dovecot/original-hg/dovecot-1.2: src/auth/db-ldap.c annotate

annotate src/auth/db-ldap.c @ 8958:16c286aee307 HEAD

Implemented support for per-namespace quotas. Can be used with public namespaces.

author	Timo Sirainen <tss@iki.fi>
date	Thu, 16 Apr 2009 21:31:30 -0400
parents	643a96aec996
children	0d3b712342d9

rev	line source
8590 b9faf4db2a9f Updated copyright notices to include year 2009. Timo Sirainen <tss@iki.fi> parents: 8573 diff changeset	1 /* Copyright (c) 2003-2009 Dovecot authors, see the included COPYING file */
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	2
3474 9096b7957413 Removed direct config.h including. I'm not sure why it was done before, Timo Sirainen <tss@iki.fi> parents: 3306 diff changeset	3 #include "common.h"
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	4
8872 643a96aec996 Fixed --with-ldap=plugin and --with-gssapi=plugin Timo Sirainen <tss@iki.fi> parents: 8705 diff changeset	5 #if defined(BUILTIN_LDAP) \|\| defined(PLUGIN_BUILD)
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	6
1075 f1401fa7ab03 auth process fixes, LDAP seems to be working (with the kludge define or Timo Sirainen <tss@iki.fi> parents: 1062 diff changeset	7 #include "network.h"
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	8 #include "ioloop.h"
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	9 #include "array.h"
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	10 #include "hash.h"
7079 d45c3058b91a Renamed queue to aqueue ("array queue") because struct queue already exists Timo Sirainen <tss@iki.fi> parents: 7062 diff changeset	11 #include "aqueue.h"
1189 2cb8e2136283 Escape special chars in username if needed. Timo Sirainen <tss@iki.fi> parents: 1182 diff changeset	12 #include "str.h"
7397 8a4ecf4c2ca1 Added ldaprc_path setting. Timo Sirainen <tss@iki.fi> parents: 7396 diff changeset	13 #include "env-util.h"
5884 1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	14 #include "var-expand.h"
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	15 #include "settings.h"
3502 5e78500f1aee user_global_uid and user_global_gid settings weren't working. Also changed Timo Sirainen <tss@iki.fi> parents: 3474 diff changeset	16 #include "userdb.h"
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	17 #include "db-ldap.h"
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	18
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	19 #include <stddef.h>
1610 6850142c4e25 New configuration file code. Some syntax changes, but tries to be somewhat Timo Sirainen <tss@iki.fi> parents: 1330 diff changeset	20 #include <stdlib.h>
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	21
4426 b8089cf41c96 Check for sasl.h and sasl/sasl.h existence and use the one that's found. If Timo Sirainen <tss@iki.fi> parents: 4415 diff changeset	22 #define HAVE_LDAP_SASL
4427 ffafc8583e06 Prefer sasl/sasl.h. Require SASL v2, otherwise disable it. Timo Sirainen <tss@iki.fi> parents: 4426 diff changeset	23 #ifdef HAVE_SASL_SASL_H
ffafc8583e06 Prefer sasl/sasl.h. Require SASL v2, otherwise disable it. Timo Sirainen <tss@iki.fi> parents: 4426 diff changeset	24 # include <sasl/sasl.h>
ffafc8583e06 Prefer sasl/sasl.h. Require SASL v2, otherwise disable it. Timo Sirainen <tss@iki.fi> parents: 4426 diff changeset	25 #elif defined (HAVE_SASL_H)
4426 b8089cf41c96 Check for sasl.h and sasl/sasl.h existence and use the one that's found. If Timo Sirainen <tss@iki.fi> parents: 4415 diff changeset	26 # include <sasl.h>
b8089cf41c96 Check for sasl.h and sasl/sasl.h existence and use the one that's found. If Timo Sirainen <tss@iki.fi> parents: 4415 diff changeset	27 #else
b8089cf41c96 Check for sasl.h and sasl/sasl.h existence and use the one that's found. If Timo Sirainen <tss@iki.fi> parents: 4415 diff changeset	28 # undef HAVE_LDAP_SASL
b8089cf41c96 Check for sasl.h and sasl/sasl.h existence and use the one that's found. If Timo Sirainen <tss@iki.fi> parents: 4415 diff changeset	29 #endif
7191 1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	30 #ifdef LDAP_OPT_X_TLS
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	31 # define OPENLDAP_TLS_OPTIONS
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	32 #endif
4427 ffafc8583e06 Prefer sasl/sasl.h. Require SASL v2, otherwise disable it. Timo Sirainen <tss@iki.fi> parents: 4426 diff changeset	33 #if SASL_VERSION_MAJOR < 2
ffafc8583e06 Prefer sasl/sasl.h. Require SASL v2, otherwise disable it. Timo Sirainen <tss@iki.fi> parents: 4426 diff changeset	34 # undef HAVE_LDAP_SASL
ffafc8583e06 Prefer sasl/sasl.h. Require SASL v2, otherwise disable it. Timo Sirainen <tss@iki.fi> parents: 4426 diff changeset	35 #endif
4426 b8089cf41c96 Check for sasl.h and sasl/sasl.h existence and use the one that's found. If Timo Sirainen <tss@iki.fi> parents: 4415 diff changeset	36
4806 63ed4f00f6e1 Solaris LDAP compiling fix. Timo Sirainen <tss@iki.fi> parents: 4772 diff changeset	37 #ifndef LDAP_SASL_QUIET
63ed4f00f6e1 Solaris LDAP compiling fix. Timo Sirainen <tss@iki.fi> parents: 4772 diff changeset	38 # define LDAP_SASL_QUIET 0 /* Doesn't exist in Solaris LDAP */
63ed4f00f6e1 Solaris LDAP compiling fix. Timo Sirainen <tss@iki.fi> parents: 4772 diff changeset	39 #endif
63ed4f00f6e1 Solaris LDAP compiling fix. Timo Sirainen <tss@iki.fi> parents: 4772 diff changeset	40
1181 ac7dbb236b59 Rather than block for two seconds, we can just call ldap_result() again if Timo Sirainen <tss@iki.fi> parents: 1143 diff changeset	41 /* Older versions may require calling ldap_result() twice */
ac7dbb236b59 Rather than block for two seconds, we can just call ldap_result() again if Timo Sirainen <tss@iki.fi> parents: 1143 diff changeset	42 #if LDAP_VENDOR_VERSION <= 20112
1086 067130d609b7 Define OPENLDAP_ASYNC_WORKAROUND Timo Sirainen <tss@iki.fi> parents: 1075 diff changeset	43 # define OPENLDAP_ASYNC_WORKAROUND
067130d609b7 Define OPENLDAP_ASYNC_WORKAROUND Timo Sirainen <tss@iki.fi> parents: 1075 diff changeset	44 #endif
067130d609b7 Define OPENLDAP_ASYNC_WORKAROUND Timo Sirainen <tss@iki.fi> parents: 1075 diff changeset	45
2325 7613e0f68513 Fixed to compile with Solaris LDAP library Timo Sirainen <tss@iki.fi> parents: 1910 diff changeset	46 /* Solaris LDAP library doesn't have LDAP_OPT_SUCCESS */
7613e0f68513 Fixed to compile with Solaris LDAP library Timo Sirainen <tss@iki.fi> parents: 1910 diff changeset	47 #ifndef LDAP_OPT_SUCCESS
7613e0f68513 Fixed to compile with Solaris LDAP library Timo Sirainen <tss@iki.fi> parents: 1910 diff changeset	48 # define LDAP_OPT_SUCCESS LDAP_SUCCESS
7613e0f68513 Fixed to compile with Solaris LDAP library Timo Sirainen <tss@iki.fi> parents: 1910 diff changeset	49 #endif
7613e0f68513 Fixed to compile with Solaris LDAP library Timo Sirainen <tss@iki.fi> parents: 1910 diff changeset	50
5884 1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	51 struct db_ldap_result_iterate_context {
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	52 struct ldap_connection *conn;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	53 LDAPMessage *entry;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	54 struct auth_request *auth_request;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	55
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	56 struct hash_table *attr_map;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	57 struct var_expand_table *var_table;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	58
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	59 char attr, *vals;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	60 const char name, value, template, val_1_arr[2];
6149 a744ae38a9e1 Having =key=value in pass_attrs or user_attrs allows returning static Timo Sirainen <tss@iki.fi> parents: 6148 diff changeset	61 const char const static_attrs;
5884 1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	62 BerElement *ber;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	63
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	64 string_t var, debug;
6144 d779b7220e23 LDAP crashfixes. Based on patch by Katsu Yamamoto. Timo Sirainen <tss@iki.fi> parents: 5884 diff changeset	65 unsigned int value_idx;
5884 1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	66 };
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	67
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	68 struct db_ldap_sasl_bind_context {
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	69 const char *authcid;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	70 const char *passwd;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	71 const char *realm;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	72 const char *authzid;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	73 };
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	74
5474 331337b735c9 Added type checks to setting defines. Timo Sirainen <tss@iki.fi> parents: 5040 diff changeset	75 #define DEF_STR(name) DEF_STRUCT_STR(name, ldap_settings)
331337b735c9 Added type checks to setting defines. Timo Sirainen <tss@iki.fi> parents: 5040 diff changeset	76 #define DEF_INT(name) DEF_STRUCT_INT(name, ldap_settings)
331337b735c9 Added type checks to setting defines. Timo Sirainen <tss@iki.fi> parents: 5040 diff changeset	77 #define DEF_BOOL(name) DEF_STRUCT_BOOL(name, ldap_settings)
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	78
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	79 static struct setting_def setting_defs[] = {
5474 331337b735c9 Added type checks to setting defines. Timo Sirainen <tss@iki.fi> parents: 5040 diff changeset	80 DEF_STR(hosts),
331337b735c9 Added type checks to setting defines. Timo Sirainen <tss@iki.fi> parents: 5040 diff changeset	81 DEF_STR(uris),
331337b735c9 Added type checks to setting defines. Timo Sirainen <tss@iki.fi> parents: 5040 diff changeset	82 DEF_STR(dn),
331337b735c9 Added type checks to setting defines. Timo Sirainen <tss@iki.fi> parents: 5040 diff changeset	83 DEF_STR(dnpass),
331337b735c9 Added type checks to setting defines. Timo Sirainen <tss@iki.fi> parents: 5040 diff changeset	84 DEF_BOOL(auth_bind),
331337b735c9 Added type checks to setting defines. Timo Sirainen <tss@iki.fi> parents: 5040 diff changeset	85 DEF_STR(auth_bind_userdn),
331337b735c9 Added type checks to setting defines. Timo Sirainen <tss@iki.fi> parents: 5040 diff changeset	86 DEF_BOOL(tls),
331337b735c9 Added type checks to setting defines. Timo Sirainen <tss@iki.fi> parents: 5040 diff changeset	87 DEF_BOOL(sasl_bind),
331337b735c9 Added type checks to setting defines. Timo Sirainen <tss@iki.fi> parents: 5040 diff changeset	88 DEF_STR(sasl_mech),
331337b735c9 Added type checks to setting defines. Timo Sirainen <tss@iki.fi> parents: 5040 diff changeset	89 DEF_STR(sasl_realm),
331337b735c9 Added type checks to setting defines. Timo Sirainen <tss@iki.fi> parents: 5040 diff changeset	90 DEF_STR(sasl_authz_id),
7191 1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	91 DEF_STR(tls_ca_cert_file),
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	92 DEF_STR(tls_ca_cert_dir),
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	93 DEF_STR(tls_cert_file),
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	94 DEF_STR(tls_key_file),
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	95 DEF_STR(tls_cipher_suite),
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	96 DEF_STR(tls_require_cert),
5474 331337b735c9 Added type checks to setting defines. Timo Sirainen <tss@iki.fi> parents: 5040 diff changeset	97 DEF_STR(deref),
331337b735c9 Added type checks to setting defines. Timo Sirainen <tss@iki.fi> parents: 5040 diff changeset	98 DEF_STR(scope),
331337b735c9 Added type checks to setting defines. Timo Sirainen <tss@iki.fi> parents: 5040 diff changeset	99 DEF_STR(base),
331337b735c9 Added type checks to setting defines. Timo Sirainen <tss@iki.fi> parents: 5040 diff changeset	100 DEF_INT(ldap_version),
7396 a61102ad418f Added debug_level LDAP option to specify OpenLDAP's debug level. Timo Sirainen <tss@iki.fi> parents: 7345 diff changeset	101 DEF_STR(debug_level),
7397 8a4ecf4c2ca1 Added ldaprc_path setting. Timo Sirainen <tss@iki.fi> parents: 7396 diff changeset	102 DEF_STR(ldaprc_path),
5474 331337b735c9 Added type checks to setting defines. Timo Sirainen <tss@iki.fi> parents: 5040 diff changeset	103 DEF_STR(user_attrs),
331337b735c9 Added type checks to setting defines. Timo Sirainen <tss@iki.fi> parents: 5040 diff changeset	104 DEF_STR(user_filter),
331337b735c9 Added type checks to setting defines. Timo Sirainen <tss@iki.fi> parents: 5040 diff changeset	105 DEF_STR(pass_attrs),
331337b735c9 Added type checks to setting defines. Timo Sirainen <tss@iki.fi> parents: 5040 diff changeset	106 DEF_STR(pass_filter),
331337b735c9 Added type checks to setting defines. Timo Sirainen <tss@iki.fi> parents: 5040 diff changeset	107 DEF_STR(default_pass_scheme),
3913 af15aab60ff1 Settings' default listing wasn't ended properly, which could have caused Timo Sirainen <tss@iki.fi> parents: 3908 diff changeset	108
af15aab60ff1 Settings' default listing wasn't ended properly, which could have caused Timo Sirainen <tss@iki.fi> parents: 3908 diff changeset	109 { 0, NULL, 0 }
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	110 };
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	111
8027 62cf70991cf2 extern/static fixes (from a sparse check by Diego Liziero) Timo Sirainen <tss@iki.fi> parents: 7465 diff changeset	112 static struct ldap_settings default_ldap_settings = {
1910 b9005f93be70 Patch by Quentin Garnier: Timo Sirainen <tss@iki.fi> parents: 1897 diff changeset	113 MEMBER(hosts) NULL,
b9005f93be70 Patch by Quentin Garnier: Timo Sirainen <tss@iki.fi> parents: 1897 diff changeset	114 MEMBER(uris) NULL,
1075 f1401fa7ab03 auth process fixes, LDAP seems to be working (with the kludge define or Timo Sirainen <tss@iki.fi> parents: 1062 diff changeset	115 MEMBER(dn) NULL,
f1401fa7ab03 auth process fixes, LDAP seems to be working (with the kludge define or Timo Sirainen <tss@iki.fi> parents: 1062 diff changeset	116 MEMBER(dnpass) NULL,
3771 4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer. Timo Sirainen <tss@iki.fi> parents: 3731 diff changeset	117 MEMBER(auth_bind) FALSE,
3840 935f12d0d2fe Added fast authbinding and auth_bind_userdn setting. Patch by Geff Timo Sirainen <tss@iki.fi> parents: 3771 diff changeset	118 MEMBER(auth_bind_userdn) NULL,
4415 b91816cd1d16 Added TLS support for LDAP if the library supports it. Timo Sirainen <tss@iki.fi> parents: 4405 diff changeset	119 MEMBER(tls) FALSE,
4319 31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen Timo Sirainen <tss@iki.fi> parents: 4295 diff changeset	120 MEMBER(sasl_bind) FALSE,
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen Timo Sirainen <tss@iki.fi> parents: 4295 diff changeset	121 MEMBER(sasl_mech) NULL,
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen Timo Sirainen <tss@iki.fi> parents: 4295 diff changeset	122 MEMBER(sasl_realm) NULL,
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen Timo Sirainen <tss@iki.fi> parents: 4295 diff changeset	123 MEMBER(sasl_authz_id) NULL,
7191 1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	124 MEMBER(tls_ca_cert_file) NULL,
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	125 MEMBER(tls_ca_cert_dir) NULL,
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	126 MEMBER(tls_cert_file) NULL,
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	127 MEMBER(tls_key_file) NULL,
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	128 MEMBER(tls_cipher_suite) NULL,
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	129 MEMBER(tls_require_cert) NULL,
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	130 MEMBER(deref) "never",
1135 81930fff13cf passdb ldap added. fixes to userdb ldap. Timo Sirainen <tss@iki.fi> parents: 1086 diff changeset	131 MEMBER(scope) "subtree",
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	132 MEMBER(base) NULL,
8704 ffcb2fb59c1d Changed default ldap_version from 2 to 3. Some servers no longer allow v2. Timo Sirainen <tss@iki.fi> parents: 8590 diff changeset	133 MEMBER(ldap_version) 3,
7396 a61102ad418f Added debug_level LDAP option to specify OpenLDAP's debug level. Timo Sirainen <tss@iki.fi> parents: 7345 diff changeset	134 MEMBER(debug_level) "0",
7397 8a4ecf4c2ca1 Added ldaprc_path setting. Timo Sirainen <tss@iki.fi> parents: 7396 diff changeset	135 MEMBER(ldaprc_path) "",
6147 45a12a1bd299 Changed default pass_attrs and user_attrs to use the new format. Timo Sirainen <tss@iki.fi> parents: 6144 diff changeset	136 MEMBER(user_attrs) "homeDirectory=home,uidNumber=uid,gidNumber=gid",
3094 d78e9a31b6d8 Move default filters/attrs to setting defaults rather than check it from Timo Sirainen <tss@iki.fi> parents: 2994 diff changeset	137 MEMBER(user_filter) "(&(objectClass=posixAccount)(uid=%u))",
6147 45a12a1bd299 Changed default pass_attrs and user_attrs to use the new format. Timo Sirainen <tss@iki.fi> parents: 6144 diff changeset	138 MEMBER(pass_attrs) "uid=user,userPassword=password",
3094 d78e9a31b6d8 Move default filters/attrs to setting defaults rather than check it from Timo Sirainen <tss@iki.fi> parents: 2994 diff changeset	139 MEMBER(pass_filter) "(&(objectClass=posixAccount)(uid=%u))",
5872 93bd157917ca Changed userdb callback API. Don't require uid/gid to be returned by userdb. Timo Sirainen <tss@iki.fi> parents: 5554 diff changeset	140 MEMBER(default_pass_scheme) "crypt"
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	141 };
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	142
1143 50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is Timo Sirainen <tss@iki.fi> parents: 1141 diff changeset	143 static struct ldap_connection *ldap_connections = NULL;
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is Timo Sirainen <tss@iki.fi> parents: 1141 diff changeset	144
4741 deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn Timo Sirainen <tss@iki.fi> parents: 4624 diff changeset	145 static int db_ldap_bind(struct ldap_connection *conn);
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	146 static void db_ldap_conn_close(struct ldap_connection *conn);
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	147
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	148 static int deref2str(const char *str)
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	149 {
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	150 if (strcasecmp(str, "never") == 0)
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	151 return LDAP_DEREF_NEVER;
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	152 if (strcasecmp(str, "searching") == 0)
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	153 return LDAP_DEREF_SEARCHING;
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	154 if (strcasecmp(str, "finding") == 0)
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	155 return LDAP_DEREF_FINDING;
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	156 if (strcasecmp(str, "always") == 0)
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	157 return LDAP_DEREF_ALWAYS;
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	158
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	159 i_fatal("LDAP: Unknown deref option '%s'", str);
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	160 }
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	161
1135 81930fff13cf passdb ldap added. fixes to userdb ldap. Timo Sirainen <tss@iki.fi> parents: 1086 diff changeset	162 static int scope2str(const char *str)
81930fff13cf passdb ldap added. fixes to userdb ldap. Timo Sirainen <tss@iki.fi> parents: 1086 diff changeset	163 {
81930fff13cf passdb ldap added. fixes to userdb ldap. Timo Sirainen <tss@iki.fi> parents: 1086 diff changeset	164 if (strcasecmp(str, "base") == 0)
81930fff13cf passdb ldap added. fixes to userdb ldap. Timo Sirainen <tss@iki.fi> parents: 1086 diff changeset	165 return LDAP_SCOPE_BASE;
81930fff13cf passdb ldap added. fixes to userdb ldap. Timo Sirainen <tss@iki.fi> parents: 1086 diff changeset	166 if (strcasecmp(str, "onelevel") == 0)
81930fff13cf passdb ldap added. fixes to userdb ldap. Timo Sirainen <tss@iki.fi> parents: 1086 diff changeset	167 return LDAP_SCOPE_ONELEVEL;
81930fff13cf passdb ldap added. fixes to userdb ldap. Timo Sirainen <tss@iki.fi> parents: 1086 diff changeset	168 if (strcasecmp(str, "subtree") == 0)
81930fff13cf passdb ldap added. fixes to userdb ldap. Timo Sirainen <tss@iki.fi> parents: 1086 diff changeset	169 return LDAP_SCOPE_SUBTREE;
81930fff13cf passdb ldap added. fixes to userdb ldap. Timo Sirainen <tss@iki.fi> parents: 1086 diff changeset	170
81930fff13cf passdb ldap added. fixes to userdb ldap. Timo Sirainen <tss@iki.fi> parents: 1086 diff changeset	171 i_fatal("LDAP: Unknown scope option '%s'", str);
81930fff13cf passdb ldap added. fixes to userdb ldap. Timo Sirainen <tss@iki.fi> parents: 1086 diff changeset	172 }
81930fff13cf passdb ldap added. fixes to userdb ldap. Timo Sirainen <tss@iki.fi> parents: 1086 diff changeset	173
7191 1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	174 #ifdef OPENLDAP_TLS_OPTIONS
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	175 static int tls_require_cert2str(const char *str)
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	176 {
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	177 if (strcasecmp(str, "never") == 0)
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	178 return LDAP_OPT_X_TLS_NEVER;
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	179 if (strcasecmp(str, "hard") == 0)
