Mercurial > dovecot > original-hg > dovecot-1.2
annotate src/auth/db-ldap.c @ 4624:5beb1fe35e52 HEAD
"Can't connect to server" message's host was wrong if uris setting was used.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Fri, 22 Sep 2006 16:26:45 +0300 |
parents | ffafc8583e06 |
children | deccf9e1aebc |
rev | line source |
---|---|
4426
b8089cf41c96
Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents:
4415
diff
changeset
|
1 /* Copyright (C) 2003-2006 Timo Sirainen */ |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
2 |
3474
9096b7957413
Removed direct config.h including. I'm not sure why it was done before,
Timo Sirainen <tss@iki.fi>
parents:
3306
diff
changeset
|
3 #include "common.h" |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
4 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
5 #if defined(PASSDB_LDAP) || defined(USERDB_LDAP) |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
6 |
1075
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1062
diff
changeset
|
7 #include "network.h" |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
8 #include "ioloop.h" |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
9 #include "hash.h" |
1189
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
10 #include "str.h" |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
11 #include "settings.h" |
3502
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
12 #include "userdb.h" |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
13 #include "db-ldap.h" |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
14 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
15 #include <stddef.h> |
1610
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1330
diff
changeset
|
16 #include <stdlib.h> |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
17 |
4426
b8089cf41c96
Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents:
4415
diff
changeset
|
18 #define HAVE_LDAP_SASL |
4427
ffafc8583e06
Prefer sasl/sasl.h. Require SASL v2, otherwise disable it.
Timo Sirainen <tss@iki.fi>
parents:
4426
diff
changeset
|
19 #ifdef HAVE_SASL_SASL_H |
ffafc8583e06
Prefer sasl/sasl.h. Require SASL v2, otherwise disable it.
Timo Sirainen <tss@iki.fi>
parents:
4426
diff
changeset
|
20 # include <sasl/sasl.h> |
ffafc8583e06
Prefer sasl/sasl.h. Require SASL v2, otherwise disable it.
Timo Sirainen <tss@iki.fi>
parents:
4426
diff
changeset
|
21 #elif defined (HAVE_SASL_H) |
4426
b8089cf41c96
Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents:
4415
diff
changeset
|
22 # include <sasl.h> |
b8089cf41c96
Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents:
4415
diff
changeset
|
23 #else |
b8089cf41c96
Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents:
4415
diff
changeset
|
24 # undef HAVE_LDAP_SASL |
b8089cf41c96
Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents:
4415
diff
changeset
|
25 #endif |
4427
ffafc8583e06
Prefer sasl/sasl.h. Require SASL v2, otherwise disable it.
Timo Sirainen <tss@iki.fi>
parents:
4426
diff
changeset
|
26 #if SASL_VERSION_MAJOR < 2 |
ffafc8583e06
Prefer sasl/sasl.h. Require SASL v2, otherwise disable it.
Timo Sirainen <tss@iki.fi>
parents:
4426
diff
changeset
|
27 # undef HAVE_LDAP_SASL |
ffafc8583e06
Prefer sasl/sasl.h. Require SASL v2, otherwise disable it.
Timo Sirainen <tss@iki.fi>
parents:
4426
diff
changeset
|
28 #endif |
4426
b8089cf41c96
Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents:
4415
diff
changeset
|
29 |
1181
ac7dbb236b59
Rather than block for two seconds, we can just call ldap_result() again if
Timo Sirainen <tss@iki.fi>
parents:
1143
diff
changeset
|
30 /* Older versions may require calling ldap_result() twice */ |
ac7dbb236b59
Rather than block for two seconds, we can just call ldap_result() again if
Timo Sirainen <tss@iki.fi>
parents:
1143
diff
changeset
|
31 #if LDAP_VENDOR_VERSION <= 20112 |
1086
067130d609b7
Define OPENLDAP_ASYNC_WORKAROUND
Timo Sirainen <tss@iki.fi>
parents:
1075
diff
changeset
|
32 # define OPENLDAP_ASYNC_WORKAROUND |
067130d609b7
Define OPENLDAP_ASYNC_WORKAROUND
Timo Sirainen <tss@iki.fi>
parents:
1075
diff
changeset
|
33 #endif |
067130d609b7
Define OPENLDAP_ASYNC_WORKAROUND
Timo Sirainen <tss@iki.fi>
parents:
1075
diff
changeset
|
34 |
2325
7613e0f68513
Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents:
1910
diff
changeset
|
35 /* Solaris LDAP library doesn't have LDAP_OPT_SUCCESS */ |
7613e0f68513
Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents:
1910
diff
changeset
|
36 #ifndef LDAP_OPT_SUCCESS |
7613e0f68513
Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents:
1910
diff
changeset
|
37 # define LDAP_OPT_SUCCESS LDAP_SUCCESS |
7613e0f68513
Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents:
1910
diff
changeset
|
38 #endif |
7613e0f68513
Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents:
1910
diff
changeset
|
39 |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
40 #define DEF(type, name) \ |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
41 { type, #name, offsetof(struct ldap_settings, name) } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
42 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
43 static struct setting_def setting_defs[] = { |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
44 DEF(SET_STR, hosts), |
1910 | 45 DEF(SET_STR, uris), |
1075
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1062
diff
changeset
|
46 DEF(SET_STR, dn), |
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1062
diff
changeset
|
47 DEF(SET_STR, dnpass), |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
48 DEF(SET_BOOL, auth_bind), |
3840
935f12d0d2fe
Added fast authbinding and auth_bind_userdn setting. Patch by Geff
Timo Sirainen <tss@iki.fi>
parents:
3771
diff
changeset
|
49 DEF(SET_STR, auth_bind_userdn), |
4415
b91816cd1d16
Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents:
4405
diff
changeset
|
50 DEF(SET_BOOL, tls), |
4319
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
51 DEF(SET_BOOL, sasl_bind), |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
52 DEF(SET_STR, sasl_mech), |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
53 DEF(SET_STR, sasl_realm), |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
54 DEF(SET_STR, sasl_authz_id), |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
55 DEF(SET_STR, sasl_props), |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
56 DEF(SET_STR, deref), |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
57 DEF(SET_STR, scope), |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
