Mercurial > dovecot > original-hg > dovecot-1.2

annotate src/auth/db-ldap.c @ 4816:8ac2a2d27364 HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Cleanup: Don't put string literals into non-const pointers.
author Timo Sirainen <tss@iki.fi>
date Sat, 18 Nov 2006 15:41:38 +0200
parents 63ed4f00f6e1
children 204d7edc7cdc
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4426
b8089cf41c96 Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents: 4415
diff changeset
1 /* Copyright (C) 2003-2006 Timo Sirainen */
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
2
3474
9096b7957413 Removed direct config.h including. I'm not sure why it was done before,
Timo Sirainen <tss@iki.fi>
parents: 3306
diff changeset
3 #include "common.h"
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
4
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
5 #if defined(PASSDB_LDAP) || defined(USERDB_LDAP)
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
6
1075
f1401fa7ab03 auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents: 1062
diff changeset
7 #include "network.h"
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
8 #include "ioloop.h"
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
9 #include "hash.h"
1189
2cb8e2136283 Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents: 1182
diff changeset
10 #include "str.h"
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
11 #include "settings.h"
3502
5e78500f1aee user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents: 3474
diff changeset
12 #include "userdb.h"
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
13 #include "db-ldap.h"
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
14
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
15 #include <stddef.h>
1610
6850142c4e25 New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents: 1330
diff changeset
16 #include <stdlib.h>
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
17
4426
b8089cf41c96 Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents: 4415
diff changeset
18 #define HAVE_LDAP_SASL
4427
ffafc8583e06 Prefer sasl/sasl.h. Require SASL v2, otherwise disable it.
Timo Sirainen <tss@iki.fi>
parents: 4426
diff changeset
19 #ifdef HAVE_SASL_SASL_H
ffafc8583e06 Prefer sasl/sasl.h. Require SASL v2, otherwise disable it.
Timo Sirainen <tss@iki.fi>
parents: 4426
diff changeset
20 # include <sasl/sasl.h>
ffafc8583e06 Prefer sasl/sasl.h. Require SASL v2, otherwise disable it.
Timo Sirainen <tss@iki.fi>
parents: 4426
diff changeset
21 #elif defined (HAVE_SASL_H)
4426
b8089cf41c96 Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents: 4415
diff changeset
22 # include <sasl.h>
b8089cf41c96 Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents: 4415
diff changeset
23 #else
b8089cf41c96 Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents: 4415
diff changeset
24 # undef HAVE_LDAP_SASL
b8089cf41c96 Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents: 4415
diff changeset
25 #endif
4427
ffafc8583e06 Prefer sasl/sasl.h. Require SASL v2, otherwise disable it.
Timo Sirainen <tss@iki.fi>
parents: 4426
diff changeset
26 #if SASL_VERSION_MAJOR < 2
ffafc8583e06 Prefer sasl/sasl.h. Require SASL v2, otherwise disable it.
Timo Sirainen <tss@iki.fi>
parents: 4426
diff changeset
27 # undef HAVE_LDAP_SASL
ffafc8583e06 Prefer sasl/sasl.h. Require SASL v2, otherwise disable it.
Timo Sirainen <tss@iki.fi>
parents: 4426
diff changeset
28 #endif
4426
b8089cf41c96 Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents: 4415
diff changeset
29
4806
63ed4f00f6e1 Solaris LDAP compiling fix.
Timo Sirainen <tss@iki.fi>
parents: 4772
diff changeset
30 #ifndef LDAP_SASL_QUIET
63ed4f00f6e1 Solaris LDAP compiling fix.
Timo Sirainen <tss@iki.fi>
parents: 4772
diff changeset
31 # define LDAP_SASL_QUIET 0 /* Doesn't exist in Solaris LDAP */
63ed4f00f6e1 Solaris LDAP compiling fix.
Timo Sirainen <tss@iki.fi>
parents: 4772
diff changeset
32 #endif
63ed4f00f6e1 Solaris LDAP compiling fix.
Timo Sirainen <tss@iki.fi>
parents: 4772
diff changeset
33
1181
ac7dbb236b59 Rather than block for two seconds, we can just call ldap_result() again if
Timo Sirainen <tss@iki.fi>
parents: 1143
diff changeset
34 /* Older versions may require calling ldap_result() twice */
ac7dbb236b59 Rather than block for two seconds, we can just call ldap_result() again if
Timo Sirainen <tss@iki.fi>
parents: 1143
diff changeset
35 #if LDAP_VENDOR_VERSION <= 20112
1086
067130d609b7 Define OPENLDAP_ASYNC_WORKAROUND
Timo Sirainen <tss@iki.fi>
parents: 1075
diff changeset
36 # define OPENLDAP_ASYNC_WORKAROUND
067130d609b7 Define OPENLDAP_ASYNC_WORKAROUND
Timo Sirainen <tss@iki.fi>
parents: 1075
diff changeset
37 #endif
067130d609b7 Define OPENLDAP_ASYNC_WORKAROUND
Timo Sirainen <tss@iki.fi>
parents: 1075
diff changeset
38
2325
7613e0f68513 Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents: 1910
diff changeset
39 /* Solaris LDAP library doesn't have LDAP_OPT_SUCCESS */
7613e0f68513 Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents: 1910
diff changeset
40 #ifndef LDAP_OPT_SUCCESS
7613e0f68513 Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents: 1910
diff changeset
41 # define LDAP_OPT_SUCCESS LDAP_SUCCESS
7613e0f68513 Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents: 1910
diff changeset
42 #endif
7613e0f68513 Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents: 1910
diff changeset
43
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
44 #define DEF(type, name) \
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
45 { type, #name, offsetof(struct ldap_settings, name) }
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
46
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
47 static struct setting_def setting_defs[] = {
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
48 DEF(SET_STR, hosts),
1910
b9005f93be70 Patch by Quentin Garnier:
Timo Sirainen <tss@iki.fi>
parents: 1897
diff changeset
49 DEF(SET_STR, uris),
1075
f1401fa7ab03 auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents: 1062
diff changeset
50 DEF(SET_STR, dn),
f1401fa7ab03 auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents: 1062
diff changeset
51 DEF(SET_STR, dnpass),
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
52 DEF(SET_BOOL, auth_bind),
3840
935f12d0d2fe Added fast authbinding and auth_bind_userdn setting. Patch by Geff
Timo Sirainen <tss@iki.fi>
parents: 3771
diff changeset
53 DEF(SET_STR, auth_bind_userdn),
4415
b91816cd1d16 Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents: 4405
diff changeset
54 DEF(SET_BOOL, tls),
4319
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents: 4295
diff changeset
55 DEF(SET_BOOL, sasl_bind),
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents: 4295
diff changeset
56 DEF(SET_STR, sasl_mech),
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents: 4295
diff changeset
57 DEF(SET_STR, sasl_realm),
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents: 4295
diff changeset
58 DEF(SET_STR, sasl_authz_id),
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
59 DEF(SET_STR, deref),
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents: 1086
diff changeset
60 DEF(SET_STR, scope),
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
61 DEF(SET_STR, base),
1282
e8894f2c776f Added ldap_version setting.