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	180 return LDAP_OPT_X_TLS_HARD;
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	181 if (strcasecmp(str, "demand") == 0)
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	182 return LDAP_OPT_X_TLS_DEMAND;
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	183 if (strcasecmp(str, "allow") == 0)
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	184 return LDAP_OPT_X_TLS_ALLOW;
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	185 if (strcasecmp(str, "try") == 0)
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	186 return LDAP_OPT_X_TLS_TRY;
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	187
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	188 i_fatal("LDAP: Unknown tls_require_cert value '%s'", str);
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	189 }
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	190 #endif
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	191
5006 129aa779a7f8 Last change for making ldap_bind() error handling better was actually Timo Sirainen <tss@iki.fi> parents: 4996 diff changeset	192 static int ldap_get_errno(struct ldap_connection *conn)
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	193 {
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	194 int ret, err;
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	195
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	196 ret = ldap_get_option(conn->ld, LDAP_OPT_ERROR_NUMBER, (void *) &err);
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	197 if (ret != LDAP_SUCCESS) {
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	198 i_error("LDAP: Can't get error number: %s",
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	199 ldap_err2string(ret));
6368 a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	200 return LDAP_UNAVAILABLE;
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	201 }
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	202
5006 129aa779a7f8 Last change for making ldap_bind() error handling better was actually Timo Sirainen <tss@iki.fi> parents: 4996 diff changeset	203 return err;
129aa779a7f8 Last change for making ldap_bind() error handling better was actually Timo Sirainen <tss@iki.fi> parents: 4996 diff changeset	204 }
129aa779a7f8 Last change for making ldap_bind() error handling better was actually Timo Sirainen <tss@iki.fi> parents: 4996 diff changeset	205
129aa779a7f8 Last change for making ldap_bind() error handling better was actually Timo Sirainen <tss@iki.fi> parents: 4996 diff changeset	206 const char ldap_get_error(struct ldap_connection conn)
129aa779a7f8 Last change for making ldap_bind() error handling better was actually Timo Sirainen <tss@iki.fi> parents: 4996 diff changeset	207 {
129aa779a7f8 Last change for making ldap_bind() error handling better was actually Timo Sirainen <tss@iki.fi> parents: 4996 diff changeset	208 return ldap_err2string(ldap_get_errno(conn));
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	209 }
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	210
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	211 static void ldap_conn_reconnect(struct ldap_connection *conn)
4772 d36a5df3f492 Handle LDAP requests while being disconnected more correctly. Timo Sirainen <tss@iki.fi> parents: 4751 diff changeset	212 {
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	213 db_ldap_conn_close(conn);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	214 if (db_ldap_connect(conn) < 0)
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	215 db_ldap_conn_close(conn);
4772 d36a5df3f492 Handle LDAP requests while being disconnected more correctly. Timo Sirainen <tss@iki.fi> parents: 4751 diff changeset	216 }
d36a5df3f492 Handle LDAP requests while being disconnected more correctly. Timo Sirainen <tss@iki.fi> parents: 4751 diff changeset	217
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	218 static int ldap_handle_error(struct ldap_connection *conn)
6368 a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	219 {
a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	220 int err = ldap_get_errno(conn);
a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	221
a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	222 switch (err) {
a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	223 case LDAP_SUCCESS:
a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	224 i_unreached();
a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	225 case LDAP_SIZELIMIT_EXCEEDED:
a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	226 case LDAP_TIMELIMIT_EXCEEDED:
a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	227 case LDAP_NO_SUCH_ATTRIBUTE:
a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	228 case LDAP_UNDEFINED_TYPE:
a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	229 case LDAP_INAPPROPRIATE_MATCHING:
a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	230 case LDAP_CONSTRAINT_VIOLATION:
a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	231 case LDAP_TYPE_OR_VALUE_EXISTS:
a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	232 case LDAP_INVALID_SYNTAX:
a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	233 case LDAP_NO_SUCH_OBJECT:
a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	234 case LDAP_ALIAS_PROBLEM:
a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	235 case LDAP_INVALID_DN_SYNTAX:
a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	236 case LDAP_IS_LEAF:
a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	237 case LDAP_ALIAS_DEREF_PROBLEM:
a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	238 case LDAP_FILTER_ERROR:
a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	239 /* invalid input */
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	240 return -1;
6368 a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	241 case LDAP_SERVER_DOWN:
a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	242 case LDAP_TIMEOUT:
a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	243 case LDAP_UNAVAILABLE:
a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	244 case LDAP_BUSY:
a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	245 #ifdef LDAP_CONNECT_ERROR
a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	246 case LDAP_CONNECT_ERROR:
a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	247 #endif
a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	248 case LDAP_LOCAL_ERROR:
a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	249 case LDAP_INVALID_CREDENTIALS:
a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	250 default:
a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	251 /* connection problems */
a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	252 ldap_conn_reconnect(conn);
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	253 return 0;
6368 a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	254 }
a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	255 }
a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	256
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	257 static int db_ldap_request_bind(struct ldap_connection *conn,
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	258 struct ldap_request *request)
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	259 {
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	260 struct ldap_request_bind *brequest =
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	261 (struct ldap_request_bind *)request;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	262
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	263 i_assert(request->type == LDAP_REQUEST_TYPE_BIND);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	264 i_assert(request->msgid == -1);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	265 i_assert(conn->conn_state == LDAP_CONN_STATE_BOUND_AUTH \|\|
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	266 conn->conn_state == LDAP_CONN_STATE_BOUND_DEFAULT);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	267 i_assert(conn->pending_count == 0);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	268
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	269 request->msgid = ldap_bind(conn->ld, brequest->dn,
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	270 request->auth_request->mech_password,
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	271 LDAP_AUTH_SIMPLE);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	272 if (request->msgid == -1) {
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	273 auth_request_log_error(request->auth_request, "ldap",
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	274 "ldap_bind(%s) failed: %s",
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	275 brequest->dn, ldap_get_error(conn));
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	276 if (ldap_handle_error(conn) < 0) {
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	277 /* broken request, remove it */
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	278 return 0;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	279 }
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	280 return -1;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	281 }
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	282 conn->conn_state = LDAP_CONN_STATE_BINDING;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	283 return 1;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	284 }
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	285
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	286 static int db_ldap_request_search(struct ldap_connection *conn,
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	287 struct ldap_request *request)
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	288 {
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	289 struct ldap_request_search *srequest =
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	290 (struct ldap_request_search *)request;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	291
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	292 i_assert(conn->conn_state == LDAP_CONN_STATE_BOUND_DEFAULT);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	293 i_assert(request->msgid == -1);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	294
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	295 request->msgid =
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	296 ldap_search(conn->ld, srequest->base, conn->set.ldap_scope,
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	297 srequest->filter, srequest->attributes, 0);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	298 if (request->msgid == -1) {
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	299 auth_request_log_error(request->auth_request, "ldap",
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	300 "ldap_search() failed (filter %s): %s",
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	301 srequest->filter, ldap_get_error(conn));
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	302 if (ldap_handle_error(conn) < 0) {
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	303 /* broken request, remove it */
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	304 return 0;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	305 }
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	306 return -1;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	307 }
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	308 return 1;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	309 }
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	310
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	311 static bool db_ldap_request_queue_next(struct ldap_connection *conn)
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	312 {
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	313 struct ldap_request const requestp, *request;
7079 d45c3058b91a Renamed queue to aqueue ("array queue") because struct queue already exists Timo Sirainen <tss@iki.fi> parents: 7062 diff changeset	314 unsigned int queue_size = aqueue_count(conn->request_queue);
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	315 int ret = -1;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	316
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	317 if (conn->pending_count == queue_size) {
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	318 /* no non-pending requests */
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	319 return FALSE;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	320 }
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	321 if (queue_size > DB_LDAP_MAX_PENDING_REQUESTS) {
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	322 /* wait until server has replied to some requests */
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	323 return FALSE;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	324 }
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	325
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	326 if (db_ldap_connect(conn) < 0)
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	327 return FALSE;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	328
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	329 requestp = array_idx(&conn->request_array,
7079 d45c3058b91a Renamed queue to aqueue ("array queue") because struct queue already exists Timo Sirainen <tss@iki.fi> parents: 7062 diff changeset	330 aqueue_idx(conn->request_queue,
d45c3058b91a Renamed queue to aqueue ("array queue") because struct queue already exists Timo Sirainen <tss@iki.fi> parents: 7062 diff changeset	331 conn->pending_count));
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	332 request = *requestp;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	333
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	334 if (conn->pending_count > 0 &&
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	335 request->type == LDAP_REQUEST_TYPE_BIND) {
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	336 /* we can't do binds until all existing requests are finished */
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	337 return FALSE;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	338 }
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	339
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	340 switch (conn->conn_state) {
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	341 case LDAP_CONN_STATE_DISCONNECTED:
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	342 case LDAP_CONN_STATE_BINDING:
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	343 /* wait until we're in bound state */
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	344 return FALSE;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	345 case LDAP_CONN_STATE_BOUND_AUTH:
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	346 if (request->type == LDAP_REQUEST_TYPE_BIND)
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	347 break;
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	348
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	349 /* bind to default dn first */
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	350 i_assert(conn->pending_count == 0);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	351 (void)db_ldap_bind(conn);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	352 return FALSE;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	353 case LDAP_CONN_STATE_BOUND_DEFAULT:
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	354 /* we can do anything in this state */
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	355 break;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	356 }
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	357
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	358 switch (request->type) {
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	359 case LDAP_REQUEST_TYPE_BIND:
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	360 ret = db_ldap_request_bind(conn, request);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	361 break;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	362 case LDAP_REQUEST_TYPE_SEARCH:
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	363 ret = db_ldap_request_search(conn, request);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	364 break;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	365 }
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	366
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	367 if (ret > 0) {
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	368 /* success */
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	369 i_assert(request->msgid != -1);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	370 conn->pending_count++;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	371 return TRUE;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	372 } else if (ret < 0) {
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	373 /* disconnected */
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	374 return FALSE;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	375 } else {
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	376 /* broken request, remove from queue */
7079 d45c3058b91a Renamed queue to aqueue ("array queue") because struct queue already exists Timo Sirainen <tss@iki.fi> parents: 7062 diff changeset	377 aqueue_delete_tail(conn->request_queue);
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	378 request->callback(conn, request, NULL);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	379 return TRUE;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	380 }
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	381 }
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	382
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	383 void db_ldap_request(struct ldap_connection *conn,
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	384 struct ldap_request *request)
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	385 {
7293 f78b83bf16b7 Don't crash if ldap userdb lookup fails. Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	386 i_assert(request->auth_request != NULL);
f78b83bf16b7 Don't crash if ldap userdb lookup fails. Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	387
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	388 request->msgid = -1;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	389 request->create_time = ioloop_time;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	390
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	391 if (conn->request_queue->full &&
7079 d45c3058b91a Renamed queue to aqueue ("array queue") because struct queue already exists Timo Sirainen <tss@iki.fi> parents: 7062 diff changeset	392 aqueue_count(conn->request_queue) >= DB_LDAP_MAX_QUEUE_SIZE) {
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	393 /* Queue is full already, fail this request */
8256 6e1d0ae97963 LDAP: If auth request queue is full, log how long ago the first request was added. Timo Sirainen <tss@iki.fi> parents: 8101 diff changeset	394 struct ldap_request const first_requestp;
6e1d0ae97963 LDAP: If auth request queue is full, log how long ago the first request was added. Timo Sirainen <tss@iki.fi> parents: 8101 diff changeset	395
6e1d0ae97963 LDAP: If auth request queue is full, log how long ago the first request was added. Timo Sirainen <tss@iki.fi> parents: 8101 diff changeset	396 first_requestp = array_idx(&conn->request_array,
6e1d0ae97963 LDAP: If auth request queue is full, log how long ago the first request was added. Timo Sirainen <tss@iki.fi> parents: 8101 diff changeset	397 aqueue_idx(conn->request_queue, 0));
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	398 auth_request_log_error(request->auth_request, "ldap",
8256 6e1d0ae97963 LDAP: If auth request queue is full, log how long ago the first request was added. Timo Sirainen <tss@iki.fi> parents: 8101 diff changeset	399 "Request queue is full (oldest added %d secs ago)",
6e1d0ae97963 LDAP: If auth request queue is full, log how long ago the first request was added. Timo Sirainen <tss@iki.fi> parents: 8101 diff changeset	400 (int)(time(NULL) - (*first_requestp)->create_time));
4742 62a5d2c10ecd Crashfixes Timo Sirainen <tss@iki.fi> parents: 4741 diff changeset	401 request->callback(conn, request, NULL);
62a5d2c10ecd Crashfixes Timo Sirainen <tss@iki.fi> parents: 4741 diff changeset	402 return;
4741 deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn Timo Sirainen <tss@iki.fi> parents: 4624 diff changeset	403 }
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn Timo Sirainen <tss@iki.fi> parents: 4624 diff changeset	404
7079 d45c3058b91a Renamed queue to aqueue ("array queue") because struct queue already exists Timo Sirainen <tss@iki.fi> parents: 7062 diff changeset	405 aqueue_append(conn->request_queue, &request);
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	406 (void)db_ldap_request_queue_next(conn);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	407 }
4751 aadf124d273f Fixes Timo Sirainen <tss@iki.fi> parents: 4749 diff changeset	408
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	409 static int db_ldap_connect_finish(struct ldap_connection *conn, int ret)
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	410 {
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	411 if (ret == LDAP_SERVER_DOWN) {
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	412 i_error("LDAP: Can't connect to server: %s",
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	413 conn->set.uris != NULL ?