58 DEF(SET_STR, base), |
1282 | 59 DEF(SET_INT, ldap_version), |
1136
ad6343bd4479
Separate user and pass attrs/filters in config file
Timo Sirainen <tss@iki.fi>
parents:
1135
diff
changeset
|
60 DEF(SET_STR, user_attrs), |
ad6343bd4479
Separate user and pass attrs/filters in config file
Timo Sirainen <tss@iki.fi>
parents:
1135
diff
changeset
|
61 DEF(SET_STR, user_filter), |
ad6343bd4479
Separate user and pass attrs/filters in config file
Timo Sirainen <tss@iki.fi>
parents:
1135
diff
changeset
|
62 DEF(SET_STR, pass_attrs), |
1141
873634a5b472
Added user_global_uid and user_global_gid LDAP settings.
Timo Sirainen <tss@iki.fi>
parents:
1136
diff
changeset
|
63 DEF(SET_STR, pass_filter), |
1191
65e48854491d
Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents:
1189
diff
changeset
|
64 DEF(SET_STR, default_pass_scheme), |
3502
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
65 DEF(SET_STR, user_global_uid), |
3913
af15aab60ff1
Settings' default listing wasn't ended properly, which could have caused
Timo Sirainen <tss@iki.fi>
parents:
3908
diff
changeset
|
66 DEF(SET_STR, user_global_gid), |
af15aab60ff1
Settings' default listing wasn't ended properly, which could have caused
Timo Sirainen <tss@iki.fi>
parents:
3908
diff
changeset
|
67 |
af15aab60ff1
Settings' default listing wasn't ended properly, which could have caused
Timo Sirainen <tss@iki.fi>
parents:
3908
diff
changeset
|
68 { 0, NULL, 0 } |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
69 }; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
70 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
71 struct ldap_settings default_ldap_settings = { |
1910 | 72 MEMBER(hosts) NULL, |
73 MEMBER(uris) NULL, | |
1075
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1062
diff
changeset
|
74 MEMBER(dn) NULL, |
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1062
diff
changeset
|
75 MEMBER(dnpass) NULL, |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
76 MEMBER(auth_bind) FALSE, |
3840
935f12d0d2fe
Added fast authbinding and auth_bind_userdn setting. Patch by Geff
Timo Sirainen <tss@iki.fi>
parents:
3771
diff
changeset
|
77 MEMBER(auth_bind_userdn) NULL, |
4415
b91816cd1d16
Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents:
4405
diff
changeset
|
78 MEMBER(tls) FALSE, |
4319
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
79 MEMBER(sasl_bind) FALSE, |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
80 MEMBER(sasl_mech) NULL, |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
81 MEMBER(sasl_realm) NULL, |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
82 MEMBER(sasl_authz_id) NULL, |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
83 MEMBER(sasl_props) NULL, |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
84 MEMBER(deref) "never", |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
85 MEMBER(scope) "subtree", |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
86 MEMBER(base) NULL, |
1282 | 87 MEMBER(ldap_version) 2, |
3094
d78e9a31b6d8
Move default filters/attrs to setting defaults rather than check it from
Timo Sirainen <tss@iki.fi>
parents:
2994
diff
changeset
|
88 MEMBER(user_attrs) "uid,homeDirectory,,,uidNumber,gidNumber", |
d78e9a31b6d8
Move default filters/attrs to setting defaults rather than check it from
Timo Sirainen <tss@iki.fi>
parents:
2994
diff
changeset
|
89 MEMBER(user_filter) "(&(objectClass=posixAccount)(uid=%u))", |
d78e9a31b6d8
Move default filters/attrs to setting defaults rather than check it from
Timo Sirainen <tss@iki.fi>
parents:
2994
diff
changeset
|
90 MEMBER(pass_attrs) "uid,userPassword", |
d78e9a31b6d8
Move default filters/attrs to setting defaults rather than check it from
Timo Sirainen <tss@iki.fi>
parents:
2994
diff
changeset
|
91 MEMBER(pass_filter) "(&(objectClass=posixAccount)(uid=%u))", |
1191
65e48854491d
Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents:
1189
diff
changeset
|
92 MEMBER(default_pass_scheme) "crypt", |
3502
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
93 MEMBER(user_global_uid) "", |
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
94 MEMBER(user_global_gid) "" |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
95 }; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
96 |
1143
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
97 static struct ldap_connection *ldap_connections = NULL; |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
98 |
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3840
diff
changeset
|
99 static void ldap_conn_close(struct ldap_connection *conn, bool flush_requests); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
100 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
101 static int deref2str(const char *str) |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
102 { |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
103 if (strcasecmp(str, "never") == 0) |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
104 return LDAP_DEREF_NEVER; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
105 if (strcasecmp(str, "searching") == 0) |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
106 return LDAP_DEREF_SEARCHING; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
107 if (strcasecmp(str, "finding") == 0) |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
108 return LDAP_DEREF_FINDING; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
109 if (strcasecmp(str, "always") == 0) |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
110 return LDAP_DEREF_ALWAYS; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
111 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
112 i_fatal("LDAP: Unknown deref option '%s'", str); |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
113 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
114 |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
115 static int scope2str(const char *str) |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
116 { |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
117 if (strcasecmp(str, "base") == 0) |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
118 return LDAP_SCOPE_BASE; |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
119 if (strcasecmp(str, "onelevel") == 0) |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
120 return LDAP_SCOPE_ONELEVEL; |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
121 if (strcasecmp(str, "subtree") == 0) |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
122 return LDAP_SCOPE_SUBTREE; |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
