#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <sys/stat.h>

#include <unistd.h>
#include <stdlib.h>
#include <netdb.h>
#include <netinet/in.h>

#include <kdebug.h>
#include <kinstance.h>
#include <tdelocale.h>

#ifdef HAVE_SASL_SASL_H //prefer libsasl2
#include <sasl/sasl.h>
#else
#ifdef HAVE_SASL_H
#include <sasl.h>
#endif
#endif
#include <tdeabc/ldif.h>

#include "tdeio_ldap.h"

using namespace TDEIO;
using namespace TDEABC;

extern "C" { int KDE_EXPORT kdemain(int argc, char **argv); }

/**
 * The main program.
 */
int kdemain( int argc, char **argv )
{
  TDEInstance instance( "tdeio_ldap" );

  kdDebug(7125) << "Starting " << getpid() << endl;

  if ( argc != 4 ) {
    kdError() << "Usage tdeio_ldap protocol pool app" << endl;
    return -1;
  }

  // let the protocol class do its work
  LDAPProtocol slave( argv[1], argv[ 2 ], argv[ 3 ] );
  slave.dispatchLoop();

  kdDebug( 7125 ) << "Done" << endl;
  return 0;
}

/**
 * Initialize the ldap slave
 */
LDAPProtocol::LDAPProtocol( const TQCString &protocol, const TQCString &pool, 
  const TQCString &app ) : SlaveBase( protocol, pool, app )
{
  mLDAP = 0; mTLS = 0; mVer = 3; mAuthSASL = false;
  mRealm = ""; mBindName = "";
  mTimeLimit = mSizeLimit = 0;
  kdDebug(7125) << "LDAPProtocol::LDAPProtocol (" << protocol << ")" << endl;
}

LDAPProtocol::~LDAPProtocol() 
{
  closeConnection();
}

void LDAPProtocol::LDAPErr( const KURL &url, int err )
{

  char *errmsg = 0;
  if ( mLDAP ) {
    if ( err == LDAP_SUCCESS ) ldap_get_option( mLDAP, LDAP_OPT_ERROR_NUMBER, &err );
    if ( err != LDAP_SUCCESS ) ldap_get_option( mLDAP, LDAP_OPT_ERROR_STRING, &errmsg );
  }
  if ( err == LDAP_SUCCESS ) return;
  kdDebug(7125) << "error code: " << err << " msg: " << ldap_err2string(err) <<
    " Additonal error message: '" << errmsg << "'" << endl;
  TQString msg;
  TQString extraMsg;
  if ( errmsg ) {
    if ( errmsg[0] )
      extraMsg = i18n("\nAdditional info: ") + TQString::fromUtf8( errmsg );
    free( errmsg );
  }
  msg = url.prettyURL();
  if ( !extraMsg.isEmpty() ) msg += extraMsg;

  /* FIXME: No need to close on all errors */
  closeConnection();
  
  switch (err) {
/* FIXME: is it worth mapping the following error codes to tdeio errors?

	LDAP_OPERATIONS_ERROR 
  LDAP_STRONG_AUTH_REQUIRED
	LDAP_PROTOCOL_ERROR 
	LDAP_TIMELIMIT_EXCEEDED 
	LDAP_SIZELIMIT_EXCEEDED 
	LDAP_COMPARE_FALSE 
	LDAP_COMPARE_TRUE 
	LDAP_PARTIAL_RESULTS 
	LDAP_NO_SUCH_ATTRIBUTE 
	LDAP_UNDEFINED_TYPE 
	LDAP_INAPPROPRIATE_MATCHING 
	LDAP_CONSTRAINT_VIOLATION 
	LDAP_INVALID_SYNTAX 
	LDAP_NO_SUCH_OBJECT 
	LDAP_ALIAS_PROBLEM 
	LDAP_INVALID_DN_SYNTAX 
	LDAP_IS_LEAF 
	LDAP_ALIAS_DEREF_PROBLEM 
	LDAP_INAPPROPRIATE_AUTH 
	LDAP_BUSY 
	LDAP_UNAVAILABLE 
	LDAP_UNWILLING_TO_PERFORM 
	LDAP_LOOP_DETECT 
	LDAP_NAMING_VIOLATION 
	LDAP_OBJECT_CLASS_VIOLATION 
	LDAP_NOT_ALLOWED_ON_NONLEAF 
	LDAP_NOT_ALLOWED_ON_RDN 
	LDAP_NO_OBJECT_CLASS_MODS 
	LDAP_OTHER 
	LDAP_LOCAL_ERROR 
	LDAP_ENCODING_ERROR 
	LDAP_DECODING_ERROR 
	LDAP_FILTER_ERROR 
*/    
    case LDAP_AUTH_UNKNOWN:
    case LDAP_INVALID_CREDENTIALS:
    case LDAP_STRONG_AUTH_NOT_SUPPORTED: 
      error(ERR_COULD_NOT_AUTHENTICATE, msg);
      break;
    case LDAP_ALREADY_EXISTS:
      error(ERR_FILE_ALREADY_EXIST, msg);
      break;
    case LDAP_INSUFFICIENT_ACCESS: 
      error(ERR_ACCESS_DENIED, msg);
      break;
    case LDAP_CONNECT_ERROR:
    case LDAP_SERVER_DOWN: 
      error(ERR_COULD_NOT_CONNECT,msg);
      break;
    case LDAP_TIMEOUT: 
      error(ERR_SERVER_TIMEOUT,msg);
      break;
    case LDAP_PARAM_ERROR:
      error(ERR_INTERNAL,msg);
      break;
    case LDAP_NO_MEMORY: 
      error(ERR_OUT_OF_MEMORY,msg);
      break;
    