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	414 conn->set.uris : conn->set.hosts);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	415 return -1;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	416 }
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	417 if (ret != LDAP_SUCCESS) {
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	418 i_error("LDAP: binding failed (dn %s): %s",
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	419 conn->set.dn == NULL ? "(none)" : conn->set.dn,
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	420 ldap_get_error(conn));
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	421 return -1;
6368 a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	422 }
a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	423
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	424 conn->conn_state = LDAP_CONN_STATE_BOUND_DEFAULT;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	425 while (db_ldap_request_queue_next(conn))
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	426 ;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	427 return 0;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	428 }
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	429
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	430 static void db_ldap_default_bind_finished(struct ldap_connection *conn,
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	431 LDAPMessage *res)
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	432 {
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	433 int ret;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	434
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	435 i_assert(conn->pending_count == 0);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	436 conn->default_bind_msgid = -1;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	437
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	438 ret = ldap_result2error(conn->ld, res, FALSE);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	439 if (db_ldap_connect_finish(conn, ret) < 0) {
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	440 /* lost connection, close it */
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	441 db_ldap_conn_close(conn);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	442 }
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	443 }
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	444
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	445 static void db_ldap_abort_requests(struct ldap_connection *conn,
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	446 unsigned int max_count,
7062 36402809db43 When aborting queued requests, log the reason for it. Timo Sirainen <tss@iki.fi> parents: 7050 diff changeset	447 unsigned int timeout_secs,
36402809db43 When aborting queued requests, log the reason for it. Timo Sirainen <tss@iki.fi> parents: 7050 diff changeset	448 bool error, const char *reason)
3731 0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again Timo Sirainen <tss@iki.fi> parents: 3657 diff changeset	449 {
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	450 struct ldap_request const requestp, *request;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	451 time_t diff;
3731 0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again Timo Sirainen <tss@iki.fi> parents: 3657 diff changeset	452
7079 d45c3058b91a Renamed queue to aqueue ("array queue") because struct queue already exists Timo Sirainen <tss@iki.fi> parents: 7062 diff changeset	453 while (aqueue_count(conn->request_queue) > 0 && max_count > 0) {
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	454 requestp = array_idx(&conn->request_array,
7079 d45c3058b91a Renamed queue to aqueue ("array queue") because struct queue already exists Timo Sirainen <tss@iki.fi> parents: 7062 diff changeset	455 aqueue_idx(conn->request_queue, 0));
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	456 request = *requestp;
3731 0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again Timo Sirainen <tss@iki.fi> parents: 3657 diff changeset	457
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	458 diff = ioloop_time - request->create_time;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	459 if (diff < (time_t)timeout_secs)
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	460 break;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	461
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	462 /* timed out, abort */
7079 d45c3058b91a Renamed queue to aqueue ("array queue") because struct queue already exists Timo Sirainen <tss@iki.fi> parents: 7062 diff changeset	463 aqueue_delete_tail(conn->request_queue);
3731 0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again Timo Sirainen <tss@iki.fi> parents: 3657 diff changeset	464
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	465 if (request->msgid != -1) {
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	466 i_assert(conn->pending_count > 0);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	467 conn->pending_count--;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	468 }
7062 36402809db43 When aborting queued requests, log the reason for it. Timo Sirainen <tss@iki.fi> parents: 7050 diff changeset	469 if (error) {
36402809db43 When aborting queued requests, log the reason for it. Timo Sirainen <tss@iki.fi> parents: 7050 diff changeset	470 auth_request_log_error(request->auth_request, "ldap",
36402809db43 When aborting queued requests, log the reason for it. Timo Sirainen <tss@iki.fi> parents: 7050 diff changeset	471 "%s", reason);
36402809db43 When aborting queued requests, log the reason for it. Timo Sirainen <tss@iki.fi> parents: 7050 diff changeset	472 } else {
36402809db43 When aborting queued requests, log the reason for it. Timo Sirainen <tss@iki.fi> parents: 7050 diff changeset	473 auth_request_log_info(request->auth_request, "ldap",
36402809db43 When aborting queued requests, log the reason for it. Timo Sirainen <tss@iki.fi> parents: 7050 diff changeset	474 "%s", reason);
36402809db43 When aborting queued requests, log the reason for it. Timo Sirainen <tss@iki.fi> parents: 7050 diff changeset	475 }
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	476 request->callback(conn, request, NULL);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	477 max_count--;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	478 }
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	479 }
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	480
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	481 static void
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	482 db_ldap_handle_result(struct ldap_connection conn, LDAPMessage res)
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	483 {
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	484 struct ldap_request const requests, *request = NULL;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	485 unsigned int i, count;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	486 int msgid, ret;
3731 0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again Timo Sirainen <tss@iki.fi> parents: 3657 diff changeset	487
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	488 msgid = ldap_msgid(res);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	489 if (msgid == conn->default_bind_msgid) {
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	490 db_ldap_default_bind_finished(conn, res);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	491 return;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	492 }
3731 0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again Timo Sirainen <tss@iki.fi> parents: 3657 diff changeset	493
7079 d45c3058b91a Renamed queue to aqueue ("array queue") because struct queue already exists Timo Sirainen <tss@iki.fi> parents: 7062 diff changeset	494 count = aqueue_count(conn->request_queue);
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	495 requests = count == 0 ? NULL : array_idx(&conn->request_array, 0);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	496 for (i = 0; i < count; i++) {
7079 d45c3058b91a Renamed queue to aqueue ("array queue") because struct queue already exists Timo Sirainen <tss@iki.fi> parents: 7062 diff changeset	497 request = requests[aqueue_idx(conn->request_queue, i)];
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	498 if (request->msgid == msgid)
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	499 break;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	500 if (request->msgid == -1) {
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	501 request = NULL;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	502 break;
4741 deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn Timo Sirainen <tss@iki.fi> parents: 4624 diff changeset	503 }
3731 0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again Timo Sirainen <tss@iki.fi> parents: 3657 diff changeset	504 }
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	505 if (request == NULL) {
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	506 i_error("LDAP: Reply with unknown msgid %d", msgid);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	507 return;
4772 d36a5df3f492 Handle LDAP requests while being disconnected more correctly. Timo Sirainen <tss@iki.fi> parents: 4751 diff changeset	508 }
d36a5df3f492 Handle LDAP requests while being disconnected more correctly. Timo Sirainen <tss@iki.fi> parents: 4751 diff changeset	509
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	510 if (request->type == LDAP_REQUEST_TYPE_BIND) {
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	511 i_assert(conn->conn_state == LDAP_CONN_STATE_BINDING);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	512 i_assert(conn->pending_count == 1);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	513 conn->conn_state = LDAP_CONN_STATE_BOUND_AUTH;
4741 deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn Timo Sirainen <tss@iki.fi> parents: 4624 diff changeset	514 }
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	515 i_assert(conn->pending_count > 0);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	516 conn->pending_count--;
7079 d45c3058b91a Renamed queue to aqueue ("array queue") because struct queue already exists Timo Sirainen <tss@iki.fi> parents: 7062 diff changeset	517 aqueue_delete(conn->request_queue, i);
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	518
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	519 ret = ldap_result2error(conn->ld, res, 0);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	520 if (ret != LDAP_SUCCESS && request->type == LDAP_REQUEST_TYPE_SEARCH) {
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	521 /* handle search failures here */
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	522 struct ldap_request_search *srequest =
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	523 (struct ldap_request_search *)request;
4772 d36a5df3f492 Handle LDAP requests while being disconnected more correctly. Timo Sirainen <tss@iki.fi> parents: 4751 diff changeset	524
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	525 auth_request_log_error(request->auth_request, "ldap",
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	526 "ldap_search(%s) failed: %s",
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	527 srequest->filter, ldap_err2string(ret));
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	528 res = NULL;
4772 d36a5df3f492 Handle LDAP requests while being disconnected more correctly. Timo Sirainen <tss@iki.fi> parents: 4751 diff changeset	529 }
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	530
7226 e6693a0ec8e1 Renamed T_FRAME_BEGIN/END to T_BEGIN/END. Removed T_FRAME() macro and Timo Sirainen <tss@iki.fi> parents: 7202 diff changeset	531 T_BEGIN {
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	532 request->callback(conn, request, res);
7226 e6693a0ec8e1 Renamed T_FRAME_BEGIN/END to T_BEGIN/END. Removed T_FRAME() macro and Timo Sirainen <tss@iki.fi> parents: 7202 diff changeset	533 } T_END;
4741 deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn Timo Sirainen <tss@iki.fi> parents: 4624 diff changeset	534
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	535 if (i > 0) {
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	536 /* see if there are timed out requests */
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	537 db_ldap_abort_requests(conn, i,
7062 36402809db43 When aborting queued requests, log the reason for it. Timo Sirainen <tss@iki.fi> parents: 7050 diff changeset	538 DB_LDAP_REQUEST_LOST_TIMEOUT_SECS,
36402809db43 When aborting queued requests, log the reason for it. Timo Sirainen <tss@iki.fi> parents: 7050 diff changeset	539 TRUE, "Request lost");
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	540 }
3731 0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again Timo Sirainen <tss@iki.fi> parents: 3657 diff changeset	541 }
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again Timo Sirainen <tss@iki.fi> parents: 3657 diff changeset	542
4907 5b4c9b20eba0 Replaced void context from a lot of callbacks with the actual context Timo Sirainen <tss@iki.fi>* parents: 4903 diff changeset	543 static void ldap_input(struct ldap_connection *conn)
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	544 {
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	545 struct timeval timeout;
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	546 LDAPMessage *res;
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	547 int ret;
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	548
5037 d7198e2682c6 Do ldap_bind() only when there are no requests waiting, and don't do Timo Sirainen <tss@iki.fi> parents: 5006 diff changeset	549 for (;;) {
d7198e2682c6 Do ldap_bind() only when there are no requests waiting, and don't do Timo Sirainen <tss@iki.fi> parents: 5006 diff changeset	550 if (conn->ld == NULL)
d7198e2682c6 Do ldap_bind() only when there are no requests waiting, and don't do Timo Sirainen <tss@iki.fi> parents: 5006 diff changeset	551 return;
d7198e2682c6 Do ldap_bind() only when there are no requests waiting, and don't do Timo Sirainen <tss@iki.fi> parents: 5006 diff changeset	552
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	553 memset(&timeout, 0, sizeof(timeout));
1181 ac7dbb236b59 Rather than block for two seconds, we can just call ldap_result() again if Timo Sirainen <tss@iki.fi> parents: 1143 diff changeset	554 ret = ldap_result(conn->ld, LDAP_RES_ANY, 1, &timeout, &res);
1075 f1401fa7ab03 auth process fixes, LDAP seems to be working (with the kludge define or Timo Sirainen <tss@iki.fi> parents: 1062 diff changeset	555 #ifdef OPENLDAP_ASYNC_WORKAROUND
1181 ac7dbb236b59 Rather than block for two seconds, we can just call ldap_result() again if Timo Sirainen <tss@iki.fi> parents: 1143 diff changeset	556 if (ret == 0) {
ac7dbb236b59 Rather than block for two seconds, we can just call ldap_result() again if Timo Sirainen <tss@iki.fi> parents: 1143 diff changeset	557 /* try again, there may be another in buffer */
ac7dbb236b59 Rather than block for two seconds, we can just call ldap_result() again if Timo Sirainen <tss@iki.fi> parents: 1143 diff changeset	558 ret = ldap_result(conn->ld, LDAP_RES_ANY, 1,
ac7dbb236b59 Rather than block for two seconds, we can just call ldap_result() again if Timo Sirainen <tss@iki.fi> parents: 1143 diff changeset	559 &timeout, &res);
ac7dbb236b59 Rather than block for two seconds, we can just call ldap_result() again if Timo Sirainen <tss@iki.fi> parents: 1143 diff changeset	560 }
1075 f1401fa7ab03 auth process fixes, LDAP seems to be working (with the kludge define or Timo Sirainen <tss@iki.fi> parents: 1062 diff changeset	561 #endif
5037 d7198e2682c6 Do ldap_bind() only when there are no requests waiting, and don't do Timo Sirainen <tss@iki.fi> parents: 5006 diff changeset	562 if (ret <= 0)
d7198e2682c6 Do ldap_bind() only when there are no requests waiting, and don't do Timo Sirainen <tss@iki.fi> parents: 5006 diff changeset	563 break;
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	564
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	565 db_ldap_handle_result(conn, res);
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	566 ldap_msgfree(res);
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	567 }
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	568 conn->last_reply_stamp = ioloop_time;
5037 d7198e2682c6 Do ldap_bind() only when there are no requests waiting, and don't do Timo Sirainen <tss@iki.fi> parents: 5006 diff changeset	569
7045 ae0556fb268d If LDAP server disconnects the connection and we haven't sent requests for a Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	570 if (ret == 0) {
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	571 /* send more requests */
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	572 while (db_ldap_request_queue_next(conn))
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	573 ;
7045 ae0556fb268d If LDAP server disconnects the connection and we haven't sent requests for a Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	574 } else if (ldap_get_errno(conn) != LDAP_SERVER_DOWN) {
6368 a930c2ecd73c Reconnect if ldap_search() returns a failure related to connection problems. Timo Sirainen <tss@iki.fi> parents: 6198 diff changeset	575 i_error("LDAP: ldap_result() failed: %s", ldap_get_error(conn));