Timo Sirainen <tss@iki.fi>
parents: 1265
diff changeset
62 DEF(SET_INT, ldap_version),
1136
ad6343bd4479 Separate user and pass attrs/filters in config file
Timo Sirainen <tss@iki.fi>
parents: 1135
diff changeset
63 DEF(SET_STR, user_attrs),
ad6343bd4479 Separate user and pass attrs/filters in config file
Timo Sirainen <tss@iki.fi>
parents: 1135
diff changeset
64 DEF(SET_STR, user_filter),
ad6343bd4479 Separate user and pass attrs/filters in config file
Timo Sirainen <tss@iki.fi>
parents: 1135
diff changeset
65 DEF(SET_STR, pass_attrs),
1141
873634a5b472 Added user_global_uid and user_global_gid LDAP settings.
Timo Sirainen <tss@iki.fi>
parents: 1136
diff changeset
66 DEF(SET_STR, pass_filter),
1191
65e48854491d Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents: 1189
diff changeset
67 DEF(SET_STR, default_pass_scheme),
3502
5e78500f1aee user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents: 3474
diff changeset
68 DEF(SET_STR, user_global_uid),
3913
af15aab60ff1 Settings' default listing wasn't ended properly, which could have caused
Timo Sirainen <tss@iki.fi>
parents: 3908
diff changeset
69 DEF(SET_STR, user_global_gid),
af15aab60ff1 Settings' default listing wasn't ended properly, which could have caused
Timo Sirainen <tss@iki.fi>
parents: 3908
diff changeset
70
af15aab60ff1 Settings' default listing wasn't ended properly, which could have caused
Timo Sirainen <tss@iki.fi>
parents: 3908
diff changeset
71 { 0, NULL, 0 }
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
72 };
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
73
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
74 struct ldap_settings default_ldap_settings = {
1910
b9005f93be70 Patch by Quentin Garnier:
Timo Sirainen <tss@iki.fi>
parents: 1897
diff changeset
75 MEMBER(hosts) NULL,
b9005f93be70 Patch by Quentin Garnier:
Timo Sirainen <tss@iki.fi>
parents: 1897
diff changeset
76 MEMBER(uris) NULL,
1075
f1401fa7ab03 auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents: 1062
diff changeset
77 MEMBER(dn) NULL,
f1401fa7ab03 auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents: 1062
diff changeset
78 MEMBER(dnpass) NULL,
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
79 MEMBER(auth_bind) FALSE,
3840
935f12d0d2fe Added fast authbinding and auth_bind_userdn setting. Patch by Geff
Timo Sirainen <tss@iki.fi>
parents: 3771
diff changeset
80 MEMBER(auth_bind_userdn) NULL,
4415
b91816cd1d16 Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents: 4405
diff changeset
81 MEMBER(tls) FALSE,
4319
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents: 4295
diff changeset
82 MEMBER(sasl_bind) FALSE,
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents: 4295
diff changeset
83 MEMBER(sasl_mech) NULL,
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents: 4295
diff changeset
84 MEMBER(sasl_realm) NULL,
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents: 4295
diff changeset
85 MEMBER(sasl_authz_id) NULL,
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
86 MEMBER(deref) "never",
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents: 1086
diff changeset
87 MEMBER(scope) "subtree",
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
88 MEMBER(base) NULL,
1282
e8894f2c776f Added ldap_version setting.
Timo Sirainen <tss@iki.fi>
parents: 1265
diff changeset
89 MEMBER(ldap_version) 2,
3094
d78e9a31b6d8 Move default filters/attrs to setting defaults rather than check it from
Timo Sirainen <tss@iki.fi>
parents: 2994
diff changeset
90 MEMBER(user_attrs) "uid,homeDirectory,,,uidNumber,gidNumber",
d78e9a31b6d8 Move default filters/attrs to setting defaults rather than check it from
Timo Sirainen <tss@iki.fi>
parents: 2994
diff changeset
91 MEMBER(user_filter) "(&(objectClass=posixAccount)(uid=%u))",
d78e9a31b6d8 Move default filters/attrs to setting defaults rather than check it from
Timo Sirainen <tss@iki.fi>
parents: 2994
diff changeset
92 MEMBER(pass_attrs) "uid,userPassword",
d78e9a31b6d8 Move default filters/attrs to setting defaults rather than check it from
Timo Sirainen <tss@iki.fi>
parents: 2994
diff changeset
93 MEMBER(pass_filter) "(&(objectClass=posixAccount)(uid=%u))",
1191
65e48854491d Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents: 1189
diff changeset
94 MEMBER(default_pass_scheme) "crypt",
3502
5e78500f1aee user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents: 3474
diff changeset
95 MEMBER(user_global_uid) "",
5e78500f1aee user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents: 3474
diff changeset
96 MEMBER(user_global_gid) ""
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
97 };
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
98
1143
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents: 1141
diff changeset
99 static struct ldap_connection *ldap_connections = NULL;
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents: 1141
diff changeset
100
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
101 static int db_ldap_bind(struct ldap_connection *conn);
3863
55df57c028d4 Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents: 3840
diff changeset
102 static void ldap_conn_close(struct ldap_connection *conn, bool flush_requests);
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
103
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
104 static int deref2str(const char *str)
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
105 {
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
106 if (strcasecmp(str, "never") == 0)
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
107 return LDAP_DEREF_NEVER;
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
108 if (strcasecmp(str, "searching") == 0)
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
109 return LDAP_DEREF_SEARCHING;
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
110 if (strcasecmp(str, "finding") == 0)
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
111 return LDAP_DEREF_FINDING;
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
112 if (strcasecmp(str, "always") == 0)
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
113 return LDAP_DEREF_ALWAYS;
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
114
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
115 i_fatal("LDAP: Unknown deref option '%s'", str);
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
116 }
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
117
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents: 1086
diff changeset
118 static int scope2str(const char *str)
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents: 1086
diff changeset
119 {
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents: 1086
diff changeset
120 if (strcasecmp(str, "base") == 0)
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents: 1086
diff changeset
121 return LDAP_SCOPE_BASE;
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents: 1086
diff changeset
122 if (strcasecmp(str, "onelevel") == 0)
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents: 1086
diff changeset
123 return LDAP_SCOPE_ONELEVEL;
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents: 1086
diff changeset
124 if (strcasecmp(str, "subtree") == 0)
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents: 1086
diff changeset
125 return LDAP_SCOPE_SUBTREE;
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents: 1086
diff changeset
126
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents: 1086
diff changeset
127 i_fatal("LDAP: Unknown scope option '%s'", str);
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents: 1086
diff changeset
128 }
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents: 1086
diff changeset
129
1210
8e6addbf12b3 minor ldap fixes
Timo Sirainen <tss@iki.fi>
parents: 1191
diff changeset
130 const char *ldap_get_error(struct ldap_connection *conn)
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
131 {
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
132 int ret, err;
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
133
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
134 ret = ldap_get_option(conn->ld, LDAP_OPT_ERROR_NUMBER, (void *) &err);
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
135 if (ret != LDAP_SUCCESS) {
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
136 i_error("LDAP: Can't get error number: %s",
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
137 ldap_err2string(ret));
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
138 return "??";
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
139 }
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
140
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
141 return ldap_err2string(err);
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
142 }
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
143
4772
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
144 void db_ldap_add_delayed_request(struct ldap_connection *conn,
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
145 struct ldap_request *request)
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
146 {
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
147 i_assert(!conn->connected);
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
148
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
149 request->next = NULL;
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
150
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
151 if (conn->delayed_requests_head == NULL)
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
152 conn->delayed_requests_head = request;
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
153 else
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
154 conn->delayed_requests_tail->next = request;
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
155 conn->delayed_requests_tail = request;
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
156 }
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
157
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
158 void db_ldap_search(struct ldap_connection *conn, struct ldap_request *request,
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
159 int scope)
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
160 {
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
161 int msgid;
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
162
4742
62a5d2c10ecd Crashfixes
Timo Sirainen <tss@iki.fi>
parents: 4741
diff changeset
163 if (db_ldap_connect(conn) < 0) {
62a5d2c10ecd Crashfixes
Timo Sirainen <tss@iki.fi>
parents: 4741
diff changeset
164 request->callback(conn, request, NULL);
62a5d2c10ecd Crashfixes
Timo Sirainen <tss@iki.fi>
parents: 4741
diff changeset
165 return;
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
166 }
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
167
4751
Timo Sirainen <tss@iki.fi>
parents: 4749
diff changeset
168 if (conn->connected) {