    default:
      error( ERR_SLAVE_DEFINED,
        i18n( "LDAP server returned the error: %1 %2\nThe LDAP URL was: %3" ). 
        arg( ldap_err2string(err)).arg( extraMsg ).arg( url.prettyURL() ) );
  }
}

void LDAPProtocol::controlsFromMetaData( LDAPControl ***serverctrls, 
  LDAPControl ***clientctrls )
{
  TQString oid; bool critical; TQByteArray value;
  int i = 0;
  while ( hasMetaData( TQString::fromLatin1("SERVER_CTRL%1").arg(i) ) ) {
    TQCString val = metaData( TQString::fromLatin1("SERVER_CTRL%1").arg(i) ).utf8();
    LDIF::splitControl( val, oid, critical, value );
    kdDebug(7125) << "server ctrl #" << i << " value: " << val << 
      " oid: " << oid << " critical: " << critical << " value: " << 
      TQString(TQString::fromUtf8( value, value.size() )) << endl;
    addControlOp( serverctrls, oid, value, critical );
    i++;
  }
  i = 0;
  while ( hasMetaData( TQString::fromLatin1("CLIENT_CTRL%1").arg(i) ) ) {
    TQCString val = metaData( TQString::fromLatin1("CLIENT_CTRL%1").arg(i) ).utf8();
    LDIF::splitControl( val, oid, critical, value );
    kdDebug(7125) << "client ctrl #" << i << " value: " << val << 
      " oid: " << oid << " critical: " << critical << " value: " << 
      TQString(TQString::fromUtf8( value, value.size() )) << endl;
    addControlOp( clientctrls, oid, value, critical );
    i++;
  }
}

int LDAPProtocol::asyncSearch( LDAPUrl &usrc ) 
{
  char **attrs = 0;
  int msgid;
  LDAPControl **serverctrls = 0, **clientctrls = 0;
  
  int count = usrc.attributes().count();
  if ( count > 0 ) {
    attrs = static_cast<char**>( malloc((count+1) * sizeof(char*)) );
    for (int i=0; i<count; i++)
      attrs[i] = strdup( (*usrc.attributes().at(i)).utf8() );
    attrs[count] = 0;
  }  
  
  int retval, scope = LDAP_SCOPE_BASE;
  switch ( usrc.scope() ) {
    case LDAPUrl::Base:
      scope = LDAP_SCOPE_BASE;
      break;
    case LDAPUrl::One:
      scope = LDAP_SCOPE_ONELEVEL;
      break;
    case LDAPUrl::Sub:
      scope = LDAP_SCOPE_SUBTREE;
      break;
  }

  controlsFromMetaData( &serverctrls, &clientctrls );

  kdDebug(7125) << "asyncSearch() dn=\"" << usrc.dn() << "\" scope=" << 
    usrc.scope() << " filter=\"" << usrc.filter() << "\" attrs=" << usrc.attributes() << 
    endl;
  retval = ldap_search_ext( mLDAP, usrc.dn().utf8(), scope, 
    usrc.filter().isEmpty() ? TQCString() : usrc.filter().utf8(), attrs, 0, 
    serverctrls, clientctrls,
    0, mSizeLimit, &msgid );

  ldap_controls_free( serverctrls );
  ldap_controls_free( clientctrls );

  // free the attributes list again
  if ( count > 0 ) {
    for ( int i=0; i<count; i++ ) free( attrs[i] );
    free(attrs);
  }
  
  if ( retval == 0 ) retval = msgid;
  return retval;
}

TQCString LDAPProtocol::LDAPEntryAsLDIF( LDAPMessage *message )
{
  TQCString result;
  char *name;
  struct berval **bvals;
  BerElement     *entry;
  TQByteArray tmp;
  
  char *dn = ldap_get_dn( mLDAP, message );
  if ( dn == NULL ) return TQCString( "" );
  tmp.setRawData( dn, strlen( dn ) );
  result += LDIF::assembleLine( "dn", tmp ) + '\n';
  tmp.resetRawData( dn, strlen( dn ) );
  ldap_memfree( dn );

