adding ldap listing controls to conf.pl

moving some ldap configuration options to advanced section in order to
reduce number of questions in ldap configuration.
blocking use of wildcard in file and db backends when listing is disabled.
This should close #529563 in devel.

ChangeLog

@@ -370,6 +370,12 @@ Version 1.5.1 -- CVS
     Martijn Brinkers for finding a lot of these. [CAN-2005-1769]
   - Update COPYING with new address of the FSF.
   - Fixed missing quote character when trying to build cid: urls.
+  - Added address listing functions and listing controls to address
+    book LDAP backend. Blocked wildcard searches in file and database
+    backends when listing is disabled (#529563).
+  - Some LDAP address book backend configuration options (listing
+    controls, filtering, scope limit) are moved to 'advanced
+    configuration' subsection.
 
 Version 1.5.0 - 2 February 2004
 -------------------------------

config/conf.pl

@@ -262,6 +262,11 @@ while ( $line = <FILE> ) {
                     $tmp =~ s/[\'\"]?,?\s*$//;
                     $tmp =~ s/[\'\"]?\);\s*$//;
                     $limit_scope = $tmp;
+                } elsif ( $tmp =~ /^\s*[\'\"]listing[\'\"]/i ) {
+                    $tmp =~ s/^\s*[\'\"]listing[\'\"]\s*=>\s*[\'\"]?//i;
+                    $tmp =~ s/[\'\"]?,?\s*$//;
+                    $tmp =~ s/[\'\"]?\);\s*$//;
+                    $listing = $tmp;
                 }
             }
             $ldap_host[$sub]    = $host;
@@ -275,6 +280,7 @@ while ( $line = <FILE> ) {
             $ldap_bindpw[$sub]  = $bindpw;
             $ldap_protocol[$sub] = $protocol;
             $ldap_limit_scope[$sub] = $limit_scope;
+            $ldap_listing[$sub] = $listing;
         } elsif ( $options[0] =~ /^(data_dir|attachment_dir|theme_css|org_logo|signout_page)$/ ) {
             ${ $options[0] } = &change_to_rel_path($options[1]);
         } else {
@@ -2472,6 +2478,9 @@ sub command61 {
                 if ( $ldap_limit_scope[$count] ) {
                     print " limit_scope: $ldap_limit_scope[$count]\n";
                 }
+                if ( $ldap_listing[$count] ) {
+                    print "     listing: $ldap_listing[$count]\n";
+                }
 
                 print "\n";
                 $count++;
@@ -2526,21 +2535,12 @@ sub command61 {
             print "\n";
 
             print "You can specify the maximum number of rows in the search result.\n";
-            print "Default is unlimited.  Press ENTER for default.\n";
+            print "Default value is equal to 250 rows.  Press ENTER for default.\n";
             print "maxrows: ";
             $name = <STDIN>;
             $name =~ s/[\r\n]//g;
             $ldap_maxrows[$sub] = $name;
 
-            print "\n";
-
-            print "You can specify an additional search filter.\n";
-            print "This could be something like \"(objectclass=posixAccount)\".\n";
-            print "Default is no extra filter.  Press ENTER for default.\n";
-            print "filter: ";
-            $name = <STDIN>;
-            $name =~ s/[\r|\n]//g;
-            $ldap_filter[$sub] = $name;
 
             print "\n";
 
@@ -2574,20 +2574,63 @@ sub command61 {
 
             print "\n";
 
-            print "You can control search scope here.\n";
-            print "This option is specific to Microsoft ADS implementation.\n";
-            print "It requires use of v3 or newer LDAP protocol.\n";
-            print "Don't enable it, if you use other LDAP server.\n";
+            print "This configuration section allows to set some rarely used\n";
+            print "options and options specific to some LDAP implementations.\n";
             print "\n";
-            print "Limit ldap scope? (y/N):";
-            $name = <STDIN>;
-            if ( $name =~ /^y\n/i ) {
-                $name = 'true';
+            print "Do you want to set advanced LDAP directory settings? (y/N):";
+            $ldap_advanced_settings = <STDIN>;
+            if ( $ldap_advanced_settings =~ /^y\n/i ) {
+                $ldap_advanced_settings = 'true';
             } else {
-                $name = 'false';
+                $ldap_advanced_settings = 'false';
             }
-            $ldap_limit_scope[$sub] = $name;
 
+            if ($ldap_advanced_settings eq 'true') {
+              print "\n";
+
+              print "You can control LDAP directory listing here. This option can\n";
+              print "be useful if you run small LDAP server and want to provide listing\n";
+              print "of all addresses stored in LDAP to users of webmail interface.\n";
+              print "Number of displayed entries is limited by maxrows setting.\n";
+              print "\n";
+              print "Don't enable this option for public LDAP directories.\n";
+              print "This feature is experimental.\n";
+              print "\n";
+              print "Allow listing of LDAP directory? (y/N):";
+              $name = <STDIN>;
+              if ( $name =~ /^y\n/i ) {
+                $name = 'true';
+              } else {
+                $name = 'false';
+              }
+              $ldap_listing[$sub] = $name;
+
+              print "\n";
+
+              print "You can specify an additional search filter.\n";
+              print "This could be something like \"(objectclass=posixAccount)\".\n";
+              print "No filtering is performed by default. Press ENTER for default.\n";
+              print "filter: ";
+              $name = <STDIN>;
+              $name =~ s/[\r|\n]//g;
+              $ldap_filter[$sub] = $name;
+
+              print "\n";
+
+              print "You can control search scope here.\n";
+              print "This option is specific to Microsoft ADS implementation.\n";
+              print "It requires use of v3 or newer LDAP protocol.\n";
+              print "Don't enable it, if you use other LDAP server.\n";
+              print "\n";
+              print "Limit ldap scope? (y/N):";
+              $name = <STDIN>;
+              if ( $name =~ /^y\n/i ) {
+                $name = 'true';
+              } else {
+                $name = 'false';
+              }
+              $ldap_limit_scope[$sub] = $name;
+            }
             print "\n";
 