Timo Sirainen <tss@iki.fi>
parents: 4749
diff changeset
169 if (conn->last_auth_bind) {
Timo Sirainen <tss@iki.fi>
parents: 4749
diff changeset
170 /* switch back to the default dn before doing the
Timo Sirainen <tss@iki.fi>
parents: 4749
diff changeset
171 search request. */
Timo Sirainen <tss@iki.fi>
parents: 4749
diff changeset
172 if (db_ldap_bind(conn) < 0) {
Timo Sirainen <tss@iki.fi>
parents: 4749
diff changeset
173 request->callback(conn, request, NULL);
Timo Sirainen <tss@iki.fi>
parents: 4749
diff changeset
174 return;
Timo Sirainen <tss@iki.fi>
parents: 4749
diff changeset
175 }
Timo Sirainen <tss@iki.fi>
parents: 4749
diff changeset
176 }
Timo Sirainen <tss@iki.fi>
parents: 4749
diff changeset
177
Timo Sirainen <tss@iki.fi>
parents: 4749
diff changeset
178 msgid = ldap_search(conn->ld, request->base, scope,
Timo Sirainen <tss@iki.fi>
parents: 4749
diff changeset
179 request->filter, request->attributes, 0);
Timo Sirainen <tss@iki.fi>
parents: 4749
diff changeset
180 if (msgid == -1) {
Timo Sirainen <tss@iki.fi>
parents: 4749
diff changeset
181 i_error("LDAP: ldap_search() failed (filter %s): %s",
Timo Sirainen <tss@iki.fi>
parents: 4749
diff changeset
182 request->filter, ldap_get_error(conn));
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
183 request->callback(conn, request, NULL);
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
184 return;
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
185 }
4772
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
186 hash_insert(conn->requests, POINTER_CAST(msgid), request);
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
187 } else {
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
188 db_ldap_add_delayed_request(conn, request);
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
189 }
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
190 }
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
191
3731
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
192 static void ldap_conn_retry_requests(struct ldap_connection *conn)
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
193 {
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
194 struct hash_table *old_requests;
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
195 struct hash_iterate_context *iter;
4772
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
196 struct ldap_request *request, **p, *next;
3731
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
197 void *key, *value;
4772
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
198 bool have_hash_binds = FALSE;
3731
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
199
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
200 i_assert(conn->connected);
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
201
4772
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
202 if (hash_size(conn->requests) == 0 &&
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
203 conn->delayed_requests_head == NULL)
3731
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
204 return;
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
205
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
206 old_requests = conn->requests;
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
207 conn->requests = hash_create(default_pool, conn->pool, 0, NULL, NULL);
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
208
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
209 conn->retrying = TRUE;
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
210 /* first retry all the search requests */
3731
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
211 iter = hash_iterate_init(old_requests);
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
212 while (hash_iterate(iter, &key, &value)) {
4772
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
213 request = value;
3731
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
214
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
215 if (request->filter == NULL) {
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
216 /* bind request */
4772
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
217 have_hash_binds = TRUE;
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
218 } else {
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
219 i_assert(conn->connected);
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
220 db_ldap_search(conn, request, conn->set.ldap_scope);
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
221 }
3731
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
222 }
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
223 hash_iterate_deinit(iter);
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
224
4772
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
225 /* then delayed search requests */
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
226 p = &conn->delayed_requests_head;
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
227 while (*p != NULL) {
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
228 request = *p;
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
229
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
230 if (request->filter != NULL) {
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
231 *p = request->next;
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
232
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
233 i_assert(conn->connected);
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
234 db_ldap_search(conn, request, conn->set.ldap_scope);
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
235 } else {
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
236 p = &(*p)->next;
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
237 }
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
238 }
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
239
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
240 if (have_hash_binds && conn->set.auth_bind) {
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
241 /* next retry all the bind requests. without auth binds the
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
242 only bind request can be the initial connection binding,
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
243 which we don't care to retry. */
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
244 iter = hash_iterate_init(old_requests);
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
245 while (hash_iterate(iter, &key, &value)) {
4772
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
246 request = value;
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
247
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
248 if (request->filter == NULL)
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
249 request->callback(conn, request, NULL);
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
250 }
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
251 hash_iterate_deinit(iter);
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
252 }
4772
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
253 if (conn->delayed_requests_head != NULL && conn->set.auth_bind) {
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
254 request = conn->delayed_requests_head;
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
255 for (; request != NULL; request = next) {
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
256 next = request->next;
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
257
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
258 i_assert(request->filter == NULL);
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
259 request->callback(conn, request, NULL);
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
260 }
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
261 }
3731
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
262 hash_destroy(old_requests);
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
263
4772
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
264 i_assert(conn->delayed_requests_head == NULL);
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
265 conn->delayed_requests_tail = NULL;
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
266 conn->retrying = FALSE;
3731
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
267 }
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
268
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
269 static void ldap_conn_reconnect(struct ldap_connection *conn)
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
270 {
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
271 ldap_conn_close(conn, FALSE);
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
272
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
273 if (db_ldap_connect(conn) < 0) {
3731
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
274 /* failed to reconnect. fail all requests. */
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
275 ldap_conn_close(conn, TRUE);
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
276 }
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
277 }
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
278
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
279 static void ldap_input(void *context)
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
280 {
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
281 struct ldap_connection *conn = context;
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
282 struct ldap_request *request;
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
283 struct timeval timeout;
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
284 LDAPMessage *res;
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
285 int ret, msgid;
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
286
1210
8e6addbf12b3 minor ldap fixes
Timo Sirainen <tss@iki.fi>
parents: 1191
diff changeset
287 while (conn->ld != NULL) {
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
288 memset(&timeout, 0, sizeof(timeout));
1181
ac7dbb236b59 Rather than block for two seconds, we can just call ldap_result() again if
Timo Sirainen <tss@iki.fi>
parents: 1143
diff changeset
289 ret = ldap_result(conn->ld, LDAP_RES_ANY, 1, &timeout, &res);
1075
f1401fa7ab03 auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents: 1062
diff changeset
290 #ifdef OPENLDAP_ASYNC_WORKAROUND
1181
ac7dbb236b59 Rather than block for two seconds, we can just call ldap_result() again if
Timo Sirainen <tss@iki.fi>
parents: 1143
diff changeset
291 if (ret == 0) {
ac7dbb236b59 Rather than block for two seconds, we can just call ldap_result() again if
Timo Sirainen <tss@iki.fi>
parents: 1143
diff changeset
292 /* try again, there may be another in buffer */
ac7dbb236b59 Rather than block for two seconds, we can just call ldap_result() again if
Timo Sirainen <tss@iki.fi>
parents: 1143
diff changeset
293 ret = ldap_result(conn->ld, LDAP_RES_ANY, 1,