123 |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
124 i_fatal("LDAP: Unknown scope option '%s'", str); |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
125 } |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
126 |
1210 | 127 const char *ldap_get_error(struct ldap_connection *conn) |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
128 { |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
129 int ret, err; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
130 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
131 ret = ldap_get_option(conn->ld, LDAP_OPT_ERROR_NUMBER, (void *) &err); |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
132 if (ret != LDAP_SUCCESS) { |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
133 i_error("LDAP: Can't get error number: %s", |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
134 ldap_err2string(ret)); |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
135 return "??"; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
136 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
137 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
138 return ldap_err2string(err); |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
139 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
140 |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
141 void db_ldap_search(struct ldap_connection *conn, struct ldap_request *request, |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
142 int scope) |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
143 { |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
144 int msgid; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
145 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
146 if (!conn->connected) { |
2648
cc2e39912eb3
Added preinit() call to userdb/passdbs, which is called before dropping
Timo Sirainen <tss@iki.fi>
parents:
2325
diff
changeset
|
147 if (!db_ldap_connect(conn)) { |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
148 request->callback(conn, request, NULL); |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
149 return; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
150 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
151 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
152 |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
153 msgid = ldap_search(conn->ld, request->base, scope, |
3731
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
154 request->filter, request->attributes, 0); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
155 if (msgid == -1) { |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
156 i_error("LDAP: ldap_search() failed (filter %s): %s", |
3731
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
157 request->filter, ldap_get_error(conn)); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
158 request->callback(conn, request, NULL); |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
159 return; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
160 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
161 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
162 hash_insert(conn->requests, POINTER_CAST(msgid), request); |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
163 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
164 |
3731
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
165 static void ldap_conn_retry_requests(struct ldap_connection *conn) |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
166 { |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
167 struct hash_table *old_requests; |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
168 struct hash_iterate_context *iter; |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
169 void *key, *value; |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
170 |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
171 i_assert(conn->connected); |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
172 |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
173 if (hash_size(conn->requests) == 0) |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
174 return; |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
175 |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
176 old_requests = conn->requests; |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
177 conn->requests = hash_create(default_pool, conn->pool, 0, NULL, NULL); |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
178 |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
179 iter = hash_iterate_init(old_requests); |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
180 while (hash_iterate(iter, &key, &value)) { |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
181 struct ldap_request *request = value; |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
182 |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
183 i_assert(conn->connected); |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
184 db_ldap_search(conn, request, conn->set.ldap_scope); |
3731
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
185 } |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
186 hash_iterate_deinit(iter); |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
187 hash_destroy(old_requests); |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
188 } |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
189 |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
190 static void ldap_conn_reconnect(struct ldap_connection *conn) |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
191 { |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
192 ldap_conn_close(conn, FALSE); |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
193 |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
194 if (!db_ldap_connect(conn)) { |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
195 /* failed to reconnect. fail all requests. */ |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
196 ldap_conn_close(conn, TRUE); |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
197 } |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
198 } |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
199 |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
200 static void ldap_input(void *context) |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
201 { |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
202 struct ldap_connection *conn = context; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
203 struct ldap_request *request; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
