
++    rc = ldap_set_option(ptsm->ld, LDAP_OPT_NETWORK_TIMEOUT, &(ptsm->timeout));
++    if (rc != LDAP_OPT_SUCCESS) {
++        syslog(LOG_WARNING, "Unable to set LDAP_OPT_NETWORK_TIMEOUT %d.%d.", ptsm->timeout.tv_sec, ptsm->timeout.tv_usec);
++    }
++
++    rc = ldap_set_option(ptsm->ld, LDAP_OPT_TIMELIMIT, &(ptsm->time_limit));
++    if (rc != LDAP_OPT_SUCCESS) {
++        syslog(LOG_WARNING, "Unable to set LDAP_OPT_TIMELIMIT %d.", ptsm->time_limit);
++    }
++
++    rc = ldap_set_option(ptsm->ld, LDAP_OPT_DEREF, &(ptsm->deref));
++    if (rc != LDAP_OPT_SUCCESS) {
++        syslog(LOG_WARNING, "Unable to set LDAP_OPT_DEREF %d.", ptsm->deref);
++    }
++
++    rc = ldap_set_option(ptsm->ld, LDAP_OPT_REFERRALS, ptsm->referrals ? LDAP_OPT_ON : LDAP_OPT_OFF);
++    if (rc != LDAP_OPT_SUCCESS) {
++        syslog(LOG_WARNING, "Unable to set LDAP_OPT_REFERRALS.");
++    }
++
++    rc = ldap_set_option(ptsm->ld, LDAP_OPT_SIZELIMIT, &(ptsm->size_limit));
++    if (rc != LDAP_OPT_SUCCESS)
++        syslog(LOG_WARNING, "Unable to set LDAP_OPT_SIZELIMIT %d.", ptsm->size_limit);
++
++    rc = ldap_set_option(ptsm->ld, LDAP_OPT_RESTART, ptsm->restart ? LDAP_OPT_ON : LDAP_OPT_OFF);
++    if (rc != LDAP_OPT_SUCCESS) {
++        syslog(LOG_WARNING, "Unable to set LDAP_OPT_RESTART.");
++    }
++
++    if (ptsm->start_tls) {
++
++        rc = ldap_start_tls_s(ptsm->ld, NULL, NULL);
++        if (rc != LDAP_SUCCESS) {
++            syslog(LOG_ERR, "start tls failed (%s).", ldap_err2string(rc));
++            ldap_unbind(ptsm->ld);
+             ptsm->ld = NULL;
+-			return PTSM_FAIL;
+-		}
+-	}
+-	
+-	if (ptsm->sasl) {
+-
+-		if (EMPTY(ptsm->mech))
+-			ldap_get_option(ptsm->ld, LDAP_OPT_X_SASL_MECH, &(ptsm->mech));
+-
+-		if (EMPTY(ptsm->realm))
+-			ldap_get_option(ptsm->ld, LDAP_OPT_X_SASL_REALM, &(ptsm->realm));
+-
+-		if (ISSET(ptsm->sasl_secprops)) {
+-			rc = ldap_set_option(ptsm->ld, LDAP_OPT_X_SASL_SECPROPS, (void *) ptsm->sasl_secprops);
+-			if( rc != LDAP_OPT_SUCCESS ) {
+-				syslog(LOG_ERR, "Unable to set LDAP_OPT_X_SASL_SECPROPS.");
+-				ldap_unbind(ptsm->ld);
++            return PTSM_FAIL;
++        }
++    }
++
++    if (ptsm->sasl) {
++
++        if (EMPTY(ptsm->mech))
++            ldap_get_option(ptsm->ld, LDAP_OPT_X_SASL_MECH, &(ptsm->mech));
++
++        if (EMPTY(ptsm->realm))
++            ldap_get_option(ptsm->ld, LDAP_OPT_X_SASL_REALM, &(ptsm->realm));
++
++        if (ISSET(ptsm->sasl_secprops)) {
++            rc = ldap_set_option(ptsm->ld, LDAP_OPT_X_SASL_SECPROPS, (void *) ptsm->sasl_secprops);
++            if( rc != LDAP_OPT_SUCCESS ) {
++                syslog(LOG_ERR, "Unable to set LDAP_OPT_X_SASL_SECPROPS.");
++                ldap_unbind(ptsm->ld);
+                 ptsm->ld = NULL;
+-				return PTSM_FAIL;
+-			}
+-		}
+-
+-		rc = ldap_sasl_interactive_bind_s(
+-			ptsm->ld, 
+-			ptsm->bind_dn,
+-			ptsm->mech, 
+-			NULL, 
+-			NULL, 
+-			LDAP_SASL_QUIET, 
+-			ptsmodule_interact, 
+-			ptsm);
+-	} else
+-		rc = ldap_simple_bind_s(ptsm->ld, ptsm->bind_dn, ptsm->password);
++                return PTSM_FAIL;
++            }
++        }
++
++        rc = ldap_sasl_interactive_bind_s(
++            ptsm->ld,
++            ptsm->bind_dn,
++            ptsm->mech,
++            NULL,
++            NULL,
++            LDAP_SASL_QUIET,
++            ptsmodule_interact,
++            ptsm);
++    } else
++        rc = ldap_simple_bind_s(ptsm->ld, ptsm->bind_dn, ptsm->password);
+ 
+     if (rc != LDAP_SUCCESS) {
+         syslog(LOG_ERR,
+@@ -425,14 +426,14 @@ static int ptsmodule_connect(void)
+         ldap_unbind(ptsm->ld);
+         ptsm->ld = NULL;
+         return (rc == LDAP_SERVER_DOWN ? PTSM_RETRY : PTSM_FAIL);
+-	}
++    }
+ 
+-	return PTSM_OK;
++    return PTSM_OK;
+ }
+ 
+ /* API */
+ 
+-static void myinit(void) 
++static void myinit(void)
+ {
+     const char *p = NULL;
+ 
+@@ -444,7 +445,7 @@ static void myinit(void)
+         fatal("xmalloc() failed", EC_CONFIG);
+     }
+ 
+-    ptsm->uri = (config_getstring(IMAPOPT_LDAP_URI) ? 
++    ptsm->uri = (config_getstring(IMAPOPT_LDAP_URI) ?
+         config_getstring(IMAPOPT_LDAP_URI) : config_getstring(IMAPOPT_LDAP_SERVERS));
+     ptsm->version = (config_getint(IMAPOPT_LDAP_VERSION) == 2 ? LDAP_VERSION2 : LDAP_VERSION3);
+     ptsm->timeout.tv_sec = config_getint(IMAPOPT_LDAP_TIME_LIMIT);
+@@ -473,15 +474,15 @@ static void myinit(void)
+     }
+     ptsm->bind_dn = config_getstring(IMAPOPT_LDAP_BIND_DN);
+     ptsm->sasl = config_getswitch(IMAPOPT_LDAP_SASL);
+-    ptsm->id = (config_getstring(IMAPOPT_LDAP_ID) ? 
++    ptsm->id = (config_getstring(IMAPOPT_LDAP_ID) ?
+         config_getstring(IMAPOPT_LDAP_ID) : config_getstring(IMAPOPT_LDAP_SASL_AUTHC));
+-    ptsm->authz = (config_getstring(IMAPOPT_LDAP_AUTHZ) ? 
++    ptsm->authz = (config_getstring(IMAPOPT_LDAP_AUTHZ) ?
+         config_getstring(IMAPOPT_LDAP_AUTHZ) : config_getstring(IMAPOPT_LDAP_SASL_AUTHZ));
+-    ptsm->mech = (config_getstring(IMAPOPT_LDAP_MECH) ? 
++    ptsm->mech = (config_getstring(IMAPOPT_LDAP_MECH) ?
+         config_getstring(IMAPOPT_LDAP_MECH) : config_getstring(IMAPOPT_LDAP_SASL_MECH));
+-    ptsm->realm = (config_getstring(IMAPOPT_LDAP_REALM) ? 
++    ptsm->realm = (config_getstring(IMAPOPT_LDAP_REALM) ?
+         config_getstring(IMAPOPT_LDAP_REALM) : config_getstring(IMAPOPT_LDAP_SASL_REALM));
+-    ptsm->password = (config_getstring(IMAPOPT_LDAP_PASSWORD) ? 
++    ptsm->password = (config_getstring(IMAPOPT_LDAP_PASSWORD) ?
+         config_getstring(IMAPOPT_LDAP_PASSWORD) : config_getstring(IMAPOPT_LDAP_SASL_PASSWORD));
+     ptsm->start_tls = config_getswitch(IMAPOPT_LDAP_START_TLS);
+     ptsm->tls_check_peer = config_getswitch(IMAPOPT_LDAP_TLS_CHECK_PEER);
+@@ -508,6 +509,8 @@ static void myinit(void)
+     ptsm->member_base = config_getstring(IMAPOPT_LDAP_MEMBER_BASE);
+     ptsm->member_attribute = (config_getstring(IMAPOPT_LDAP_MEMBER_ATTRIBUTE) ?
+         config_getstring(IMAPOPT_LDAP_MEMBER_ATTRIBUTE) : config_getstring(IMAPOPT_LDAP_MEMBER_ATTRIBUTE));
++    ptsm->user_attribute = (config_getstring(IMAPOPT_LDAP_USER_ATTRIBUTE) ?
++        config_getstring(IMAPOPT_LDAP_USER_ATTRIBUTE) : config_getstring(IMAPOPT_LDAP_USER_ATTRIBUTE));
+     p = config_getstring(IMAPOPT_LDAP_GROUP_SCOPE);
+     if (!strcasecmp(p, "one")) {
+         ptsm->group_scope = LDAP_SCOPE_ONELEVEL;
+@@ -521,10 +524,10 @@ static void myinit(void)
+     ptsm->filter = config_getstring(IMAPOPT_LDAP_FILTER);
+     ptsm->base = config_getstring(IMAPOPT_LDAP_BASE);
+ 
+-	if (ptsm->version != LDAP_VERSION3 && 
+-	    (ptsm->sasl ||
+-	     ptsm->start_tls))
+-	    ptsm->version = LDAP_VERSION3;
++    if (ptsm->version != LDAP_VERSION3 &&
++        (ptsm->sasl ||
++         ptsm->start_tls))
++        ptsm->version = LDAP_VERSION3;
+ 
+     ptsm->ld = NULL;
+ }
+@@ -533,98 +536,98 @@ static void myinit(void)
+  * Note: calling function must free memory.
+  */
+ static int ptsmodule_escape(
+-	const char *s, 
+-	const unsigned int n, 
+-	char **result) 
++    const char *s,
++    const unsigned int n,
++    char **result)
+ {
+-	char *buf;
+-	char *end, *ptr, *temp;
+-
+-	if (n > strlen(s))  // Sanity check, just in case
+-		return PTSM_FAIL;
+-
+-	buf = xmalloc(n * 5 + 1);
+-	if (buf == NULL) {
+-		return PTSM_NOMEM;
+-	}
+-
+-	buf[0] = '\0';
+-	ptr = (char *)s;
+-	end = ptr + n;
+-
+-	while (((temp = strpbrk(ptr, "*()\\\0"))!=NULL) && (temp<end)) {
+-
+-		if (temp>ptr)
+-			strncat(buf, ptr, temp-ptr);
+-
+-		switch (*temp) {
+-			case '*':
+-				strcat(buf, "\\2a");
+-				break;
+-			case '(':
+-				strcat(buf, "\\28");
+-				break;
+-			case ')':
+-				strcat(buf, "\\29");
+-				break;
+-			case '\\':
+-				strcat(buf, "\\5c");
+-				break;
+-			case '\0':
+-				strcat(buf, "\\00");
+-				break;
+-		}
+-		ptr=temp+1;
+-	}
+-	if (ptr<end)
+-		strncat(buf, ptr, end-ptr);
+-
+-	*result = buf;
+-
+-	return PTSM_OK;
++    char *buf;
++    char *end, *ptr, *temp;
++
++    if (n > strlen(s))  // Sanity check, just in case
++        return PTSM_FAIL;
++
++    buf = xmalloc(n * 5 + 1);
++    if (buf == NULL) {
++        return PTSM_NOMEM;
++    }
++
++    buf[0] = '\0';
++    ptr = (char *)s;
++    end = ptr + n;
++
++    while (((temp = strpbrk(ptr, "*()\\\0"))!=NULL) && (temp<end)) {
++
++        if (temp>ptr)
++            strncat(buf, ptr, temp-ptr);
++
++        switch (*temp) {
++            case '*':
++                strcat(buf, "\\2a");
++                break;
++            case '(':
++                strcat(buf, "\\28");
++                break;
++            case ')':
++                strcat(buf, "\\29");
++                break;
++            case '\\':
++                strcat(buf, "\\5c");
++                break;
++            case '\0':
++                strcat(buf, "\\00");
++                break;
++        }
++        ptr=temp+1;
++    }
++    if (ptr<end)
++        strncat(buf, ptr, end-ptr);
++
++    *result = buf;
++
++    return PTSM_OK;
+ }
+ 
+ static int ptsmodule_tokenize_domains(
+-	const char *d, 
+-	int n, 
+-	char **result)
++    const char *d,
++    int n,
++    char **result)
+ {
+-	char *s, *s1;
+-	char *lasts;
+-	int nt, i, rc;
+-
+-	*result = NULL;
+-
+-	if (d == NULL || n < 1 || n > 9)
+-		return PTSM_FAIL;
+-
+-	s = strdup(d);
+-	if (s == NULL)
+-		return PTSM_NOMEM;
+-
+-	for( nt=0, s1=s; *s1; s1++ )
+-		if( *s1 == '.' ) nt++;
+-	nt++;
+-
+-	if (n > nt) {
+-		free(s);
+-		return PTSM_FAIL;
+-	}
+-
+-	i = nt - n;
+-	s1 = (char *)strtok_r(s, ".", &lasts);
+-	while(s1) {
+-		if (i == 0) {
+-			rc = ptsmodule_escape(s1, strlen(s1), result);
+-			free(s);
+-			return rc;
+-		}
+-		s1 = (char *)strtok_r(NULL, ".", &lasts);
+-		i--;
+-	}
+-
+-	free(s);
+-	return PTSM_FAIL;
++    char *s, *s1;
++    char *lasts;
++    int nt, i, rc;
++
++    *result = NULL;
++
++    if (d == NULL || n < 1 || n > 9)
++        return PTSM_FAIL;
++
++    s = strdup(d);
++    if (s == NULL)
++        return PTSM_NOMEM;
++
++    for( nt=0, s1=s; *s1; s1++ )
++        if( *s1 == '.' ) nt++;
++    nt++;
++
++    if (n > nt) {
++        free(s);
++        return PTSM_FAIL;
++    }
++
++    i = nt - n;
++    s1 = (char *)strtok_r(s, ".", &lasts);
++    while(s1) {
++        if (i == 0) {
++            rc = ptsmodule_escape(s1, strlen(s1), result);
++            free(s);
++            return rc;
++        }
++        s1 = (char *)strtok_r(NULL, ".", &lasts);
++        i--;
++    }
++
++    free(s);
++    return PTSM_FAIL;
+ }
+ 
+ #define PTSM_MAX(a,b) (a>b?a:b)
+@@ -642,137 +645,137 @@ static int ptsmodule_tokenize_domains(
+  * Note: calling function must free memory.
+  */
+ static int ptsmodule_expand_tokens(
+-	const char *pattern,
+-	const char *username, 
+-	const char *dn,
+-	char **result) 
++    const char *pattern,
++    const char *username,
++    const char *dn,
++    char **result)
+ {
+-	char *buf; 
+-	char *end, *ptr, *temp;
+-	char *ebuf, *user;
+-	char *domain;
+-	int rc;
+-
+-	/* to permit multiple occurences of username and/or realm in filter */
+-	/* and avoid memory overflow in filter build [eg: (|(uid=%u)(userid=%u)) ] */
+-	int percents, user_len, dn_len, maxparamlength;
+-	
+-	if (pattern == NULL) {
+-		syslog(LOG_ERR, "filter pattern not setup");
+-		return PTSM_FAIL;
+-	}
+-
+-	/* find the longest param of username and realm, 
+-	   do not worry about domain because it is always shorter 
+-	   then username                                           */
+-	user_len=username ? strlen(username) : 0;
+-	dn_len=dn ? strlen(dn) : 0;
+-
+-	maxparamlength = PTSM_MAX(user_len+1, dn_len); /* +1 for %R when '@' is prepended */
+-
+-	/* find the number of occurences of percent sign in filter */
+-	for( percents=0, buf=(char *)pattern; *buf; buf++ ) {
+-		if( *buf == '%' ) percents++;
+-	}
+-
+-	/* percents * 3 * maxparamlength because we need to account for
++    char *buf;
++    char *end, *ptr, *temp;
++    char *ebuf, *user;
++    char *domain;
++    int rc;
++
++    /* to permit multiple occurences of username and/or realm in filter */
++    /* and avoid memory overflow in filter build [eg: (|(uid=%u)(userid=%u)) ] */
++    int percents, user_len, dn_len, maxparamlength;
++
++    if (pattern == NULL) {
++        syslog(LOG_ERR, "filter pattern not setup");
++        return PTSM_FAIL;
++    }
++
++    /* find the longest param of username and realm,
++       do not worry about domain because it is always shorter
++       then username                                           */
++    user_len=username ? strlen(username) : 0;
++    dn_len=dn ? strlen(dn) : 0;
++
++    maxparamlength = PTSM_MAX(user_len+1, dn_len); /* +1 for %R when '@' is prepended */
++
++    /* find the number of occurences of percent sign in filter */
++    for( percents=0, buf=(char *)pattern; *buf; buf++ ) {
++        if( *buf == '%' ) percents++;
++    }
++
++    /* percents * 3 * maxparamlength because we need to account for
+          * an entirely-escaped worst-case-length parameter */
+-	buf=xmalloc(strlen(pattern) + (percents * 3 * maxparamlength) +1);
+-	if(buf == NULL)
+-		return PTSM_NOMEM;
+-	buf[0] = '\0';
+-	
+-	ptr = (char *)pattern;
+-	end = ptr + strlen(ptr);
+-
+-	while ((temp=strchr(ptr,'%'))!=NULL ) {
+-
+-		if ((temp-ptr) > 0)
+-			strncat(buf, ptr, temp-ptr);
+-
+-		if ((temp+1) >= end) {
+-			syslog(LOG_DEBUG, "Incomplete lookup substitution format");
+-			break;
+-		}
+-
+-		switch (*(temp+1)) {
+-			case '%':
+-				strncat(buf,temp+1,1);
+-				break;
+-			case 'u':
+-				if (ISSET(username)) {
+-					rc=ptsmodule_escape(username, strlen(username), &ebuf);
+-					if (rc == PTSM_OK) {
+-						strcat(buf,ebuf);
+-						free(ebuf);
+-					}
+-				} else
+-					syslog(LOG_DEBUG, "Username not available.");
+-				break;
+-			case 'U':
+-				if (ISSET(username)) {