  // iterate over the attributes    
  name = ldap_first_attribute(mLDAP, message, &entry);
  while ( name != 0 )
  {
    // print the values
    bvals = ldap_get_values_len(mLDAP, message, name);
    if ( bvals ) {
      
      for ( int i = 0; bvals[i] != 0; i++ ) {
        char* val = bvals[i]->bv_val;
        unsigned long len = bvals[i]->bv_len;
        tmp.setRawData( val, len );
        result += LDIF::assembleLine( TQString::fromUtf8( name ), tmp, 76 ) + '\n';
        tmp.resetRawData( val, len );
      }
      ldap_value_free_len(bvals);
    }
    ldap_memfree( name );
    // next attribute
    name = ldap_next_attribute(mLDAP, message, entry);
  }
  return result;
}

void LDAPProtocol::addControlOp( LDAPControl ***pctrls, const TQString &oid,
  const TQByteArray &value, bool critical )
{
  LDAPControl **ctrls;
  LDAPControl *ctrl = (LDAPControl *) malloc( sizeof( LDAPControl ) );
    
  ctrls = *pctrls;

  kdDebug(7125) << "addControlOp: oid:'" << oid << "' val: '" << 
    TQString(TQString::fromUtf8(value, value.size())) << "'" << endl;
  int vallen = value.size();
  ctrl->ldctl_value.bv_len = vallen;
  if ( vallen ) {
    ctrl->ldctl_value.bv_val = (char*) malloc( vallen );
    memcpy( ctrl->ldctl_value.bv_val, value.data(), vallen );
  } else {
    ctrl->ldctl_value.bv_val = 0;
  }
  ctrl->ldctl_iscritical = critical;
  ctrl->ldctl_oid = strdup( oid.utf8() );
  
  uint i = 0;
  
  if ( ctrls == 0 ) {
    ctrls = (LDAPControl **) malloc ( 2 * sizeof( LDAPControl* ) );
    ctrls[ 0 ] = 0;
    ctrls[ 1 ] = 0;
  } else {
    while ( ctrls[ i ] != 0 ) i++;  
    ctrls[ i + 1 ] = 0;
    ctrls = (LDAPControl **) realloc( ctrls, (i + 2) * sizeof( LDAPControl * ) );
  }
  ctrls[ i ] = ctrl;
  
  *pctrls = ctrls;
}

void LDAPProtocol::addModOp( LDAPMod ***pmods, int mod_type, const TQString &attr, 
  const TQByteArray &value )
{
//  kdDebug(7125) << "type: " << mod_type << " attr: " << attr << 
//    " value: " << TQString::fromUtf8(value,value.size()) << 
//    " size: " << value.size() << endl;
  LDAPMod **mods;

  mods = *pmods;

  uint i = 0;
  
  if ( mods == 0 ) {
    mods = (LDAPMod **) malloc ( 2 * sizeof( LDAPMod* ) );
    mods[ 0 ] = (LDAPMod*) malloc( sizeof( LDAPMod ) );
    mods[ 1 ] = 0;
    memset( mods[ 0 ], 0, sizeof( LDAPMod ) );
  } else {
    while( mods[ i ] != 0 && 
      ( strcmp( attr.utf8(),mods[i]->mod_type ) != 0 ||
      ( mods[ i ]->mod_op & ~LDAP_MOD_BVALUES ) != mod_type ) ) i++;
    
    if ( mods[ i ] == 0 ) {
      mods = ( LDAPMod ** )realloc( mods, (i + 2) * sizeof( LDAPMod * ) );
      if ( mods == 0 ) {
        kdError() << "addModOp: realloc" << endl;
        return;
      }
      mods[ i + 1 ] = 0;
      mods[ i ] = ( LDAPMod* ) malloc( sizeof( LDAPMod ) );
      memset( mods[ i ], 0, sizeof( LDAPMod ) );
    }
  }

  mods[ i ]->mod_op = mod_type | LDAP_MOD_BVALUES;
  if ( mods[ i ]->mod_type == 0 ) mods[ i ]->mod_type = strdup( attr.utf8() );
  
  *pmods = mods;
  
  int vallen = value.size();
  if ( vallen == 0 ) return;
  BerValue *berval;
  berval = ( BerValue* ) malloc( sizeof( BerValue ) );
  berval -> bv_val = (char*) malloc( vallen );
  berval -> bv_len = vallen;
  memcpy( berval -> bv_val, value.data(), vallen );
  
  if ( mods[ i ] -> mod_vals.modv_bvals == 0 ) {
    mods[ i ]->mod_vals.modv_bvals = ( BerValue** ) malloc( sizeof( BerValue* ) * 2 );
    mods[ i ]->mod_vals.modv_bvals[ 0 ] = berval;
    mods[ i ]->mod_vals.modv_bvals[ 1 ] = 0;
    kdDebug(7125) << "addModOp: new bervalue struct " << endl;
  } else {
    uint j = 0;
    while ( mods[ i ]->mod_vals.modv_bvals[ j ] != 0 ) j++;
    mods[ i ]->mod_vals.modv_bvals = ( BerValue ** ) 
      realloc( mods[ i ]->mod_vals.modv_bvals, (j + 2) * sizeof( BerValue* ) );
    if ( mods[ i ]->mod_vals.modv_bvals == 0 ) {
      kdError() << "addModOp: realloc" << endl;
      return;
    }
    mods[ i ]->mod_vals.modv_bvals[ j ] = berval;     
    mods[ i ]->mod_vals.modv_bvals[ j+1 ] = 0;     
    kdDebug(7125) << j << ". new bervalue " << endl;
  }
}

void LDAPProtocol::LDAPEntry2UDSEntry( const TQString &dn, UDSEntry &entry, 
  const LDAPUrl &usrc, bool dir )
{
  UDSAtom atom;
  
  int pos;
  entry.clear();
  atom.m_uds = UDS_NAME;
  atom.m_long = 0;
  TQString name = dn;
  if ( (pos = name.find(",")) > 0 )
    name = name.left( pos );
  if ( (pos = name.find("=")) > 0 )
    name.remove( 0, pos+1 );
  name.replace(' ', "_");
  if ( !dir ) name += ".ldif";
  atom.m_str = name;
  entry.append( atom );