204 struct timeval timeout; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
205 LDAPMessage *res; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
206 int ret, msgid; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
207 |
1210 | 208 while (conn->ld != NULL) { |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
209 memset(&timeout, 0, sizeof(timeout)); |
1181
ac7dbb236b59
Rather than block for two seconds, we can just call ldap_result() again if
Timo Sirainen <tss@iki.fi>
parents:
1143
diff
changeset
|
210 ret = ldap_result(conn->ld, LDAP_RES_ANY, 1, &timeout, &res); |
1075
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1062
diff
changeset
|
211 #ifdef OPENLDAP_ASYNC_WORKAROUND |
1181
ac7dbb236b59
Rather than block for two seconds, we can just call ldap_result() again if
Timo Sirainen <tss@iki.fi>
parents:
1143
diff
changeset
|
212 if (ret == 0) { |
ac7dbb236b59
Rather than block for two seconds, we can just call ldap_result() again if
Timo Sirainen <tss@iki.fi>
parents:
1143
diff
changeset
|
213 /* try again, there may be another in buffer */ |
ac7dbb236b59
Rather than block for two seconds, we can just call ldap_result() again if
Timo Sirainen <tss@iki.fi>
parents:
1143
diff
changeset
|
214 ret = ldap_result(conn->ld, LDAP_RES_ANY, 1, |
ac7dbb236b59
Rather than block for two seconds, we can just call ldap_result() again if
Timo Sirainen <tss@iki.fi>
parents:
1143
diff
changeset
|
215 &timeout, &res); |
ac7dbb236b59
Rather than block for two seconds, we can just call ldap_result() again if
Timo Sirainen <tss@iki.fi>
parents:
1143
diff
changeset
|
216 } |
1075
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1062
diff
changeset
|
217 #endif |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
218 if (ret <= 0) { |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
219 if (ret < 0) { |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
220 i_error("LDAP: ldap_result() failed: %s", |
1210 | 221 ldap_get_error(conn)); |
3731
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
222 ldap_conn_reconnect(conn); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
223 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
224 return; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
225 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
226 |
1210 | 227 msgid = ldap_msgid(res); |
228 request = hash_lookup(conn->requests, POINTER_CAST(msgid)); | |
229 if (request == NULL) { | |
230 i_error("LDAP: Reply with unknown msgid %d", | |
231 msgid); | |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
232 } else { |
1210 | 233 hash_remove(conn->requests, POINTER_CAST(msgid)); |
234 request->callback(conn, request, res); | |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
235 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
236 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
237 ldap_msgfree(res); |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
238 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
239 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
240 |
4426
b8089cf41c96
Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents:
4415
diff
changeset
|
241 #ifdef HAVE_LDAP_SASL |
4405
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
242 static int |
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
243 sasl_interact(LDAP *ld __attr_unused__, unsigned flags __attr_unused__, |
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
244 void *defaults, void *interact) |
4319
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
245 { |
4426
b8089cf41c96
Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents:
4415
diff
changeset
|
246 struct ldap_sasl_bind_context *context = defaults; |
4319
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
247 sasl_interact_t *in; |
4405
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
248 const char *str; |
4319
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
249 |
4405
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
250 for (in = interact; in->id != SASL_CB_LIST_END; in++) { |
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
251 switch (in->id) { |
4319
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
252 case SASL_CB_GETREALM: |
4405
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
253 str = context->realm; |
4319
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
254 break; |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
255 case SASL_CB_AUTHNAME: |
4405
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
256 str = context->authcid; |
4319
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
257 break; |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
258 case SASL_CB_USER: |
4405
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
259 str = context->authzid; |
4319
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
260 break; |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
261 case SASL_CB_PASS: |
4405
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
262 str = context->passwd; |
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
263 break; |
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
264 default: |
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
265 str = NULL; |
4319
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
266 break; |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
267 } |
4405
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
268 if (str != NULL) { |
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
269 in->len = strlen(str); |
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
270 in->result = str; |
4319
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
271 } |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
272 |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
273 } |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
274 return LDAP_SUCCESS; |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
275 } |
4426
b8089cf41c96
Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents:
4415
diff
changeset
|
276 #endif |
4319
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
277 |
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3840
diff
changeset
|
278 bool db_ldap_connect(struct ldap_connection *conn) |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
279 { |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
280 int ret, fd; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
281 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