+-					
+-					user = strchr(username, '@');
+-					rc=ptsmodule_escape(username, (user ? user - username : strlen(username)), &ebuf);
+-					if (rc == PTSM_OK) {
+-						strcat(buf,ebuf);
+-						free(ebuf);
+-					}
+-				} else
+-					syslog(LOG_DEBUG, "Username not available.");
+-				break;
+-			case '1':
+-			case '2':
+-			case '3':
+-			case '4':
+-			case '5':
+-			case '6':
+-			case '7':
+-			case '8':
+-			case '9':
+-				if (ISSET(username) && (domain = strchr(username, '@')) && domain[1]!='\0') {
+-					rc=ptsmodule_tokenize_domains(domain+1, (int) *(temp+1)-48, &ebuf);
+-					if (rc == PTSM_OK) {
+-						strcat(buf,ebuf);
+-						free(ebuf);
+-					}
+-				} else
+-					syslog(LOG_DEBUG, "Domain tokens not available.");
+-				break;
+-			case 'R':
+-			case 'd':
+-				if (ISSET(username) && (domain = strchr(username, '@')) && domain[1]!='\0') {
+-					rc=ptsmodule_escape(domain+1, strlen(domain+1), &ebuf);
+-					if (rc == PTSM_OK) {
+-						if (*(temp+1) == 'R')
+-							strcat(buf,"@");
+-						strcat(buf,ebuf);
+-						free(ebuf);
+-					}
+-					break;
+-				} 
+-				break;
+-			case 'D':
+-				if (ISSET(dn)) {
+-					rc = ptsmodule_escape(dn, strlen(dn), &ebuf);
+-					if (rc == PTSM_OK) {
+-						strcat(buf,ebuf);
+-						free(ebuf);
+-					}
+-				} else
+-					syslog(LOG_DEBUG, "dn not available.");
+-				break;
+-			default:
+-				break;
+-		}
+-		ptr=temp+2;
+-	}
+-	if (temp<end)
+-		strcat(buf, ptr);
+-
+-	*result = buf;
+-
+-	return PTSM_OK;
++    buf=xmalloc(strlen(pattern) + (percents * 3 * maxparamlength) +1);
++    if(buf == NULL)
++        return PTSM_NOMEM;
++    buf[0] = '\0';
++
++    ptr = (char *)pattern;
++    end = ptr + strlen(ptr);
++
++    while ((temp=strchr(ptr,'%'))!=NULL ) {
++
++        if ((temp-ptr) > 0)
++            strncat(buf, ptr, temp-ptr);
++
++        if ((temp+1) >= end) {
++            syslog(LOG_DEBUG, "Incomplete lookup substitution format");
++            break;
++        }
++
++        switch (*(temp+1)) {
++            case '%':
++                strncat(buf,temp+1,1);
++                break;
++            case 'u':
++                if (ISSET(username)) {
++                    rc=ptsmodule_escape(username, strlen(username), &ebuf);
++                    if (rc == PTSM_OK) {
++                        strcat(buf,ebuf);
++                        free(ebuf);
++                    }
++                } else
++                    syslog(LOG_DEBUG, "Username not available.");
++                break;
++            case 'U':
++                if (ISSET(username)) {
++
++                    user = strchr(username, '@');
++                    rc=ptsmodule_escape(username, (user ? user - username : strlen(username)), &ebuf);
++                    if (rc == PTSM_OK) {
++                        strcat(buf,ebuf);
++                        free(ebuf);
++                    }
++                } else
++                    syslog(LOG_DEBUG, "Username not available.");
++                break;
++            case '1':
++            case '2':
++            case '3':
++            case '4':
++            case '5':
++            case '6':
++            case '7':
++            case '8':
++            case '9':
++                if (ISSET(username) && (domain = strchr(username, '@')) && domain[1]!='\0') {
++                    rc=ptsmodule_tokenize_domains(domain+1, (int) *(temp+1)-48, &ebuf);
++                    if (rc == PTSM_OK) {
++                        strcat(buf,ebuf);
++                        free(ebuf);
++                    }
++                } else
++                    syslog(LOG_DEBUG, "Domain tokens not available.");
++                break;
++            case 'R':
++            case 'd':
++                if (ISSET(username) && (domain = strchr(username, '@')) && domain[1]!='\0') {
++                    rc=ptsmodule_escape(domain+1, strlen(domain+1), &ebuf);
++                    if (rc == PTSM_OK) {
++                        if (*(temp+1) == 'R')
++                            strcat(buf,"@");
++                        strcat(buf,ebuf);
++                        free(ebuf);
++                    }
++                    break;
++                }
++                break;
++            case 'D':
++                if (ISSET(dn)) {
++                    rc = ptsmodule_escape(dn, strlen(dn), &ebuf);
++                    if (rc == PTSM_OK) {
++                        strcat(buf,ebuf);
++                        free(ebuf);
++                    }
++                } else
++                    syslog(LOG_DEBUG, "dn not available.");
++                break;
++            default:
++                break;
++        }
++        ptr=temp+2;
++    }
++    if (temp<end)
++        strcat(buf, ptr);
++
++    *result = buf;
++
++    return PTSM_OK;
+ }
+ 
+ 
+@@ -790,7 +793,7 @@ static int ptsmodule_get_dn(
+     char *authzid;
+ #endif
+     char *base = NULL, *filter = NULL;
+-    char *attrs[] = {NULL};
++    char *attrs[] = {LDAP_NO_ATTRS,NULL}; //do not return all attrs!
+     LDAPMessage *res;
+     LDAPMessage *entry;
+     char *attr, **vals;
+@@ -859,14 +862,14 @@ static int ptsmodule_get_dn(
+             return PTSM_FAIL;
+         }
+ 
+-	/*
+-	 * We don't want to return the *first* entry found, we want to return
+-	 * the *only* entry found.
+-	 */
+-	if ( ldap_count_entries(ptsm->ld, res) == 1 ) {
+-	    if ( (entry = ldap_first_entry(ptsm->ld, res)) != NULL )
+-		*ret = ldap_get_dn(ptsm->ld, entry);
+-	}
++    /*
++     * We don't want to return the *first* entry found, we want to return
++     * the *only* entry found.
++     */
++    if ( ldap_count_entries(ptsm->ld, res) == 1 ) {
++        if ( (entry = ldap_first_entry(ptsm->ld, res)) != NULL )
++        *ret = ldap_get_dn(ptsm->ld, entry);
++    }
+ 
+         ldap_msgfree(res);
+         res = NULL;
+@@ -879,16 +882,17 @@ static int ptsmodule_get_dn(
+ static int ptsmodule_make_authstate_attribute(
+     const char *canon_id,
+     size_t size,
+-    const char **reply, 
++    const char **reply,
+     int *dsize,
+-    struct auth_state **newstate) 
++    struct auth_state **newstate)
+ {
+     char *dn = NULL;
+     LDAPMessage *res = NULL;
+     LDAPMessage *entry = NULL;
+     char **vals = NULL;
++    char **rdn = NULL;
+     int rc;
+-    char *attrs[] = {(char *)ptsm->member_attribute,NULL};
++    char *attrs[] = {(char *)ptsm->member_attribute,(char *)ptsm->user_attribute,NULL};
+ 
+     rc = ptsmodule_connect();
+     if (rc != PTSM_OK) {
+@@ -915,37 +919,69 @@ static int ptsmodule_make_authstate_attribute(
+     }
+ 
+     if ((entry = ldap_first_entry(ptsm->ld, res)) != NULL) {
+-	int i, numvals;
+-
+-	vals = ldap_get_values(ptsm->ld, entry, (char *)ptsm->member_attribute);
+-	if (vals != NULL) {
+-	    numvals = ldap_count_values( vals );
+-
+-	    *dsize = sizeof(struct auth_state) +
+-		     (numvals * sizeof(struct auth_ident));
+-	    *newstate = xmalloc(*dsize);
+-	    if (*newstate == NULL) {
+-		*reply = "no memory";
+-		rc = PTSM_FAIL;
+-		goto done;
+-	    }
+-	    (*newstate)->ngroups = numvals;
+-
+-	    for (i = 0; i < numvals; i++) {
+-		int j;
+-		strcpy((*newstate)->groups[i].id, "group:");
+-		for(j =0; j < strlen(vals[i]); j++) {
+-		  if(Uisupper(vals[i][j]))
+-		    vals[i][j]=tolower(vals[i][j]);
+-		}
+-		strlcat((*newstate)->groups[i].id, vals[i], 
+-		    sizeof((*newstate)->groups[i].id));
+-		(*newstate)->groups[i].hash = strhash((*newstate)->groups[i].id);
+-	    }
+-
+-	    ldap_value_free(vals);
+-	    vals = NULL;
+-	}
++    int i, numvals;
++
++    vals = ldap_get_values(ptsm->ld, entry, (char *)ptsm->member_attribute);
++    if (vals != NULL) {
++        numvals = ldap_count_values( vals );
++
++        *dsize = sizeof(struct auth_state) +
++             (numvals * sizeof(struct auth_ident));
++        *newstate = xmalloc(*dsize);
++        if (*newstate == NULL) {
++            *reply = "no memory";
++            rc = PTSM_FAIL;
++            goto done;
++        }
++
++        (*newstate)->ngroups = numvals;
++        (*newstate)->userid.id[0] = '\0';
++        for (i = 0; i < numvals; i++) {
++            int j;
++            strcpy((*newstate)->groups[i].id, "group:");
++            rdn = ldap_explode_rdn(vals[i],1);
++            for (j = 0; j < strlen(rdn[0]); j++) {
++              if (Uisupper(rdn[0][j]))
++                  rdn[0][j]=tolower(rdn[0][j]);
++            }
++            strlcat((*newstate)->groups[i].id, rdn[0],
++                sizeof((*newstate)->groups[i].id));
++            (*newstate)->groups[i].hash = strhash((*newstate)->groups[i].id);
++        }
++
++        ldap_value_free(rdn);
++        ldap_value_free(vals);
++        vals = NULL;
++    }
++
++    if ((char *)ptsm->user_attribute) {
++        vals = ldap_get_values(ptsm->ld, entry, (char *)ptsm->user_attribute);
++        if (vals != NULL) {
++            numvals = ldap_count_values( vals );
++
++                if (numvals==1) {
++                    if(!*newstate) {
++                        *dsize = sizeof(struct auth_state);
++                        *newstate = xmalloc(*dsize);
++
++                        if (*newstate == NULL) {
++                            *reply = "no memory";
++                            rc = PTSM_FAIL;
++                            goto done;
++                        }
++
++                        (*newstate)->ngroups = 0;
++                    }
++
++                    size=strlen(vals[0]);
++                    strcpy((*newstate)->userid.id, ptsmodule_canonifyid(vals[0],size));
++                    (*newstate)->userid.hash = strhash((*newstate)->userid.id);
++                }
++
++                ldap_value_free(vals);
++                vals = NULL;
++            }
++        }
+     }
+ 
+     if(!*newstate) {
+@@ -957,11 +993,14 @@ static int ptsmodule_make_authstate_attribute(
+             goto done;
+         }
+         (*newstate)->ngroups = 0;
++        (*newstate)->userid.id[0] = '\0';
+     }
+-    
++
+     /* fill in the rest of our new state structure */
+-    strcpy((*newstate)->userid.id, canon_id);
+-    (*newstate)->userid.hash = strhash(canon_id);
++    if ((*newstate)->userid.id[0]=='\0') {
++        strcpy((*newstate)->userid.id, canon_id);
++        (*newstate)->userid.hash = strhash(canon_id);
++    }
+     (*newstate)->mark = time(0);
+ 
+     rc = PTSM_OK;
+@@ -981,9 +1020,9 @@ done:;
+ static int ptsmodule_make_authstate_filter(
+     const char *canon_id,
+     size_t size,
+-    const char **reply, 
++    const char **reply,
+     int *dsize,
+-    struct auth_state **newstate) 
++    struct auth_state **newstate)
+ {
+     char *base = NULL, *filter = NULL;
+     int rc;
+@@ -1053,32 +1092,32 @@ static int ptsmodule_make_authstate_filter(
+     for (i = 0, entry = ldap_first_entry(ptsm->ld, res); entry != NULL;
+          i++, entry = ldap_next_entry(ptsm->ld, entry)) {
+ 
+-	vals = ldap_get_values(ptsm->ld, entry, (char *)ptsm->member_attribute);
+-	if (vals == NULL)
+-	    continue;
++    vals = ldap_get_values(ptsm->ld, entry, (char *)ptsm->member_attribute);
++    if (vals == NULL)
++        continue;
+ 
+-	if ( ldap_count_values( vals ) != 1 ) {
+-	    *reply = "too many values";
+-	    rc = PTSM_FAIL;
+-	    ldap_value_free(vals);
+-	    vals = NULL;
+-	    goto done;
+-	}
++    if ( ldap_count_values( vals ) != 1 ) {
++        *reply = "too many values";
++        rc = PTSM_FAIL;
++        ldap_value_free(vals);
++        vals = NULL;
++        goto done;
++    }
+ 
+-	strcpy((*newstate)->groups[i].id, "group:");
++    strcpy((*newstate)->groups[i].id, "group:");
+ 
+-	int j;
+-	for(j =0; j < strlen(vals[0]); j++) {
+-	  if(Uisupper(vals[0][j]))
+-	    vals[0][j]=tolower(vals[0][j]);
+-	}
++    int j;
++    for(j =0; j < strlen(vals[0]); j++) {
++      if(Uisupper(vals[0][j]))
++        vals[0][j]=tolower(vals[0][j]);
++    }
+ 
+-	strlcat((*newstate)->groups[i].id, vals[0], 
+-	    sizeof((*newstate)->groups[i].id));
+-	(*newstate)->groups[i].hash = strhash((*newstate)->groups[i].id);
++    strlcat((*newstate)->groups[i].id, vals[0],
++        sizeof((*newstate)->groups[i].id));
++    (*newstate)->groups[i].hash = strhash((*newstate)->groups[i].id);
+ 
+-	ldap_value_free(vals);
+-	vals = NULL;
++    ldap_value_free(vals);
++    vals = NULL;
+     }
+ 
+     rc = PTSM_OK;
+@@ -1100,9 +1139,9 @@ done:;
+ static int ptsmodule_make_authstate_group(
+     const char *canon_id,
+     size_t size,
+-    const char **reply, 
++    const char **reply,
+     int *dsize,
+-    struct auth_state **newstate) 
++    struct auth_state **newstate)
+ {
+     char *base = NULL, *filter = NULL;
+     int rc;
+@@ -1184,8 +1223,8 @@ done:;
+ static struct auth_state *myauthstate(
+     const char *identifier,
+     size_t size,
+-    const char **reply, 
+-    int *dsize) 
++    const char **reply,
++    int *dsize)
+ {
+     const char *canon_id;
+     struct auth_state *newstate = NULL;
+@@ -1224,23 +1263,23 @@ retry:;
+ 
+ static void myinit(void)
+ {
+-	fatal("PTS module (ldap) not compiled in", EC_CONFIG);
++    fatal("PTS module (ldap) not compiled in", EC_CONFIG);
+ }
+ 
+ static struct auth_state *myauthstate(
+     const char *identifier __attribute__((unused)),
+     size_t size __attribute__((unused)),
+-    const char **reply __attribute__((unused)), 
+-    int *dsize __attribute__((unused))) 
++    const char **reply __attribute__((unused)),
++    int *dsize __attribute__((unused)))
+ {
+-	fatal("PTS module (ldap) not compiled in", EC_CONFIG);
++    fatal("PTS module (ldap) not compiled in", EC_CONFIG);
+ }
+ 
+ #endif /* HAVE_LDAP */
+ 
+-struct pts_module pts_ldap = 
++struct pts_module pts_ldap =
+ {
+-    "ldap",		/* name */
++    "ldap",        /* name */
+ 
+     &myinit,
+     &myauthstate,