ac7dbb236b59 Rather than block for two seconds, we can just call ldap_result() again if
Timo Sirainen <tss@iki.fi>
parents: 1143
diff changeset
294 &timeout, &res);
ac7dbb236b59 Rather than block for two seconds, we can just call ldap_result() again if
Timo Sirainen <tss@iki.fi>
parents: 1143
diff changeset
295 }
1075
f1401fa7ab03 auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents: 1062
diff changeset
296 #endif
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
297 if (ret <= 0) {
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
298 if (ret < 0) {
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
299 i_error("LDAP: ldap_result() failed: %s",
1210
8e6addbf12b3 minor ldap fixes
Timo Sirainen <tss@iki.fi>
parents: 1191
diff changeset
300 ldap_get_error(conn));
3731
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
301 ldap_conn_reconnect(conn);
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
302 }
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
303 return;
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
304 }
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
305
1210
8e6addbf12b3 minor ldap fixes
Timo Sirainen <tss@iki.fi>
parents: 1191
diff changeset
306 msgid = ldap_msgid(res);
8e6addbf12b3 minor ldap fixes
Timo Sirainen <tss@iki.fi>
parents: 1191
diff changeset
307 request = hash_lookup(conn->requests, POINTER_CAST(msgid));
8e6addbf12b3 minor ldap fixes
Timo Sirainen <tss@iki.fi>
parents: 1191
diff changeset
308 if (request == NULL) {
8e6addbf12b3 minor ldap fixes
Timo Sirainen <tss@iki.fi>
parents: 1191
diff changeset
309 i_error("LDAP: Reply with unknown msgid %d",
8e6addbf12b3 minor ldap fixes
Timo Sirainen <tss@iki.fi>
parents: 1191
diff changeset
310 msgid);
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
311 } else {
1210
8e6addbf12b3 minor ldap fixes
Timo Sirainen <tss@iki.fi>
parents: 1191
diff changeset
312 hash_remove(conn->requests, POINTER_CAST(msgid));
8e6addbf12b3 minor ldap fixes
Timo Sirainen <tss@iki.fi>
parents: 1191
diff changeset
313 request->callback(conn, request, res);
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
314 }
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
315
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
316 ldap_msgfree(res);
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
317 }
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
318 }
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
319
4426
b8089cf41c96 Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents: 4415
diff changeset
320 #ifdef HAVE_LDAP_SASL
4405
fe17f63521ea Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents: 4319
diff changeset
321 static int
fe17f63521ea Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents: 4319
diff changeset
322 sasl_interact(LDAP *ld __attr_unused__, unsigned flags __attr_unused__,
fe17f63521ea Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents: 4319
diff changeset
323 void *defaults, void *interact)
4319
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents: 4295
diff changeset
324 {
4426
b8089cf41c96 Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents: 4415
diff changeset
325 struct ldap_sasl_bind_context *context = defaults;
4319
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents: 4295
diff changeset
326 sasl_interact_t *in;
4405
fe17f63521ea Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents: 4319
diff changeset
327 const char *str;
4319
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents: 4295
diff changeset
328
4405
fe17f63521ea Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents: 4319
diff changeset
329 for (in = interact; in->id != SASL_CB_LIST_END; in++) {
fe17f63521ea Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents: 4319
diff changeset
330 switch (in->id) {
4319
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents: 4295
diff changeset
331 case SASL_CB_GETREALM:
4405
fe17f63521ea Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents: 4319
diff changeset
332 str = context->realm;
4319
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents: 4295
diff changeset
333 break;
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents: 4295
diff changeset
334 case SASL_CB_AUTHNAME:
4405
fe17f63521ea Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents: 4319
diff changeset
335 str = context->authcid;
4319
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents: 4295
diff changeset
336 break;
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents: 4295
diff changeset
337 case SASL_CB_USER:
4405
fe17f63521ea Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents: 4319
diff changeset
338 str = context->authzid;
4319
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents: 4295
diff changeset
339 break;
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents: 4295
diff changeset
340 case SASL_CB_PASS:
4405
fe17f63521ea Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents: 4319
diff changeset
341 str = context->passwd;
fe17f63521ea Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents: 4319
diff changeset
342 break;
fe17f63521ea Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents: 4319
diff changeset
343 default:
fe17f63521ea Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents: 4319
diff changeset
344 str = NULL;
4319
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents: 4295
diff changeset
345 break;
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents: 4295
diff changeset
346 }
4405
fe17f63521ea Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents: 4319
diff changeset
347 if (str != NULL) {
fe17f63521ea Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents: 4319
diff changeset
348 in->len = strlen(str);
fe17f63521ea Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents: 4319
diff changeset
349 in->result = str;
4319
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents: 4295
diff changeset
350 }
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents: 4295
diff changeset
351
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents: 4295
diff changeset
352 }
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents: 4295
diff changeset
353 return LDAP_SUCCESS;
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents: 4295
diff changeset
354 }
4426
b8089cf41c96 Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents: 4415
diff changeset
355 #endif
4319
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents: 4295
diff changeset
356
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
357 static int db_ldap_connect_finish(struct ldap_connection *conn, int ret)
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
358 {
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
359 if (ret == LDAP_SERVER_DOWN) {
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
360 i_error("LDAP: Can't connect to server: %s",
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
361 conn->set.uris != NULL ?
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
362 conn->set.uris : conn->set.hosts);
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
363 return -1;
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
364 }
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
365 if (ret != LDAP_SUCCESS) {
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
366 i_error("LDAP: binding failed (dn %s): %s",
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
367 conn->set.dn == NULL ? "(none)" : conn->set.dn,
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
368 ldap_get_error(conn));
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
369 return -1;
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
370 }
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
371
4751
Timo Sirainen <tss@iki.fi>
parents: 4749
diff changeset
372 if (!conn->connected) {
Timo Sirainen <tss@iki.fi>
parents: 4749
diff changeset
373 conn->connected = TRUE;
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
374
4751
Timo Sirainen <tss@iki.fi>
parents: 4749
diff changeset
375 /* in case there are requests waiting, retry them */
Timo Sirainen <tss@iki.fi>
parents: 4749
diff changeset
376 ldap_conn_retry_requests(conn);
Timo Sirainen <tss@iki.fi>
parents: 4749
diff changeset
377 }
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
378 return 0;
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
379 }
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
380
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
381 static void db_ldap_bind_callback(struct ldap_connection *conn,
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
382 struct ldap_request *ldap_request,
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
383 LDAPMessage *res)
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
384 {
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
385 int ret;
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
386
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
387 conn->connecting = FALSE;
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
388 i_free(ldap_request);
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
389
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
390 if (res == NULL) {
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
391 /* aborted */
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
392 return;
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
393 }
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
394
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
395 ret = ldap_result2error(conn->ld, res, FALSE);
4751
Timo Sirainen <tss@iki.fi>
parents: 4749
diff changeset
396 if (db_ldap_connect_finish(conn, ret) < 0) {
Timo Sirainen <tss@iki.fi>
parents: 4749
diff changeset
397 /* lost connection, close it */
Timo Sirainen <tss@iki.fi>
parents: 4749
diff changeset
398 ldap_conn_close(conn, TRUE);
Timo Sirainen <tss@iki.fi>
parents: 4749
diff changeset
399 }
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
400 }
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
401
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
402 static int db_ldap_bind(struct ldap_connection *conn)
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
403 {
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
404 struct ldap_request *ldap_request;
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
405 int msgid;
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
406
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
407 ldap_request = i_new(struct ldap_request, 1);
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
408 ldap_request->callback = db_ldap_bind_callback;
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
409 ldap_request->context = conn;
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
410
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
411 msgid = ldap_bind(conn->ld, conn->set.dn, conn->set.