6369 f7cc3723ad99 Actually reconnect always if ldap_result() fails for any reason. There Timo Sirainen <tss@iki.fi> parents: 6368 diff changeset	576 ldap_conn_reconnect(conn);
7079 d45c3058b91a Renamed queue to aqueue ("array queue") because struct queue already exists Timo Sirainen <tss@iki.fi> parents: 7062 diff changeset	577 } else if (aqueue_count(conn->request_queue) > 0 \|\|
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	578 ioloop_time - conn->last_reply_stamp <
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	579 DB_LDAP_IDLE_RECONNECT_SECS) {
7045 ae0556fb268d If LDAP server disconnects the connection and we haven't sent requests for a Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	580 i_error("LDAP: Connection lost to LDAP server, reconnecting");
ae0556fb268d If LDAP server disconnects the connection and we haven't sent requests for a Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	581 ldap_conn_reconnect(conn);
5037 d7198e2682c6 Do ldap_bind() only when there are no requests waiting, and don't do Timo Sirainen <tss@iki.fi> parents: 5006 diff changeset	582 } else {
7045 ae0556fb268d If LDAP server disconnects the connection and we haven't sent requests for a Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	583 /* server probably disconnected an idle connection. don't
ae0556fb268d If LDAP server disconnects the connection and we haven't sent requests for a Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	584 reconnect until the next request comes. */
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	585 db_ldap_conn_close(conn);
5037 d7198e2682c6 Do ldap_bind() only when there are no requests waiting, and don't do Timo Sirainen <tss@iki.fi> parents: 5006 diff changeset	586 }
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	587 }
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	588
4426 b8089cf41c96 Check for sasl.h and sasl/sasl.h existence and use the one that's found. If Timo Sirainen <tss@iki.fi> parents: 4415 diff changeset	589 #ifdef HAVE_LDAP_SASL
4405 fe17f63521ea Compiler warning fixes and some coding style cleanups. Timo Sirainen <tss@iki.fi> parents: 4319 diff changeset	590 static int
6411 6a64e64fa3a3 Renamed __attr___ to ATTR_. Renamed __attrs_used__ to ATTRS_DEFINED. Timo Sirainen <tss@iki.fi> parents: 6370 diff changeset	591 sasl_interact(LDAP *ld ATTR_UNUSED, unsigned flags ATTR_UNUSED,
4405 fe17f63521ea Compiler warning fixes and some coding style cleanups. Timo Sirainen <tss@iki.fi> parents: 4319 diff changeset	592 void defaults, void interact)
4319 31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen Timo Sirainen <tss@iki.fi> parents: 4295 diff changeset	593 {
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	594 struct db_ldap_sasl_bind_context *context = defaults;
4319 31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen Timo Sirainen <tss@iki.fi> parents: 4295 diff changeset	595 sasl_interact_t *in;
4405 fe17f63521ea Compiler warning fixes and some coding style cleanups. Timo Sirainen <tss@iki.fi> parents: 4319 diff changeset	596 const char *str;
4319 31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen Timo Sirainen <tss@iki.fi> parents: 4295 diff changeset	597
4405 fe17f63521ea Compiler warning fixes and some coding style cleanups. Timo Sirainen <tss@iki.fi> parents: 4319 diff changeset	598 for (in = interact; in->id != SASL_CB_LIST_END; in++) {
fe17f63521ea Compiler warning fixes and some coding style cleanups. Timo Sirainen <tss@iki.fi> parents: 4319 diff changeset	599 switch (in->id) {
4319 31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen Timo Sirainen <tss@iki.fi> parents: 4295 diff changeset	600 case SASL_CB_GETREALM:
4405 fe17f63521ea Compiler warning fixes and some coding style cleanups. Timo Sirainen <tss@iki.fi> parents: 4319 diff changeset	601 str = context->realm;
4319 31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen Timo Sirainen <tss@iki.fi> parents: 4295 diff changeset	602 break;
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen Timo Sirainen <tss@iki.fi> parents: 4295 diff changeset	603 case SASL_CB_AUTHNAME:
4405 fe17f63521ea Compiler warning fixes and some coding style cleanups. Timo Sirainen <tss@iki.fi> parents: 4319 diff changeset	604 str = context->authcid;
4319 31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen Timo Sirainen <tss@iki.fi> parents: 4295 diff changeset	605 break;
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen Timo Sirainen <tss@iki.fi> parents: 4295 diff changeset	606 case SASL_CB_USER:
4405 fe17f63521ea Compiler warning fixes and some coding style cleanups. Timo Sirainen <tss@iki.fi> parents: 4319 diff changeset	607 str = context->authzid;
4319 31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen Timo Sirainen <tss@iki.fi> parents: 4295 diff changeset	608 break;
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen Timo Sirainen <tss@iki.fi> parents: 4295 diff changeset	609 case SASL_CB_PASS:
4405 fe17f63521ea Compiler warning fixes and some coding style cleanups. Timo Sirainen <tss@iki.fi> parents: 4319 diff changeset	610 str = context->passwd;
fe17f63521ea Compiler warning fixes and some coding style cleanups. Timo Sirainen <tss@iki.fi> parents: 4319 diff changeset	611 break;
fe17f63521ea Compiler warning fixes and some coding style cleanups. Timo Sirainen <tss@iki.fi> parents: 4319 diff changeset	612 default:
fe17f63521ea Compiler warning fixes and some coding style cleanups. Timo Sirainen <tss@iki.fi> parents: 4319 diff changeset	613 str = NULL;
4319 31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen Timo Sirainen <tss@iki.fi> parents: 4295 diff changeset	614 break;
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen Timo Sirainen <tss@iki.fi> parents: 4295 diff changeset	615 }
4405 fe17f63521ea Compiler warning fixes and some coding style cleanups. Timo Sirainen <tss@iki.fi> parents: 4319 diff changeset	616 if (str != NULL) {
fe17f63521ea Compiler warning fixes and some coding style cleanups. Timo Sirainen <tss@iki.fi> parents: 4319 diff changeset	617 in->len = strlen(str);
fe17f63521ea Compiler warning fixes and some coding style cleanups. Timo Sirainen <tss@iki.fi> parents: 4319 diff changeset	618 in->result = str;
4319 31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen Timo Sirainen <tss@iki.fi> parents: 4295 diff changeset	619 }
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen Timo Sirainen <tss@iki.fi> parents: 4295 diff changeset	620
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen Timo Sirainen <tss@iki.fi> parents: 4295 diff changeset	621 }
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen Timo Sirainen <tss@iki.fi> parents: 4295 diff changeset	622 return LDAP_SUCCESS;
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen Timo Sirainen <tss@iki.fi> parents: 4295 diff changeset	623 }
4426 b8089cf41c96 Check for sasl.h and sasl/sasl.h existence and use the one that's found. If Timo Sirainen <tss@iki.fi> parents: 4415 diff changeset	624 #endif
4319 31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen Timo Sirainen <tss@iki.fi> parents: 4295 diff changeset	625
4741 deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn Timo Sirainen <tss@iki.fi> parents: 4624 diff changeset	626 static int db_ldap_bind(struct ldap_connection *conn)
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn Timo Sirainen <tss@iki.fi> parents: 4624 diff changeset	627 {
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn Timo Sirainen <tss@iki.fi> parents: 4624 diff changeset	628 int msgid;
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn Timo Sirainen <tss@iki.fi> parents: 4624 diff changeset	629
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	630 i_assert(conn->conn_state != LDAP_CONN_STATE_BINDING);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	631 i_assert(conn->default_bind_msgid == -1);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	632 i_assert(conn->pending_count == 0);
4741 deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn Timo Sirainen <tss@iki.fi> parents: 4624 diff changeset	633
4996 cfef56a6bf4a If ldap_bind() fails directly, log the "ldap server down" errors more nicely. Timo Sirainen <tss@iki.fi> parents: 4907 diff changeset	634 msgid = ldap_bind(conn->ld, conn->set.dn, conn->set.dnpass,
cfef56a6bf4a If ldap_bind() fails directly, log the "ldap server down" errors more nicely. Timo Sirainen <tss@iki.fi> parents: 4907 diff changeset	635 LDAP_AUTH_SIMPLE);
4741 deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn Timo Sirainen <tss@iki.fi> parents: 4624 diff changeset	636 if (msgid == -1) {
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	637 i_assert(ldap_get_errno(conn) != LDAP_SUCCESS);
6576 66e6311e22b3 If ldap_bind() failed because LDAP server was down, we never reconnected. Timo Sirainen <tss@iki.fi> parents: 6475 diff changeset	638 if (db_ldap_connect_finish(conn, ldap_get_errno(conn)) < 0) {
66e6311e22b3 If ldap_bind() failed because LDAP server was down, we never reconnected. Timo Sirainen <tss@iki.fi> parents: 6475 diff changeset	639 /* lost connection, close it */
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	640 db_ldap_conn_close(conn);
6576 66e6311e22b3 If ldap_bind() failed because LDAP server was down, we never reconnected. Timo Sirainen <tss@iki.fi> parents: 6475 diff changeset	641 }
4741 deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn Timo Sirainen <tss@iki.fi> parents: 4624 diff changeset	642 return -1;
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn Timo Sirainen <tss@iki.fi> parents: 4624 diff changeset	643 }
4751 aadf124d273f Fixes Timo Sirainen <tss@iki.fi> parents: 4749 diff changeset	644
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	645 conn->conn_state = LDAP_CONN_STATE_BINDING;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	646 conn->default_bind_msgid = msgid;
4741 deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn Timo Sirainen <tss@iki.fi> parents: 4624 diff changeset	647 return 0;
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn Timo Sirainen <tss@iki.fi> parents: 4624 diff changeset	648 }
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn Timo Sirainen <tss@iki.fi> parents: 4624 diff changeset	649
4742 62a5d2c10ecd Crashfixes Timo Sirainen <tss@iki.fi> parents: 4741 diff changeset	650 static void db_ldap_get_fd(struct ldap_connection *conn)
62a5d2c10ecd Crashfixes Timo Sirainen <tss@iki.fi> parents: 4741 diff changeset	651 {
62a5d2c10ecd Crashfixes Timo Sirainen <tss@iki.fi> parents: 4741 diff changeset	652 int ret;
62a5d2c10ecd Crashfixes Timo Sirainen <tss@iki.fi> parents: 4741 diff changeset	653
62a5d2c10ecd Crashfixes Timo Sirainen <tss@iki.fi> parents: 4741 diff changeset	654 /* get the connection's fd */
62a5d2c10ecd Crashfixes Timo Sirainen <tss@iki.fi> parents: 4741 diff changeset	655 ret = ldap_get_option(conn->ld, LDAP_OPT_DESC, (void *)&conn->fd);
62a5d2c10ecd Crashfixes Timo Sirainen <tss@iki.fi> parents: 4741 diff changeset	656 if (ret != LDAP_SUCCESS) {
62a5d2c10ecd Crashfixes Timo Sirainen <tss@iki.fi> parents: 4741 diff changeset	657 i_fatal("LDAP: Can't get connection fd: %s",
62a5d2c10ecd Crashfixes Timo Sirainen <tss@iki.fi> parents: 4741 diff changeset	658 ldap_err2string(ret));
62a5d2c10ecd Crashfixes Timo Sirainen <tss@iki.fi> parents: 4741 diff changeset	659 }
6873 3069e66789b3 Die if (Solaris) LDAP library returns wrong file descriptor. Timo Sirainen <tss@iki.fi> parents: 6576 diff changeset	660 if (conn->fd <= CLIENT_LISTEN_FD) {
3069e66789b3 Die if (Solaris) LDAP library returns wrong file descriptor. Timo Sirainen <tss@iki.fi> parents: 6576 diff changeset	661 /* Solaris LDAP library seems to be broken */
3069e66789b3 Die if (Solaris) LDAP library returns wrong file descriptor. Timo Sirainen <tss@iki.fi> parents: 6576 diff changeset	662 i_fatal("LDAP: Buggy LDAP library returned wrong fd: %d",
3069e66789b3 Die if (Solaris) LDAP library returns wrong file descriptor. Timo Sirainen <tss@iki.fi> parents: 6576 diff changeset	663 conn->fd);
3069e66789b3 Die if (Solaris) LDAP library returns wrong file descriptor. Timo Sirainen <tss@iki.fi> parents: 6576 diff changeset	664 }
4742 62a5d2c10ecd Crashfixes Timo Sirainen <tss@iki.fi> parents: 4741 diff changeset	665 i_assert(conn->fd != -1);
62a5d2c10ecd Crashfixes Timo Sirainen <tss@iki.fi> parents: 4741 diff changeset	666 net_set_nonblock(conn->fd, TRUE);
62a5d2c10ecd Crashfixes Timo Sirainen <tss@iki.fi> parents: 4741 diff changeset	667 }
62a5d2c10ecd Crashfixes Timo Sirainen <tss@iki.fi> parents: 4741 diff changeset	668
7191 1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	669 static void
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	670 db_ldap_set_opt(struct ldap_connection conn, int opt, const void value,
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	671 const char optname, const char value_str)
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	672 {
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	673 int ret;
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	674
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	675 ret = ldap_set_option(conn == NULL ? NULL : conn->ld, opt, value);
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	676 if (ret != LDAP_SUCCESS) {
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	677 i_fatal("LDAP: Can't set option %s to %s: %s",
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	678 optname, value_str, ldap_err2string(ret));
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	679 }
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	680 }
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	681
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	682 static void
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	683 db_ldap_set_opt_str(struct ldap_connection conn, int opt, const char value,
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	684 const char *optname)
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	685 {
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	686 if (value != NULL)
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	687 db_ldap_set_opt(conn, opt, value, optname, value);
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	688 }
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	689
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	690 static void db_ldap_set_tls_options(struct ldap_connection *conn)
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	691 {
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	692 if (!conn->set.tls)
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	693 return;
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	694
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	695 #ifdef OPENLDAP_TLS_OPTIONS
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	696 db_ldap_set_opt_str(NULL, LDAP_OPT_X_TLS_CACERTFILE,
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	697 conn->set.tls_ca_cert_file, "tls_ca_cert_file");
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	698 db_ldap_set_opt_str(NULL, LDAP_OPT_X_TLS_CACERTDIR,
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	699 conn->set.tls_ca_cert_dir, "tls_ca_cert_dir");
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	700 db_ldap_set_opt_str(NULL, LDAP_OPT_X_TLS_CERTFILE,
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	701 conn->set.tls_cert_file, "tls_cert_file");
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	702 db_ldap_set_opt_str(NULL, LDAP_OPT_X_TLS_KEYFILE,
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	703 conn->set.tls_key_file, "tls_key_file");
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	704 db_ldap_set_opt_str(NULL, LDAP_OPT_X_TLS_CIPHER_SUITE,
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	705 conn->set.tls_cipher_suite, "tls_cipher_suite");
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	706 if (conn->set.tls_require_cert != NULL) {
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	707 int value = tls_require_cert2str(conn->set.tls_require_cert);
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	708 db_ldap_set_opt(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &value,
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	709 "tls_require_cert", conn->set.tls_require_cert);
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	710 }
7192 5b654defd376 If any of the tls_* settings are used but support isn't compiled in, log a Timo Sirainen <tss@iki.fi> parents: 7191 diff changeset	711 #else
5b654defd376 If any of the tls_* settings are used but support isn't compiled in, log a Timo Sirainen <tss@iki.fi> parents: 7191 diff changeset	712 if (conn->set.tls_ca_cert_file != NULL \|\|
5b654defd376 If any of the tls_* settings are used but support isn't compiled in, log a Timo Sirainen <tss@iki.fi> parents: 7191 diff changeset	713 conn->set.tls_ca_cert_dir != NULL \|\|
5b654defd376 If any of the tls_* settings are used but support isn't compiled in, log a Timo Sirainen <tss@iki.fi> parents: 7191 diff changeset	714 conn->set.tls_cert_file != NULL \|\|
5b654defd376 If any of the tls_* settings are used but support isn't compiled in, log a Timo Sirainen <tss@iki.fi> parents: 7191 diff changeset	715 conn->set.tls_key_file != NULL \|\|