282 if (conn->connected) |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
283 return TRUE; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
284 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
285 if (conn->ld == NULL) { |
1910 | 286 if (conn->set.uris != NULL) { |
2325
7613e0f68513
Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents:
1910
diff
changeset
|
287 #ifdef LDAP_HAVE_INITIALIZE |
1910 | 288 if (ldap_initialize(&conn->ld, conn->set.uris) != LDAP_SUCCESS) |
289 conn->ld = NULL; | |
2325
7613e0f68513
Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents:
1910
diff
changeset
|
290 #else |
7613e0f68513
Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents:
1910
diff
changeset
|
291 i_fatal("LDAP: Your LDAP library doesn't support " |
7613e0f68513
Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents:
1910
diff
changeset
|
292 "'uris' setting, use 'hosts' instead."); |
7613e0f68513
Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents:
1910
diff
changeset
|
293 #endif |
1910 | 294 } else |
295 conn->ld = ldap_init(conn->set.hosts, LDAP_PORT); | |
296 | |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
297 if (conn->ld == NULL) |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
298 i_fatal("LDAP: ldap_init() failed with hosts: %s", |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
299 conn->set.hosts); |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
300 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
301 ret = ldap_set_option(conn->ld, LDAP_OPT_DEREF, |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
302 (void *) &conn->set.ldap_deref); |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
303 if (ret != LDAP_SUCCESS) { |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
304 i_fatal("LDAP: Can't set deref option: %s", |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
305 ldap_err2string(ret)); |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
306 } |
1282 | 307 |
308 ret = ldap_set_option(conn->ld, LDAP_OPT_PROTOCOL_VERSION, | |
309 (void *) &conn->set.ldap_version); | |
310 if (ret != LDAP_OPT_SUCCESS) { | |
311 i_fatal("LDAP: Can't set protocol version %u: %s", | |
312 conn->set.ldap_version, ldap_err2string(ret)); | |
313 } | |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
314 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
315 |
4415
b91816cd1d16
Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents:
4405
diff
changeset
|
316 if (conn->set.tls) { |
b91816cd1d16
Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents:
4405
diff
changeset
|
317 #ifdef LDAP_HAVE_START_TLS_S |
b91816cd1d16
Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents:
4405
diff
changeset
|
318 ret = ldap_start_tls_s(conn->ld, NULL, NULL); |
b91816cd1d16
Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents:
4405
diff
changeset
|
319 if (ret != LDAP_SUCCESS) { |
b91816cd1d16
Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents:
4405
diff
changeset
|
320 i_error("LDAP: ldap_start_tls_s() failed: %s", |
b91816cd1d16
Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents:
4405
diff
changeset
|
321 ldap_err2string(ret)); |
b91816cd1d16
Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents:
4405
diff
changeset
|
322 return FALSE; |
b91816cd1d16
Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents:
4405
diff
changeset
|
323 } |
b91816cd1d16
Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents:
4405
diff
changeset
|
324 #else |
b91816cd1d16
Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents:
4405
diff
changeset
|
325 i_error("LDAP: Your LDAP library doesn't support TLS"); |
b91816cd1d16
Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents:
4405
diff
changeset
|
326 return FALSE; |
b91816cd1d16
Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents:
4405
diff
changeset
|
327 #endif |
b91816cd1d16
Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents:
4405
diff
changeset
|
328 } |
b91816cd1d16
Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents:
4405
diff
changeset
|
329 |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
330 /* FIXME: we shouldn't use blocking bind */ |
4319
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
331 if (conn->set.sasl_bind) { |
4426
b8089cf41c96
Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents:
4415
diff
changeset
|
332 #ifdef HAVE_LDAP_SASL |
b8089cf41c96
Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents:
4415
diff
changeset
|
333 struct ldap_sasl_bind_context context; |
b8089cf41c96
Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents:
4415
diff
changeset
|
334 |
b8089cf41c96
Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents:
4415
diff
changeset
|
335 memset(&context, 0, sizeof(context)); |
4319
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
336 context.authcid = conn->set.dn; |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
337 context.passwd = conn->set.dnpass; |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
338 context.realm = conn->set.sasl_realm; |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
339 context.authzid = conn->set.sasl_authz_id; |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
340 |
4405
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
341 ret = ldap_sasl_interactive_bind_s(conn->ld, NULL, |
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
342 conn->set.sasl_mech, |
4319
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
343 NULL, NULL, LDAP_SASL_QUIET, |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
344 sasl_interact, &context); |
4426
b8089cf41c96
Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents:
4415
diff
changeset
|
345 #else |
b8089cf41c96
Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents:
4415
diff
changeset
|
346 i_fatal("LDAP: sasl_bind=yes but no SASL support compiled in"); |
b8089cf41c96
Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents:
4415
diff
changeset
|
347 #endif |
4319
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
348 } else { |
4405
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
349 ret = ldap_simple_bind_s(conn->ld, conn->set.dn, |
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
350 conn->set.dnpass); |
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
351 } |
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
352 if (ret == LDAP_SERVER_DOWN) { |
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
353 i_error("LDAP: Can't connect to server: %s", |
4624
5beb1fe35e52
"Can't connect to server" message's host was wrong if uris setting was used.