debian.series Added

debian.tar.gz/patches Deleted

debian.tar.gz/patches/cyrus-imapd-2.4.10-ptloader-ldap_user_attribute.patch Deleted

@@ -1,1230 +0,0 @@
-diff --git a/lib/imapoptions b/lib/imapoptions
-index 464de37..98e0341 100644
---- a/lib/imapoptions
-+++ b/lib/imapoptions
-@@ -483,6 +483,9 @@ Blank lines and lines beginning with ``#'' are ignored.
- { "ldap_mech", NULL, STRING }
- /* SASL mechanism for LDAP authentication */
- 
-+{ "ldap_user_attribute", NULL, STRING }
-+/* Specify LDAP attribute to use as canonical user id */
-+
- { "ldap_member_attribute", NULL, STRING }
- /* See ldap_member_method. */
- 
-diff --git a/ptclient/ldap.c b/ptclient/ldap.c
-index 7bd8664..b3507d1 100644
---- a/ptclient/ldap.c
-+++ b/ptclient/ldap.c
-@@ -91,7 +91,7 @@
-  * This may not be restrictive enough.
-  * Here are the reasons for the restrictions:
-  *
-- * &	forbidden because of MUTF-7.  (This could be fixed.)
-+ * &    forbidden because of MUTF-7.  (This could be fixed.)
-  * :    forbidden because it's special in /etc/passwd
-  * /    forbidden because it can't be used in a mailbox name
-  * * %  forbidden because they're IMAP magic in the LIST/LSUB commands
-@@ -158,6 +158,7 @@ typedef struct _ptsm {
-     const char   *tls_cert;
-     const char   *tls_key;
-     int    member_method;
-+    const char   *user_attribute;
-     const char   *member_attribute;
-     const char   *member_filter;
-     const char   *member_base;
-@@ -182,41 +183,41 @@ typedef struct _ptsm {
- static t_ptsm *ptsm = NULL;
- 
- static int ptsmodule_interact(
--	LDAP *ld, 
--	unsigned flags __attribute__((unused)), 
--	void *def, 
--	void *inter)
-+    LDAP *ld,
-+    unsigned flags __attribute__((unused)),
-+    void *def,
-+    void *inter)
- {
--	sasl_interact_t *in = inter;
--	const char *p;
--	t_ptsm *ptsmdef = def;
--
--	for (;in->id != SASL_CB_LIST_END;in++) {
--		p = NULL;
--		switch(in->id) {
--			case SASL_CB_AUTHNAME:
--				if (ISSET(ptsmdef->id))
--					p = ptsmdef->id;
--				break;
--			case SASL_CB_USER:
--				if (ISSET(ptsmdef->authz))
--					p = ptsmdef->authz;
--				break;
--			case SASL_CB_GETREALM:
--				if (ISSET(ptsmdef->realm))
--					p = ptsmdef->realm;
--				break;          
--			case SASL_CB_PASS:
--				if (ISSET(ptsmdef->password))
--					p = ptsmdef->password;
--				break;
--		}
--
--		in->result = p ? p : "";
--		in->len = strlen(in->result);
--	}
--
--	return LDAP_SUCCESS;
-+    sasl_interact_t *in = inter;
-+    const char *p;
-+    t_ptsm *ptsmdef = def;
-+
-+    for (;in->id != SASL_CB_LIST_END;in++) {
-+        p = NULL;
-+        switch(in->id) {
-+            case SASL_CB_AUTHNAME:
-+                if (ISSET(ptsmdef->id))
-+                    p = ptsmdef->id;
-+                break;
-+            case SASL_CB_USER:
-+                if (ISSET(ptsmdef->authz))
-+                    p = ptsmdef->authz;
-+                break;
-+            case SASL_CB_GETREALM:
-+                if (ISSET(ptsmdef->realm))
-+                    p = ptsmdef->realm;
-+                break;
-+            case SASL_CB_PASS:
-+                if (ISSET(ptsmdef->password))
-+                    p = ptsmdef->password;
-+                break;
-+        }
-+
-+        in->result = p ? p : "";
-+        in->len = strlen(in->result);
-+    }
-+
-+    return LDAP_SUCCESS;
- }
- 
- /*
-@@ -259,11 +260,11 @@ static char *ptsmodule_canonifyid(const char *identifier, size_t len)
-         switch (allowedchars[*(unsigned char*) p]) {
-         case 0:
-             return NULL;
--            
-+
-         case 2:
-             sawalpha = 1;
-             /* FALL THROUGH */
--            
-+
-         default:
-             ;
-         }
-@@ -275,149 +276,149 @@ static char *ptsmodule_canonifyid(const char *identifier, size_t len)
- }
- 
- 
--static int ptsmodule_connect(void) 
-+static int ptsmodule_connect(void)
- {
--	int rc = 0;
--
--	if (ptsm == NULL)  // Sanity Check
--		return PTSM_FAIL;
--
--	if (ptsm->ld != NULL)
--		return PTSM_OK;
--
--	if (ISSET(ptsm->tls_cacert_file)) {
--		rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTFILE, ptsm->tls_cacert_file);
--		if (rc != LDAP_SUCCESS) {
--			syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_CACERTFILE (%s).", ldap_err2string (rc));
--		}
--	}
--
--	if (ISSET(ptsm->tls_cacert_dir)) {
--		rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTDIR, ptsm->tls_cacert_dir);
--		if (rc != LDAP_SUCCESS) {
--			syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_CACERTDIR (%s).", ldap_err2string (rc));
--		}
--	}
--
--	if (ptsm->tls_check_peer != 0) {
--		rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &ptsm->tls_check_peer);
--		if (rc != LDAP_SUCCESS) {
--			syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_REQUIRE_CERT (%s).", ldap_err2string (rc));
--		}
--	}
--
--	if (ISSET(ptsm->tls_ciphers)) {
--		/* set cipher suite, certificate and private key: */
--		rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CIPHER_SUITE, ptsm->tls_ciphers);
--		if (rc != LDAP_SUCCESS) {
--			syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_CIPHER_SUITE (%s).", ldap_err2string (rc));
--		}
--	}
--
--	if (ISSET(ptsm->tls_cert)) {
--		rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, ptsm->tls_cert);
--		if (rc != LDAP_SUCCESS) {
--			syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_CERTFILE (%s).", ldap_err2string (rc));
--		}
--	}
--
--	if (ISSET(ptsm->tls_key)) {
--		rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, ptsm->tls_key);
--		if (rc != LDAP_SUCCESS) {
--			syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_KEYFILE (%s).", ldap_err2string (rc));
--		}
--	}
--
--	rc = ldap_initialize(&ptsm->ld, ptsm->uri);
--	if (rc != LDAP_SUCCESS) {
--		syslog(LOG_ERR, "ldap_initialize failed (%s)", ptsm->uri);
--		return PTSM_FAIL;
--	}
--
--	rc = ldap_set_option(ptsm->ld, LDAP_OPT_PROTOCOL_VERSION, &(ptsm->version));
--	if (rc != LDAP_OPT_SUCCESS) {
--
--		if (ptsm->sasl ||
--		    ptsm->start_tls) {
--			syslog(LOG_ERR, "Failed to set LDAP_OPT_PROTOCOL_VERSION %d, required for ldap_start_tls and ldap_sasl.", ptsm->version);
--			ldap_unbind(ptsm->ld);
-+    int rc = 0;
-+
-+    if (ptsm == NULL)  // Sanity Check
-+        return PTSM_FAIL;
-+
-+    if (ptsm->ld != NULL)
-+        return PTSM_OK;
-+
-+    if (ISSET(ptsm->tls_cacert_file)) {
-+        rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTFILE, ptsm->tls_cacert_file);
-+        if (rc != LDAP_SUCCESS) {
-+            syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_CACERTFILE (%s).", ldap_err2string (rc));
-+        }
-+    }
-+
-+    if (ISSET(ptsm->tls_cacert_dir)) {
-+        rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTDIR, ptsm->tls_cacert_dir);
-+        if (rc != LDAP_SUCCESS) {
-+            syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_CACERTDIR (%s).", ldap_err2string (rc));
-+        }
-+    }
-+
-+    if (ptsm->tls_check_peer != 0) {
-+        rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &ptsm->tls_check_peer);
-+        if (rc != LDAP_SUCCESS) {
-+            syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_REQUIRE_CERT (%s).", ldap_err2string (rc));
-+        }
-+    }
-+
-+    if (ISSET(ptsm->tls_ciphers)) {
-+        /* set cipher suite, certificate and private key: */
-+        rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CIPHER_SUITE, ptsm->tls_ciphers);
-+        if (rc != LDAP_SUCCESS) {
-+            syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_CIPHER_SUITE (%s).", ldap_err2string (rc));
-+        }
-+    }
-+
-+    if (ISSET(ptsm->tls_cert)) {
-+        rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, ptsm->tls_cert);
-+        if (rc != LDAP_SUCCESS) {
-+            syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_CERTFILE (%s).", ldap_err2string (rc));
-+        }
-+    }
-+
-+    if (ISSET(ptsm->tls_key)) {
-+        rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, ptsm->tls_key);
-+        if (rc != LDAP_SUCCESS) {
-+            syslog (LOG_WARNING, "Unable to set LDAP_OPT_X_TLS_KEYFILE (%s).", ldap_err2string (rc));
-+        }
-+    }
-+
-+    rc = ldap_initialize(&ptsm->ld, ptsm->uri);
-+    if (rc != LDAP_SUCCESS) {
-+        syslog(LOG_ERR, "ldap_initialize failed (%s)", ptsm->uri);
-+        return PTSM_FAIL;
-+    }
-+
-+    rc = ldap_set_option(ptsm->ld, LDAP_OPT_PROTOCOL_VERSION, &(ptsm->version));
-+    if (rc != LDAP_OPT_SUCCESS) {
-+
-+        if (ptsm->sasl ||
-+            ptsm->start_tls) {
-+            syslog(LOG_ERR, "Failed to set LDAP_OPT_PROTOCOL_VERSION %d, required for ldap_start_tls and ldap_sasl.", ptsm->version);
-+            ldap_unbind(ptsm->ld);
-             ptsm->ld = NULL;
--			return PTSM_FAIL;
--		} else
--			syslog(LOG_WARNING, "Unable to set LDAP_OPT_PROTOCOL_VERSION %d.", ptsm->version);
--
--		ptsm->version = LDAP_VERSION2;
--	}
--
--	rc = ldap_set_option(ptsm->ld, LDAP_OPT_NETWORK_TIMEOUT, &(ptsm->timeout));
--	if (rc != LDAP_OPT_SUCCESS) {
--		syslog(LOG_WARNING, "Unable to set LDAP_OPT_NETWORK_TIMEOUT %d.%d.", ptsm->timeout.tv_sec, ptsm->timeout.tv_usec);
--	}
--
--	rc = ldap_set_option(ptsm->ld, LDAP_OPT_TIMELIMIT, &(ptsm->time_limit));
--	if (rc != LDAP_OPT_SUCCESS) {
--		syslog(LOG_WARNING, "Unable to set LDAP_OPT_TIMELIMIT %d.", ptsm->time_limit);
--	}
--
--	rc = ldap_set_option(ptsm->ld, LDAP_OPT_DEREF, &(ptsm->deref));
--	if (rc != LDAP_OPT_SUCCESS) {
--		syslog(LOG_WARNING, "Unable to set LDAP_OPT_DEREF %d.", ptsm->deref);
--	}
--
