Mercurial > dovecot > original-hg > dovecot-1.2
annotate src/auth/db-ldap.c @ 3879:928229f8b3e6 HEAD
deinit, unref, destroy, close, free, etc. functions now take a pointer to
their data pointer, and set it to NULL. This makes double-frees less likely
to cause security holes.
| author | Timo Sirainen <tss@iki.fi> |
|---|---|
| date | Sat, 14 Jan 2006 20:47:20 +0200 |
| parents | 55df57c028d4 |
| children | afe21b6d4b68 |
| rev | line source |
|---|---|
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1 /* Copyright (C) 2003 Timo Sirainen */ |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
2 |
|
3474
9096b7957413
Removed direct config.h including. I'm not sure why it was done before,
Timo Sirainen <tss@iki.fi>
parents:
3306
diff
changeset
|
3 #include "common.h" |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
4 |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
5 #if defined(PASSDB_LDAP) || defined(USERDB_LDAP) |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
6 |
|
1075
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1062
diff
changeset
|
7 #include "network.h" |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
8 #include "ioloop.h" |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
9 #include "hash.h" |
|
1189
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
10 #include "str.h" |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
11 #include "settings.h" |
|
3502
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
12 #include "userdb.h" |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
13 #include "db-ldap.h" |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
14 |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
15 #include <stddef.h> |
|
1610
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1330
diff
changeset
|
16 #include <stdlib.h> |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
17 |
|
1181
ac7dbb236b59
Rather than block for two seconds, we can just call ldap_result() again if
Timo Sirainen <tss@iki.fi>
parents:
1143
diff
changeset
|
18 /* Older versions may require calling ldap_result() twice */ |
|
ac7dbb236b59
Rather than block for two seconds, we can just call ldap_result() again if
Timo Sirainen <tss@iki.fi>
parents:
1143
diff
changeset
|
19 #if LDAP_VENDOR_VERSION <= 20112 |
|
1086
067130d609b7
Define OPENLDAP_ASYNC_WORKAROUND
Timo Sirainen <tss@iki.fi>
parents:
1075
diff
changeset
|
20 # define OPENLDAP_ASYNC_WORKAROUND |
|
067130d609b7
Define OPENLDAP_ASYNC_WORKAROUND
Timo Sirainen <tss@iki.fi>
parents:
1075
diff
changeset
|
21 #endif |
|
067130d609b7
Define OPENLDAP_ASYNC_WORKAROUND
Timo Sirainen <tss@iki.fi>
parents:
1075
diff
changeset
|
22 |
|
2325
7613e0f68513
Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents:
1910
diff
changeset
|
23 /* Solaris LDAP library doesn't have LDAP_OPT_SUCCESS */ |
|
7613e0f68513
Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents:
1910
diff
changeset
|
24 #ifndef LDAP_OPT_SUCCESS |
|
7613e0f68513
Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents:
1910
diff
changeset
|
25 # define LDAP_OPT_SUCCESS LDAP_SUCCESS |
|
7613e0f68513
Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents:
1910
diff
changeset
|
26 #endif |
|
7613e0f68513
Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents:
1910
diff
changeset
|
27 |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
28 #define DEF(type, name) \ |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
29 { type, #name, offsetof(struct ldap_settings, name) } |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
30 |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
31 static struct setting_def setting_defs[] = { |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
32 DEF(SET_STR, hosts), |
| 1910 | 33 DEF(SET_STR, uris), |
|
1075
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1062
diff
changeset
|
34 DEF(SET_STR, dn), |
|
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1062
diff
changeset
|
35 DEF(SET_STR, dnpass), |
|
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
36 DEF(SET_BOOL, auth_bind), |
|
3840
935f12d0d2fe
Added fast authbinding and auth_bind_userdn setting. Patch by Geff
Timo Sirainen <tss@iki.fi>
parents:
3771
diff
changeset
|
37 DEF(SET_STR, auth_bind_userdn), |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
38 DEF(SET_STR, deref), |
|
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
39 DEF(SET_STR, scope), |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
40 DEF(SET_STR, base), |
| 1282 | 41 DEF(SET_INT, ldap_version), |
|
1136
ad6343bd4479
Separate user and pass attrs/filters in config file
Timo Sirainen <tss@iki.fi>
parents:
1135
diff
changeset
|
42 DEF(SET_STR, user_attrs), |
|
ad6343bd4479
Separate user and pass attrs/filters in config file
Timo Sirainen <tss@iki.fi>
parents:
1135
diff
changeset
|
43 DEF(SET_STR, user_filter), |
|
ad6343bd4479
Separate user and pass attrs/filters in config file
Timo Sirainen <tss@iki.fi>
parents:
1135
diff
changeset
|
44 DEF(SET_STR, pass_attrs), |
|
1141
873634a5b472
Added user_global_uid and user_global_gid LDAP settings.