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
412 dnpass, LDAP_AUTH_SIMPLE);
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
413 if (msgid == -1) {
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
414 i_error("ldap_bind(%s) failed: %s",
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
415 conn->set.dn, ldap_get_error(conn));
4742
62a5d2c10ecd Crashfixes
Timo Sirainen <tss@iki.fi>
parents: 4741
diff changeset
416 i_free(ldap_request);
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
417 return -1;
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
418 }
4751
Timo Sirainen <tss@iki.fi>
parents: 4749
diff changeset
419
Timo Sirainen <tss@iki.fi>
parents: 4749
diff changeset
420 conn->connecting = TRUE;
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
421 hash_insert(conn->requests, POINTER_CAST(msgid), ldap_request);
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
422
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
423 /* we're binding back to the original DN, not doing an
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
424 authentication bind */
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
425 conn->last_auth_bind = FALSE;
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
426 return 0;
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
427 }
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
428
4742
62a5d2c10ecd Crashfixes
Timo Sirainen <tss@iki.fi>
parents: 4741
diff changeset
429 static void db_ldap_get_fd(struct ldap_connection *conn)
62a5d2c10ecd Crashfixes
Timo Sirainen <tss@iki.fi>
parents: 4741
diff changeset
430 {
62a5d2c10ecd Crashfixes
Timo Sirainen <tss@iki.fi>
parents: 4741
diff changeset
431 int ret;
62a5d2c10ecd Crashfixes
Timo Sirainen <tss@iki.fi>
parents: 4741
diff changeset
432
62a5d2c10ecd Crashfixes
Timo Sirainen <tss@iki.fi>
parents: 4741
diff changeset
433 /* get the connection's fd */
62a5d2c10ecd Crashfixes
Timo Sirainen <tss@iki.fi>
parents: 4741
diff changeset
434 ret = ldap_get_option(conn->ld, LDAP_OPT_DESC, (void *)&conn->fd);
62a5d2c10ecd Crashfixes
Timo Sirainen <tss@iki.fi>
parents: 4741
diff changeset
435 if (ret != LDAP_SUCCESS) {
62a5d2c10ecd Crashfixes
Timo Sirainen <tss@iki.fi>
parents: 4741
diff changeset
436 i_fatal("LDAP: Can't get connection fd: %s",
62a5d2c10ecd Crashfixes
Timo Sirainen <tss@iki.fi>
parents: 4741
diff changeset
437 ldap_err2string(ret));
62a5d2c10ecd Crashfixes
Timo Sirainen <tss@iki.fi>
parents: 4741
diff changeset
438 }
62a5d2c10ecd Crashfixes
Timo Sirainen <tss@iki.fi>
parents: 4741
diff changeset
439 i_assert(conn->fd != -1);
62a5d2c10ecd Crashfixes
Timo Sirainen <tss@iki.fi>
parents: 4741
diff changeset
440 net_set_nonblock(conn->fd, TRUE);
62a5d2c10ecd Crashfixes
Timo Sirainen <tss@iki.fi>
parents: 4741
diff changeset
441 }
62a5d2c10ecd Crashfixes
Timo Sirainen <tss@iki.fi>
parents: 4741
diff changeset
442
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
443 int db_ldap_connect(struct ldap_connection *conn)
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
444 {
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
445 unsigned int ldap_version;
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
446 int ret;
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
447
4742
62a5d2c10ecd Crashfixes
Timo Sirainen <tss@iki.fi>
parents: 4741
diff changeset
448 if (conn->connected || conn->connecting)
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
449 return 0;
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
450
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
451 if (conn->ld == NULL) {
1910
b9005f93be70 Patch by Quentin Garnier:
Timo Sirainen <tss@iki.fi>
parents: 1897
diff changeset
452 if (conn->set.uris != NULL) {
2325
7613e0f68513 Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents: 1910
diff changeset
453 #ifdef LDAP_HAVE_INITIALIZE
1910
b9005f93be70 Patch by Quentin Garnier:
Timo Sirainen <tss@iki.fi>
parents: 1897
diff changeset
454 if (ldap_initialize(&conn->ld, conn->set.uris) != LDAP_SUCCESS)
b9005f93be70 Patch by Quentin Garnier:
Timo Sirainen <tss@iki.fi>
parents: 1897
diff changeset
455 conn->ld = NULL;
2325
7613e0f68513 Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents: 1910
diff changeset
456 #else
7613e0f68513 Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents: 1910
diff changeset
457 i_fatal("LDAP: Your LDAP library doesn't support "
7613e0f68513 Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents: 1910
diff changeset
458 "'uris' setting, use 'hosts' instead.");
7613e0f68513 Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents: 1910
diff changeset
459 #endif
1910
b9005f93be70 Patch by Quentin Garnier:
Timo Sirainen <tss@iki.fi>
parents: 1897
diff changeset
460 } else
b9005f93be70 Patch by Quentin Garnier:
Timo Sirainen <tss@iki.fi>
parents: 1897
diff changeset
461 conn->ld = ldap_init(conn->set.hosts, LDAP_PORT);
b9005f93be70 Patch by Quentin Garnier:
Timo Sirainen <tss@iki.fi>
parents: 1897
diff changeset
462
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
463 if (conn->ld == NULL)
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
464 i_fatal("LDAP: ldap_init() failed with hosts: %s",
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
465 conn->set.hosts);
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
466
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
467 ret = ldap_set_option(conn->ld, LDAP_OPT_DEREF,
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
468 (void *)&conn->set.ldap_deref);
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
469 if (ret != LDAP_SUCCESS) {
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
470 i_fatal("LDAP: Can't set deref option: %s",
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
471 ldap_err2string(ret));
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
472 }
1282
e8894f2c776f Added ldap_version setting.
Timo Sirainen <tss@iki.fi>
parents: 1265
diff changeset
473
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
474 /* If SASL binds are used, the protocol version needs to be
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
475 at least 3 */
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
476 ldap_version = conn->set.sasl_bind &&
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
477 conn->set.ldap_version < 3 ? 3 :
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
478 conn->set.ldap_version;
1282
e8894f2c776f Added ldap_version setting.
Timo Sirainen <tss@iki.fi>
parents: 1265
diff changeset
479 ret = ldap_set_option(conn->ld, LDAP_OPT_PROTOCOL_VERSION,
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
480 (void *)&ldap_version);
1282
e8894f2c776f Added ldap_version setting.
Timo Sirainen <tss@iki.fi>
parents: 1265
diff changeset
481 if (ret != LDAP_OPT_SUCCESS) {
e8894f2c776f Added ldap_version setting.
Timo Sirainen <tss@iki.fi>
parents: 1265
diff changeset
482 i_fatal("LDAP: Can't set protocol version %u: %s",
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
483 ldap_version, ldap_err2string(ret));
1282
e8894f2c776f Added ldap_version setting.