--	rc = ldap_set_option(ptsm->ld, LDAP_OPT_REFERRALS, ptsm->referrals ? LDAP_OPT_ON : LDAP_OPT_OFF);
--	if (rc != LDAP_OPT_SUCCESS) {
--		syslog(LOG_WARNING, "Unable to set LDAP_OPT_REFERRALS.");
--	}
--
--	rc = ldap_set_option(ptsm->ld, LDAP_OPT_SIZELIMIT, &(ptsm->size_limit));
--	if (rc != LDAP_OPT_SUCCESS)
--		syslog(LOG_WARNING, "Unable to set LDAP_OPT_SIZELIMIT %d.", ptsm->size_limit);
--
--	rc = ldap_set_option(ptsm->ld, LDAP_OPT_RESTART, ptsm->restart ? LDAP_OPT_ON : LDAP_OPT_OFF);
--	if (rc != LDAP_OPT_SUCCESS) {
--		syslog(LOG_WARNING, "Unable to set LDAP_OPT_RESTART.");
--	}
--
--	if (ptsm->start_tls) {
--
--		rc = ldap_start_tls_s(ptsm->ld, NULL, NULL);
--		if (rc != LDAP_SUCCESS) {
--			syslog(LOG_ERR, "start tls failed (%s).", ldap_err2string(rc));
--			ldap_unbind(ptsm->ld);
-+            return PTSM_FAIL;
-+        } else
-+            syslog(LOG_WARNING, "Unable to set LDAP_OPT_PROTOCOL_VERSION %d.", ptsm->version);
-+
-+        ptsm->version = LDAP_VERSION2;
-+    }
-+
-+    rc = ldap_set_option(ptsm->ld, LDAP_OPT_NETWORK_TIMEOUT, &(ptsm->timeout));
-+    if (rc != LDAP_OPT_SUCCESS) {
-+        syslog(LOG_WARNING, "Unable to set LDAP_OPT_NETWORK_TIMEOUT %d.%d.", ptsm->timeout.tv_sec, ptsm->timeout.tv_usec);
-+    }
-+
-+    rc = ldap_set_option(ptsm->ld, LDAP_OPT_TIMELIMIT, &(ptsm->time_limit));
-+    if (rc != LDAP_OPT_SUCCESS) {
-+        syslog(LOG_WARNING, "Unable to set LDAP_OPT_TIMELIMIT %d.", ptsm->time_limit);
-+    }
-+
-+    rc = ldap_set_option(ptsm->ld, LDAP_OPT_DEREF, &(ptsm->deref));
-+    if (rc != LDAP_OPT_SUCCESS) {
-+        syslog(LOG_WARNING, "Unable to set LDAP_OPT_DEREF %d.", ptsm->deref);
-+    }
-+
-+    rc = ldap_set_option(ptsm->ld, LDAP_OPT_REFERRALS, ptsm->referrals ? LDAP_OPT_ON : LDAP_OPT_OFF);
-+    if (rc != LDAP_OPT_SUCCESS) {
-+        syslog(LOG_WARNING, "Unable to set LDAP_OPT_REFERRALS.");
-+    }
-+
-+    rc = ldap_set_option(ptsm->ld, LDAP_OPT_SIZELIMIT, &(ptsm->size_limit));
-+    if (rc != LDAP_OPT_SUCCESS)
-+        syslog(LOG_WARNING, "Unable to set LDAP_OPT_SIZELIMIT %d.", ptsm->size_limit);
-+
-+    rc = ldap_set_option(ptsm->ld, LDAP_OPT_RESTART, ptsm->restart ? LDAP_OPT_ON : LDAP_OPT_OFF);
-+    if (rc != LDAP_OPT_SUCCESS) {
-+        syslog(LOG_WARNING, "Unable to set LDAP_OPT_RESTART.");
-+    }
-+
-+    if (ptsm->start_tls) {
-+
-+        rc = ldap_start_tls_s(ptsm->ld, NULL, NULL);
-+        if (rc != LDAP_SUCCESS) {
-+            syslog(LOG_ERR, "start tls failed (%s).", ldap_err2string(rc));
-+            ldap_unbind(ptsm->ld);
-             ptsm->ld = NULL;
--			return PTSM_FAIL;
--		}
--	}
--	
--	if (ptsm->sasl) {
--
--		if (EMPTY(ptsm->mech))
--			ldap_get_option(ptsm->ld, LDAP_OPT_X_SASL_MECH, &(ptsm->mech));
--
--		if (EMPTY(ptsm->realm))
--			ldap_get_option(ptsm->ld, LDAP_OPT_X_SASL_REALM, &(ptsm->realm));
--
--		if (ISSET(ptsm->sasl_secprops)) {
--			rc = ldap_set_option(ptsm->ld, LDAP_OPT_X_SASL_SECPROPS, (void *) ptsm->sasl_secprops);
--			if( rc != LDAP_OPT_SUCCESS ) {
--				syslog(LOG_ERR, "Unable to set LDAP_OPT_X_SASL_SECPROPS.");
--				ldap_unbind(ptsm->ld);
-+            return PTSM_FAIL;
-+        }
-+    }
-+
-+    if (ptsm->sasl) {
-+
-+        if (EMPTY(ptsm->mech))
-+            ldap_get_option(ptsm->ld, LDAP_OPT_X_SASL_MECH, &(ptsm->mech));
-+
-+        if (EMPTY(ptsm->realm))
-+            ldap_get_option(ptsm->ld, LDAP_OPT_X_SASL_REALM, &(ptsm->realm));
-+
-+        if (ISSET(ptsm->sasl_secprops)) {
-+            rc = ldap_set_option(ptsm->ld, LDAP_OPT_X_SASL_SECPROPS, (void *) ptsm->sasl_secprops);
-+            if( rc != LDAP_OPT_SUCCESS ) {
-+                syslog(LOG_ERR, "Unable to set LDAP_OPT_X_SASL_SECPROPS.");
-+                ldap_unbind(ptsm->ld);
-                 ptsm->ld = NULL;
--				return PTSM_FAIL;
--			}
--		}
--
--		rc = ldap_sasl_interactive_bind_s(
--			ptsm->ld, 
--			ptsm->bind_dn,
--			ptsm->mech, 
--			NULL, 
--			NULL, 
--			LDAP_SASL_QUIET, 
--			ptsmodule_interact, 
--			ptsm);
--	} else
--		rc = ldap_simple_bind_s(ptsm->ld, ptsm->bind_dn, ptsm->password);
-+                return PTSM_FAIL;
-+            }
-+        }
-+
-+        rc = ldap_sasl_interactive_bind_s(
-+            ptsm->ld,
-+            ptsm->bind_dn,
-+            ptsm->mech,
-+            NULL,
-+            NULL,
-+            LDAP_SASL_QUIET,
-+            ptsmodule_interact,
-+            ptsm);
-+    } else
-+        rc = ldap_simple_bind_s(ptsm->ld, ptsm->bind_dn, ptsm->password);
- 
-     if (rc != LDAP_SUCCESS) {
-         syslog(LOG_ERR,
-@@ -425,14 +426,14 @@ static int ptsmodule_connect(void)
-         ldap_unbind(ptsm->ld);
-         ptsm->ld = NULL;
-         return (rc == LDAP_SERVER_DOWN ? PTSM_RETRY : PTSM_FAIL);
--	}
-+    }
- 
--	return PTSM_OK;
-+    return PTSM_OK;
- }
- 
- /* API */
- 
--static void myinit(void) 
-+static void myinit(void)
- {
-     const char *p = NULL;
- 
-@@ -444,7 +445,7 @@ static void myinit(void)
-         fatal("xmalloc() failed", EC_CONFIG);
-     }
- 
--    ptsm->uri = (config_getstring(IMAPOPT_LDAP_URI) ? 
-+    ptsm->uri = (config_getstring(IMAPOPT_LDAP_URI) ?
-         config_getstring(IMAPOPT_LDAP_URI) : config_getstring(IMAPOPT_LDAP_SERVERS));
-     ptsm->version = (config_getint(IMAPOPT_LDAP_VERSION) == 2 ? LDAP_VERSION2 : LDAP_VERSION3);
-     ptsm->timeout.tv_sec = config_getint(IMAPOPT_LDAP_TIME_LIMIT);
-@@ -473,15 +474,15 @@ static void myinit(void)
-     }
-     ptsm->bind_dn = config_getstring(IMAPOPT_LDAP_BIND_DN);
-     ptsm->sasl = config_getswitch(IMAPOPT_LDAP_SASL);
--    ptsm->id = (config_getstring(IMAPOPT_LDAP_ID) ? 
-+    ptsm->id = (config_getstring(IMAPOPT_LDAP_ID) ?
-         config_getstring(IMAPOPT_LDAP_ID) : config_getstring(IMAPOPT_LDAP_SASL_AUTHC));
--    ptsm->authz = (config_getstring(IMAPOPT_LDAP_AUTHZ) ? 
-+    ptsm->authz = (config_getstring(IMAPOPT_LDAP_AUTHZ) ?
-         config_getstring(IMAPOPT_LDAP_AUTHZ) : config_getstring(IMAPOPT_LDAP_SASL_AUTHZ));
--    ptsm->mech = (config_getstring(IMAPOPT_LDAP_MECH) ? 
-+    ptsm->mech = (config_getstring(IMAPOPT_LDAP_MECH) ?
-         config_getstring(IMAPOPT_LDAP_MECH) : config_getstring(IMAPOPT_LDAP_SASL_MECH));
--    ptsm->realm = (config_getstring(IMAPOPT_LDAP_REALM) ? 
-+    ptsm->realm = (config_getstring(IMAPOPT_LDAP_REALM) ?
-         config_getstring(IMAPOPT_LDAP_REALM) : config_getstring(IMAPOPT_LDAP_SASL_REALM));
--    ptsm->password = (config_getstring(IMAPOPT_LDAP_PASSWORD) ? 
-+    ptsm->password = (config_getstring(IMAPOPT_LDAP_PASSWORD) ?
-         config_getstring(IMAPOPT_LDAP_PASSWORD) : config_getstring(IMAPOPT_LDAP_SASL_PASSWORD));
-     ptsm->start_tls = config_getswitch(IMAPOPT_LDAP_START_TLS);
-     ptsm->tls_check_peer = config_getswitch(IMAPOPT_LDAP_TLS_CHECK_PEER);
-@@ -508,6 +509,8 @@ static void myinit(void)
-     ptsm->member_base = config_getstring(IMAPOPT_LDAP_MEMBER_BASE);
-     ptsm->member_attribute = (config_getstring(IMAPOPT_LDAP_MEMBER_ATTRIBUTE) ?
-         config_getstring(IMAPOPT_LDAP_MEMBER_ATTRIBUTE) : config_getstring(IMAPOPT_LDAP_MEMBER_ATTRIBUTE));
-+    ptsm->user_attribute = (config_getstring(IMAPOPT_LDAP_USER_ATTRIBUTE) ?
-+        config_getstring(IMAPOPT_LDAP_USER_ATTRIBUTE) : config_getstring(IMAPOPT_LDAP_USER_ATTRIBUTE));
-     p = config_getstring(IMAPOPT_LDAP_GROUP_SCOPE);
-     if (!strcasecmp(p, "one")) {
-         ptsm->group_scope = LDAP_SCOPE_ONELEVEL;
-@@ -521,10 +524,10 @@ static void myinit(void)
-     ptsm->filter = config_getstring(IMAPOPT_LDAP_FILTER);
-     ptsm->base = config_getstring(IMAPOPT_LDAP_BASE);
- 
--	if (ptsm->version != LDAP_VERSION3 && 
--	    (ptsm->sasl ||
--	     ptsm->start_tls))
--	    ptsm->version = LDAP_VERSION3;
-+    if (ptsm->version != LDAP_VERSION3 &&
-+        (ptsm->sasl ||
-+         ptsm->start_tls))
-+        ptsm->version = LDAP_VERSION3;
- 
-     ptsm->ld = NULL;
- }
-@@ -533,98 +536,98 @@ static void myinit(void)
-  * Note: calling function must free memory.
-  */
- static int ptsmodule_escape(
--	const char *s, 
--	const unsigned int n, 
--	char **result) 
-+    const char *s,
-+    const unsigned int n,
-+    char **result)
- {
--	char *buf;
--	char *end, *ptr, *temp;
--
--	if (n > strlen(s))  // Sanity check, just in case
--		return PTSM_FAIL;
--
--	buf = xmalloc(n * 5 + 1);
--	if (buf == NULL) {
--		return PTSM_NOMEM;
--	}
--
--	buf[0] = '\0';
--	ptr = (char *)s;
--	end = ptr + n;
--
--	while (((temp = strpbrk(ptr, "*()\\\0"))!=NULL) && (temp<end)) {
--
--		if (temp>ptr)
--			strncat(buf, ptr, temp-ptr);
--
--		switch (*temp) {
--			case '*':
--				strcat(buf, "\\2a");
--				break;
--			case '(':
--				strcat(buf, "\\28");
--				break;
--			case ')':
--				strcat(buf, "\\29");
--				break;
--			case '\\':
--				strcat(buf, "\\5c");
--				break;
--			case '\0':
--				strcat(buf, "\\00");
--				break;
--		}
--		ptr=temp+1;
--	}
--	if (ptr<end)
--		strncat(buf, ptr, end-ptr);
--
--	*result = buf;
--
--	return PTSM_OK;
-+    char *buf;
-+    char *end, *ptr, *temp;
-+
-+    if (n > strlen(s))  // Sanity check, just in case
-+        return PTSM_FAIL;
-+
-+    buf = xmalloc(n * 5 + 1);
-+    if (buf == NULL) {
-+        return PTSM_NOMEM;
-+    }
-+
-+    buf[0] = '\0';
-+    ptr = (char *)s;
-+    end = ptr + n;
-+
-+    while (((temp = strpbrk(ptr, "*()\\\0"))!=NULL) && (temp<end)) {
-+
-+        if (temp>ptr)
-+            strncat(buf, ptr, temp-ptr);
-+
-+        switch (*temp) {
-+            case '*':
-+                strcat(buf, "\\2a");
-+                break;
-+            case '(':
-+                strcat(buf, "\\28");