  // the file type
  atom.m_uds = UDS_FILE_TYPE;
  atom.m_str = "";
  atom.m_long = dir ? S_IFDIR : S_IFREG;
  entry.append( atom );
  
  // the mimetype
  if (!dir) {
    atom.m_uds = UDS_MIME_TYPE;
    atom.m_long = 0;
    atom.m_str = "text/plain";
    entry.append( atom );
  }

  atom.m_uds = UDS_ACCESS;
  atom.m_long = dir ? 0500 : 0400;
  entry.append( atom );

  // the url
  atom.m_uds = UDS_URL;
  atom.m_long = 0;
  LDAPUrl url;
  url=usrc;

  url.setPath("/"+dn);
  url.setScope( dir ? LDAPUrl::One : LDAPUrl::Base );
  atom.m_str = url.prettyURL();
  entry.append( atom );
}

void LDAPProtocol::changeCheck( LDAPUrl &url )
{
  bool critical;
  bool tls = ( url.hasExtension( "x-tls" ) );
  int ver = 3;
  if ( url.hasExtension( "x-ver" ) ) 
    ver = url.extension( "x-ver", critical).toInt();
  bool authSASL = url.hasExtension( "x-sasl" );
  TQString mech;
  if ( url.hasExtension( "x-mech" ) ) 
    mech = url.extension( "x-mech", critical).upper();
  TQString realm;
  if ( url.hasExtension( "x-realm" ) ) 
    mech = url.extension( "x-realm", critical).upper();
  TQString bindname;
  if ( url.hasExtension( "bindname" ) ) 
    bindname = url.extension( "bindname", critical).upper();
  int timelimit = 0;
  if ( url.hasExtension( "x-timelimit" ) )
    timelimit = url.extension( "x-timelimit", critical).toInt();
  int sizelimit = 0;
  if ( url.hasExtension( "x-sizelimit" ) )
    sizelimit = url.extension( "x-sizelimit", critical).toInt();
    
  if ( !authSASL && bindname.isEmpty() ) bindname = mUser;
    
  if ( tls != mTLS || ver != mVer || authSASL != mAuthSASL || mech != mMech ||
    mRealm != realm || mBindName != bindname || mTimeLimit != timelimit ||
    mSizeLimit != sizelimit ) {
    closeConnection();
    mTLS = tls;
    mVer = ver;
    mAuthSASL = authSASL;
    mMech = mech;
    mRealm = realm;
    mBindName = bindname;
    mTimeLimit = timelimit;
    mSizeLimit = sizelimit;
    kdDebug(7125) << "parameters changed: tls = " << mTLS << 
      " version: " << mVer << "SASLauth: " << mAuthSASL << endl;
    openConnection();
    if ( mAuthSASL ) {
      url.setUser( mUser );
    } else {
      url.setUser( mBindName );
    }
  } else {
    if ( !mLDAP ) openConnection();
  }
}

void LDAPProtocol::setHost( const TQString& host, int port,
                            const TQString& user, const TQString& password )
{

  if( mHost != host || mPort != port || mUser != user || mPassword != password )
    closeConnection();

  mHost = host;
  if( port > 0 )
    mPort = port;
  else {
    struct servent *pse;
    if ( (pse = getservbyname(mProtocol, "tcp")) == NULL )
      if ( mProtocol == "ldaps" ) 
        mPort = 636;
      else
        mPort = 389;
    else
      mPort = ntohs( pse->s_port );
  }
  mUser = user;
  mPassword = password;

  kdDebug(7125) << "setHost: " << host << " port: " << port << " user: " << 
    mUser << " pass: [protected]" << endl;
}
    
static int kldap_sasl_interact( LDAP *, unsigned, void *slave, void *in )
{
  return ((LDAPProtocol*) slave)->saslInteract( in );
}

void LDAPProtocol::fillAuthInfo( AuthInfo &info )
{
  info.url.setProtocol( mProtocol );
  info.url.setHost( mHost );
  info.url.setPort( mPort );
  info.url.setUser( mUser );
  info.caption = i18n("LDAP Login");
  info.comment = TQString::fromLatin1( mProtocol ) + "://" + mHost + ":" + 
    TQString::number( mPort );
  info.commentLabel = i18n("site:");
  info.username = mAuthSASL ? mUser : mBindName;
  info.password = mPassword;
  info.keepPassword = true;
}

int LDAPProtocol::saslInteract( void *in )
{
#if defined HAVE_SASL_H || defined HAVE_SASL_SASL_H
  AuthInfo info;
  fillAuthInfo( info );

  sasl_interact_t *interact = ( sasl_interact_t * ) in;