5b654defd376 If any of the tls_* settings are used but support isn't compiled in, log a Timo Sirainen <tss@iki.fi> parents: 7191 diff changeset	716 conn->set.tls_cipher_suite != NULL)
5b654defd376 If any of the tls_* settings are used but support isn't compiled in, log a Timo Sirainen <tss@iki.fi> parents: 7191 diff changeset	717 i_warning("LDAP: tls_* settings ignored, "
5b654defd376 If any of the tls_* settings are used but support isn't compiled in, log a Timo Sirainen <tss@iki.fi> parents: 7191 diff changeset	718 "your LDAP library doesn't seem to support them");
7191 1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	719 #endif
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	720 }
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	721
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	722 static void db_ldap_set_options(struct ldap_connection *conn)
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	723 {
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	724 unsigned int ldap_version;
7396 a61102ad418f Added debug_level LDAP option to specify OpenLDAP's debug level. Timo Sirainen <tss@iki.fi> parents: 7345 diff changeset	725 int value;
7191 1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	726
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	727 db_ldap_set_opt(conn, LDAP_OPT_DEREF, &conn->set.ldap_deref,
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	728 "deref", conn->set.deref);
7396 a61102ad418f Added debug_level LDAP option to specify OpenLDAP's debug level. Timo Sirainen <tss@iki.fi> parents: 7345 diff changeset	729 #ifdef LDAP_OPT_DEBUG_LEVEL
a61102ad418f Added debug_level LDAP option to specify OpenLDAP's debug level. Timo Sirainen <tss@iki.fi> parents: 7345 diff changeset	730 value = atoi(conn->set.debug_level);
a61102ad418f Added debug_level LDAP option to specify OpenLDAP's debug level. Timo Sirainen <tss@iki.fi> parents: 7345 diff changeset	731 if (value != 0) {
a61102ad418f Added debug_level LDAP option to specify OpenLDAP's debug level. Timo Sirainen <tss@iki.fi> parents: 7345 diff changeset	732 db_ldap_set_opt(NULL, LDAP_OPT_DEBUG_LEVEL, &value,
a61102ad418f Added debug_level LDAP option to specify OpenLDAP's debug level. Timo Sirainen <tss@iki.fi> parents: 7345 diff changeset	733 "debug_level", conn->set.debug_level);
a61102ad418f Added debug_level LDAP option to specify OpenLDAP's debug level. Timo Sirainen <tss@iki.fi> parents: 7345 diff changeset	734 }
a61102ad418f Added debug_level LDAP option to specify OpenLDAP's debug level. Timo Sirainen <tss@iki.fi> parents: 7345 diff changeset	735 #endif
7191 1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	736
7344 57ae4181bb32 If sasl_bind=yes or tls=yes is used and ldap_version<3, fail with an error. Timo Sirainen <tss@iki.fi> parents: 7293 diff changeset	737 if (conn->set.ldap_version < 3) {
57ae4181bb32 If sasl_bind=yes or tls=yes is used and ldap_version<3, fail with an error. Timo Sirainen <tss@iki.fi> parents: 7293 diff changeset	738 if (conn->set.sasl_bind)
57ae4181bb32 If sasl_bind=yes or tls=yes is used and ldap_version<3, fail with an error. Timo Sirainen <tss@iki.fi> parents: 7293 diff changeset	739 i_fatal("LDAP: sasl_bind=yes requires ldap_version=3");
57ae4181bb32 If sasl_bind=yes or tls=yes is used and ldap_version<3, fail with an error. Timo Sirainen <tss@iki.fi> parents: 7293 diff changeset	740 if (conn->set.tls)
57ae4181bb32 If sasl_bind=yes or tls=yes is used and ldap_version<3, fail with an error. Timo Sirainen <tss@iki.fi> parents: 7293 diff changeset	741 i_fatal("LDAP: tls=yes requires ldap_version=3");
57ae4181bb32 If sasl_bind=yes or tls=yes is used and ldap_version<3, fail with an error. Timo Sirainen <tss@iki.fi> parents: 7293 diff changeset	742 }
57ae4181bb32 If sasl_bind=yes or tls=yes is used and ldap_version<3, fail with an error. Timo Sirainen <tss@iki.fi> parents: 7293 diff changeset	743
57ae4181bb32 If sasl_bind=yes or tls=yes is used and ldap_version<3, fail with an error. Timo Sirainen <tss@iki.fi> parents: 7293 diff changeset	744 ldap_version = conn->set.ldap_version;
7191 1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	745 db_ldap_set_opt(conn, LDAP_OPT_PROTOCOL_VERSION, &ldap_version,
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	746 "protocol_version", dec2str(ldap_version));
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	747 db_ldap_set_tls_options(conn);
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	748 }
1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	749
4741 deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn Timo Sirainen <tss@iki.fi> parents: 4624 diff changeset	750 int db_ldap_connect(struct ldap_connection *conn)
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn Timo Sirainen <tss@iki.fi> parents: 4624 diff changeset	751 {
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn Timo Sirainen <tss@iki.fi> parents: 4624 diff changeset	752 int ret;
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn Timo Sirainen <tss@iki.fi> parents: 4624 diff changeset	753
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	754 if (conn->conn_state != LDAP_CONN_STATE_DISCONNECTED)
4741 deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn Timo Sirainen <tss@iki.fi> parents: 4624 diff changeset	755 return 0;
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	756
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	757 i_assert(conn->pending_count == 0);
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	758 if (conn->ld == NULL) {
1910 b9005f93be70 Patch by Quentin Garnier: Timo Sirainen <tss@iki.fi> parents: 1897 diff changeset	759 if (conn->set.uris != NULL) {
2325 7613e0f68513 Fixed to compile with Solaris LDAP library Timo Sirainen <tss@iki.fi> parents: 1910 diff changeset	760 #ifdef LDAP_HAVE_INITIALIZE
1910 b9005f93be70 Patch by Quentin Garnier: Timo Sirainen <tss@iki.fi> parents: 1897 diff changeset	761 if (ldap_initialize(&conn->ld, conn->set.uris) != LDAP_SUCCESS)
b9005f93be70 Patch by Quentin Garnier: Timo Sirainen <tss@iki.fi> parents: 1897 diff changeset	762 conn->ld = NULL;
2325 7613e0f68513 Fixed to compile with Solaris LDAP library Timo Sirainen <tss@iki.fi> parents: 1910 diff changeset	763 #else
7613e0f68513 Fixed to compile with Solaris LDAP library Timo Sirainen <tss@iki.fi> parents: 1910 diff changeset	764 i_fatal("LDAP: Your LDAP library doesn't support "
7613e0f68513 Fixed to compile with Solaris LDAP library Timo Sirainen <tss@iki.fi> parents: 1910 diff changeset	765 "'uris' setting, use 'hosts' instead.");
7613e0f68513 Fixed to compile with Solaris LDAP library Timo Sirainen <tss@iki.fi> parents: 1910 diff changeset	766 #endif
1910 b9005f93be70 Patch by Quentin Garnier: Timo Sirainen <tss@iki.fi> parents: 1897 diff changeset	767 } else
b9005f93be70 Patch by Quentin Garnier: Timo Sirainen <tss@iki.fi> parents: 1897 diff changeset	768 conn->ld = ldap_init(conn->set.hosts, LDAP_PORT);
b9005f93be70 Patch by Quentin Garnier: Timo Sirainen <tss@iki.fi> parents: 1897 diff changeset	769
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	770 if (conn->ld == NULL)
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	771 i_fatal("LDAP: ldap_init() failed with hosts: %s",
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	772 conn->set.hosts);
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	773
7191 1cbaa724aba8 Added support for OpenLDAP-specific TLS settings. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	774 db_ldap_set_options(conn);
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	775 }
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	776
4415 b91816cd1d16 Added TLS support for LDAP if the library supports it. Timo Sirainen <tss@iki.fi> parents: 4405 diff changeset	777 if (conn->set.tls) {
b91816cd1d16 Added TLS support for LDAP if the library supports it. Timo Sirainen <tss@iki.fi> parents: 4405 diff changeset	778 #ifdef LDAP_HAVE_START_TLS_S
b91816cd1d16 Added TLS support for LDAP if the library supports it. Timo Sirainen <tss@iki.fi> parents: 4405 diff changeset	779 ret = ldap_start_tls_s(conn->ld, NULL, NULL);
b91816cd1d16 Added TLS support for LDAP if the library supports it. Timo Sirainen <tss@iki.fi> parents: 4405 diff changeset	780 if (ret != LDAP_SUCCESS) {
7345 0c7dc0b0bb7b Fail with a clear error if both tls=yes and ldaps:// URI is used. Timo Sirainen <tss@iki.fi> parents: 7344 diff changeset	781 if (ret == LDAP_OPERATIONS_ERROR &&
0c7dc0b0bb7b Fail with a clear error if both tls=yes and ldaps:// URI is used. Timo Sirainen <tss@iki.fi> parents: 7344 diff changeset	782 strncmp(conn->set.uris, "ldaps:", 6) == 0) {
0c7dc0b0bb7b Fail with a clear error if both tls=yes and ldaps:// URI is used. Timo Sirainen <tss@iki.fi> parents: 7344 diff changeset	783 i_fatal("LDAP: Don't use both tls=yes "
0c7dc0b0bb7b Fail with a clear error if both tls=yes and ldaps:// URI is used. Timo Sirainen <tss@iki.fi> parents: 7344 diff changeset	784 "and ldaps URI");
0c7dc0b0bb7b Fail with a clear error if both tls=yes and ldaps:// URI is used. Timo Sirainen <tss@iki.fi> parents: 7344 diff changeset	785 }
4415 b91816cd1d16 Added TLS support for LDAP if the library supports it. Timo Sirainen <tss@iki.fi> parents: 4405 diff changeset	786 i_error("LDAP: ldap_start_tls_s() failed: %s",
b91816cd1d16 Added TLS support for LDAP if the library supports it. Timo Sirainen <tss@iki.fi> parents: 4405 diff changeset	787 ldap_err2string(ret));
4741 deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn Timo Sirainen <tss@iki.fi> parents: 4624 diff changeset	788 return -1;
4415 b91816cd1d16 Added TLS support for LDAP if the library supports it. Timo Sirainen <tss@iki.fi> parents: 4405 diff changeset	789 }
b91816cd1d16 Added TLS support for LDAP if the library supports it. Timo Sirainen <tss@iki.fi> parents: 4405 diff changeset	790 #else
b91816cd1d16 Added TLS support for LDAP if the library supports it. Timo Sirainen <tss@iki.fi> parents: 4405 diff changeset	791 i_error("LDAP: Your LDAP library doesn't support TLS");
4741 deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn Timo Sirainen <tss@iki.fi> parents: 4624 diff changeset	792 return -1;
4415 b91816cd1d16 Added TLS support for LDAP if the library supports it. Timo Sirainen <tss@iki.fi> parents: 4405 diff changeset	793 #endif
b91816cd1d16 Added TLS support for LDAP if the library supports it. Timo Sirainen <tss@iki.fi> parents: 4405 diff changeset	794 }
b91816cd1d16 Added TLS support for LDAP if the library supports it. Timo Sirainen <tss@iki.fi> parents: 4405 diff changeset	795
4319 31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen Timo Sirainen <tss@iki.fi> parents: 4295 diff changeset	796 if (conn->set.sasl_bind) {
4426 b8089cf41c96 Check for sasl.h and sasl/sasl.h existence and use the one that's found. If Timo Sirainen <tss@iki.fi> parents: 4415 diff changeset	797 #ifdef HAVE_LDAP_SASL
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	798 struct db_ldap_sasl_bind_context context;
4426 b8089cf41c96 Check for sasl.h and sasl/sasl.h existence and use the one that's found. If Timo Sirainen <tss@iki.fi> parents: 4415 diff changeset	799
b8089cf41c96 Check for sasl.h and sasl/sasl.h existence and use the one that's found. If Timo Sirainen <tss@iki.fi> parents: 4415 diff changeset	800 memset(&context, 0, sizeof(context));
4319 31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen Timo Sirainen <tss@iki.fi> parents: 4295 diff changeset	801 context.authcid = conn->set.dn;
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen Timo Sirainen <tss@iki.fi> parents: 4295 diff changeset	802 context.passwd = conn->set.dnpass;
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen Timo Sirainen <tss@iki.fi> parents: 4295 diff changeset	803 context.realm = conn->set.sasl_realm;
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen Timo Sirainen <tss@iki.fi> parents: 4295 diff changeset	804 context.authzid = conn->set.sasl_authz_id;
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen Timo Sirainen <tss@iki.fi> parents: 4295 diff changeset	805
4743 8f4eb963446c Cleanup Timo Sirainen <tss@iki.fi> parents: 4742 diff changeset	806 /* There doesn't seem to be a way to do SASL binding
8f4eb963446c Cleanup Timo Sirainen <tss@iki.fi> parents: 4742 diff changeset	807 asynchronously.. */
4405 fe17f63521ea Compiler warning fixes and some coding style cleanups. Timo Sirainen <tss@iki.fi> parents: 4319 diff changeset	808 ret = ldap_sasl_interactive_bind_s(conn->ld, NULL,
fe17f63521ea Compiler warning fixes and some coding style cleanups. Timo Sirainen <tss@iki.fi> parents: 4319 diff changeset	809 conn->set.sasl_mech,
4319 31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen Timo Sirainen <tss@iki.fi> parents: 4295 diff changeset	810 NULL, NULL, LDAP_SASL_QUIET,
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen Timo Sirainen <tss@iki.fi> parents: 4295 diff changeset	811 sasl_interact, &context);
4743 8f4eb963446c Cleanup Timo Sirainen <tss@iki.fi> parents: 4742 diff changeset	812 if (db_ldap_connect_finish(conn, ret) < 0)
8f4eb963446c Cleanup Timo Sirainen <tss@iki.fi> parents: 4742 diff changeset	813 return -1;
4426 b8089cf41c96 Check for sasl.h and sasl/sasl.h existence and use the one that's found. If Timo Sirainen <tss@iki.fi> parents: 4415 diff changeset	814 #else
b8089cf41c96 Check for sasl.h and sasl/sasl.h existence and use the one that's found. If Timo Sirainen <tss@iki.fi> parents: 4415 diff changeset	815 i_fatal("LDAP: sasl_bind=yes but no SASL support compiled in");
b8089cf41c96 Check for sasl.h and sasl/sasl.h existence and use the one that's found. If Timo Sirainen <tss@iki.fi> parents: 4415 diff changeset	816 #endif
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	817 conn->conn_state = LDAP_CONN_STATE_BOUND_DEFAULT;
4319 31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen Timo Sirainen <tss@iki.fi> parents: 4295 diff changeset	818 } else {
4741 deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn Timo Sirainen <tss@iki.fi> parents: 4624 diff changeset	819 if (db_ldap_bind(conn) < 0)
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn Timo Sirainen <tss@iki.fi> parents: 4624 diff changeset	820 return -1;
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	821 }
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	822
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	823 db_ldap_get_fd(conn);
4741 deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn Timo Sirainen <tss@iki.fi> parents: 4624 diff changeset	824 conn->io = io_add(conn->fd, IO_READ, ldap_input, conn);
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn Timo Sirainen <tss@iki.fi> parents: 4624 diff changeset	825 return 0;
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	826 }
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	827
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	828 static void db_ldap_disconnect_timeout(struct ldap_connection *conn)
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	829 {
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	830 db_ldap_abort_requests(conn, -1U,
8705 a7503487627d ldap: Give better error message when aborting LDAP requests due to not being connected. Timo Sirainen <tss@iki.fi> parents: 8704 diff changeset	831 DB_LDAP_REQUEST_DISCONNECT_TIMEOUT_SECS, FALSE,
a7503487627d ldap: Give better error message when aborting LDAP requests due to not being connected. Timo Sirainen <tss@iki.fi> parents: 8704 diff changeset	832 "Aborting (timeout), we're not connected to LDAP server");
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	833
7079 d45c3058b91a Renamed queue to aqueue ("array queue") because struct queue already exists Timo Sirainen <tss@iki.fi> parents: 7062 diff changeset	834 if (aqueue_count(conn->request_queue) == 0) {
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	835 /* no requests left, remove this timeout handler */
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	836 timeout_remove(&conn->to);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	837 }
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	838 }
1897 1e6ed8045f2b Changed hash_foreach() to iterator. Timo Sirainen <tss@iki.fi> parents: 1709 diff changeset	839
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	840 static void db_ldap_conn_close(struct ldap_connection *conn)
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	841 {
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	842 struct ldap_request const requests, *request;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	843 unsigned int i;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	844
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	845 conn->conn_state = LDAP_CONN_STATE_DISCONNECTED;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	846 conn->default_bind_msgid = -1;
1897 1e6ed8045f2b Changed hash_foreach() to iterator. Timo Sirainen <tss@iki.fi> parents: 1709 diff changeset	847
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	848 if (conn->pending_count != 0) {
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	849 requests = array_idx(&conn->request_array, 0);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	850 for (i = 0; i < conn->pending_count; i++) {
7079 d45c3058b91a Renamed queue to aqueue ("array queue") because struct queue already exists Timo Sirainen <tss@iki.fi> parents: 7062 diff changeset	851 request = requests[aqueue_idx(conn->request_queue, i)];