-+                break;
-+            case ')':
-+                strcat(buf, "\\29");
-+                break;
-+            case '\\':
-+                strcat(buf, "\\5c");
-+                break;
-+            case '\0':
-+                strcat(buf, "\\00");
-+                break;
-+        }
-+        ptr=temp+1;
-+    }
-+    if (ptr<end)
-+        strncat(buf, ptr, end-ptr);
-+
-+    *result = buf;
-+
-+    return PTSM_OK;
- }
- 
- static int ptsmodule_tokenize_domains(
--	const char *d, 
--	int n, 
--	char **result)
-+    const char *d,
-+    int n,
-+    char **result)
- {
--	char *s, *s1;
--	char *lasts;
--	int nt, i, rc;
--
--	*result = NULL;
--
--	if (d == NULL || n < 1 || n > 9)
--		return PTSM_FAIL;
--
--	s = strdup(d);
--	if (s == NULL)
--		return PTSM_NOMEM;
--
--	for( nt=0, s1=s; *s1; s1++ )
--		if( *s1 == '.' ) nt++;
--	nt++;
--
--	if (n > nt) {
--		free(s);
--		return PTSM_FAIL;
--	}
--
--	i = nt - n;
--	s1 = (char *)strtok_r(s, ".", &lasts);
--	while(s1) {
--		if (i == 0) {
--			rc = ptsmodule_escape(s1, strlen(s1), result);
--			free(s);
--			return rc;
--		}
--		s1 = (char *)strtok_r(NULL, ".", &lasts);
--		i--;
--	}
--
--	free(s);
--	return PTSM_FAIL;
-+    char *s, *s1;
-+    char *lasts;
-+    int nt, i, rc;
-+
-+    *result = NULL;
-+
-+    if (d == NULL || n < 1 || n > 9)
-+        return PTSM_FAIL;
-+
-+    s = strdup(d);
-+    if (s == NULL)
-+        return PTSM_NOMEM;
-+
-+    for( nt=0, s1=s; *s1; s1++ )
-+        if( *s1 == '.' ) nt++;
-+    nt++;
-+
-+    if (n > nt) {
-+        free(s);
-+        return PTSM_FAIL;
-+    }
-+
-+    i = nt - n;
-+    s1 = (char *)strtok_r(s, ".", &lasts);
-+    while(s1) {
-+        if (i == 0) {
-+            rc = ptsmodule_escape(s1, strlen(s1), result);
-+            free(s);
-+            return rc;
-+        }
-+        s1 = (char *)strtok_r(NULL, ".", &lasts);
-+        i--;
-+    }
-+
-+    free(s);
-+    return PTSM_FAIL;
- }
- 
- #define PTSM_MAX(a,b) (a>b?a:b)
-@@ -642,137 +645,137 @@ static int ptsmodule_tokenize_domains(
-  * Note: calling function must free memory.
-  */
- static int ptsmodule_expand_tokens(
--	const char *pattern,
--	const char *username, 
--	const char *dn,
--	char **result) 
-+    const char *pattern,
-+    const char *username,
-+    const char *dn,
-+    char **result)
- {
--	char *buf; 
--	char *end, *ptr, *temp;
--	char *ebuf, *user;
--	char *domain;
--	int rc;
--
--	/* to permit multiple occurences of username and/or realm in filter */
--	/* and avoid memory overflow in filter build [eg: (|(uid=%u)(userid=%u)) ] */
--	int percents, user_len, dn_len, maxparamlength;
--	
--	if (pattern == NULL) {
--		syslog(LOG_ERR, "filter pattern not setup");
--		return PTSM_FAIL;
--	}
--
--	/* find the longest param of username and realm, 
--	   do not worry about domain because it is always shorter 
--	   then username                                           */
--	user_len=username ? strlen(username) : 0;
--	dn_len=dn ? strlen(dn) : 0;
--
--	maxparamlength = PTSM_MAX(user_len+1, dn_len); /* +1 for %R when '@' is prepended */
--
--	/* find the number of occurences of percent sign in filter */
--	for( percents=0, buf=(char *)pattern; *buf; buf++ ) {
--		if( *buf == '%' ) percents++;
--	}
--
--	/* percents * 3 * maxparamlength because we need to account for
-+    char *buf;
-+    char *end, *ptr, *temp;
-+    char *ebuf, *user;
-+    char *domain;
-+    int rc;
-+
-+    /* to permit multiple occurences of username and/or realm in filter */
-+    /* and avoid memory overflow in filter build [eg: (|(uid=%u)(userid=%u)) ] */
-+    int percents, user_len, dn_len, maxparamlength;
-+
-+    if (pattern == NULL) {
-+        syslog(LOG_ERR, "filter pattern not setup");
-+        return PTSM_FAIL;
-+    }
-+
-+    /* find the longest param of username and realm,
-+       do not worry about domain because it is always shorter
-+       then username                                           */
-+    user_len=username ? strlen(username) : 0;
-+    dn_len=dn ? strlen(dn) : 0;
-+
-+    maxparamlength = PTSM_MAX(user_len+1, dn_len); /* +1 for %R when '@' is prepended */
-+
-+    /* find the number of occurences of percent sign in filter */
-+    for( percents=0, buf=(char *)pattern; *buf; buf++ ) {
-+        if( *buf == '%' ) percents++;
-+    }
-+
-+    /* percents * 3 * maxparamlength because we need to account for
-          * an entirely-escaped worst-case-length parameter */
--	buf=xmalloc(strlen(pattern) + (percents * 3 * maxparamlength) +1);
--	if(buf == NULL)
--		return PTSM_NOMEM;
--	buf[0] = '\0';
--	
--	ptr = (char *)pattern;
--	end = ptr + strlen(ptr);
--
--	while ((temp=strchr(ptr,'%'))!=NULL ) {
--
--		if ((temp-ptr) > 0)
--			strncat(buf, ptr, temp-ptr);
--
--		if ((temp+1) >= end) {
--			syslog(LOG_DEBUG, "Incomplete lookup substitution format");
--			break;
--		}
--
--		switch (*(temp+1)) {
--			case '%':
--				strncat(buf,temp+1,1);
--				break;
--			case 'u':
--				if (ISSET(username)) {
--					rc=ptsmodule_escape(username, strlen(username), &ebuf);
--					if (rc == PTSM_OK) {
--						strcat(buf,ebuf);
--						free(ebuf);
--					}
--				} else
--					syslog(LOG_DEBUG, "Username not available.");
--				break;
--			case 'U':
--				if (ISSET(username)) {
--					
--					user = strchr(username, '@');
--					rc=ptsmodule_escape(username, (user ? user - username : strlen(username)), &ebuf);
--					if (rc == PTSM_OK) {
--						strcat(buf,ebuf);
--						free(ebuf);
--					}
--				} else
--					syslog(LOG_DEBUG, "Username not available.");
--				break;
--			case '1':
--			case '2':
--			case '3':
--			case '4':
--			case '5':
--			case '6':
--			case '7':
--			case '8':
--			case '9':
--				if (ISSET(username) && (domain = strchr(username, '@')) && domain[1]!='\0') {
--					rc=ptsmodule_tokenize_domains(domain+1, (int) *(temp+1)-48, &ebuf);
--					if (rc == PTSM_OK) {
--						strcat(buf,ebuf);
--						free(ebuf);
--					}
--				} else
--					syslog(LOG_DEBUG, "Domain tokens not available.");
--				break;
--			case 'R':
--			case 'd':
--				if (ISSET(username) && (domain = strchr(username, '@')) && domain[1]!='\0') {
--					rc=ptsmodule_escape(domain+1, strlen(domain+1), &ebuf);
--					if (rc == PTSM_OK) {
--						if (*(temp+1) == 'R')
--							strcat(buf,"@");
--						strcat(buf,ebuf);
--						free(ebuf);
--					}
--					break;
--				} 
--				break;
--			case 'D':
--				if (ISSET(dn)) {
--					rc = ptsmodule_escape(dn, strlen(dn), &ebuf);
--					if (rc == PTSM_OK) {
--						strcat(buf,ebuf);
--						free(ebuf);
--					}
--				} else
--					syslog(LOG_DEBUG, "dn not available.");
--				break;
--			default:
--				break;
--		}
--		ptr=temp+2;
--	}
--	if (temp<end)
--		strcat(buf, ptr);
--
--	*result = buf;
--
--	return PTSM_OK;
-+    buf=xmalloc(strlen(pattern) + (percents * 3 * maxparamlength) +1);
-+    if(buf == NULL)
-+        return PTSM_NOMEM;
-+    buf[0] = '\0';
-+
-+    ptr = (char *)pattern;
-+    end = ptr + strlen(ptr);
-+
-+    while ((temp=strchr(ptr,'%'))!=NULL ) {
-+
-+        if ((temp-ptr) > 0)
-+            strncat(buf, ptr, temp-ptr);
-+
-+        if ((temp+1) >= end) {
-+            syslog(LOG_DEBUG, "Incomplete lookup substitution format");
-+            break;
-+        }
-+
-+        switch (*(temp+1)) {
-+            case '%':
-+                strncat(buf,temp+1,1);
-+                break;
-+            case 'u':
-+                if (ISSET(username)) {
-+                    rc=ptsmodule_escape(username, strlen(username), &ebuf);
-+                    if (rc == PTSM_OK) {
-+                        strcat(buf,ebuf);
-+                        free(ebuf);
-+                    }
-+                } else
-+                    syslog(LOG_DEBUG, "Username not available.");
-+                break;
-+            case 'U':
-+                if (ISSET(username)) {
-+
-+                    user = strchr(username, '@');
-+                    rc=ptsmodule_escape(username, (user ? user - username : strlen(username)), &ebuf);
-+                    if (rc == PTSM_OK) {
-+                        strcat(buf,ebuf);
-+                        free(ebuf);
-+                    }
-+                } else
-+                    syslog(LOG_DEBUG, "Username not available.");
-+                break;
-+            case '1':
-+            case '2':
-+            case '3':
-+            case '4':
-+            case '5':
-+            case '6':
-+            case '7':
-+            case '8':
-+            case '9':
-+                if (ISSET(username) && (domain = strchr(username, '@')) && domain[1]!='\0') {
-+                    rc=ptsmodule_tokenize_domains(domain+1, (int) *(temp+1)-48, &ebuf);
-+                    if (rc == PTSM_OK) {
-+                        strcat(buf,ebuf);
-+                        free(ebuf);
-+                    }
-+                } else
-+                    syslog(LOG_DEBUG, "Domain tokens not available.");
-+                break;
-+            case 'R':
-+            case 'd':
-+                if (ISSET(username) && (domain = strchr(username, '@')) && domain[1]!='\0') {
-+                    rc=ptsmodule_escape(domain+1, strlen(domain+1), &ebuf);
-+                    if (rc == PTSM_OK) {
-+                        if (*(temp+1) == 'R')
-+                            strcat(buf,"@");
-+                        strcat(buf,ebuf);
-+                        free(ebuf);
-+                    }
-+                    break;
-+                }
-+                break;
-+            case 'D':
-+                if (ISSET(dn)) {