  //some mechanisms do not require username && pass, so it doesn't need a popup
  //window for getting this info
  for ( ; interact->id != SASL_CB_LIST_END; interact++ ) {
    if ( interact->id == SASL_CB_AUTHNAME ||
         interact->id == SASL_CB_PASS ) {

      if ( info.username.isEmpty() || info.password.isEmpty() ) {

        const bool cached = checkCachedAuthentication( info );

        if ( ! ( ( mFirstAuth && cached ) ||
                 ( mFirstAuth ?
                   openPassDlg( info ) :
                   openPassDlg( info, i18n("Invalid authorization information.") ) ) ) ) {
          kdDebug(7125) << "Dialog cancelled!" << endl;
          mCancel = true;
          return LDAP_USER_CANCELLED;
        }
        mUser = info.username;
        mPassword = info.password;
      }
      break;
    }
  }

  interact = ( sasl_interact_t * ) in;
  TQString value;

  while( interact->id != SASL_CB_LIST_END ) {
    value = "";
    switch( interact->id ) {
      case SASL_CB_GETREALM:
        value = mRealm;
        kdDebug(7125) << "SASL_REALM=" << mRealm << endl;
        break;
      case SASL_CB_AUTHNAME:
        value = mUser;
        kdDebug(7125) << "SASL_AUTHNAME=" << mUser << endl;
        break;
      case SASL_CB_PASS:
        value = mPassword;
        kdDebug(7125) << "SASL_PASSWD=[hidden]" << endl;
        break;
      case SASL_CB_USER:
        value = mBindName;
        kdDebug(7125) << "SASL_AUTHZID=" << mBindName << endl;
        break;
    }
    if ( value.isEmpty() ) {
      interact->result = NULL;
      interact->len = 0;
    } else {
      interact->result = strdup( value.utf8() );
      interact->len = strlen( (const char *) interact->result );
    }
    interact++;
  }

#endif
  return LDAP_SUCCESS;
}

void LDAPProtocol::openConnection()
{
  if ( mLDAP ) return;

  int version,ret;

  version = ( mVer == 2 ) ? LDAP_VERSION2 : LDAP_VERSION3;

  KURL Url;
  Url.setProtocol( mProtocol );
  Url.setHost( mHost );
  Url.setPort( mPort );

  AuthInfo info;
  fillAuthInfo( info );
///////////////////////////////////////////////////////////////////////////
  kdDebug(7125) << "OpenConnection to " << mHost << ":" << mPort << endl;

  ret = ldap_initialize( &mLDAP, Url.htmlURL().utf8() );
  if ( ret != LDAP_SUCCESS ) {
    LDAPErr( Url, ret );
    return;
  }

  if ( (ldap_set_option( mLDAP, LDAP_OPT_PROTOCOL_VERSION, &version )) !=
    LDAP_OPT_SUCCESS ) {

    closeConnection();
    error( ERR_UNSUPPORTED_ACTION,
      i18n("Cannot set LDAP protocol version %1").arg(version) );
    return;
  }

  if ( mTLS ) {
    kdDebug(7125) << "start TLS" << endl;
    if ( ( ret = ldap_start_tls_s( mLDAP, NULL, NULL ) ) != LDAP_SUCCESS ) {
      LDAPErr( Url );
      return;
    }
  }

  if ( mSizeLimit ) {
    kdDebug(7125) << "sizelimit: " << mSizeLimit << endl;
    if ( ldap_set_option( mLDAP, LDAP_OPT_SIZELIMIT, &mSizeLimit ) != LDAP_SUCCESS ) {
      closeConnection();
      error( ERR_UNSUPPORTED_ACTION, 
        i18n("Cannot set size limit."));
      return;
    }
  }

  if ( mTimeLimit ) {
    kdDebug(7125) << "timelimit: " << mTimeLimit << endl;
    if ( ldap_set_option( mLDAP, LDAP_OPT_TIMELIMIT, &mTimeLimit ) != LDAP_SUCCESS ) {
      closeConnection();
      error( ERR_UNSUPPORTED_ACTION, 
        i18n("Cannot set time limit."));
      return;
    }
  }

#if !defined HAVE_SASL_H && !defined HAVE_SASL_SASL_H
  if ( mAuthSASL ) {
    closeConnection();
    error( ERR_SLAVE_DEFINED, 
      i18n("SASL authentication not compiled into the ldap ioslave.") );
    return;
  }
#endif

  bool auth = false;
  TQString mechanism = mMech.isEmpty() ? "DIGEST-MD5" : mMech;
  mFirstAuth = true; mCancel = false;

  const bool cached = checkCachedAuthentication( info );

  ret = LDAP_SUCCESS;
  while (!auth) {
    if ( !mAuthSASL && (
      ( mFirstAuth && 
      !( mBindName.isEmpty() && mPassword.isEmpty() ) && //For anonymous bind
       ( mBindName.isEmpty() || mPassword.isEmpty() ) ) || !mFirstAuth ) )
    {
      if ( ( mFirstAuth && cached ) ||
           ( mFirstAuth ?
             openPassDlg( info ) :
             openPassDlg( info, i18n("Invalid authorization information.") ) ) ) {

