Mercurial > dovecot > original-hg > dovecot-1.2
annotate src/auth/userdb-ldap.c @ 9575:0a00dcc4f0ea HEAD
lib-storage: Allow shared namespace prefix to use %variable modifiers.
| author | Timo Sirainen <tss@iki.fi> |
|---|---|
| date | Wed, 26 May 2010 17:07:51 +0100 |
| parents | 00cd9aacd03c |
| children |
| rev | line source |
|---|---|
|
9532
00cd9aacd03c
Updated copyright notices to include year 2010.
Timo Sirainen <tss@iki.fi>
parents:
9066
diff
changeset
|
1 /* Copyright (c) 2003-2010 Dovecot authors, see the included COPYING file */ |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
2 |
|
3474
9096b7957413
Removed direct config.h including. I'm not sure why it was done before,
Timo Sirainen <tss@iki.fi>
parents:
3306
diff
changeset
|
3 #include "common.h" |
|
8217
c47b78e843aa
Separate "unknown passdb/userdb X" and "support for X not compiled in" error messages.
Timo Sirainen <tss@iki.fi>
parents:
7293
diff
changeset
|
4 #include "userdb.h" |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
5 |
|
8872
643a96aec996
Fixed --with-ldap=plugin and --with-gssapi=plugin
Timo Sirainen <tss@iki.fi>
parents:
8590
diff
changeset
|
6 #if defined(USERDB_LDAP) && (defined(BUILTIN_LDAP) || defined(PLUGIN_BUILD)) |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
7 |
|
3158
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3101
diff
changeset
|
8 #include "hash.h" |
|
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1092
diff
changeset
|
9 #include "str.h" |
|
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1092
diff
changeset
|
10 #include "var-expand.h" |
|
4955
f0cc5486696e
Authentication cache caches now also userdb data. Code by Tommi Saviranta.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4880
diff
changeset
|
11 #include "auth-cache.h" |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
12 #include "db-ldap.h" |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
13 |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
14 #include <ldap.h> |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
15 #include <stdlib.h> |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
16 |
|
3658
fc4622b1c1ef
Separated userdb_module's interface and the actual data struct.
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
17 struct ldap_userdb_module { |
|
fc4622b1c1ef
Separated userdb_module's interface and the actual data struct.
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
18 struct userdb_module module; |
|
fc4622b1c1ef
Separated userdb_module's interface and the actual data struct.
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
19 |
|
fc4622b1c1ef
Separated userdb_module's interface and the actual data struct.
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
20 struct ldap_connection *conn; |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
21 }; |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
22 |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
23 struct userdb_ldap_request { |
|
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
6999
diff
changeset
|
24 struct ldap_request_search request; |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
25 userdb_callback_t *userdb_callback; |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
26 }; |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
27 |
|
5872
93bd157917ca
Changed userdb callback API. Don't require uid/gid to be returned by userdb.
Timo Sirainen <tss@iki.fi>
parents:
5856
diff
changeset
|
28 static void |
|
3158
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3101
diff
changeset
|
29 ldap_query_get_result(struct ldap_connection *conn, LDAPMessage *entry, |
|
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3101
diff
changeset
|
30 struct auth_request *auth_request) |
|
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3101
diff
changeset
|
31 { |
|
5884
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
32 struct db_ldap_result_iterate_context *ldap_iter; |
|
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
33 const char *name, *const *values; |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
34 |
|
6144
d779b7220e23
LDAP crashfixes. Based on patch by Katsu Yamamoto.
Timo Sirainen <tss@iki.fi>
parents:
5884
diff
changeset
|
35 auth_request_init_userdb_reply(auth_request); |
|
d779b7220e23
LDAP crashfixes. Based on patch by Katsu Yamamoto.
Timo Sirainen <tss@iki.fi>
parents:
5884
diff
changeset
|
36 |
|
5884
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
37 ldap_iter = db_ldap_result_iterate_init(conn, entry, auth_request, |
|
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
38 conn->user_attr_map); |
|
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
39 while (db_ldap_result_iterate_next_all(ldap_iter, &name, &values)) { |
|
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
40 auth_request_set_userdb_field_values(auth_request, |
|
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
41 name, values); |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
42 } |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
43 } |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
44 |
|
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
6999
diff
changeset
|
45 static void userdb_ldap_lookup_callback(struct ldap_connection *conn, |
|
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
6999
diff
changeset
|
46 struct ldap_request *request, |
|
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
6999
diff
changeset
|
47 LDAPMessage *res) |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
48 { |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
49 struct userdb_ldap_request *urequest = |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
50 (struct userdb_ldap_request *) request; |
|
7293
f78b83bf16b7
Don't crash if ldap userdb lookup fails.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
51 struct auth_request *auth_request = |
|
f78b83bf16b7
Don't crash if ldap userdb lookup fails.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
52 urequest->request.request.auth_request; |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
53 LDAPMessage *entry; |
|
4880
4ec6a4def05b
We treated internal userdb lookup errors as "user unknown" errors. In such
Timo Sirainen <tss@iki.fi>
parents:
4750
diff
changeset
|
54 enum userdb_result result = USERDB_RESULT_INTERNAL_FAILURE; |
| 1210 | 55 |
|
5038
b2921478f94f
Several fixes to handling deinitialization without crashing.