-+                    rc = ptsmodule_escape(dn, strlen(dn), &ebuf);
-+                    if (rc == PTSM_OK) {
-+                        strcat(buf,ebuf);
-+                        free(ebuf);
-+                    }
-+                } else
-+                    syslog(LOG_DEBUG, "dn not available.");
-+                break;
-+            default:
-+                break;
-+        }
-+        ptr=temp+2;
-+    }
-+    if (temp<end)
-+        strcat(buf, ptr);
-+
-+    *result = buf;
-+
-+    return PTSM_OK;
- }
- 
- 
-@@ -790,7 +793,7 @@ static int ptsmodule_get_dn(
-     char *authzid;
- #endif
-     char *base = NULL, *filter = NULL;
--    char *attrs[] = {NULL};
-+    char *attrs[] = {LDAP_NO_ATTRS,NULL}; //do not return all attrs!
-     LDAPMessage *res;
-     LDAPMessage *entry;
-     char *attr, **vals;
-@@ -859,14 +862,14 @@ static int ptsmodule_get_dn(
-             return PTSM_FAIL;
-         }
- 
--	/*
--	 * We don't want to return the *first* entry found, we want to return
--	 * the *only* entry found.
--	 */
--	if ( ldap_count_entries(ptsm->ld, res) == 1 ) {
--	    if ( (entry = ldap_first_entry(ptsm->ld, res)) != NULL )
--		*ret = ldap_get_dn(ptsm->ld, entry);
--	}
-+    /*
-+     * We don't want to return the *first* entry found, we want to return
-+     * the *only* entry found.
-+     */
-+    if ( ldap_count_entries(ptsm->ld, res) == 1 ) {
-+        if ( (entry = ldap_first_entry(ptsm->ld, res)) != NULL )
-+        *ret = ldap_get_dn(ptsm->ld, entry);
-+    }
- 
-         ldap_msgfree(res);
-         res = NULL;
-@@ -879,16 +882,17 @@ static int ptsmodule_get_dn(
- static int ptsmodule_make_authstate_attribute(
-     const char *canon_id,
-     size_t size,
--    const char **reply, 
-+    const char **reply,
-     int *dsize,
--    struct auth_state **newstate) 
-+    struct auth_state **newstate)
- {
-     char *dn = NULL;
-     LDAPMessage *res = NULL;
-     LDAPMessage *entry = NULL;
-     char **vals = NULL;
-+    char **rdn = NULL;
-     int rc;
--    char *attrs[] = {(char *)ptsm->member_attribute,NULL};
-+    char *attrs[] = {(char *)ptsm->member_attribute,(char *)ptsm->user_attribute,NULL};
- 
-     rc = ptsmodule_connect();
-     if (rc != PTSM_OK) {
-@@ -915,37 +919,69 @@ static int ptsmodule_make_authstate_attribute(
-     }
- 
-     if ((entry = ldap_first_entry(ptsm->ld, res)) != NULL) {
--	int i, numvals;
--
--	vals = ldap_get_values(ptsm->ld, entry, (char *)ptsm->member_attribute);
--	if (vals != NULL) {
--	    numvals = ldap_count_values( vals );
--
--	    *dsize = sizeof(struct auth_state) +
--		     (numvals * sizeof(struct auth_ident));
--	    *newstate = xmalloc(*dsize);
--	    if (*newstate == NULL) {
--		*reply = "no memory";
--		rc = PTSM_FAIL;
--		goto done;
--	    }
--	    (*newstate)->ngroups = numvals;
--
--	    for (i = 0; i < numvals; i++) {
--		int j;
--		strcpy((*newstate)->groups[i].id, "group:");
--		for(j =0; j < strlen(vals[i]); j++) {
--		  if(Uisupper(vals[i][j]))
--		    vals[i][j]=tolower(vals[i][j]);
--		}
--		strlcat((*newstate)->groups[i].id, vals[i], 
--		    sizeof((*newstate)->groups[i].id));
--		(*newstate)->groups[i].hash = strhash((*newstate)->groups[i].id);
--	    }
--
--	    ldap_value_free(vals);
--	    vals = NULL;
--	}
-+    int i, numvals;
-+
-+    vals = ldap_get_values(ptsm->ld, entry, (char *)ptsm->member_attribute);
-+    if (vals != NULL) {
-+        numvals = ldap_count_values( vals );
-+
-+        *dsize = sizeof(struct auth_state) +
-+             (numvals * sizeof(struct auth_ident));
-+        *newstate = xmalloc(*dsize);
-+        if (*newstate == NULL) {
-+            *reply = "no memory";
-+            rc = PTSM_FAIL;
-+            goto done;
-+        }
-+
-+        (*newstate)->ngroups = numvals;
-+        (*newstate)->userid.id[0] = '\0';
-+        for (i = 0; i < numvals; i++) {
-+            int j;
-+            strcpy((*newstate)->groups[i].id, "group:");
-+            rdn = ldap_explode_rdn(vals[i],1);
-+            for (j = 0; j < strlen(rdn[0]); j++) {
-+              if (Uisupper(rdn[0][j]))
-+                  rdn[0][j]=tolower(rdn[0][j]);
-+            }
-+            strlcat((*newstate)->groups[i].id, rdn[0],
-+                sizeof((*newstate)->groups[i].id));
-+            (*newstate)->groups[i].hash = strhash((*newstate)->groups[i].id);
-+        }
-+
-+        ldap_value_free(rdn);
-+        ldap_value_free(vals);
-+        vals = NULL;
-+    }
-+
-+    if ((char *)ptsm->user_attribute) {
-+        vals = ldap_get_values(ptsm->ld, entry, (char *)ptsm->user_attribute);
-+        if (vals != NULL) {
-+            numvals = ldap_count_values( vals );
-+
-+                if (numvals==1) {
-+                    if(!*newstate) {
-+                        *dsize = sizeof(struct auth_state);
-+                        *newstate = xmalloc(*dsize);
-+
-+                        if (*newstate == NULL) {
-+                            *reply = "no memory";
-+                            rc = PTSM_FAIL;
-+                            goto done;
-+                        }
-+
-+                        (*newstate)->ngroups = 0;
-+                    }
-+
-+                    size=strlen(vals[0]);
-+                    strcpy((*newstate)->userid.id, ptsmodule_canonifyid(vals[0],size));
-+                    (*newstate)->userid.hash = strhash((*newstate)->userid.id);
-+                }
-+
-+                ldap_value_free(vals);
-+                vals = NULL;
-+            }
-+        }
-     }
- 
-     if(!*newstate) {
-@@ -957,11 +993,14 @@ static int ptsmodule_make_authstate_attribute(
-             goto done;
-         }
-         (*newstate)->ngroups = 0;
-+        (*newstate)->userid.id[0] = '\0';
-     }
--    
-+
-     /* fill in the rest of our new state structure */
--    strcpy((*newstate)->userid.id, canon_id);
--    (*newstate)->userid.hash = strhash(canon_id);
-+    if ((*newstate)->userid.id[0]=='\0') {
-+        strcpy((*newstate)->userid.id, canon_id);
-+        (*newstate)->userid.hash = strhash(canon_id);
-+    }
-     (*newstate)->mark = time(0);
- 
-     rc = PTSM_OK;
-@@ -981,9 +1020,9 @@ done:;
- static int ptsmodule_make_authstate_filter(
-     const char *canon_id,
-     size_t size,
--    const char **reply, 
-+    const char **reply,
-     int *dsize,
--    struct auth_state **newstate) 
-+    struct auth_state **newstate)
- {
-     char *base = NULL, *filter = NULL;
-     int rc;
-@@ -1053,32 +1092,32 @@ static int ptsmodule_make_authstate_filter(
-     for (i = 0, entry = ldap_first_entry(ptsm->ld, res); entry != NULL;
-          i++, entry = ldap_next_entry(ptsm->ld, entry)) {
- 
--	vals = ldap_get_values(ptsm->ld, entry, (char *)ptsm->member_attribute);
--	if (vals == NULL)
--	    continue;
-+    vals = ldap_get_values(ptsm->ld, entry, (char *)ptsm->member_attribute);
-+    if (vals == NULL)
-+        continue;
- 
--	if ( ldap_count_values( vals ) != 1 ) {
--	    *reply = "too many values";
--	    rc = PTSM_FAIL;
--	    ldap_value_free(vals);
--	    vals = NULL;
--	    goto done;
--	}
-+    if ( ldap_count_values( vals ) != 1 ) {
-+        *reply = "too many values";
-+        rc = PTSM_FAIL;
-+        ldap_value_free(vals);
-+        vals = NULL;
-+        goto done;
-+    }
- 
--	strcpy((*newstate)->groups[i].id, "group:");
-+    strcpy((*newstate)->groups[i].id, "group:");
- 
--	int j;
--	for(j =0; j < strlen(vals[0]); j++) {
--	  if(Uisupper(vals[0][j]))
--	    vals[0][j]=tolower(vals[0][j]);
--	}
-+    int j;
-+    for(j =0; j < strlen(vals[0]); j++) {
-+      if(Uisupper(vals[0][j]))
-+        vals[0][j]=tolower(vals[0][j]);
-+    }
- 
--	strlcat((*newstate)->groups[i].id, vals[0], 
--	    sizeof((*newstate)->groups[i].id));
--	(*newstate)->groups[i].hash = strhash((*newstate)->groups[i].id);
-+    strlcat((*newstate)->groups[i].id, vals[0],
-+        sizeof((*newstate)->groups[i].id));
-+    (*newstate)->groups[i].hash = strhash((*newstate)->groups[i].id);
- 
--	ldap_value_free(vals);
--	vals = NULL;
-+    ldap_value_free(vals);
-+    vals = NULL;
-     }
- 
-     rc = PTSM_OK;
-@@ -1100,9 +1139,9 @@ done:;
- static int ptsmodule_make_authstate_group(
-     const char *canon_id,
-     size_t size,
--    const char **reply, 
-+    const char **reply,
-     int *dsize,
--    struct auth_state **newstate) 
-+    struct auth_state **newstate)
- {
-     char *base = NULL, *filter = NULL;
-     int rc;
-@@ -1184,8 +1223,8 @@ done:;
- static struct auth_state *myauthstate(
-     const char *identifier,
-     size_t size,
--    const char **reply, 
--    int *dsize) 
-+    const char **reply,
-+    int *dsize)
- {
-     const char *canon_id;
-     struct auth_state *newstate = NULL;
-@@ -1224,23 +1263,23 @@ retry:;
- 
- static void myinit(void)
- {
--	fatal("PTS module (ldap) not compiled in", EC_CONFIG);
-+    fatal("PTS module (ldap) not compiled in", EC_CONFIG);
- }
- 
- static struct auth_state *myauthstate(
-     const char *identifier __attribute__((unused)),
-     size_t size __attribute__((unused)),
--    const char **reply __attribute__((unused)), 
--    int *dsize __attribute__((unused))) 
-+    const char **reply __attribute__((unused)),
-+    int *dsize __attribute__((unused)))
- {
--	fatal("PTS module (ldap) not compiled in", EC_CONFIG);
-+    fatal("PTS module (ldap) not compiled in", EC_CONFIG);
- }
- 
- #endif /* HAVE_LDAP */
- 
--struct pts_module pts_ldap = 
-+struct pts_module pts_ldap =
- {
--    "ldap",		/* name */
-+    "ldap",        /* name */
- 
-     &myinit,
-     &myauthstate,