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	852
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	853 i_assert(request->msgid != -1);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	854 request->msgid = -1;
3731 0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again Timo Sirainen <tss@iki.fi> parents: 3657 diff changeset	855 }
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	856 conn->pending_count = 0;
1897 1e6ed8045f2b Changed hash_foreach() to iterator. Timo Sirainen <tss@iki.fi> parents: 1709 diff changeset	857 }
1210 8e6addbf12b3 minor ldap fixes Timo Sirainen <tss@iki.fi> parents: 1191 diff changeset	858
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	859 if (conn->ld != NULL) {
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	860 ldap_unbind(conn->ld);
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	861 conn->ld = NULL;
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	862 }
4741 deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn Timo Sirainen <tss@iki.fi> parents: 4624 diff changeset	863 conn->fd = -1;
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	864
8101 06cb6f9d3054 ldap: Avoid kqueue/epoll errors when LDAP connection closes unexpectedly. Timo Sirainen <tss@iki.fi> parents: 8027 diff changeset	865 if (conn->io != NULL) {
06cb6f9d3054 ldap: Avoid kqueue/epoll errors when LDAP connection closes unexpectedly. Timo Sirainen <tss@iki.fi> parents: 8027 diff changeset	866 /* the fd may have already been closed before ldap_unbind(),
06cb6f9d3054 ldap: Avoid kqueue/epoll errors when LDAP connection closes unexpectedly. Timo Sirainen <tss@iki.fi> parents: 8027 diff changeset	867 so we'll have to use io_remove_closed(). */
06cb6f9d3054 ldap: Avoid kqueue/epoll errors when LDAP connection closes unexpectedly. Timo Sirainen <tss@iki.fi> parents: 8027 diff changeset	868 io_remove_closed(&conn->io);
06cb6f9d3054 ldap: Avoid kqueue/epoll errors when LDAP connection closes unexpectedly. Timo Sirainen <tss@iki.fi> parents: 8027 diff changeset	869 }
06cb6f9d3054 ldap: Avoid kqueue/epoll errors when LDAP connection closes unexpectedly. Timo Sirainen <tss@iki.fi> parents: 8027 diff changeset	870
7079 d45c3058b91a Renamed queue to aqueue ("array queue") because struct queue already exists Timo Sirainen <tss@iki.fi> parents: 7062 diff changeset	871 if (aqueue_count(conn->request_queue) == 0) {
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	872 if (conn->to != NULL)
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	873 timeout_remove(&conn->to);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	874 } else if (conn->to == NULL) {
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	875 conn->to = timeout_add(DB_LDAP_REQUEST_DISCONNECT_TIMEOUT_SECS *
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	876 1000/2, db_ldap_disconnect_timeout, conn);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	877 }
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	878 }
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	879
3158 8849f2e380d1 userdb can now return extra parameters to master. Removed special handling Timo Sirainen <tss@iki.fi> parents: 3094 diff changeset	880 void db_ldap_set_attrs(struct ldap_connection conn, const char attrlist,
3306 aebed9a9edac If both userdb and passdb used LDAP the later one was overriding first one's Timo Sirainen <tss@iki.fi> parents: 3212 diff changeset	881 char **attr_names_r, struct hash_table attr_map,
4741 deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn Timo Sirainen <tss@iki.fi> parents: 4624 diff changeset	882 const char *skip_attr)
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	883 {
6175 6c3788e03f7e Ignore spaces after commas in user_attrs and pass_attrs. Timo Sirainen <tss@iki.fi> parents: 6152 diff changeset	884 const char const attr, attr_data, p;
6149 a744ae38a9e1 Having =key=value in pass_attrs or user_attrs allows returning static Timo Sirainen <tss@iki.fi> parents: 6148 diff changeset	885 string_t *static_data;
6175 6c3788e03f7e Ignore spaces after commas in user_attrs and pass_attrs. Timo Sirainen <tss@iki.fi> parents: 6152 diff changeset	886 char name, value;
4741 deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn Timo Sirainen <tss@iki.fi> parents: 4624 diff changeset	887 unsigned int i, j, size;
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	888
3158 8849f2e380d1 userdb can now return extra parameters to master. Removed special handling Timo Sirainen <tss@iki.fi> parents: 3094 diff changeset	889 if (*attrlist == '\0')
8849f2e380d1 userdb can now return extra parameters to master. Removed special handling Timo Sirainen <tss@iki.fi> parents: 3094 diff changeset	890 return;
8849f2e380d1 userdb can now return extra parameters to master. Removed special handling Timo Sirainen <tss@iki.fi> parents: 3094 diff changeset	891
8849f2e380d1 userdb can now return extra parameters to master. Removed special handling Timo Sirainen <tss@iki.fi> parents: 3094 diff changeset	892 attr = t_strsplit(attrlist, ",");
6149 a744ae38a9e1 Having =key=value in pass_attrs or user_attrs allows returning static Timo Sirainen <tss@iki.fi> parents: 6148 diff changeset	893 static_data = t_str_new(128);
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	894
3212 eb840633c9bf LDAP crashfixes. Timo Sirainen <tss@iki.fi> parents: 3161 diff changeset	895 /* @UNSAFE */
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	896 for (size = 0; attr[size] != NULL; size++) ;
3306 aebed9a9edac If both userdb and passdb used LDAP the later one was overriding first one's Timo Sirainen <tss@iki.fi> parents: 3212 diff changeset	897 attr_names_r = p_new(conn->pool, char , size + 1);
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	898
4741 deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn Timo Sirainen <tss@iki.fi> parents: 4624 diff changeset	899 for (i = j = 0; i < size; i++) {
6175 6c3788e03f7e Ignore spaces after commas in user_attrs and pass_attrs. Timo Sirainen <tss@iki.fi> parents: 6152 diff changeset	900 /* allow spaces here so "foo=1, bar=2" works */
6c3788e03f7e Ignore spaces after commas in user_attrs and pass_attrs. Timo Sirainen <tss@iki.fi> parents: 6152 diff changeset	901 attr_data = attr[i];
6c3788e03f7e Ignore spaces after commas in user_attrs and pass_attrs. Timo Sirainen <tss@iki.fi> parents: 6152 diff changeset	902 while (*attr_data == ' ') attr_data++;
6c3788e03f7e Ignore spaces after commas in user_attrs and pass_attrs. Timo Sirainen <tss@iki.fi> parents: 6152 diff changeset	903
6c3788e03f7e Ignore spaces after commas in user_attrs and pass_attrs. Timo Sirainen <tss@iki.fi> parents: 6152 diff changeset	904 p = strchr(attr_data, '=');
6148 668a768fc8fd Removed deprecated pass_attrs and user_attrs configuration method. Timo Sirainen <tss@iki.fi> parents: 6147 diff changeset	905 if (p == NULL)
6175 6c3788e03f7e Ignore spaces after commas in user_attrs and pass_attrs. Timo Sirainen <tss@iki.fi> parents: 6152 diff changeset	906 name = value = p_strdup(conn->pool, attr_data);
6c3788e03f7e Ignore spaces after commas in user_attrs and pass_attrs. Timo Sirainen <tss@iki.fi> parents: 6152 diff changeset	907 else if (p != attr_data) {
6c3788e03f7e Ignore spaces after commas in user_attrs and pass_attrs. Timo Sirainen <tss@iki.fi> parents: 6152 diff changeset	908 name = p_strdup_until(conn->pool, attr_data, p);
3158 8849f2e380d1 userdb can now return extra parameters to master. Removed special handling Timo Sirainen <tss@iki.fi> parents: 3094 diff changeset	909 value = p_strdup(conn->pool, p + 1);
6149 a744ae38a9e1 Having =key=value in pass_attrs or user_attrs allows returning static Timo Sirainen <tss@iki.fi> parents: 6148 diff changeset	910 } else {
a744ae38a9e1 Having =key=value in pass_attrs or user_attrs allows returning static Timo Sirainen <tss@iki.fi> parents: 6148 diff changeset	911 /* =<static key>=<static value> */
a744ae38a9e1 Having =key=value in pass_attrs or user_attrs allows returning static Timo Sirainen <tss@iki.fi> parents: 6148 diff changeset	912 if (str_len(static_data) > 0)
a744ae38a9e1 Having =key=value in pass_attrs or user_attrs allows returning static Timo Sirainen <tss@iki.fi> parents: 6148 diff changeset	913 str_append_c(static_data, ',');
a744ae38a9e1 Having =key=value in pass_attrs or user_attrs allows returning static Timo Sirainen <tss@iki.fi> parents: 6148 diff changeset	914 str_append(static_data, p + 1);
a744ae38a9e1 Having =key=value in pass_attrs or user_attrs allows returning static Timo Sirainen <tss@iki.fi> parents: 6148 diff changeset	915 continue;
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	916 }
3158 8849f2e380d1 userdb can now return extra parameters to master. Removed special handling Timo Sirainen <tss@iki.fi> parents: 3094 diff changeset	917
4816 8ac2a2d27364 Cleanup: Don't put string literals into non-const pointers. Timo Sirainen <tss@iki.fi> parents: 4806 diff changeset	918 if (*name != '\0' &&
8ac2a2d27364 Cleanup: Don't put string literals into non-const pointers. Timo Sirainen <tss@iki.fi> parents: 4806 diff changeset	919 (skip_attr == NULL \|\| strcmp(skip_attr, value) != 0)) {
8573 f9166a09423a Renamed hash_() to hash_table_() to avoid conflicts with OSX's strhash.h Timo Sirainen <tss@iki.fi> parents: 8256 diff changeset	920 hash_table_insert(attr_map, name, value);
4741 deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn Timo Sirainen <tss@iki.fi> parents: 4624 diff changeset	921 (*attr_names_r)[j++] = name;
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn Timo Sirainen <tss@iki.fi> parents: 4624 diff changeset	922 }
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	923 }
6149 a744ae38a9e1 Having =key=value in pass_attrs or user_attrs allows returning static Timo Sirainen <tss@iki.fi> parents: 6148 diff changeset	924 if (str_len(static_data) > 0) {
8573 f9166a09423a Renamed hash_() to hash_table_() to avoid conflicts with OSX's strhash.h Timo Sirainen <tss@iki.fi> parents: 8256 diff changeset	925 hash_table_insert(attr_map, "",
f9166a09423a Renamed hash_() to hash_table_() to avoid conflicts with OSX's strhash.h Timo Sirainen <tss@iki.fi> parents: 8256 diff changeset	926 p_strdup(conn->pool, str_c(static_data)));
6149 a744ae38a9e1 Having =key=value in pass_attrs or user_attrs allows returning static Timo Sirainen <tss@iki.fi> parents: 6148 diff changeset	927 }
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	928 }
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	929
5884 1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	930 struct var_expand_table *
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	931 db_ldap_value_get_var_expand_table(struct auth_request *auth_request)
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	932 {
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	933 const struct var_expand_table *auth_table;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	934 struct var_expand_table *table;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	935 unsigned int count;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	936
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	937 auth_table = auth_request_get_var_expand_table(auth_request, NULL);
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	938 for (count = 0; auth_table[count].key != '\0'; count++) ;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	939 count++;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	940
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	941 table = t_new(struct var_expand_table, count + 1);
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	942 table[0].key = '$';
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	943 memcpy(table + 1, auth_table, sizeof(table) count);
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	944 return table;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	945 }
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	946
1330 7cde19dbe754 Moved auth_username_chars from db-pgsql to generic for all. Some other Timo Sirainen <tss@iki.fi> parents: 1282 diff changeset	947 #define IS_LDAP_ESCAPED_CHAR(c) \
7cde19dbe754 Moved auth_username_chars from db-pgsql to generic for all. Some other Timo Sirainen <tss@iki.fi> parents: 1282 diff changeset	948 ((c) == '*' \|\| (c) == '(' \|\| (c) == ')' \|\| (c) == '\\')
7cde19dbe754 Moved auth_username_chars from db-pgsql to generic for all. Some other Timo Sirainen <tss@iki.fi> parents: 1282 diff changeset	949
4295 4fc637010202 Escape SQL strings using sql_escape_string(). Fixes the problems with Timo Sirainen <tss@iki.fi> parents: 4180 diff changeset	950 const char ldap_escape(const char str,
6411 6a64e64fa3a3 Renamed __attr___ to ATTR_. Renamed __attrs_used__ to ATTRS_DEFINED. Timo Sirainen <tss@iki.fi> parents: 6370 diff changeset	951 const struct auth_request *auth_request ATTR_UNUSED)
1189 2cb8e2136283 Escape special chars in username if needed. Timo Sirainen <tss@iki.fi> parents: 1182 diff changeset	952 {
2cb8e2136283 Escape special chars in username if needed. Timo Sirainen <tss@iki.fi> parents: 1182 diff changeset	953 const char *p;
1330 7cde19dbe754 Moved auth_username_chars from db-pgsql to generic for all. Some other Timo Sirainen <tss@iki.fi> parents: 1282 diff changeset	954 string_t *ret;
1189 2cb8e2136283 Escape special chars in username if needed. Timo Sirainen <tss@iki.fi> parents: 1182 diff changeset	955
2cb8e2136283 Escape special chars in username if needed. Timo Sirainen <tss@iki.fi> parents: 1182 diff changeset	956 for (p = str; *p != '\0'; p++) {
1330 7cde19dbe754 Moved auth_username_chars from db-pgsql to generic for all. Some other Timo Sirainen <tss@iki.fi> parents: 1282 diff changeset	957 if (IS_LDAP_ESCAPED_CHAR(*p))
1189 2cb8e2136283 Escape special chars in username if needed. Timo Sirainen <tss@iki.fi> parents: 1182 diff changeset	958 break;
2cb8e2136283 Escape special chars in username if needed. Timo Sirainen <tss@iki.fi> parents: 1182 diff changeset	959 }
2cb8e2136283 Escape special chars in username if needed. Timo Sirainen <tss@iki.fi> parents: 1182 diff changeset	960
2cb8e2136283 Escape special chars in username if needed. Timo Sirainen <tss@iki.fi> parents: 1182 diff changeset	961 if (*p == '\0')
2cb8e2136283 Escape special chars in username if needed. Timo Sirainen <tss@iki.fi> parents: 1182 diff changeset	962 return str;
2cb8e2136283 Escape special chars in username if needed. Timo Sirainen <tss@iki.fi> parents: 1182 diff changeset	963
1330 7cde19dbe754 Moved auth_username_chars from db-pgsql to generic for all. Some other Timo Sirainen <tss@iki.fi> parents: 1282 diff changeset	964 ret = t_str_new((size_t) (p - str) + 64);
7cde19dbe754 Moved auth_username_chars from db-pgsql to generic for all. Some other Timo Sirainen <tss@iki.fi> parents: 1282 diff changeset	965 str_append_n(ret, str, (size_t) (p - str));
7cde19dbe754 Moved auth_username_chars from db-pgsql to generic for all. Some other Timo Sirainen <tss@iki.fi> parents: 1282 diff changeset	966
1189 2cb8e2136283 Escape special chars in username if needed. Timo Sirainen <tss@iki.fi> parents: 1182 diff changeset	967 for (; *p != '\0'; p++) {
1330 7cde19dbe754 Moved auth_username_chars from db-pgsql to generic for all. Some other Timo Sirainen <tss@iki.fi> parents: 1282 diff changeset	968 if (IS_LDAP_ESCAPED_CHAR(*p))
7cde19dbe754 Moved auth_username_chars from db-pgsql to generic for all. Some other Timo Sirainen <tss@iki.fi> parents: 1282 diff changeset	969 str_append_c(ret, '\\');
7cde19dbe754 Moved auth_username_chars from db-pgsql to generic for all. Some other Timo Sirainen <tss@iki.fi> parents: 1282 diff changeset	970 str_append_c(ret, *p);
1189 2cb8e2136283 Escape special chars in username if needed. Timo Sirainen <tss@iki.fi> parents: 1182 diff changeset	971 }
1330 7cde19dbe754 Moved auth_username_chars from db-pgsql to generic for all. Some other Timo Sirainen <tss@iki.fi> parents: 1282 diff changeset	972 return str_c(ret);
1189 2cb8e2136283 Escape special chars in username if needed. Timo Sirainen <tss@iki.fi> parents: 1182 diff changeset	973 }
2cb8e2136283 Escape special chars in username if needed. Timo Sirainen <tss@iki.fi> parents: 1182 diff changeset	974
5884 1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	975 struct db_ldap_result_iterate_context *
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	976 db_ldap_result_iterate_init(struct ldap_connection conn, LDAPMessage entry,
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	977 struct auth_request *auth_request,
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	978 struct hash_table *attr_map)
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	979 {
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	980 struct db_ldap_result_iterate_context *ctx;
6149 a744ae38a9e1 Having =key=value in pass_attrs or user_attrs allows returning static Timo Sirainen <tss@iki.fi> parents: 6148 diff changeset	981 const char *static_data;
5884 1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	982
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	983 ctx = t_new(struct db_ldap_result_iterate_context, 1);
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	984 ctx->conn = conn;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	985 ctx->entry = entry;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	986 ctx->auth_request = auth_request;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	987 ctx->attr_map = attr_map;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	988