Timo Sirainen <tss@iki.fi>
parents:
4955
diff
changeset
|
56 if (res != NULL) { |
|
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
6999
diff
changeset
|
57 entry = ldap_first_entry(conn->ld, res); |
|
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
6999
diff
changeset
|
58 if (entry == NULL) { |
|
4880
4ec6a4def05b
We treated internal userdb lookup errors as "user unknown" errors. In such
Timo Sirainen <tss@iki.fi>
parents:
4750
diff
changeset
|
59 result = USERDB_RESULT_USER_UNKNOWN; |
|
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
6999
diff
changeset
|
60 auth_request_log_info(auth_request, "ldap", |
|
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
6999
diff
changeset
|
61 "Unknown user"); |
|
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
6999
diff
changeset
|
62 } else { |
|
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
6999
diff
changeset
|
63 ldap_query_get_result(conn, entry, auth_request); |
|
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
6999
diff
changeset
|
64 if (ldap_next_entry(conn->ld, entry) == NULL) |
|
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
6999
diff
changeset
|
65 result = USERDB_RESULT_OK; |
|
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
6999
diff
changeset
|
66 else { |
|
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
6999
diff
changeset
|
67 auth_request_log_error(auth_request, "ldap", |
|
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
6999
diff
changeset
|
68 "Multiple replies found for user"); |
|
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
6999
diff
changeset
|
69 } |
|
3042
4455da56ad87
Keep auth_request around so it can be used in error messages.
Timo Sirainen <tss@iki.fi>
parents:
3036
diff
changeset
|
70 } |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
71 } |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
72 |
|
5872
93bd157917ca
Changed userdb callback API. Don't require uid/gid to be returned by userdb.
Timo Sirainen <tss@iki.fi>
parents:
5856
diff
changeset
|
73 urequest->userdb_callback(result, auth_request); |
|
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
74 auth_request_unref(&auth_request); |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
75 } |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
76 |
|
2057
5e0167577399
Fixed var_expand() to take a table of variables rather than a few predefined
Timo Sirainen <tss@iki.fi>
parents:
1716
diff
changeset
|
77 static void userdb_ldap_lookup(struct auth_request *auth_request, |
|
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3161
diff
changeset
|
78 userdb_callback_t *callback) |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
79 { |
|
3658
fc4622b1c1ef
Separated userdb_module's interface and the actual data struct.
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
80 struct userdb_module *_module = auth_request->userdb->userdb; |
|
fc4622b1c1ef
Separated userdb_module's interface and the actual data struct.
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
81 struct ldap_userdb_module *module = |
|
fc4622b1c1ef
Separated userdb_module's interface and the actual data struct.
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
82 (struct ldap_userdb_module *)_module; |
|
fc4622b1c1ef
Separated userdb_module's interface and the actual data struct.
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
83 struct ldap_connection *conn = module->conn; |
|
3088
441759ac4f6a
Support variables in LDAP base setting.
Timo Sirainen <tss@iki.fi>
parents:
3069
diff
changeset
|
84 const struct var_expand_table *vars; |
|
3658
fc4622b1c1ef
Separated userdb_module's interface and the actual data struct.