debian.tar.gz/patches/cyrus-imapd-2.4.16-db51.patch Deleted

@@ -1,32 +0,0 @@
---- a/lib/cyrusdb_berkeley.c
-+++ b/lib/cyrusdb_berkeley.c
-@@ -281,17 +281,11 @@
- 
-     assert(dbinit);
- 
--#if !(DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1)
--    do {
--#endif
- #if (DB_VERSION_MAJOR > 3) || ((DB_VERSION_MAJOR == 3) && (DB_VERSION_MINOR > 0))
- 	r = txn_checkpoint(dbenv, 0, 0, 0);
- #else
- 	r = txn_checkpoint(dbenv, 0, 0);
- #endif
--#if !(DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1)
--    } while (r == DB_INCOMPLETE);  /* Never returned by BDB 4.1 */
--#endif
-     if (r) {
- 	syslog(LOG_ERR, "DBERROR: couldn't checkpoint: %s",
- 	       db_strerror(r));
-@@ -412,11 +406,7 @@
-     /* xxx set comparator! */
-     if (flags & CYRUSDB_MBOXSORT) db->set_bt_compare(db, mbox_compar);
- 
--#if DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1
-     r = (db->open)(db, NULL, fname, NULL, type, dbflags | DB_AUTO_COMMIT, 0664);
--#else
--    r = (db->open)(db, fname, NULL, type, dbflags, 0664);
--#endif
- 
-     if (r != 0) {
- 	int level = (flags & CYRUSDB_CREATE) ? LOG_ERR : LOG_DEBUG;

debian.tar.gz/patches/cyrus-imapd-2.4.2-005-disable-rpath.patch Deleted

@@ -1,36 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 06-disable_runpath.dpatch by Sven Mueller <debian@incase.de>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: disable runpath
-
-@DPATCH@
-Index: cyrus-imapd/cmulocal/cyrus.m4
-===================================================================
---- cyrus-imapd.orig/cmulocal/cyrus.m4	2010-10-20 15:47:06.000000000 +0200
-+++ cyrus-imapd/cmulocal/cyrus.m4	2010-10-20 16:42:27.000000000 +0200
-@@ -3,6 +3,7 @@
- dnl $Id: cyrus.m4,v 1.6 2010/01/06 17:01:27 murch Exp $
- dnl tjs@andrew.cmu.edu 6-may-1998
- dnl
-+dnl Debian fix (hmh@debian.org): We don't want runpath set in Debian
- 
- dnl It would be good if ANDREW_ADD_LIBPATH could detect if something was
- dnl already there and not redundantly add it if it is.
-@@ -32,14 +33,5 @@
- dnl runpath initialization
- AC_DEFUN([CMU_GUESS_RUNPATH_SWITCH], [
-    # CMU GUESS RUNPATH SWITCH
--  AC_CACHE_CHECK(for runpath switch, andrew_cv_runpath_switch, [
--    # first, try -R
--    SAVE_LDFLAGS="${LDFLAGS}"
--    LDFLAGS="-R /usr/lib"
--    AC_TRY_LINK([],[],[andrew_cv_runpath_switch="-R"], [
--  	LDFLAGS="-Wl,-rpath,/usr/lib"
--    AC_TRY_LINK([],[],[andrew_cv_runpath_switch="-Wl,-rpath,"],
--    [andrew_cv_runpath_switch="none"])
--    ])
--  LDFLAGS="${SAVE_LDFLAGS}"
--  ])])
-+    andrew_cv_runpath_switch="none"
-+])

debian.tar.gz/patches/cyrus-imapd-2.4.2-902-accept-invalid-from-header.patch Deleted