        mBindName = info.username;
        mPassword = info.password;
      } else {
        kdDebug(7125) << "Dialog cancelled!" << endl;
        error( ERR_USER_CANCELED, TQString::null );
        closeConnection();
        return;
      }
    }
    kdDebug(7125) << "user: " << mUser << " bindname: " << mBindName << endl;
    ret = 
#if defined HAVE_SASL_H || defined HAVE_SASL_SASL_H
      mAuthSASL ? 
        ldap_sasl_interactive_bind_s( mLDAP, NULL, mechanism.utf8(), 
          NULL, NULL, LDAP_SASL_INTERACTIVE, &kldap_sasl_interact, this ) :
#endif          
        ldap_simple_bind_s( mLDAP, mBindName.utf8(), mPassword.utf8() );
    
    mFirstAuth = false;
    if ( ret != LDAP_INVALID_CREDENTIALS && 
         ret != LDAP_INSUFFICIENT_ACCESS &&
         ret != LDAP_INAPPROPRIATE_AUTH ) {
      kdDebug(7125) << "ldap_bind retval: " << ret << endl;
      auth = true;
      if ( ret != LDAP_SUCCESS ) {
        if ( mCancel )
          error( ERR_USER_CANCELED, TQString::null );
        else
          LDAPErr( Url );
        closeConnection();
        return;
      }
    }
  }

  kdDebug(7125) << "connected!" << endl;
  connected();
}

void LDAPProtocol::closeConnection()
{
  if (mLDAP) ldap_unbind(mLDAP);
  mLDAP = 0;
  kdDebug(7125) << "connection closed!" << endl;
}

/**
 * Get the information contained in the URL.
 */
void LDAPProtocol::get( const KURL &_url )
{
  kdDebug(7125) << "get(" << _url << ")" << endl;

  LDAPUrl usrc(_url);
  int ret, id;
  LDAPMessage *msg,*entry;
  
  changeCheck( usrc );
  if ( !mLDAP ) { 
    finished();
    return;
  }
  
  if ( (id = asyncSearch( usrc )) == -1 ) {
    LDAPErr( _url );
    return;
  }

  // tell the mimetype
  mimeType("text/plain");
  // collect the result
  TQCString result;
  filesize_t processed_size = 0;
  TQByteArray array;
  
  while( true ) {
    ret = ldap_result( mLDAP, id, 0, NULL, &msg );
    if ( ret == -1 ) {
      LDAPErr( _url );
      return;
    }
    kdDebug(7125) << " ldap_result: " << ret << endl;
    if ( ret == LDAP_RES_SEARCH_RESULT ) break;
    if ( ret != LDAP_RES_SEARCH_ENTRY ) continue;
    
    entry = ldap_first_entry( mLDAP, msg );
    while ( entry ) {
      result = LDAPEntryAsLDIF(entry);
      result += '\n';
      uint len = result.length();
      processed_size += len;
      array.setRawData( result.data(), len );
      data(array);
      processedSize( processed_size );
      array.resetRawData( result.data(), len );
    
      entry = ldap_next_entry( mLDAP, entry );
    }
    LDAPErr( _url );
      
    ldap_msgfree(msg);
  // tell the length
  }
    
  totalSize(processed_size);

  array.resize(0);
  // tell we are finished
  data(array);
  
  // tell we are finished
  finished();
}

/**
 * Test if the url contains a directory or a file.
 */
void LDAPProtocol::stat( const KURL &_url )
{
  kdDebug(7125) << "stat(" << _url << ")" << endl;

  TQStringList att,saveatt;
  LDAPUrl usrc(_url);
  LDAPMessage *msg;
  int ret, id;
  
  changeCheck( usrc );
  if ( !mLDAP ) {
    finished();
    return;
  }
  
  // look how many entries match
  saveatt = usrc.attributes();
  att.append( "dn" );
  usrc.setAttributes( att );
  if ( _url.query().isEmpty() ) usrc.setScope( LDAPUrl::One );
  
  if ( (id = asyncSearch( usrc )) == -1 ) {
    LDAPErr( _url );
    return;
  }
  
  kdDebug(7125) << "stat() getting result" << endl;
  do {
    ret = ldap_result( mLDAP, id, 0, NULL, &msg );
    if ( ret == -1 ) {
      LDAPErr( _url );
      return;
    }
    if ( ret == LDAP_RES_SEARCH_RESULT ) {
      ldap_msgfree( msg );
      error( ERR_DOES_NOT_EXIST, _url.prettyURL() );
      return;
    }
  } while ( ret != LDAP_RES_SEARCH_ENTRY );
  
  ldap_msgfree( msg );
  ldap_abandon( mLDAP, id );
  
  usrc.setAttributes( saveatt );
  