8573 f9166a09423a Renamed hash_() to hash_table_() to avoid conflicts with OSX's strhash.h Timo Sirainen <tss@iki.fi> parents: 8256 diff changeset	989 static_data = hash_table_lookup(attr_map, "");
7455 0dbf10f4493a Allow %variables in static LDAP fields. Timo Sirainen <tss@iki.fi> parents: 7446 diff changeset	990 if (static_data != NULL) {
0dbf10f4493a Allow %variables in static LDAP fields. Timo Sirainen <tss@iki.fi> parents: 7446 diff changeset	991 const struct var_expand_table *table;
0dbf10f4493a Allow %variables in static LDAP fields. Timo Sirainen <tss@iki.fi> parents: 7446 diff changeset	992 string_t *str;
0dbf10f4493a Allow %variables in static LDAP fields. Timo Sirainen <tss@iki.fi> parents: 7446 diff changeset	993
0dbf10f4493a Allow %variables in static LDAP fields. Timo Sirainen <tss@iki.fi> parents: 7446 diff changeset	994 table = auth_request_get_var_expand_table(auth_request, NULL);
0dbf10f4493a Allow %variables in static LDAP fields. Timo Sirainen <tss@iki.fi> parents: 7446 diff changeset	995 str = t_str_new(256);
0dbf10f4493a Allow %variables in static LDAP fields. Timo Sirainen <tss@iki.fi> parents: 7446 diff changeset	996 var_expand(str, static_data, table);
0dbf10f4493a Allow %variables in static LDAP fields. Timo Sirainen <tss@iki.fi> parents: 7446 diff changeset	997 ctx->static_attrs = t_strsplit(str_c(str), ",");
0dbf10f4493a Allow %variables in static LDAP fields. Timo Sirainen <tss@iki.fi> parents: 7446 diff changeset	998 }
6149 a744ae38a9e1 Having =key=value in pass_attrs or user_attrs allows returning static Timo Sirainen <tss@iki.fi> parents: 6148 diff changeset	999
5884 1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1000 if (auth_request->auth->verbose_debug)
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1001 ctx->debug = t_str_new(256);
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1002
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1003 ctx->attr = ldap_first_attribute(conn->ld, entry, &ctx->ber);
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1004 return ctx;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1005 }
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1006
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1007 static void
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1008 db_ldap_result_iterate_finish(struct db_ldap_result_iterate_context *ctx)
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1009 {
7202 ace71babd1ec auth_debug: If LDAP server returned no fields, log it. Timo Sirainen <tss@iki.fi> parents: 7192 diff changeset	1010 if (ctx->debug != NULL) {
ace71babd1ec auth_debug: If LDAP server returned no fields, log it. Timo Sirainen <tss@iki.fi> parents: 7192 diff changeset	1011 if (str_len(ctx->debug) > 0) {
ace71babd1ec auth_debug: If LDAP server returned no fields, log it. Timo Sirainen <tss@iki.fi> parents: 7192 diff changeset	1012 auth_request_log_debug(ctx->auth_request, "ldap",
ace71babd1ec auth_debug: If LDAP server returned no fields, log it. Timo Sirainen <tss@iki.fi> parents: 7192 diff changeset	1013 "result: %s", str_c(ctx->debug) + 1);
ace71babd1ec auth_debug: If LDAP server returned no fields, log it. Timo Sirainen <tss@iki.fi> parents: 7192 diff changeset	1014 } else {
ace71babd1ec auth_debug: If LDAP server returned no fields, log it. Timo Sirainen <tss@iki.fi> parents: 7192 diff changeset	1015 auth_request_log_debug(ctx->auth_request, "ldap",
ace71babd1ec auth_debug: If LDAP server returned no fields, log it. Timo Sirainen <tss@iki.fi> parents: 7192 diff changeset	1016 "no fields returned by the server");
ace71babd1ec auth_debug: If LDAP server returned no fields, log it. Timo Sirainen <tss@iki.fi> parents: 7192 diff changeset	1017 }
5884 1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1018 }
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1019
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1020 ber_free(ctx->ber, 0);
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1021 }
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1022
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1023 static void
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1024 db_ldap_result_change_attr(struct db_ldap_result_iterate_context *ctx)
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1025 {
8573 f9166a09423a Renamed hash_() to hash_table_() to avoid conflicts with OSX's strhash.h Timo Sirainen <tss@iki.fi> parents: 8256 diff changeset	1026 ctx->name = hash_table_lookup(ctx->attr_map, ctx->attr);
7446 15fbff736ab9 Using templates in pass_attrs or user_attrs was somewhat broken, causing Timo Sirainen <tss@iki.fi> parents: 7397 diff changeset	1027 ctx->template = NULL;
5884 1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1028
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1029 if (ctx->debug != NULL) {
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1030 str_printfa(ctx->debug, " %s(%s)=", ctx->attr,
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1031 ctx->name != NULL ? ctx->name : "?unknown?");
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1032 }
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1033
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1034 if (ctx->name == NULL \|\| *ctx->name == '\0') {
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1035 ctx->value = NULL;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1036 return;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1037 }
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1038
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1039 if (strchr(ctx->name, '%') != NULL &&
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1040 (ctx->template = strchr(ctx->name, '=')) != NULL) {
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1041 /* we want to use variables */
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1042 ctx->name = t_strdup_until(ctx->name, ctx->template);
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1043 ctx->template++;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1044 if (ctx->var_table == NULL) {
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1045 ctx->var_table = db_ldap_value_get_var_expand_table(
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1046 ctx->auth_request);
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1047 ctx->var = t_str_new(256);
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1048 }
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1049 }
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1050
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1051 ctx->vals = ldap_get_values(ctx->conn->ld, ctx->entry,
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1052 ctx->attr);
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1053 ctx->value = ctx->vals[0];
6144 d779b7220e23 LDAP crashfixes. Based on patch by Katsu Yamamoto. Timo Sirainen <tss@iki.fi> parents: 5884 diff changeset	1054 ctx->value_idx = 0;
5884 1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1055 }
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1056
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1057 static void
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1058 db_ldap_result_return_value(struct db_ldap_result_iterate_context *ctx)
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1059 {
6144 d779b7220e23 LDAP crashfixes. Based on patch by Katsu Yamamoto. Timo Sirainen <tss@iki.fi> parents: 5884 diff changeset	1060 bool first = ctx->value_idx == 0;
5884 1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1061
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1062 if (ctx->template != NULL) {
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1063 ctx->var_table[0].value = ctx->value;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1064 str_truncate(ctx->var, 0);
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1065 var_expand(ctx->var, ctx->template, ctx->var_table);
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1066 ctx->value = str_c(ctx->var);
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1067 }
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1068
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1069 if (ctx->debug != NULL) {
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1070 if (!first)
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1071 str_append_c(ctx->debug, '/');
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1072 if (ctx->auth_request->auth->verbose_debug_passwords \|\|
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1073 strcmp(ctx->name, "password") != 0)
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1074 str_append(ctx->debug, ctx->value);
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1075 else
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1076 str_append(ctx->debug, PASSWORD_HIDDEN_STR);
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1077 }
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1078 }
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1079
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1080 static bool db_ldap_result_int_next(struct db_ldap_result_iterate_context *ctx)
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1081 {
6149 a744ae38a9e1 Having =key=value in pass_attrs or user_attrs allows returning static Timo Sirainen <tss@iki.fi> parents: 6148 diff changeset	1082 const char *p;
a744ae38a9e1 Having =key=value in pass_attrs or user_attrs allows returning static Timo Sirainen <tss@iki.fi> parents: 6148 diff changeset	1083
5884 1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1084 while (ctx->attr != NULL) {
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1085 if (ctx->vals == NULL) {
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1086 /* a new attribute */
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1087 db_ldap_result_change_attr(ctx);
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1088 } else {
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1089 /* continuing existing attribute */
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1090 if (ctx->value != NULL)
6144 d779b7220e23 LDAP crashfixes. Based on patch by Katsu Yamamoto. Timo Sirainen <tss@iki.fi> parents: 5884 diff changeset	1091 ctx->value = ctx->vals[++ctx->value_idx];
5884 1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1092 }
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1093
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1094 if (ctx->value != NULL) {
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1095 db_ldap_result_return_value(ctx);
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1096 return TRUE;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1097 }
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1098
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1099 ldap_value_free(ctx->vals); ctx->vals = NULL;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1100 ldap_memfree(ctx->attr);
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1101 ctx->attr = ldap_next_attribute(ctx->conn->ld, ctx->entry,
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1102 ctx->ber);
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1103 }
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1104
6149 a744ae38a9e1 Having =key=value in pass_attrs or user_attrs allows returning static Timo Sirainen <tss@iki.fi> parents: 6148 diff changeset	1105 if (ctx->static_attrs != NULL && *ctx->static_attrs != NULL) {
a744ae38a9e1 Having =key=value in pass_attrs or user_attrs allows returning static Timo Sirainen <tss@iki.fi> parents: 6148 diff changeset	1106 p = strchr(*ctx->static_attrs, '=');
a744ae38a9e1 Having =key=value in pass_attrs or user_attrs allows returning static Timo Sirainen <tss@iki.fi> parents: 6148 diff changeset	1107 if (p == NULL) {
a744ae38a9e1 Having =key=value in pass_attrs or user_attrs allows returning static Timo Sirainen <tss@iki.fi> parents: 6148 diff changeset	1108 ctx->name = *ctx->static_attrs;
a744ae38a9e1 Having =key=value in pass_attrs or user_attrs allows returning static Timo Sirainen <tss@iki.fi> parents: 6148 diff changeset	1109 ctx->value = "";
a744ae38a9e1 Having =key=value in pass_attrs or user_attrs allows returning static Timo Sirainen <tss@iki.fi> parents: 6148 diff changeset	1110 } else {
a744ae38a9e1 Having =key=value in pass_attrs or user_attrs allows returning static Timo Sirainen <tss@iki.fi> parents: 6148 diff changeset	1111 ctx->name = t_strdup_until(*ctx->static_attrs, p);
a744ae38a9e1 Having =key=value in pass_attrs or user_attrs allows returning static Timo Sirainen <tss@iki.fi> parents: 6148 diff changeset	1112 ctx->value = p + 1;
a744ae38a9e1 Having =key=value in pass_attrs or user_attrs allows returning static Timo Sirainen <tss@iki.fi> parents: 6148 diff changeset	1113 }
7465 6c6af734f284 Static attributes were broken in user_attrs. Timo Sirainen <tss@iki.fi> parents: 7455 diff changeset	1114 /* make _next_all() return correct values */
6c6af734f284 Static attributes were broken in user_attrs. Timo Sirainen <tss@iki.fi> parents: 7455 diff changeset	1115 ctx->template = "";
6c6af734f284 Static attributes were broken in user_attrs. Timo Sirainen <tss@iki.fi> parents: 7455 diff changeset	1116 ctx->val_1_arr[0] = ctx->value;
6149 a744ae38a9e1 Having =key=value in pass_attrs or user_attrs allows returning static Timo Sirainen <tss@iki.fi> parents: 6148 diff changeset	1117 ctx->static_attrs++;
a744ae38a9e1 Having =key=value in pass_attrs or user_attrs allows returning static Timo Sirainen <tss@iki.fi> parents: 6148 diff changeset	1118 return TRUE;
a744ae38a9e1 Having =key=value in pass_attrs or user_attrs allows returning static Timo Sirainen <tss@iki.fi> parents: 6148 diff changeset	1119 }
a744ae38a9e1 Having =key=value in pass_attrs or user_attrs allows returning static Timo Sirainen <tss@iki.fi> parents: 6148 diff changeset	1120
5884 1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1121 db_ldap_result_iterate_finish(ctx);
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1122 return FALSE;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1123 }
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1124
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1125 bool db_ldap_result_iterate_next(struct db_ldap_result_iterate_context *ctx,
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1126 const char name_r, const char value_r)
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1127 {
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1128 if (!db_ldap_result_int_next(ctx))
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1129 return FALSE;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1130
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1131 *name_r = ctx->name;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1132 *value_r = ctx->value;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1133 return TRUE;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1134 }
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1135
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1136 bool db_ldap_result_iterate_next_all(struct db_ldap_result_iterate_context *ctx,
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1137 const char **name_r,
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1138 const char const *values_r)
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1139 {
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1140 if (!db_ldap_result_int_next(ctx))
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1141 return FALSE;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1142
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1143 if (ctx->template != NULL) {
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1144 /* we can use only one value with templates */
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1145 ctx->val_1_arr[0] = ctx->value;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1146 *values_r = ctx->val_1_arr;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1147 } else {
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1148 values_r = (const char const *)ctx->vals;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1149 }
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1150 ctx->value = NULL;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1151 *name_r = ctx->name;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1152 return TRUE;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1153 }
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	1154
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	1155 static const char parse_setting(const char key, const char *value,
4907 5b4c9b20eba0 Replaced void context from a lot of callbacks with the actual context Timo Sirainen <tss@iki.fi>* parents: 4903 diff changeset	1156 struct ldap_connection *conn)
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	1157 {
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	1158 return parse_setting_from_defs(conn->pool, setting_defs,
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	1159 &conn->set, key, value);
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	1160 }