@@ -1,60 +0,0 @@
-From 8ab849423b250c0572e1786a64fcb3924a6b747e Mon Sep 17 00:00:00 2001
-From: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>
-Date: Tue, 3 Aug 2010 10:13:36 +0200
-Subject: [PATCH 08/13] Accept invalid From: header in email
-
-This stops Cyrus from ruining everything all by itself; Your MTA is
-the point where the validity of headers should be checked. For more
-information on such and so forth, see (amongst others):
-
-    http://www.postfix.org/header_checks.5.html
-
-If one chooses to allow slightly invalid headers in the MTA, then
-Cyrus should not raise problems.
----
- imap/message.c |   18 ++++++++++++++++--
- 1 files changed, 16 insertions(+), 2 deletions(-)
-
-Index: cyrus-imapd/imap/message.c
-===================================================================
---- cyrus-imapd.orig/imap/message.c	2010-10-20 16:04:15.000000000 +0200
-+++ cyrus-imapd/imap/message.c	2010-10-20 16:06:58.000000000 +0200
-@@ -246,6 +246,8 @@
-     int reject8bit = config_getswitch(IMAPOPT_REJECT8BIT);
-     int munge8bit = config_getswitch(IMAPOPT_MUNGE8BIT);
-     int inheader = 1, blankline = 1;
-+    char is_from;
-+    static const char * from_header = "From ";
- 
-     while (size) {
- 	n = prot_read(from, buf, size > 4096 ? 4096 : size);
-@@ -322,11 +324,24 @@
- 	/* Check for valid header name */
- 	if (sawnl && buf[0] != ' ' && buf[0] != '\t') {
- 	    if (buf[0] == ':') return IMAP_MESSAGE_BADHEADER;
--      if (strstr(buf, "From ") != buf)
--	    for (p = (unsigned char *)buf; *p != ':'; p++) {
--		if (*p <= ' ') return IMAP_MESSAGE_BADHEADER;
--	    }
--	}
-+            p = (unsigned char *) buf;
-+            if (*p == '>') p++;
-+
-+            if (*p == from_header[0])
-+                is_from = 0;
-+            else
-+                is_from = -1;
-+
-+            for (; *p != ':' && is_from < 5; p++) {
-+                if (is_from > 0 && *p != from_header[is_from])
-+                    is_from = -1;
-+
-+                if (is_from >= 0)
-+                    is_from++;
-+                else
-+                    if (*p <= ' ') return IMAP_MESSAGE_BADHEADER;
-+            }
-+        }
- 
- 	/* Used to be some 8bit checks here but those were moved above so that 
- 	   we could do something other than refuse the message.

debian.tar.gz/patches/cyrus-imapd-2.4.2-903-normalize-authorization-id.patch Deleted

@@ -1,97 +0,0 @@
-diff --git a/imap/global.c b/imap/global.c
-index d2e5ba7..930d539 100644
---- a/imap/global.c
-+++ b/imap/global.c
-@@ -219,6 +219,8 @@ int cyrus_init(const char *alt_config, const char *ident, unsigned flags)
- 				  config_getswitch(IMAPOPT_UNIX_GROUP_ENABLE));
- 	libcyrus_config_setswitch(CYRUSOPT_USERNAME_TOLOWER,
- 				  config_getswitch(IMAPOPT_USERNAME_TOLOWER));
-+	libcyrus_config_setswitch(CYRUSOPT_NORMALIZEUID,
-+				  config_getswitch(IMAPOPT_NORMALIZEUID));
- 	libcyrus_config_setswitch(CYRUSOPT_SKIPLIST_UNSAFE,
- 				  config_getswitch(IMAPOPT_SKIPLIST_UNSAFE));
- 	libcyrus_config_setstring(CYRUSOPT_TEMP_PATH,
-diff --git a/lib/auth_unix.c b/lib/auth_unix.c
-index c1f0329..d7abf79 100644
---- a/lib/auth_unix.c
-+++ b/lib/auth_unix.c
-@@ -156,10 +156,12 @@ const char *identifier;
- size_t len;
- {
-     static char retbuf[81];
-+    char backup[81];
-     struct group *grp;
-     char sawalpha;
-     char *p;
-     int username_tolower = 0;
-+    int ic,rbc;
- 
-     if(!len) len = strlen(identifier);
-     if(len >= sizeof(retbuf)) return NULL;
-@@ -211,6 +213,22 @@ size_t len;
-     /* now we don't */
-     /* if (!sawalpha) return NULL;  */
- 
-+    if( (libcyrus_config_getswitch(CYRUSOPT_NORMALIZEUID) == 1) ) {
-+        strcpy(backup,retbuf);
-+       /* remove leading blanks */
-+       for(ic=0; isblank(backup[ic]); ic++);
-+       for(rbc=0; backup[ic]; ic++) {
-+            retbuf[rbc] = ( isalpha(backup[ic]) ?
-+                 tolower(backup[ic]) : backup[ic] );
-+            rbc++;
-+       }
-+       retbuf[rbc] = '\0';
-+       /* remove trailing blanks */
-+       for(--rbc; isblank(retbuf[rbc]); rbc--) {
-+            retbuf[rbc] = '\0';
-+       }
-+    }
-+
-     return retbuf;
- }
- 
-diff --git a/lib/imapoptions b/lib/imapoptions
-index c049501..4d16fb5 100644
---- a/lib/imapoptions
-+++ b/lib/imapoptions
-@@ -1416,6 +1416,11 @@ product version in the capabilities */
-    the special use flag "\Drafts" added.  Later versions of Cyrus
-    have a much more flexible RFC 6154 compatible system.  */
- 
-+{ "normalizeuid", 0, SWITCH }
-+/* Lowercase uid and strip leading and trailing blanks. It is recommended
-+   to set this to yes, especially if OpenLDAP is used as authentication
-+   source. */
-+
- /*
- .SH SEE ALSO
- .PP
-diff --git a/lib/libcyr_cfg.c b/lib/libcyr_cfg.c
-index 688523c..b5c6008 100644
---- a/lib/libcyr_cfg.c
-+++ b/lib/libcyr_cfg.c
-@@ -158,6 +158,10 @@ struct cyrusopt_s cyrus_options[] = {
-       CFGVAL(long, 1),
-       CYRUS_OPT_SWITCH },
- 
-+    { CYRUSOPT_NORMALIZEUID,
-+      CFGVAL(long, 1),
-+      CYRUS_OPT_SWITCH },
-+
-     { CYRUSOPT_LAST, { NULL }, CYRUS_OPT_NOTOPT }
- };
- 
-diff --git a/lib/libcyr_cfg.h b/lib/libcyr_cfg.h
-index 7bdca06..1afe95a 100644
---- a/lib/libcyr_cfg.h
-+++ b/lib/libcyr_cfg.h
-@@ -116,6 +116,8 @@ enum cyrus_opt {
-     CYRUSOPT_SQL_USESSL,
-     /* Checkpoint after every recovery (OFF) */
-     CYRUSOPT_SKIPLIST_ALWAYS_CHECKPOINT,
-+    /* Lowercase uid and strip leading and trailing blanks (OFF) */
-+    CYRUSOPT_NORMALIZEUID,
- 
-     CYRUSOPT_LAST
-

debian.tar.gz/patches/cyrus-imapd-perl5.14.patch Deleted

@@ -1,96 +0,0 @@
-diff -up cyrus-imapd-2.4.8/perl/imap/IMAP.xs.perl5.14 cyrus-imapd-2.4.8/perl/imap/IMAP.xs
---- cyrus-imapd-2.4.8/perl/imap/IMAP.xs.perl5.14	2011-04-13 16:35:22.000000000 +0200
-+++ cyrus-imapd-2.4.8/perl/imap/IMAP.xs	2011-06-21 08:08:16.841989447 +0200
-@@ -125,10 +125,10 @@ void imclient_xs_cb(struct imclient *cli
-   SAVETMPS;
-   PUSHMARK(SP);
-   XPUSHs(sv_2mortal(newSVpv("-client", 0)));
--  rv = newSVsv(&sv_undef);
-+  rv = newSVsv(&PL_sv_undef);
-   sv_setref_pv(rv, NULL, (void *) rock->client);
-   XPUSHs(rv);
--  if (rock->prock != &sv_undef) {
-+  if (rock->prock != &PL_sv_undef) {
-     XPUSHs(sv_2mortal(newSVpv("-rock", 0)));
-     XPUSHs(sv_mortalcopy(rock->prock));
-   }
-@@ -393,7 +393,7 @@ CODE:
- 	ST(0) = sv_newmortal();
- 
- 	if(client->authenticated) {
--	  ST(0) = &sv_no;
-+	  ST(0) = &PL_sv_no;
- 	  return;
- 	}
- 
-@@ -415,10 +415,10 @@ CODE:
- 	rc = imclient_authenticate(client->imclient, mechlist, service, user,
- 				   minssf, maxssf);
- 	if (rc)
--	  ST(0) = &sv_no;
-+	  ST(0) = &PL_sv_no;
- 	else {
- 	  client->authenticated = 1;
--	  ST(0) = &sv_yes;
-+	  ST(0) = &PL_sv_yes;
- 	}
- 
- int
-@@ -450,12 +450,12 @@ CODE:
- #ifdef HAVE_SSL
- 	rc = imclient_starttls(client->imclient, tls_cert_file, tls_key_file, CAfile, CApath);
- 	if (rc)
--	  ST(0) = &sv_no;
-+	  ST(0) = &PL_sv_no;
- 	else {
--	  ST(0) = &sv_yes;
-+	  ST(0) = &PL_sv_yes;
- 	}
- #else
--	ST(0) = &sv_no;
-+	ST(0) = &PL_sv_no;
- #endif /* HAVE_SSL */
- 
- void
-@@ -515,7 +515,7 @@ PPCODE:
- 	      (val = hv_fetch(cb, "Rock", 4, 0)))
- 	    prock = *val;
- 	  else
--	    prock = &sv_undef;
-+	    prock = &PL_sv_undef;
- 	  /*
- 	   * build our internal rock, which is used by our internal
- 	   * callback handler to invoke the Perl callback
-@@ -526,7 +526,7 @@ PPCODE:
- 	    rock = (struct xsccb *) safemalloc(sizeof *rock);
- 	    /* bump refcounts on these so they don't go away */
- 	    rock->pcb = SvREFCNT_inc(pcb);
--	    if (!prock) prock = &sv_undef;
-+	    if (!prock) prock = &PL_sv_undef;
- 	    rock->prock = SvREFCNT_inc(prock);
- 	    rock->client = client;
- 	    rock->autofree = 0;
-@@ -653,9 +653,9 @@ PPCODE:
- 	    EXTEND(SP, 1);
- 	    pcb = av_shift(av);
- 	    if (strcmp(SvPV(pcb, arg), "OK") == 0)
--	      PUSHs(&sv_yes);
-+	      PUSHs(&PL_sv_yes);
- 	    else
--	      PUSHs(&sv_no);
-+	      PUSHs(&PL_sv_no);
- 	    pcb = perl_get_sv("@", TRUE);
- 	    sv_setsv(pcb, av_shift(av));
- 	    if (av_len(av) != -1) {
-@@ -688,9 +688,9 @@ PPCODE:
- 	EXTEND(SP, 2);
- 	PUSHs(sv_2mortal(newSViv(fd)));
- 	if (writep)
--	  PUSHs(&sv_yes);
-+	  PUSHs(&PL_sv_yes);
- 	else
--	  PUSHs(&sv_no);
-+	  PUSHs(&PL_sv_no);
- 
- void
- imclient_fromURL(client,url)

debian.tar.gz/patches/series Deleted

Changes of Revision 8