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
85 const char **attr_names = (const char **)conn->user_attr_names; |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
86 struct userdb_ldap_request *request; |
|
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1092
diff
changeset
|
87 string_t *str; |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
88 |
|
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
89 auth_request_ref(auth_request); |
|
3161
6a3254e3c3de
Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents:
3158
diff
changeset
|
90 request = p_new(auth_request->pool, struct userdb_ldap_request, 1); |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
91 request->userdb_callback = callback; |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
92 |
|
3731
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3658
diff
changeset
|
93 vars = auth_request_get_var_expand_table(auth_request, ldap_escape); |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3658
diff
changeset
|
94 |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3658
diff
changeset
|
95 str = t_str_new(512); |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3658
diff
changeset
|
96 var_expand(str, conn->set.base, vars); |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3658
diff
changeset
|
97 request->request.base = p_strdup(auth_request->pool, str_c(str)); |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3658
diff
changeset
|
98 |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3658
diff
changeset
|
99 str_truncate(str, 0); |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3658
diff
changeset
|
100 var_expand(str, conn->set.user_filter, vars); |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3658
diff
changeset
|
101 request->request.filter = p_strdup(auth_request->pool, str_c(str)); |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3658
diff
changeset
|
102 |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3658
diff
changeset
|
103 request->request.attributes = conn->user_attr_names; |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3658
diff
changeset
|
104 |
| 4750 | 105 auth_request_log_debug(auth_request, "ldap", "user search: " |
| 3069 | 106 "base=%s scope=%s filter=%s fields=%s", |
|
3731
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3658
diff
changeset
|
107 request->request.base, conn->set.scope, |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3658
diff
changeset
|
108 request->request.filter, |
|
5223
b6bbf42908a6
Don't crash if user_attrs or pass_attrs is empty. It means all the
Timo Sirainen <tss@iki.fi>
parents:
5038
diff
changeset
|
109 attr_names == NULL ? "(all)" : |
| 3069 | 110 t_strarray_join(attr_names, ",")); |
|
3036
fcecff14e470
Added authentication debugging logging.
Timo Sirainen <tss@iki.fi>
parents:
2994
diff
changeset
|
111 |
|
7293
f78b83bf16b7
Don't crash if ldap userdb lookup fails.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
112 request->request.request.auth_request = auth_request; |
|
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
6999
diff
changeset
|
113 request->request.request.callback = userdb_ldap_lookup_callback; |
|
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
6999
diff
changeset
|
114 db_ldap_request(conn, &request->request.request); |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
115 } |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
116 |
|
3658
fc4622b1c1ef
Separated userdb_module's interface and the actual data struct.
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
117 static struct userdb_module * |
|
fc4622b1c1ef
Separated userdb_module's interface and the actual data struct.
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
118 userdb_ldap_preinit(struct auth_userdb *auth_userdb, const char *args) |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
119 { |
|
3658
fc4622b1c1ef
Separated userdb_module's interface and the actual data struct.
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
120 struct ldap_userdb_module *module; |
|
fc4622b1c1ef
Separated userdb_module's interface and the actual data struct.
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
121 struct ldap_connection *conn; |
|
fc4622b1c1ef
Separated userdb_module's interface and the actual data struct.
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
122 |
|
fc4622b1c1ef
Separated userdb_module's interface and the actual data struct.
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
123 module = p_new(auth_userdb->auth->pool, struct ldap_userdb_module, 1); |
|
fc4622b1c1ef
Separated userdb_module's interface and the actual data struct.
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
124 module->conn = conn = db_ldap_init(args); |
|
fc4622b1c1ef
Separated userdb_module's interface and the actual data struct.
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
125 conn->user_attr_map = |
|
8573
f9166a09423a
Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents:
8217
diff
changeset
|
126 hash_table_create(default_pool, conn->pool, 0, str_hash, |
|
f9166a09423a
Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents:
8217
diff
changeset
|
127 (hash_cmp_callback_t *)strcmp); |
|
3306
aebed9a9edac
If both userdb and passdb used LDAP the later one was overriding first one's
Timo Sirainen <tss@iki.fi>
parents:
3212
diff
changeset
|
128 |
|
3658
fc4622b1c1ef
Separated userdb_module's interface and the actual data struct.
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
129 db_ldap_set_attrs(conn, conn->set.user_attrs, &conn->user_attr_names, |
|
6148
668a768fc8fd
Removed deprecated pass_attrs and user_attrs configuration method.
Timo Sirainen <tss@iki.fi>
parents:
6144
diff
changeset
|
130 conn->user_attr_map, NULL); |
|
4955
f0cc5486696e
Authentication cache caches now also userdb data. Code by Tommi Saviranta.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4880
diff
changeset
|
131 module->module.cache_key = |
|
f0cc5486696e
Authentication cache caches now also userdb data. Code by Tommi Saviranta.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4880
diff
changeset
|
132 auth_cache_parse_key(auth_userdb->auth->pool, |
|
6999
9e75e67420b4
If LDAP base contained variables, auth cache should have included them in
Timo Sirainen <tss@iki.fi>
parents:
6429
diff
changeset
|
133 t_strconcat(conn->set.base, |
|
9e75e67420b4
If LDAP base contained variables, auth cache should have included them in
Timo Sirainen <tss@iki.fi>
parents:
6429
diff
changeset
|
134 conn->set.user_filter, NULL)); |
|
3658
fc4622b1c1ef
Separated userdb_module's interface and the actual data struct.