  UDSEntry uds;  
  bool critical;
  LDAPEntry2UDSEntry( usrc.dn(), uds, usrc, usrc.extension("x-dir", critical) != "base" );
  
  statEntry( uds );
  // we are done
  finished();
}

/**
 * Deletes one entry;
 */
void LDAPProtocol::del( const KURL &_url, bool )
{
  kdDebug(7125) << "del(" << _url << ")" << endl;

  LDAPUrl usrc(_url);
  int ret;

  changeCheck( usrc );
  if ( !mLDAP ) {
    finished();
    return;
  }
  
  kdDebug(7125) << " del: " << usrc.dn().utf8() << endl ;
  
  if ( (ret = ldap_delete_s( mLDAP,usrc.dn().utf8() )) != LDAP_SUCCESS ) {
    LDAPErr( _url );
    return;
  }
  finished();
}

#define FREELDAPMEM { \
                ldap_mods_free( lmod, 1 ); \
                ldap_controls_free( serverctrls ); \
                ldap_controls_free( clientctrls ); \
                lmod = 0; serverctrls = 0; clientctrls = 0; \
                }

void LDAPProtocol::put( const KURL &_url, int, bool overwrite, bool )
{
  kdDebug(7125) << "put(" << _url << ")" << endl;

  LDAPUrl usrc(_url);

  changeCheck( usrc );
  if ( !mLDAP ) {
    finished();
    return;
  }

  LDAPMod **lmod = 0;
  LDAPControl **serverctrls = 0, **clientctrls = 0;
  TQByteArray buffer;
  int result = 0;
  LDIF::ParseVal ret;
  LDIF ldif;
  ret = LDIF::MoreData;
  int ldaperr;
  
  
  do {
    if ( ret == LDIF::MoreData ) {
      dataReq(); // Request for data
      result = readData( buffer );
      ldif.setLDIF( buffer ); 
    }
    if ( result < 0 ) {
      //error
      FREELDAPMEM;
      return;
    }
    if ( result == 0 ) {
      kdDebug(7125) << "EOF!" << endl;
      ldif.endLDIF();
    }
    do {
      
      ret = ldif.nextItem();
      kdDebug(7125) << "nextitem: " << ret << endl;
      
      switch ( ret ) {
        case LDIF::None:
        case LDIF::NewEntry:
        case LDIF::MoreData:
          break;
        case LDIF::EndEntry:
          ldaperr = LDAP_SUCCESS;
          switch ( ldif.entryType() ) {
            case LDIF::Entry_None:
              error( ERR_INTERNAL, i18n("The LDIF parser failed.") );
              FREELDAPMEM;
              return;
            case LDIF::Entry_Del:
              kdDebug(7125) << "tdeio_ldap_del" << endl;
              controlsFromMetaData( &serverctrls, &clientctrls );
              ldaperr = ldap_delete_ext_s( mLDAP, ldif.dn().utf8(), 
                serverctrls, clientctrls );
              FREELDAPMEM;
              break;
            case LDIF::Entry_Modrdn:
              kdDebug(7125) << "tdeio_ldap_modrdn olddn:" << ldif.dn() << 
                " newRdn: " <<  ldif.newRdn() << 
                " newSuperior: " << ldif.newSuperior() << 
                " deloldrdn: " << ldif.delOldRdn() << endl;
              controlsFromMetaData( &serverctrls, &clientctrls );
              ldaperr = ldap_rename_s( mLDAP, ldif.dn().utf8(), ldif.newRdn().utf8(), 
                ldif.newSuperior().isEmpty() ? TQCString() : ldif.newSuperior().utf8(), 
                ldif.delOldRdn(), serverctrls, clientctrls );

              FREELDAPMEM;
              break;
            case LDIF::Entry_Mod:
              kdDebug(7125) << "tdeio_ldap_mod"  << endl;
              if ( lmod ) {
                controlsFromMetaData( &serverctrls, &clientctrls );
                ldaperr = ldap_modify_ext_s( mLDAP, ldif.dn().utf8(), lmod,
                  serverctrls, clientctrls );
                FREELDAPMEM;
              }
              break;
            case LDIF::Entry_Add:
              kdDebug(7125) << "tdeio_ldap_add " << ldif.dn() << endl;
              if ( lmod ) {
                controlsFromMetaData( &serverctrls, &clientctrls );
                ldaperr = ldap_add_ext_s( mLDAP, ldif.dn().utf8(), lmod,
                  serverctrls, clientctrls );
                if ( ldaperr == LDAP_ALREADY_EXISTS && overwrite ) {
                  kdDebug(7125) << ldif.dn() << " already exists, delete first" << endl;
                  ldaperr = ldap_delete_s( mLDAP, ldif.dn().utf8() );
                  if ( ldaperr == LDAP_SUCCESS ) 
                    ldaperr = ldap_add_ext_s( mLDAP, ldif.dn().utf8(), lmod,
                      serverctrls, clientctrls );
                }
                FREELDAPMEM;
              }
              break;
          }
          if ( ldaperr != LDAP_SUCCESS ) {
            kdDebug(7125) << "put ldap error: " << ldap_err2string(ldaperr) << endl;
            LDAPErr( _url );
            FREELDAPMEM;
            return;
          }
          break;
        case LDIF::Item:
          switch ( ldif.entryType() ) {
            case LDIF::Entry_Mod: {
              int modtype = 0;
              switch ( ldif.modType() ) {
                case LDIF::Mod_None:
                  modtype = 0;
                  break;
                case LDIF::Mod_Add:
                  modtype = LDAP_MOD_ADD;
                  break;
                case LDIF::Mod_Replace:
                  modtype = LDAP_MOD_REPLACE;
                  break;
                case LDIF::Mod_Del:
                  modtype = LDAP_MOD_DELETE;
                  break;
              }
              addModOp( &lmod, modtype, ldif.attr(), ldif.val() );
              break;
            }
            case LDIF::Entry_Add:
              if ( ldif.val().size() > 0 )
                addModOp( &lmod, 0, ldif.attr(), ldif.val() );
              break;
            default:
              error( ERR_INTERNAL, i18n("The LDIF parser failed.") );
              FREELDAPMEM;
              return;  
          }
          break;
        case LDIF::Control:
          addControlOp( &serverctrls, ldif.oid(), ldif.val(), ldif.critical() );
          break;
        case LDIF::Err:
          error( ERR_SLAVE_DEFINED, 
            i18n( "Invalid LDIF file in line %1." ).arg( ldif.lineNo() ) );
          FREELDAPMEM;
          return;
      }
    } while ( ret != LDIF::MoreData );
  } while ( result > 0 );
              