Timo Sirainen <tss@iki.fi>
parents: 1265
diff changeset
484 }
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
485 }
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
486
4415
b91816cd1d16 Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents: 4405
diff changeset
487 if (conn->set.tls) {
b91816cd1d16 Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents: 4405
diff changeset
488 #ifdef LDAP_HAVE_START_TLS_S
b91816cd1d16 Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents: 4405
diff changeset
489 ret = ldap_start_tls_s(conn->ld, NULL, NULL);
b91816cd1d16 Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents: 4405
diff changeset
490 if (ret != LDAP_SUCCESS) {
b91816cd1d16 Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents: 4405
diff changeset
491 i_error("LDAP: ldap_start_tls_s() failed: %s",
b91816cd1d16 Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents: 4405
diff changeset
492 ldap_err2string(ret));
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
493 return -1;
4415
b91816cd1d16 Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents: 4405
diff changeset
494 }
b91816cd1d16 Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents: 4405
diff changeset
495 #else
b91816cd1d16 Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents: 4405
diff changeset
496 i_error("LDAP: Your LDAP library doesn't support TLS");
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
497 return -1;
4415
b91816cd1d16 Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents: 4405
diff changeset
498 #endif
b91816cd1d16 Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents: 4405
diff changeset
499 }
b91816cd1d16 Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents: 4405
diff changeset
500
4319
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents: 4295
diff changeset
501 if (conn->set.sasl_bind) {
4426
b8089cf41c96 Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents: 4415
diff changeset
502 #ifdef HAVE_LDAP_SASL
b8089cf41c96 Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents: 4415
diff changeset
503 struct ldap_sasl_bind_context context;
b8089cf41c96 Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents: 4415
diff changeset
504
b8089cf41c96 Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents: 4415
diff changeset
505 memset(&context, 0, sizeof(context));
4319
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents: 4295
diff changeset
506 context.authcid = conn->set.dn;
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents: 4295
diff changeset
507 context.passwd = conn->set.dnpass;
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents: 4295
diff changeset
508 context.realm = conn->set.sasl_realm;
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents: 4295
diff changeset
509 context.authzid = conn->set.sasl_authz_id;
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents: 4295
diff changeset
510
4743
8f4eb963446c Cleanup
Timo Sirainen <tss@iki.fi>
parents: 4742
diff changeset
511 /* There doesn't seem to be a way to do SASL binding
8f4eb963446c Cleanup
Timo Sirainen <tss@iki.fi>
parents: 4742
diff changeset
512 asynchronously.. */
4405
fe17f63521ea Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents: 4319
diff changeset
513 ret = ldap_sasl_interactive_bind_s(conn->ld, NULL,
fe17f63521ea Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents: 4319
diff changeset
514 conn->set.sasl_mech,
4319
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents: 4295
diff changeset
515 NULL, NULL, LDAP_SASL_QUIET,
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents: 4295
diff changeset
516 sasl_interact, &context);
4743
8f4eb963446c Cleanup
Timo Sirainen <tss@iki.fi>
parents: 4742
diff changeset
517 if (db_ldap_connect_finish(conn, ret) < 0)
8f4eb963446c Cleanup
Timo Sirainen <tss@iki.fi>
parents: 4742
diff changeset
518 return -1;
8f4eb963446c Cleanup
Timo Sirainen <tss@iki.fi>
parents: 4742
diff changeset
519 db_ldap_get_fd(conn);
4426
b8089cf41c96 Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents: 4415
diff changeset
520 #else
b8089cf41c96 Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents: 4415
diff changeset
521 i_fatal("LDAP: sasl_bind=yes but no SASL support compiled in");
b8089cf41c96 Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents: 4415
diff changeset
522 #endif
4319
31a28cd0b020 Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents: 4295
diff changeset
523 } else {
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
524 if (db_ldap_bind(conn) < 0)
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
525 return -1;
4742
62a5d2c10ecd Crashfixes
Timo Sirainen <tss@iki.fi>
parents: 4741
diff changeset
526 db_ldap_get_fd(conn);
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
527 }
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
528
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
529 conn->io = io_add(conn->fd, IO_READ, ldap_input, conn);
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
530 return 0;
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
531 }
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
532
3863
55df57c028d4 Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents: 3840
diff changeset
533 static void ldap_conn_close(struct ldap_connection *conn, bool flush_requests)
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
534 {
1897
1e6ed8045f2b Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents: 1709
diff changeset
535 struct hash_iterate_context *iter;
4772
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
536 struct ldap_request *request, *next;
1897
1e6ed8045f2b Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents: 1709
diff changeset
537 void *key, *value;
1e6ed8045f2b Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents: 1709
diff changeset
538
3731
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
539 if (flush_requests) {
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
540 iter = hash_iterate_init(conn->requests);
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
541 while (hash_iterate(iter, &key, &value)) {
4772
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
542 request = value;
1897
1e6ed8045f2b Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents: 1709
diff changeset
543
3731
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
544 request->callback(conn, request, NULL);
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
545 }
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
546 hash_iterate_deinit(iter);
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
547 hash_clear(conn->requests, FALSE);
4772
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
548
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
549 request = conn->delayed_requests_head;
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
550 for (; request != NULL; request = next) {
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
551 next = request->next;
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
552
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
553 request->callback(conn, request, NULL);
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
554 }
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
555 conn->delayed_requests_head = NULL;
d36a5df3f492 Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents: 4751
diff changeset
556 conn->delayed_requests_tail = NULL;
1897
1e6ed8045f2b Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents: 1709
diff changeset
557 }
1210
8e6addbf12b3 minor ldap fixes
Timo Sirainen <tss@iki.fi>
parents: 1191
diff changeset
558
8e6addbf12b3 minor ldap fixes
Timo Sirainen <tss@iki.fi>
parents: 1191
diff changeset
559 conn->connected = FALSE;
8e6addbf12b3 minor ldap fixes
Timo Sirainen <tss@iki.fi>
parents: 1191
diff changeset
560
3879
928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents: 3863
diff changeset
561 if (conn->io != NULL)
928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents: 3863
diff changeset
562 io_remove(&conn->io);
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
563
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
564 if (conn->ld != NULL) {
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
565 ldap_unbind(conn->ld);
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
566 conn->ld = NULL;
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
567 }
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
568 conn->fd = -1;
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
569 }
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
570
3158
8849f2e380d1 userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents: 3094
diff changeset
571 void db_ldap_set_attrs(struct ldap_connection *conn, const char *attrlist,
3306
aebed9a9edac If both userdb and passdb used LDAP the later one was overriding first one's
Timo Sirainen <tss@iki.fi>
parents: 3212
diff changeset
572 char ***attr_names_r, struct hash_table *attr_map,
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
573 const char *const default_attr_map[],
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
574 const char *skip_attr)
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
575 {
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
576 const char *const *attr;
3158
8849f2e380d1 userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents: 3094
diff changeset
577 char *name, *value, *p;
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
578 unsigned int i, j, size;
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
579
3158
8849f2e380d1 userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents: 3094
diff changeset
580 if (*attrlist == '\0')
8849f2e380d1 userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents: 3094
diff changeset
581 return;
8849f2e380d1 userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents: 3094
diff changeset
582
8849f2e380d1 userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents: 3094
diff changeset
583 t_push();
8849f2e380d1 userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents: 3094
diff changeset
584 attr = t_strsplit(attrlist, ",");
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
585
3212
eb840633c9bf LDAP crashfixes.