Timo Sirainen <tss@iki.fi>
parents:
4427
diff
changeset
|
354 conn->set.uris != NULL ? |
5beb1fe35e52
"Can't connect to server" message's host was wrong if uris setting was used.
Timo Sirainen <tss@iki.fi>
parents:
4427
diff
changeset
|
355 conn->set.uris : conn->set.hosts); |
4405
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
356 return FALSE; |
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
357 } |
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
358 if (ret != LDAP_SUCCESS) { |
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
359 i_error("LDAP: binding failed (dn %s): %s", |
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
360 conn->set.dn == NULL ? "(none)" : conn->set.dn, |
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
361 ldap_get_error(conn)); |
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
362 return FALSE; |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
363 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
364 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
365 conn->connected = TRUE; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
366 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
367 /* register LDAP input to ioloop */ |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
368 ret = ldap_get_option(conn->ld, LDAP_OPT_DESC, (void *) &fd); |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
369 if (ret != LDAP_SUCCESS) { |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
370 i_fatal("LDAP: Can't get connection fd: %s", |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
371 ldap_err2string(ret)); |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
372 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
373 |
1075
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1062
diff
changeset
|
374 net_set_nonblock(fd, TRUE); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
375 conn->io = io_add(fd, IO_READ, ldap_input, conn); |
3731
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
376 |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
377 /* in case there are requests waiting, retry them */ |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
378 ldap_conn_retry_requests(conn); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
379 return TRUE; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
380 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
381 |
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3840
diff
changeset
|
382 static void ldap_conn_close(struct ldap_connection *conn, bool flush_requests) |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
383 { |
1897
1e6ed8045f2b
Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents:
1709
diff
changeset
|
384 struct hash_iterate_context *iter; |
1e6ed8045f2b
Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents:
1709
diff
changeset
|
385 void *key, *value; |
1e6ed8045f2b
Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents:
1709
diff
changeset
|
386 |
3731
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
387 if (flush_requests) { |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
388 iter = hash_iterate_init(conn->requests); |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
389 while (hash_iterate(iter, &key, &value)) { |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
390 struct ldap_request *request = value; |
1897
1e6ed8045f2b
Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents:
1709
diff
changeset
|
391 |
3731
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
392 request->callback(conn, request, NULL); |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
393 } |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
394 hash_iterate_deinit(iter); |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
395 hash_clear(conn->requests, FALSE); |
1897
1e6ed8045f2b
Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents:
1709
diff
changeset
|
396 } |
1210 | 397 |
398 conn->connected = FALSE; | |
399 | |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
400 if (conn->io != NULL) |
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
401 io_remove(&conn->io); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
402 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
403 if (conn->ld != NULL) { |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
404 ldap_unbind(conn->ld); |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
405 conn->ld = NULL; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
406 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
407 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
408 |
3158
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
409 void db_ldap_set_attrs(struct ldap_connection *conn, const char *attrlist, |
3306
aebed9a9edac
If both userdb and passdb used LDAP the later one was overriding first one's
Timo Sirainen <tss@iki.fi>
parents:
3212
diff
changeset
|
410 char ***attr_names_r, struct hash_table *attr_map, |
3158
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
411 const char *const default_attr_map[]) |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
412 { |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
413 const char *const *attr; |
3158
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
414 char *name, *value, *p; |
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
415 unsigned int i, size; |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
416 |
3158
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
417 if (*attrlist == '\0') |
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
418 return; |
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
419 |
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
420 t_push(); |
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
421 attr = t_strsplit(attrlist, ","); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
422 |
3212 | 423 /* @UNSAFE */ |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
424 for (size = 0; attr[size] != NULL; size++) ; |
3306
aebed9a9edac
If both userdb and passdb used LDAP the later one was overriding first one's
Timo Sirainen <tss@iki.fi>
parents:
3212
diff
changeset
|
425 *attr_names_r = p_new(conn->pool, char *, size + 1); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
426 |
3158
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
427 for (i = 0; i < size; i++) { |
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
428 p = strchr(attr[i], '='); |
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
429 if (p == NULL) { |
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
430 name = p_strdup(conn->pool, attr[i]); |
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
431 value = *default_attr_map == NULL ? name : |
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
432 p_strdup(conn->pool, *default_attr_map); |
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
433 } else { |
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
434 name = p_strdup_until(conn->pool, attr[i], p); |
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
435 value = p_strdup(conn->pool, p + 1); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
436 } |
3158
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
437 |
3306
aebed9a9edac
If both userdb and passdb used LDAP the later one was overriding first one's
Timo Sirainen <tss@iki.fi>
parents:
3212
diff
changeset
|
438 (*attr_names_r)[i] = name; |
3158
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
439 if (*name != '\0') |
3306
aebed9a9edac
If both userdb and passdb used LDAP the later one was overriding first one's
Timo Sirainen <tss@iki.fi>
parents:
3212
diff
changeset
|
440 hash_insert(attr_map, name, value); |