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
135 return &module->module; |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
136 } |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
137 |
|
3658
fc4622b1c1ef
Separated userdb_module's interface and the actual data struct.
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
138 static void userdb_ldap_init(struct userdb_module *_module, |
|
6411
6a64e64fa3a3
Renamed __attr_*__ to ATTR_*. Renamed __attrs_used__ to ATTRS_DEFINED.
Timo Sirainen <tss@iki.fi>
parents:
6148
diff
changeset
|
139 const char *args ATTR_UNUSED) |
|
2648
cc2e39912eb3
Added preinit() call to userdb/passdbs, which is called before dropping
Timo Sirainen <tss@iki.fi>
parents:
2057
diff
changeset
|
140 { |
|
3658
fc4622b1c1ef
Separated userdb_module's interface and the actual data struct.
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
141 struct ldap_userdb_module *module = |
|
fc4622b1c1ef
Separated userdb_module's interface and the actual data struct.
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
142 (struct ldap_userdb_module *)_module; |
|
fc4622b1c1ef
Separated userdb_module's interface and the actual data struct.
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
143 |
|
fc4622b1c1ef
Separated userdb_module's interface and the actual data struct.
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
144 (void)db_ldap_connect(module->conn); |
|
2648
cc2e39912eb3
Added preinit() call to userdb/passdbs, which is called before dropping
Timo Sirainen <tss@iki.fi>
parents:
2057
diff
changeset
|
145 } |
|
cc2e39912eb3
Added preinit() call to userdb/passdbs, which is called before dropping
Timo Sirainen <tss@iki.fi>
parents:
2057
diff
changeset
|
146 |
|
3658
fc4622b1c1ef
Separated userdb_module's interface and the actual data struct.
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
147 static void userdb_ldap_deinit(struct userdb_module *_module) |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
148 { |
|
3658
fc4622b1c1ef
Separated userdb_module's interface and the actual data struct.
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
149 struct ldap_userdb_module *module = |
|
fc4622b1c1ef
Separated userdb_module's interface and the actual data struct.
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
150 (struct ldap_userdb_module *)_module; |
|
fc4622b1c1ef
Separated userdb_module's interface and the actual data struct.
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
151 |
|
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
152 db_ldap_unref(&module->conn); |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
153 } |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
154 |
| 9066 | 155 #ifndef PLUGIN_BUILD |
| 156 struct userdb_module_interface userdb_ldap = | |
| 157 #else | |
| 158 struct userdb_module_interface userdb_ldap_plugin = | |
| 159 #endif | |
| 160 { | |
|
2942
c7d426f8cb58
Added name variable for userdb_module and passdb_module and changed their
Timo Sirainen <tss@iki.fi>
parents:
2842
diff
changeset
|
161 "ldap", |
|
c7d426f8cb58
Added name variable for userdb_module and passdb_module and changed their
Timo Sirainen <tss@iki.fi>
parents:
2842
diff
changeset
|
162 |
|
2648
cc2e39912eb3
Added preinit() call to userdb/passdbs, which is called before dropping
Timo Sirainen <tss@iki.fi>
parents:
2057
diff
changeset
|
163 userdb_ldap_preinit, |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
164 userdb_ldap_init, |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
165 userdb_ldap_deinit, |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
166 |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
167 userdb_ldap_lookup |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
168 }; |
|
8217
c47b78e843aa
Separate "unknown passdb/userdb X" and "support for X not compiled in" error messages.
Timo Sirainen <tss@iki.fi>
parents:
7293
diff
changeset
|
169 #else |
|
c47b78e843aa
Separate "unknown passdb/userdb X" and "support for X not compiled in" error messages.
Timo Sirainen <tss@iki.fi>
parents:
7293
diff
changeset
|
170 struct userdb_module_interface userdb_ldap = { |
|
c47b78e843aa
Separate "unknown passdb/userdb X" and "support for X not compiled in" error messages.
Timo Sirainen <tss@iki.fi>
parents:
7293
diff
changeset
|
171 MEMBER(name) "ldap" |
|
c47b78e843aa
Separate "unknown passdb/userdb X" and "support for X not compiled in" error messages.
Timo Sirainen <tss@iki.fi>
parents:
7293
diff
changeset
|
172 }; |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
173 #endif |