Timo Sirainen <tss@iki.fi>
parents: 3161
diff changeset
586 /* @UNSAFE */
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
587 for (size = 0; attr[size] != NULL; size++) ;
3306
aebed9a9edac If both userdb and passdb used LDAP the later one was overriding first one's
Timo Sirainen <tss@iki.fi>
parents: 3212
diff changeset
588 *attr_names_r = p_new(conn->pool, char *, size + 1);
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
589
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
590 for (i = j = 0; i < size; i++) {
3158
8849f2e380d1 userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents: 3094
diff changeset
591 p = strchr(attr[i], '=');
8849f2e380d1 userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents: 3094
diff changeset
592 if (p == NULL) {
8849f2e380d1 userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents: 3094
diff changeset
593 name = p_strdup(conn->pool, attr[i]);
8849f2e380d1 userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents: 3094
diff changeset
594 value = *default_attr_map == NULL ? name :
8849f2e380d1 userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents: 3094
diff changeset
595 p_strdup(conn->pool, *default_attr_map);
8849f2e380d1 userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents: 3094
diff changeset
596 } else {
8849f2e380d1 userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents: 3094
diff changeset
597 name = p_strdup_until(conn->pool, attr[i], p);
8849f2e380d1 userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents: 3094
diff changeset
598 value = p_strdup(conn->pool, p + 1);
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
599 }
3158
8849f2e380d1 userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents: 3094
diff changeset
600
4816
8ac2a2d27364 Cleanup: Don't put string literals into non-const pointers.
Timo Sirainen <tss@iki.fi>
parents: 4806
diff changeset
601 if (*name != '\0' &&
8ac2a2d27364 Cleanup: Don't put string literals into non-const pointers.
Timo Sirainen <tss@iki.fi>
parents: 4806
diff changeset
602 (skip_attr == NULL || strcmp(skip_attr, value) != 0)) {
3306
aebed9a9edac If both userdb and passdb used LDAP the later one was overriding first one's
Timo Sirainen <tss@iki.fi>
parents: 3212
diff changeset
603 hash_insert(attr_map, name, value);
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
604 (*attr_names_r)[j++] = name;
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
605 }
3158
8849f2e380d1 userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents: 3094
diff changeset
606
8849f2e380d1 userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents: 3094
diff changeset
607 if (*default_attr_map != NULL)
8849f2e380d1 userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents: 3094
diff changeset
608 default_attr_map++;
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
609 }
3158
8849f2e380d1 userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents: 3094
diff changeset
610 t_pop();
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
611 }
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
612
1330
7cde19dbe754 Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents: 1282
diff changeset
613 #define IS_LDAP_ESCAPED_CHAR(c) \
7cde19dbe754 Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents: 1282
diff changeset
614 ((c) == '*' || (c) == '(' || (c) == ')' || (c) == '\\')
7cde19dbe754 Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents: 1282
diff changeset
615
4295
4fc637010202 Escape SQL strings using sql_escape_string(). Fixes the problems with
Timo Sirainen <tss@iki.fi>
parents: 4180
diff changeset
616 const char *ldap_escape(const char *str,
4fc637010202 Escape SQL strings using sql_escape_string(). Fixes the problems with
Timo Sirainen <tss@iki.fi>
parents: 4180
diff changeset
617 const struct auth_request *auth_request __attr_unused__)
1189
2cb8e2136283 Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents: 1182
diff changeset
618 {
2cb8e2136283 Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents: 1182
diff changeset
619 const char *p;
1330
7cde19dbe754 Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents: 1282
diff changeset
620 string_t *ret;
1189
2cb8e2136283 Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents: 1182
diff changeset
621
2cb8e2136283 Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents: 1182
diff changeset
622 for (p = str; *p != '\0'; p++) {
1330
7cde19dbe754 Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents: 1282
diff changeset
623 if (IS_LDAP_ESCAPED_CHAR(*p))
1189
2cb8e2136283 Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents: 1182
diff changeset
624 break;
2cb8e2136283 Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents: 1182
diff changeset
625 }
2cb8e2136283 Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents: 1182
diff changeset
626
2cb8e2136283 Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents: 1182
diff changeset
627 if (*p == '\0')
2cb8e2136283 Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents: 1182
diff changeset
628 return str;
2cb8e2136283 Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents: 1182
diff changeset
629
1330
7cde19dbe754 Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents: 1282
diff changeset
630 ret = t_str_new((size_t) (p - str) + 64);
7cde19dbe754 Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents: 1282
diff changeset
631 str_append_n(ret, str, (size_t) (p - str));
7cde19dbe754 Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents: 1282
diff changeset
632
1189
2cb8e2136283 Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents: 1182
diff changeset
633 for (; *p != '\0'; p++) {
1330
7cde19dbe754 Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents: 1282
diff changeset
634 if (IS_LDAP_ESCAPED_CHAR(*p))
7cde19dbe754 Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents: 1282
diff changeset
635 str_append_c(ret, '\\');
7cde19dbe754 Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents: 1282
diff changeset
636 str_append_c(ret, *p);
1189
2cb8e2136283 Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents: 1182
diff changeset
637 }
1330
7cde19dbe754 Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents: 1282
diff changeset
638 return str_c(ret);
1189
2cb8e2136283 Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents: 1182
diff changeset
639 }
2cb8e2136283 Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents: 1182
diff changeset
640
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
641 static const char *parse_setting(const char *key, const char *value,
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
642 void *context)
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
643 {
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
644 struct ldap_connection *conn = context;
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
645
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
646 return parse_setting_from_defs(conn->pool, setting_defs,
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
647 &conn->set, key, value);
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
648 }
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
649
1143
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents: 1141
diff changeset
650 static struct ldap_connection *ldap_conn_find(const char *config_path)
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents: 1141
diff changeset
651 {
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents: 1141
diff changeset
652 struct ldap_connection *conn;
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents: 1141
diff changeset
653
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents: 1141
diff changeset
654 for (conn = ldap_connections; conn != NULL; conn = conn->next) {
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents: 1141
diff changeset
655 if (strcmp(conn->config_path, config_path) == 0)
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents: 1141
diff changeset
656 return conn;
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents: 1141
diff changeset
657 }
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents: 1141
diff changeset
658
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents: 1141
diff changeset
659 return NULL;
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents: 1141
diff changeset
660 }
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents: 1141
diff changeset
661
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
662 struct ldap_connection *db_ldap_init(const char *config_path)
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
663 {
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
664 struct ldap_connection *conn;
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
665 pool_t pool;
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
666
1143
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents: 1141
diff changeset
667 /* see if it already exists */
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents: 1141
diff changeset
668 conn = ldap_conn_find(config_path);
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents: 1141
diff changeset
669 if (conn != NULL) {
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents: 1141
diff changeset
670 conn->refcount++;
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents: 1141
diff changeset
671 return conn;
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents: 1141
diff changeset
672 }
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents: 1141
diff changeset
673
3908
afe21b6d4b68 Give a clear error message if SQL/LDAP configuration file path was left
Timo Sirainen <tss@iki.fi>
parents: 3879
diff changeset
674 if (*config_path == '\0')
afe21b6d4b68 Give a clear error message if SQL/LDAP configuration file path was left
Timo Sirainen <tss@iki.fi>
parents: 3879
diff changeset
675 i_fatal("LDAP: Configuration file path not given");
afe21b6d4b68 Give a clear error message if SQL/LDAP configuration file path was left
Timo Sirainen <tss@iki.fi>
parents: 3879
diff changeset
676
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
677 pool = pool_alloconly_create("ldap_connection", 1024);
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
678 conn = p_new(pool, struct ldap_connection, 1);
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
679 conn->pool = pool;
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
680
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
681 conn->refcount = 1;
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
682 conn->requests = hash_create(default_pool, pool, 0, NULL, NULL);
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
683
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4624
diff changeset
684 conn->fd = -1;
1143
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents: 1141
diff changeset
685 conn->config_path = p_strdup(pool, config_path);
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
686 conn->set = default_ldap_settings;
1610
6850142c4e25 New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents: 1330
diff changeset
687 if (!settings_read(config_path, NULL, parse_setting, NULL, conn))
6850142c4e25 New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents: 1330
diff changeset
688 exit(FATAL_DEFAULT);
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
689
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
690 if (conn->set.base == NULL)
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
691 i_fatal("LDAP: No base given");
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
692
4006
0e8f0647504b Check that uris and hosts settings are correct.