3158
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
441 |
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
442 if (*default_attr_map != NULL) |
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
443 default_attr_map++; |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
444 } |
3158
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
445 t_pop(); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
446 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
447 |
1330
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
448 #define IS_LDAP_ESCAPED_CHAR(c) \ |
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
449 ((c) == '*' || (c) == '(' || (c) == ')' || (c) == '\\') |
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
450 |
4295
4fc637010202
Escape SQL strings using sql_escape_string(). Fixes the problems with
Timo Sirainen <tss@iki.fi>
parents:
4180
diff
changeset
|
451 const char *ldap_escape(const char *str, |
4fc637010202
Escape SQL strings using sql_escape_string(). Fixes the problems with
Timo Sirainen <tss@iki.fi>
parents:
4180
diff
changeset
|
452 const struct auth_request *auth_request __attr_unused__) |
1189
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
453 { |
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
454 const char *p; |
1330
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
455 string_t *ret; |
1189
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
456 |
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
457 for (p = str; *p != '\0'; p++) { |
1330
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
458 if (IS_LDAP_ESCAPED_CHAR(*p)) |
1189
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
459 break; |
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
460 } |
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
461 |
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
462 if (*p == '\0') |
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
463 return str; |
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
464 |
1330
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
465 ret = t_str_new((size_t) (p - str) + 64); |
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
466 str_append_n(ret, str, (size_t) (p - str)); |
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
467 |
1189
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
468 for (; *p != '\0'; p++) { |
1330
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
469 if (IS_LDAP_ESCAPED_CHAR(*p)) |
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
470 str_append_c(ret, '\\'); |
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
471 str_append_c(ret, *p); |
1189
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
472 } |
1330
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
473 return str_c(ret); |
1189
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
474 } |
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
475 |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
476 static const char *parse_setting(const char *key, const char *value, |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
477 void *context) |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
478 { |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
479 struct ldap_connection *conn = context; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
480 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
481 return parse_setting_from_defs(conn->pool, setting_defs, |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
482 &conn->set, key, value); |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
483 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
484 |
1143
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
485 static struct ldap_connection *ldap_conn_find(const char *config_path) |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
486 { |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
487 struct ldap_connection *conn; |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
488 |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
489 for (conn = ldap_connections; conn != NULL; conn = conn->next) { |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
490 if (strcmp(conn->config_path, config_path) == 0) |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
491 return conn; |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
492 } |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
493 |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
494 return NULL; |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
495 } |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
496 |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
497 struct ldap_connection *db_ldap_init(const char *config_path) |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
498 { |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
499 struct ldap_connection *conn; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
500 pool_t pool; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
501 |
1143
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
502 /* see if it already exists */ |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
503 conn = ldap_conn_find(config_path); |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
504 if (conn != NULL) { |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
505 conn->refcount++; |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
506 return conn; |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
507 } |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
508 |
3908
afe21b6d4b68
Give a clear error message if SQL/LDAP configuration file path was left
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
509 if (*config_path == '\0') |
afe21b6d4b68
Give a clear error message if SQL/LDAP configuration file path was left
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
510 i_fatal("LDAP: Configuration file path not given"); |
afe21b6d4b68
Give a clear error message if SQL/LDAP configuration file path was left
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
511 |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
512 pool = pool_alloconly_create("ldap_connection", 1024); |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
513 conn = p_new(pool, struct ldap_connection, 1); |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
514 conn->pool = pool; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
515 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
516 conn->refcount = 1; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
517 conn->requests = hash_create(default_pool, pool, 0, NULL, NULL); |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
518 |
1143
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
519 conn->config_path = p_strdup(pool, config_path); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
520 conn->set = default_ldap_settings; |
1610
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1330
diff
changeset
|
521 if (!settings_read(config_path, NULL, parse_setting, NULL, conn)) |
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1330
diff
changeset
|
522 exit(FATAL_DEFAULT); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
523 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
524 if (conn->set.base == NULL) |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
525 i_fatal("LDAP: No base given"); |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
526 |
4006
0e8f0647504b
Check that uris and hosts settings are correct.
Timo Sirainen <tss@iki.fi>
parents:
3913
diff
changeset
|
527 if (conn->set.uris == NULL && conn->set.hosts == NULL) |
0e8f0647504b
Check that uris and hosts settings are correct.
