Mercurial > dovecot > core-2.2

changeset 20269:53ba0bd3d5a7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
auth: Support %variable expansion for LDAP field names. For example this is now allowed: user_attrs = \ =namespace/%{ldap:enabledNamespace}/enabled=yes \ ...
author Timo Sirainen <timo.sirainen@dovecot.fi>
date Mon, 23 May 2016 17:47:50 +0300
parents 60327526fd00
children bd3ac2e8e8a5
files src/auth/db-ldap.c
diffstat 1 files changed, 24 insertions(+), 11 deletions(-) [+]
line wrap: on
line diff
--- a/src/auth/db-ldap.c	Wed May 18 21:41:49 2016 +0300
+++ b/src/auth/db-ldap.c	Mon May 23 17:47:50 2016 +0300
@@ -1552,6 +1552,7 @@
 	ctx->skip_null_values = skip_null_values;
 	ctx->iter_dn_values = iter_dn_values;
 	hash_table_create(&ctx->ldap_attrs, pool, 0, strcase_hash, strcasecmp);
+	ctx->var = str_new(ctx->pool, 256);
 	if (ctx->auth_request->debug)
 		ctx->debug = t_str_new(256);
 
@@ -1630,16 +1631,17 @@
 	return db_ldap_field_expand(field_name, ctx);
 }
 
+static struct var_expand_func_table ldap_var_funcs_table[] = {
+	{ "ldap", db_ldap_field_expand },
+	{ "ldap_ptr", db_ldap_field_ptr_expand },
+	{ NULL, NULL }
+};
+
 static const char *const *
 db_ldap_result_return_value(struct db_ldap_result_iterate_context *ctx,
 			    const struct ldap_field *field,
 			    struct db_ldap_value *ldap_value)
 {
-	static struct var_expand_func_table var_funcs_table[] = {
-		{ "ldap", db_ldap_field_expand },
-		{ "ldap_ptr", db_ldap_field_ptr_expand },
-		{ NULL, NULL }
-	};
 	const struct var_expand_table *var_table;
 	const char *const *values;
 
@@ -1673,12 +1675,8 @@
 		      (and less importantly the same for other variables) */
 		var_table = db_ldap_value_get_var_expand_table(ctx->auth_request,
 							       values[0]);
-		if (ctx->var == NULL)
-			ctx->var = str_new(ctx->pool, 256);
-		else
-			str_truncate(ctx->var, 0);
 		var_expand_with_funcs(ctx->var, field->value, var_table,
-				      var_funcs_table, ctx);
+				      ldap_var_funcs_table, ctx);
 		ctx->val_1_arr[0] = str_c(ctx->var);
 		values = ctx->val_1_arr;
 	}
@@ -1691,6 +1689,7 @@
 {
 	const struct ldap_field *field;
 	struct db_ldap_value *ldap_value;
+	unsigned int pos;
 
 	do {
 		if (ctx->attr_idx == array_count(ctx->attr_map))
@@ -1706,9 +1705,23 @@
 	else if (ctx->debug && *field->ldap_attr_name != '\0')
 		str_printfa(ctx->debug, "; %s missing", field->ldap_attr_name);
 
-	*name_r = field->name;
+	str_truncate(ctx->var, 0);
 	*values_r = db_ldap_result_return_value(ctx, field, ldap_value);
 
+	if (strchr(field->name, '%') == NULL)
+		*name_r = field->name;
+	else {
+		/* expand %variables also for LDAP name fields. we'll use the
+		   same ctx->var, which may already contain the value. */
+		str_append_c(ctx->var, '\0');
+		pos = str_len(ctx->var);
+
+		var_expand_with_funcs(ctx->var, field->name,
+			auth_request_get_var_expand_table(ctx->auth_request, NULL),
+			ldap_var_funcs_table, ctx);
+		*name_r = str_c(ctx->var) + pos;
+	}
+
 	if (ctx->skip_null_values && (*values_r)[0] == NULL) {
 		/* no values. don't confuse the caller with this reply. */
 		return db_ldap_result_iterate_next(ctx, name_r, values_r);