         } elsif ( $input =~ /^\s*-\s*[0-9]?/ ) {
@@ -2610,6 +2653,7 @@ sub command61 {
             @new_ldap_binddn  = ();
             @new_ldap_protocol = ();
             @new_ldap_limit_scope = ();
+            @new_ldap_listing = ();
 
             while ( $count <= $#ldap_host ) {
                 if ( $count != $rem_num ) {
@@ -2624,6 +2668,7 @@ sub command61 {
                     @new_ldap_bindpw  = ( @new_ldap_bindpw,  $ldap_bindpw[$count] );
                     @new_ldap_protocol  = ( @new_ldap_protocol,  $ldap_protocol[$count] );
                     @new_ldap_limit_scope = ( @new_ldap_limit_scope,  $ldap_limit_scope[$count] );
+                    @new_ldap_listing = ( @new_ldap_listing, $ldap_listing[$count] );
                 }
                 $count++;
             }
@@ -2638,6 +2683,7 @@ sub command61 {
             @ldap_bindpw  = @new_ldap_bindpw;
             @ldap_protocol = @new_ldap_protocol;
             @ldap_limit_scope = @new_ldap_limit_scope;
+            @ldap_listing = @new_ldap_listing;
 
         } elsif ( $input =~ /^\s*\?\s*/ ) {
             print ".-------------------------.\n";
@@ -3440,7 +3486,7 @@ sub save_data {
             }
             if ( $ldap_protocol[$count] ) {
                 print CF ",\n";
-        # integer
+                # integer
                 print CF "    'protocol' => $ldap_protocol[$count]";
             }
             if ( $ldap_limit_scope[$count] ) {
@@ -3448,6 +3494,11 @@ sub save_data {
                 # boolean
                 print CF "    'limit_scope' => $ldap_limit_scope[$count]";
             }
+            if ( $ldap_listing[$count] ) {
+                print CF ",\n";
+                # boolean
+                print CF "    'listing' => $ldap_listing[$count]";
+            }
             print CF "\n";
             print CF ");\n";
             print CF "\n";

functions/abook_database.php

@@ -190,6 +190,10 @@ class abook_database extends addressbook_backend {
             return;
         }
 
+        // don't allow wide search when listing is disabled.
+        if ($expr=='*' && ! $this->listing)
+            return array();
+
         /* Make regexp from glob'ed expression  */
         $expr = str_replace('?', '_', $expr);
         $expr = str_replace('*', '%', $expr);

functions/abook_ldap_server.php

@@ -417,14 +417,22 @@ class abook_ldap_server extends addressbook_backend {
         if(is_array($expr)) return false;
 
         // don't allow wide search when listing is disabled.
-        if ($expr=='*' && ! $this->listing)
-             return array();
+        if ($expr=='*' && ! $this->listing) {
+            return array();
+        } elseif ($expr=='*') {
+            // allow use of wildcard when listing is enabled.
+            $expression = '(cn=*)';
+        } else {
+            /* Convert search from user's charset to the one used in ldap */
+            $expr = $this->charset_encode($expr);
 
-        /* Convert search from user's charset to the one used in ldap */
-        $expr = $this->charset_encode($expr);
+            /* Make sure that search does not contain ldap special chars */
+            $expression = '(cn=*' . $this->ldapspecialchars($expr) . '*)';
 
-        /* Make sure that search does not contain ldap special chars */
-        $expression = '(cn=*' . $this->ldapspecialchars($expr) . '*)';
+            /* Undo sanitizing of * symbol */
+            $expression = str_replace('\2a','*',$expression);
+            /* TODO: implement any single character (?) matching */
+        }
 
         /* Add search filtering */
         if ($this->filter!='')

functions/abook_local_file.php

@@ -259,6 +259,10 @@ class abook_local_file extends addressbook_backend {
         /* To be replaced by advanded search expression parsing */
         if(is_array($expr)) { return; }
 
+        // don't allow wide search when listing is disabled.
+        if ($expr=='*' && ! $this->listing)
+            return array();
+
         /* Make regexp from glob'ed expression
          * May want to quote other special characters like (, ), -, [, ], etc. */
         $expr = str_replace('?', '.', $expr);

functions/addressbook.php

@@ -191,7 +191,7 @@ function abook_create_form($form_url,$name,$title,$button,$defdata=array()) {
 }
 
 
-/*
+/**
  *   Had to move this function outside of the Addressbook Class
  *   PHP 4.0.4 Seemed to be having problems with inline functions.
  *   Note: this can return now since we don't support 4.0.4 anymore.
@@ -865,6 +865,10 @@ class addressbook_backend {
 
     /**
      * Search for entries in backend
+     *
+     * Working backend should support use of wildcards. * symbol 
+     * should match one or more symbols. ? symbol should match any
+     * single symbol.  
      * @param string $expression
      * @return bool
      */
@@ -885,6 +889,9 @@ class addressbook_backend {
 
     /**
      * List all entries in backend
+     *
+     * Working backend should provide this function or at least
+     * dummy function that returns empty array.
      * @return bool
      */
     function list_addr() {