Timo Sirainen <tss@iki.fi>
parents:
3913
diff
changeset
|
528 i_fatal("LDAP: No uris or hosts set"); |
0e8f0647504b
Check that uris and hosts settings are correct.
Timo Sirainen <tss@iki.fi>
parents:
3913
diff
changeset
|
529 #ifndef LDAP_HAVE_INITIALIZE |
4180
92b572fbb88a
If LDAP library didn't have ldap_initialize() function, we always complained
Timo Sirainen <tss@iki.fi>
parents:
4006
diff
changeset
|
530 if (conn->set.uris != NULL) { |
4006
0e8f0647504b
Check that uris and hosts settings are correct.
Timo Sirainen <tss@iki.fi>
parents:
3913
diff
changeset
|
531 i_fatal("LDAP: Dovecot compiled without support for LDAP uris " |
0e8f0647504b
Check that uris and hosts settings are correct.
Timo Sirainen <tss@iki.fi>
parents:
3913
diff
changeset
|
532 "(ldap_initialize not found)"); |
0e8f0647504b
Check that uris and hosts settings are correct.
Timo Sirainen <tss@iki.fi>
parents:
3913
diff
changeset
|
533 } |
0e8f0647504b
Check that uris and hosts settings are correct.
Timo Sirainen <tss@iki.fi>
parents:
3913
diff
changeset
|
534 #endif |
0e8f0647504b
Check that uris and hosts settings are correct.
Timo Sirainen <tss@iki.fi>
parents:
3913
diff
changeset
|
535 |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
536 conn->set.ldap_deref = deref2str(conn->set.deref); |
3502
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
537 conn->set.ldap_scope = scope2str(conn->set.scope); |
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
538 |
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
539 if (*conn->set.user_global_uid == '\0') |
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
540 conn->set.uid = (uid_t)-1; |
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
541 else { |
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
542 conn->set.uid = |
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
543 userdb_parse_uid(NULL, conn->set.user_global_uid); |
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
544 if (conn->set.uid == (uid_t)-1) { |
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
545 i_fatal("LDAP: Invalid user_global_uid: %s", |
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
546 conn->set.user_global_uid); |
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
547 } |
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
548 } |
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
549 |
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
550 if (*conn->set.user_global_gid == '\0') |
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
551 conn->set.gid = (gid_t)-1; |
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
552 else { |
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
553 conn->set.gid = |
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
554 userdb_parse_gid(NULL, conn->set.user_global_gid); |
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
555 if (conn->set.gid == (gid_t)-1) { |
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
556 i_fatal("LDAP: Invalid user_global_gid: %s", |
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
557 conn->set.user_global_gid); |
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
558 } |
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
559 } |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
560 |
1143
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
561 conn->next = ldap_connections; |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
562 ldap_connections = conn; |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
563 return conn; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
564 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
565 |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
566 void db_ldap_unref(struct ldap_connection **_conn) |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
567 { |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
568 struct ldap_connection *conn = *_conn; |
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3502
diff
changeset
|
569 struct ldap_connection **p; |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3502
diff
changeset
|
570 |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
571 *_conn = NULL; |
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3502
diff
changeset
|
572 i_assert(conn->refcount >= 0); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
573 if (--conn->refcount > 0) |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
574 return; |
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3502
diff
changeset
|
575 |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3502
diff
changeset
|
576 for (p = &ldap_connections; *p != NULL; p = &(*p)->next) { |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3502
diff
changeset
|
577 if (*p == conn) { |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3502
diff
changeset
|
578 *p = conn->next; |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3502
diff
changeset
|
579 break; |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3502
diff
changeset
|
580 } |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3502
diff
changeset
|
581 } |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
582 |
3731
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
583 ldap_conn_close(conn, TRUE); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
584 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
585 hash_destroy(conn->requests); |
3306
aebed9a9edac
If both userdb and passdb used LDAP the later one was overriding first one's
Timo Sirainen <tss@iki.fi>
parents:
3212
diff
changeset
|
586 if (conn->pass_attr_map != NULL) |
aebed9a9edac
If both userdb and passdb used LDAP the later one was overriding first one's
Timo Sirainen <tss@iki.fi>
parents:
3212
diff
changeset
|
587 hash_destroy(conn->pass_attr_map); |
aebed9a9edac
If both userdb and passdb used LDAP the later one was overriding first one's
Timo Sirainen <tss@iki.fi>
parents:
3212
diff
changeset
|
588 if (conn->user_attr_map != NULL) |
aebed9a9edac
If both userdb and passdb used LDAP the later one was overriding first one's
Timo Sirainen <tss@iki.fi>
parents:
3212
diff
changeset
|
589 hash_destroy(conn->user_attr_map); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
590 pool_unref(conn->pool); |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
591 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
592 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
593 #endif |