Timo Sirainen <tss@iki.fi>
parents: 3913
diff changeset
693 if (conn->set.uris == NULL && conn->set.hosts == NULL)
0e8f0647504b Check that uris and hosts settings are correct.
Timo Sirainen <tss@iki.fi>
parents: 3913
diff changeset
694 i_fatal("LDAP: No uris or hosts set");
0e8f0647504b Check that uris and hosts settings are correct.
Timo Sirainen <tss@iki.fi>
parents: 3913
diff changeset
695 #ifndef LDAP_HAVE_INITIALIZE
4180
92b572fbb88a If LDAP library didn't have ldap_initialize() function, we always complained
Timo Sirainen <tss@iki.fi>
parents: 4006
diff changeset
696 if (conn->set.uris != NULL) {
4006
0e8f0647504b Check that uris and hosts settings are correct.
Timo Sirainen <tss@iki.fi>
parents: 3913
diff changeset
697 i_fatal("LDAP: Dovecot compiled without support for LDAP uris "
0e8f0647504b Check that uris and hosts settings are correct.
Timo Sirainen <tss@iki.fi>
parents: 3913
diff changeset
698 "(ldap_initialize not found)");
0e8f0647504b Check that uris and hosts settings are correct.
Timo Sirainen <tss@iki.fi>
parents: 3913
diff changeset
699 }
0e8f0647504b Check that uris and hosts settings are correct.
Timo Sirainen <tss@iki.fi>
parents: 3913
diff changeset
700 #endif
0e8f0647504b Check that uris and hosts settings are correct.
Timo Sirainen <tss@iki.fi>
parents: 3913
diff changeset
701
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
702 conn->set.ldap_deref = deref2str(conn->set.deref);
3502
5e78500f1aee user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents: 3474
diff changeset
703 conn->set.ldap_scope = scope2str(conn->set.scope);
5e78500f1aee user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents: 3474
diff changeset
704
5e78500f1aee user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents: 3474
diff changeset
705 if (*conn->set.user_global_uid == '\0')
5e78500f1aee user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents: 3474
diff changeset
706 conn->set.uid = (uid_t)-1;
5e78500f1aee user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents: 3474
diff changeset
707 else {
5e78500f1aee user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents: 3474
diff changeset
708 conn->set.uid =
5e78500f1aee user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents: 3474
diff changeset
709 userdb_parse_uid(NULL, conn->set.user_global_uid);
5e78500f1aee user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents: 3474
diff changeset
710 if (conn->set.uid == (uid_t)-1) {
5e78500f1aee user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents: 3474
diff changeset
711 i_fatal("LDAP: Invalid user_global_uid: %s",
5e78500f1aee user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents: 3474
diff changeset
712 conn->set.user_global_uid);
5e78500f1aee user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents: 3474
diff changeset
713 }
5e78500f1aee user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents: 3474
diff changeset
714 }
5e78500f1aee user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents: 3474
diff changeset
715
5e78500f1aee user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents: 3474
diff changeset
716 if (*conn->set.user_global_gid == '\0')
5e78500f1aee user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents: 3474
diff changeset
717 conn->set.gid = (gid_t)-1;
5e78500f1aee user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents: 3474
diff changeset
718 else {
5e78500f1aee user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents: 3474
diff changeset
719 conn->set.gid =
5e78500f1aee user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents: 3474
diff changeset
720 userdb_parse_gid(NULL, conn->set.user_global_gid);
5e78500f1aee user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents: 3474
diff changeset
721 if (conn->set.gid == (gid_t)-1) {
5e78500f1aee user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents: 3474
diff changeset
722 i_fatal("LDAP: Invalid user_global_gid: %s",
5e78500f1aee user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents: 3474
diff changeset
723 conn->set.user_global_gid);
5e78500f1aee user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents: 3474
diff changeset
724 }
5e78500f1aee user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents: 3474
diff changeset
725 }
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
726
1143
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents: 1141
diff changeset
727 conn->next = ldap_connections;
50f10a7a3bad Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents: 1141
diff changeset
728 ldap_connections = conn;
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
729 return conn;
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
730 }
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
731
3879
928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents: 3863
diff changeset
732 void db_ldap_unref(struct ldap_connection **_conn)
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
733 {
3879
928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents: 3863
diff changeset
734 struct ldap_connection *conn = *_conn;
3657
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3502
diff changeset
735 struct ldap_connection **p;
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3502
diff changeset
736
3879
928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents: 3863
diff changeset
737 *_conn = NULL;
3657
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3502
diff changeset
738 i_assert(conn->refcount >= 0);
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
739 if (--conn->refcount > 0)
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
740 return;
3657
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3502
diff changeset
741
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3502
diff changeset
742 for (p = &ldap_connections; *p != NULL; p = &(*p)->next) {
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3502
diff changeset
743 if (*p == conn) {
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3502
diff changeset
744 *p = conn->next;
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3502
diff changeset
745 break;
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3502
diff changeset
746 }
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3502
diff changeset
747 }
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
748
3731
0a7beabfe332 If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
749 ldap_conn_close(conn, TRUE);
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
750
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
751 hash_destroy(conn->requests);
3306
aebed9a9edac If both userdb and passdb used LDAP the later one was overriding first one's
Timo Sirainen <tss@iki.fi>
parents: 3212
diff changeset
752 if (conn->pass_attr_map != NULL)
aebed9a9edac If both userdb and passdb used LDAP the later one was overriding first one's
Timo Sirainen <tss@iki.fi>
parents: 3212
diff changeset
753 hash_destroy(conn->pass_attr_map);
aebed9a9edac If both userdb and passdb used LDAP the later one was overriding first one's
Timo Sirainen <tss@iki.fi>
parents: 3212
diff changeset
754 if (conn->user_attr_map != NULL)
aebed9a9edac If both userdb and passdb used LDAP the later one was overriding first one's
Timo Sirainen <tss@iki.fi>
parents: 3212
diff changeset
755 hash_destroy(conn->user_attr_map);
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
756 pool_unref(conn->pool);
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
757 }
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
758
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
759 #endif