  FREELDAPMEM;
  finished();
}

/**
 * List the contents of a directory.
 */
void LDAPProtocol::listDir( const KURL &_url )
{
  int ret, ret2, id, id2;
  unsigned long total=0;
  char *dn;
  TQStringList att,saveatt;
  LDAPMessage *entry,*msg,*entry2,*msg2;
  LDAPUrl usrc(_url),usrc2;
  bool critical;
  bool isSub = ( usrc.extension( "x-dir", critical ) == "sub" );
  
  kdDebug(7125) << "listDir(" << _url << ")" << endl;
  
  changeCheck( usrc );
  if ( !mLDAP ) {
    finished();
    return;
  }
  usrc2 = usrc;

  saveatt = usrc.attributes();
  // look up the entries
  if ( isSub ) {
    att.append("dn");
    usrc.setAttributes(att);  
  }
  if ( _url.query().isEmpty() ) usrc.setScope( LDAPUrl::One );
  
  if ( (id = asyncSearch( usrc )) == -1 ) {
    LDAPErr( _url );
    return;
  }

  usrc.setAttributes( "" );
  usrc.setExtension( "x-dir", "base" );
  // publish the results
  UDSEntry uds;

  while( true ) {
    ret = ldap_result( mLDAP, id, 0, NULL, &msg );
    if ( ret == -1 ) {
      LDAPErr( _url );
      return;
    }
    if ( ret == LDAP_RES_SEARCH_RESULT ) break;
    if ( ret != LDAP_RES_SEARCH_ENTRY ) continue;
    kdDebug(7125) << " ldap_result: " << ret << endl;
    
    entry = ldap_first_entry( mLDAP, msg );
    while( entry ) {
  
      total++;
      uds.clear();
    
      dn = ldap_get_dn( mLDAP, entry );
      kdDebug(7125) << "dn: " << dn  << endl;
      LDAPEntry2UDSEntry( TQString::fromUtf8(dn), uds, usrc );
      listEntry( uds, false );
//      processedSize( total );
      kdDebug(7125) << " total: " << total << " " << usrc.prettyURL() << endl;
    
    // publish the sub-directories (if dirmode==sub)
      if ( isSub ) {
        usrc2.setDn( TQString::fromUtf8( dn ) );
        usrc2.setScope( LDAPUrl::One );
        usrc2.setAttributes( att );
        usrc2.setFilter( TQString::null );
        kdDebug(7125) << "search2 " << dn << endl;
        if ( (id2 = asyncSearch( usrc2 )) != -1 ) {
          while ( true ) {
            kdDebug(7125) << " next result " << endl;
            ret2 = ldap_result( mLDAP, id2, 0, NULL, &msg2 );
            if ( ret2 == -1 ) break;
            if ( ret2 == LDAP_RES_SEARCH_RESULT ) {
              ldap_msgfree( msg2 );
              break;
            }
            if ( ret2 == LDAP_RES_SEARCH_ENTRY ) {
              entry2=ldap_first_entry( mLDAP, msg2 );
              if  ( entry2 ) {
                usrc2.setAttributes( saveatt );
                usrc2.setFilter( usrc.filter() );
                LDAPEntry2UDSEntry( TQString::fromUtf8( dn ), uds, usrc2, true );
                listEntry( uds, false );
                total++;
              }
              ldap_msgfree( msg2 );
              ldap_abandon( mLDAP, id2 );
              break;
            }
          }
        }
      }
      free( dn );
    
      entry = ldap_next_entry( mLDAP, entry );
    }
    LDAPErr( _url );
    ldap_msgfree( msg );
  }
  
//  totalSize( total );
  
  uds.clear();
  listEntry( uds, true );
  // we are done
  finished();
}