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	1161
1143 50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is Timo Sirainen <tss@iki.fi> parents: 1141 diff changeset	1162 static struct ldap_connection ldap_conn_find(const char config_path)
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is Timo Sirainen <tss@iki.fi> parents: 1141 diff changeset	1163 {
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is Timo Sirainen <tss@iki.fi> parents: 1141 diff changeset	1164 struct ldap_connection *conn;
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is Timo Sirainen <tss@iki.fi> parents: 1141 diff changeset	1165
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is Timo Sirainen <tss@iki.fi> parents: 1141 diff changeset	1166 for (conn = ldap_connections; conn != NULL; conn = conn->next) {
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is Timo Sirainen <tss@iki.fi> parents: 1141 diff changeset	1167 if (strcmp(conn->config_path, config_path) == 0)
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is Timo Sirainen <tss@iki.fi> parents: 1141 diff changeset	1168 return conn;
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is Timo Sirainen <tss@iki.fi> parents: 1141 diff changeset	1169 }
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is Timo Sirainen <tss@iki.fi> parents: 1141 diff changeset	1170
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is Timo Sirainen <tss@iki.fi> parents: 1141 diff changeset	1171 return NULL;
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is Timo Sirainen <tss@iki.fi> parents: 1141 diff changeset	1172 }
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is Timo Sirainen <tss@iki.fi> parents: 1141 diff changeset	1173
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	1174 struct ldap_connection db_ldap_init(const char config_path)
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	1175 {
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	1176 struct ldap_connection *conn;
7397 8a4ecf4c2ca1 Added ldaprc_path setting. Timo Sirainen <tss@iki.fi> parents: 7396 diff changeset	1177 const char *str;
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	1178 pool_t pool;
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	1179
1143 50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is Timo Sirainen <tss@iki.fi> parents: 1141 diff changeset	1180 /* see if it already exists */
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is Timo Sirainen <tss@iki.fi> parents: 1141 diff changeset	1181 conn = ldap_conn_find(config_path);
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is Timo Sirainen <tss@iki.fi> parents: 1141 diff changeset	1182 if (conn != NULL) {
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is Timo Sirainen <tss@iki.fi> parents: 1141 diff changeset	1183 conn->refcount++;
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is Timo Sirainen <tss@iki.fi> parents: 1141 diff changeset	1184 return conn;
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is Timo Sirainen <tss@iki.fi> parents: 1141 diff changeset	1185 }
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is Timo Sirainen <tss@iki.fi> parents: 1141 diff changeset	1186
3908 afe21b6d4b68 Give a clear error message if SQL/LDAP configuration file path was left Timo Sirainen <tss@iki.fi> parents: 3879 diff changeset	1187 if (*config_path == '\0')
afe21b6d4b68 Give a clear error message if SQL/LDAP configuration file path was left Timo Sirainen <tss@iki.fi> parents: 3879 diff changeset	1188 i_fatal("LDAP: Configuration file path not given");
afe21b6d4b68 Give a clear error message if SQL/LDAP configuration file path was left Timo Sirainen <tss@iki.fi> parents: 3879 diff changeset	1189
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	1190 pool = pool_alloconly_create("ldap_connection", 1024);
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	1191 conn = p_new(pool, struct ldap_connection, 1);
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	1192 conn->pool = pool;
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	1193 conn->refcount = 1;
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	1194
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	1195 conn->conn_state = LDAP_CONN_STATE_DISCONNECTED;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	1196 conn->default_bind_msgid = -1;
4741 deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn Timo Sirainen <tss@iki.fi> parents: 4624 diff changeset	1197 conn->fd = -1;
1143 50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is Timo Sirainen <tss@iki.fi> parents: 1141 diff changeset	1198 conn->config_path = p_strdup(pool, config_path);
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	1199 conn->set = default_ldap_settings;
4903 204d7edc7cdc Added context parameter type safety checks for most callback APIs. Timo Sirainen <tss@iki.fi> parents: 4816 diff changeset	1200 if (!settings_read(config_path, NULL, parse_setting,
204d7edc7cdc Added context parameter type safety checks for most callback APIs. Timo Sirainen <tss@iki.fi> parents: 4816 diff changeset	1201 null_settings_section_callback, conn))
1610 6850142c4e25 New configuration file code. Some syntax changes, but tries to be somewhat Timo Sirainen <tss@iki.fi> parents: 1330 diff changeset	1202 exit(FATAL_DEFAULT);
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	1203
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	1204 if (conn->set.base == NULL)
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	1205 i_fatal("LDAP: No base given");
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	1206
4006 0e8f0647504b Check that uris and hosts settings are correct. Timo Sirainen <tss@iki.fi> parents: 3913 diff changeset	1207 if (conn->set.uris == NULL && conn->set.hosts == NULL)
0e8f0647504b Check that uris and hosts settings are correct. Timo Sirainen <tss@iki.fi> parents: 3913 diff changeset	1208 i_fatal("LDAP: No uris or hosts set");
0e8f0647504b Check that uris and hosts settings are correct. Timo Sirainen <tss@iki.fi> parents: 3913 diff changeset	1209 #ifndef LDAP_HAVE_INITIALIZE
4180 92b572fbb88a If LDAP library didn't have ldap_initialize() function, we always complained Timo Sirainen <tss@iki.fi> parents: 4006 diff changeset	1210 if (conn->set.uris != NULL) {
4006 0e8f0647504b Check that uris and hosts settings are correct. Timo Sirainen <tss@iki.fi> parents: 3913 diff changeset	1211 i_fatal("LDAP: Dovecot compiled without support for LDAP uris "
0e8f0647504b Check that uris and hosts settings are correct. Timo Sirainen <tss@iki.fi> parents: 3913 diff changeset	1212 "(ldap_initialize not found)");
0e8f0647504b Check that uris and hosts settings are correct. Timo Sirainen <tss@iki.fi> parents: 3913 diff changeset	1213 }
0e8f0647504b Check that uris and hosts settings are correct. Timo Sirainen <tss@iki.fi> parents: 3913 diff changeset	1214 #endif
0e8f0647504b Check that uris and hosts settings are correct. Timo Sirainen <tss@iki.fi> parents: 3913 diff changeset	1215
7397 8a4ecf4c2ca1 Added ldaprc_path setting. Timo Sirainen <tss@iki.fi> parents: 7396 diff changeset	1216 if (*conn->set.ldaprc_path != '\0') {
8a4ecf4c2ca1 Added ldaprc_path setting. Timo Sirainen <tss@iki.fi> parents: 7396 diff changeset	1217 str = getenv("LDAPRC");
8a4ecf4c2ca1 Added ldaprc_path setting. Timo Sirainen <tss@iki.fi> parents: 7396 diff changeset	1218 if (str != NULL && strcmp(str, conn->set.ldaprc_path) != 0) {
8a4ecf4c2ca1 Added ldaprc_path setting. Timo Sirainen <tss@iki.fi> parents: 7396 diff changeset	1219 i_fatal("LDAP: Multiple different ldaprc_path "
8a4ecf4c2ca1 Added ldaprc_path setting. Timo Sirainen <tss@iki.fi> parents: 7396 diff changeset	1220 "settings not allowed (%s and %s)",
8a4ecf4c2ca1 Added ldaprc_path setting. Timo Sirainen <tss@iki.fi> parents: 7396 diff changeset	1221 str, conn->set.ldaprc_path);
8a4ecf4c2ca1 Added ldaprc_path setting. Timo Sirainen <tss@iki.fi> parents: 7396 diff changeset	1222 }
8a4ecf4c2ca1 Added ldaprc_path setting. Timo Sirainen <tss@iki.fi> parents: 7396 diff changeset	1223 env_put(t_strconcat("LDAPRC=", conn->set.ldaprc_path, NULL));
8a4ecf4c2ca1 Added ldaprc_path setting. Timo Sirainen <tss@iki.fi> parents: 7396 diff changeset	1224 }
8a4ecf4c2ca1 Added ldaprc_path setting. Timo Sirainen <tss@iki.fi> parents: 7396 diff changeset	1225
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	1226 conn->set.ldap_deref = deref2str(conn->set.deref);
3502 5e78500f1aee user_global_uid and user_global_gid settings weren't working. Also changed Timo Sirainen <tss@iki.fi> parents: 3474 diff changeset	1227 conn->set.ldap_scope = scope2str(conn->set.scope);
5e78500f1aee user_global_uid and user_global_gid settings weren't working. Also changed Timo Sirainen <tss@iki.fi> parents: 3474 diff changeset	1228
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	1229 i_array_init(&conn->request_array, DB_LDAP_MAX_QUEUE_SIZE);
7079 d45c3058b91a Renamed queue to aqueue ("array queue") because struct queue already exists Timo Sirainen <tss@iki.fi> parents: 7062 diff changeset	1230 conn->request_queue = aqueue_init(&conn->request_array.arr);
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	1231
1143 50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is Timo Sirainen <tss@iki.fi> parents: 1141 diff changeset	1232 conn->next = ldap_connections;
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is Timo Sirainen <tss@iki.fi> parents: 1141 diff changeset	1233 ldap_connections = conn;
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	1234 return conn;
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	1235 }
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	1236
3879 928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to Timo Sirainen <tss@iki.fi> parents: 3863 diff changeset	1237 void db_ldap_unref(struct ldap_connection **_conn)
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	1238 {
3879 928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to Timo Sirainen <tss@iki.fi> parents: 3863 diff changeset	1239 struct ldap_connection conn = _conn;
3657 0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's Timo Sirainen <tss@iki.fi> parents: 3502 diff changeset	1240 struct ldap_connection **p;
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's Timo Sirainen <tss@iki.fi> parents: 3502 diff changeset	1241
3879 928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to Timo Sirainen <tss@iki.fi> parents: 3863 diff changeset	1242 *_conn = NULL;
3657 0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's Timo Sirainen <tss@iki.fi> parents: 3502 diff changeset	1243 i_assert(conn->refcount >= 0);
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	1244 if (--conn->refcount > 0)
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	1245 return;
3657 0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's Timo Sirainen <tss@iki.fi> parents: 3502 diff changeset	1246
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's Timo Sirainen <tss@iki.fi> parents: 3502 diff changeset	1247 for (p = &ldap_connections; p != NULL; p = &(p)->next) {
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's Timo Sirainen <tss@iki.fi> parents: 3502 diff changeset	1248 if (*p == conn) {
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's Timo Sirainen <tss@iki.fi> parents: 3502 diff changeset	1249 *p = conn->next;
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's Timo Sirainen <tss@iki.fi> parents: 3502 diff changeset	1250 break;
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's Timo Sirainen <tss@iki.fi> parents: 3502 diff changeset	1251 }
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's Timo Sirainen <tss@iki.fi> parents: 3502 diff changeset	1252 }
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	1253
7062 36402809db43 When aborting queued requests, log the reason for it. Timo Sirainen <tss@iki.fi> parents: 7050 diff changeset	1254 db_ldap_abort_requests(conn, -1U, 0, FALSE, "Shutting down");
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	1255 i_assert(conn->pending_count == 0);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	1256 db_ldap_conn_close(conn);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	1257 i_assert(conn->to == NULL);
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	1258
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	1259 array_free(&conn->request_array);
7079 d45c3058b91a Renamed queue to aqueue ("array queue") because struct queue already exists Timo Sirainen <tss@iki.fi> parents: 7062 diff changeset	1260 aqueue_deinit(&conn->request_queue);
7050 0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If Timo Sirainen <tss@iki.fi> parents: 7045 diff changeset	1261
3306 aebed9a9edac If both userdb and passdb used LDAP the later one was overriding first one's Timo Sirainen <tss@iki.fi> parents: 3212 diff changeset	1262 if (conn->pass_attr_map != NULL)
8573 f9166a09423a Renamed hash_() to hash_table_() to avoid conflicts with OSX's strhash.h Timo Sirainen <tss@iki.fi> parents: 8256 diff changeset	1263 hash_table_destroy(&conn->pass_attr_map);
3306 aebed9a9edac If both userdb and passdb used LDAP the later one was overriding first one's Timo Sirainen <tss@iki.fi> parents: 3212 diff changeset	1264 if (conn->user_attr_map != NULL)
8573 f9166a09423a Renamed hash_() to hash_table_() to avoid conflicts with OSX's strhash.h Timo Sirainen <tss@iki.fi> parents: 8256 diff changeset	1265 hash_table_destroy(&conn->user_attr_map);
6428 7cad076906eb pool_unref() now takes ** pointer. Timo Sirainen <tss@iki.fi> parents: 6417 diff changeset	1266 pool_unref(&conn->pool);
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	1267 }
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	1268
6198 4f6c4aeafafb --with-ldap=plugin builds LDAP passdb and userdb support as a plugin. Timo Sirainen <tss@iki.fi> parents: 6175 diff changeset	1269 #ifndef BUILTIN_LDAP
4f6c4aeafafb --with-ldap=plugin builds LDAP passdb and userdb support as a plugin. Timo Sirainen <tss@iki.fi> parents: 6175 diff changeset	1270 /* Building a plugin */
4f6c4aeafafb --with-ldap=plugin builds LDAP passdb and userdb support as a plugin. Timo Sirainen <tss@iki.fi> parents: 6175 diff changeset	1271 extern struct passdb_module_interface passdb_ldap;
4f6c4aeafafb --with-ldap=plugin builds LDAP passdb and userdb support as a plugin. Timo Sirainen <tss@iki.fi> parents: 6175 diff changeset	1272 extern struct userdb_module_interface userdb_ldap;
4f6c4aeafafb --with-ldap=plugin builds LDAP passdb and userdb support as a plugin. Timo Sirainen <tss@iki.fi> parents: 6175 diff changeset	1273
4f6c4aeafafb --with-ldap=plugin builds LDAP passdb and userdb support as a plugin. Timo Sirainen <tss@iki.fi> parents: 6175 diff changeset	1274 void authdb_ldap_init(void);
4f6c4aeafafb --with-ldap=plugin builds LDAP passdb and userdb support as a plugin. Timo Sirainen <tss@iki.fi> parents: 6175 diff changeset	1275 void authdb_ldap_deinit(void);
4f6c4aeafafb --with-ldap=plugin builds LDAP passdb and userdb support as a plugin. Timo Sirainen <tss@iki.fi> parents: 6175 diff changeset	1276
4f6c4aeafafb --with-ldap=plugin builds LDAP passdb and userdb support as a plugin. Timo Sirainen <tss@iki.fi> parents: 6175 diff changeset	1277 void authdb_ldap_init(void)
4f6c4aeafafb --with-ldap=plugin builds LDAP passdb and userdb support as a plugin. Timo Sirainen <tss@iki.fi> parents: 6175 diff changeset	1278 {
4f6c4aeafafb --with-ldap=plugin builds LDAP passdb and userdb support as a plugin. Timo Sirainen <tss@iki.fi> parents: 6175 diff changeset	1279 passdb_register_module(&passdb_ldap);
4f6c4aeafafb --with-ldap=plugin builds LDAP passdb and userdb support as a plugin. Timo Sirainen <tss@iki.fi> parents: 6175 diff changeset	1280 userdb_register_module(&userdb_ldap);
4f6c4aeafafb --with-ldap=plugin builds LDAP passdb and userdb support as a plugin. Timo Sirainen <tss@iki.fi> parents: 6175 diff changeset	1281
4f6c4aeafafb --with-ldap=plugin builds LDAP passdb and userdb support as a plugin. Timo Sirainen <tss@iki.fi> parents: 6175 diff changeset	1282 }
4f6c4aeafafb --with-ldap=plugin builds LDAP passdb and userdb support as a plugin. Timo Sirainen <tss@iki.fi> parents: 6175 diff changeset	1283 void authdb_ldap_deinit(void)
4f6c4aeafafb --with-ldap=plugin builds LDAP passdb and userdb support as a plugin. Timo Sirainen <tss@iki.fi> parents: 6175 diff changeset	1284 {
4f6c4aeafafb --with-ldap=plugin builds LDAP passdb and userdb support as a plugin. Timo Sirainen <tss@iki.fi> parents: 6175 diff changeset	1285 passdb_unregister_module(&passdb_ldap);
4f6c4aeafafb --with-ldap=plugin builds LDAP passdb and userdb support as a plugin. Timo Sirainen <tss@iki.fi> parents: 6175 diff changeset	1286 userdb_unregister_module(&userdb_ldap);
4f6c4aeafafb --with-ldap=plugin builds LDAP passdb and userdb support as a plugin. Timo Sirainen <tss@iki.fi> parents: 6175 diff changeset	1287 }
1062 0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it Timo Sirainen <tss@iki.fi> parents: diff changeset	1288 #endif
6198 4f6c4aeafafb --with-ldap=plugin builds LDAP passdb and userdb support as a plugin. Timo Sirainen <tss@iki.fi> parents: 6175 diff changeset	1289
4f6c4aeafafb --with-ldap=plugin builds LDAP passdb and userdb support as a plugin. Timo Sirainen <tss@iki.fi> parents: 6175 diff changeset	1290 #endif

Mercurial > dovecot > original-hg > dovecot-1.2

annotate src/auth/db-ldap.c @ 8958:16c286aee307 HEAD