Timo Sirainen <tss@iki.fi>
parents:
1136
diff
changeset
|
45 DEF(SET_STR, pass_filter), |
|
1191
65e48854491d
Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents:
1189
diff
changeset
|
46 DEF(SET_STR, default_pass_scheme), |
|
3502
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
47 DEF(SET_STR, user_global_uid), |
|
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
48 DEF(SET_STR, user_global_gid) |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
49 }; |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
50 |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
51 struct ldap_settings default_ldap_settings = { |
| 1910 | 52 MEMBER(hosts) NULL, |
| 53 MEMBER(uris) NULL, | |
|
1075
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1062
diff
changeset
|
54 MEMBER(dn) NULL, |
|
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1062
diff
changeset
|
55 MEMBER(dnpass) NULL, |
|
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
56 MEMBER(auth_bind) FALSE, |
|
3840
935f12d0d2fe
Added fast authbinding and auth_bind_userdn setting. Patch by Geff
Timo Sirainen <tss@iki.fi>
parents:
3771
diff
changeset
|
57 MEMBER(auth_bind_userdn) NULL, |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
58 MEMBER(deref) "never", |
|
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
59 MEMBER(scope) "subtree", |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
60 MEMBER(base) NULL, |
| 1282 | 61 MEMBER(ldap_version) 2, |
|
3094
d78e9a31b6d8
Move default filters/attrs to setting defaults rather than check it from
Timo Sirainen <tss@iki.fi>
parents:
2994
diff
changeset
|
62 MEMBER(user_attrs) "uid,homeDirectory,,,uidNumber,gidNumber", |
|
d78e9a31b6d8
Move default filters/attrs to setting defaults rather than check it from
Timo Sirainen <tss@iki.fi>
parents:
2994
diff
changeset
|
63 MEMBER(user_filter) "(&(objectClass=posixAccount)(uid=%u))", |
|
d78e9a31b6d8
Move default filters/attrs to setting defaults rather than check it from
Timo Sirainen <tss@iki.fi>
parents:
2994
diff
changeset
|
64 MEMBER(pass_attrs) "uid,userPassword", |
|
d78e9a31b6d8
Move default filters/attrs to setting defaults rather than check it from
Timo Sirainen <tss@iki.fi>
parents:
2994
diff
changeset
|
65 MEMBER(pass_filter) "(&(objectClass=posixAccount)(uid=%u))", |
|
1191
65e48854491d
Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents:
1189
diff
changeset
|
66 MEMBER(default_pass_scheme) "crypt", |
|
3502
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
67 MEMBER(user_global_uid) "", |
|
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
68 MEMBER(user_global_gid) "" |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
69 }; |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
70 |
|
1143
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
71 static struct ldap_connection *ldap_connections = NULL; |
|
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
72 |
|
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3840
diff
changeset
|
73 static void ldap_conn_close(struct ldap_connection *conn, bool flush_requests); |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
74 |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
75 static int deref2str(const char *str) |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
76 { |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
77 if (strcasecmp(str, "never") == 0) |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
78 return LDAP_DEREF_NEVER; |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
79 if (strcasecmp(str, "searching") == 0) |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
80 return LDAP_DEREF_SEARCHING; |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
81 if (strcasecmp(str, "finding") == 0) |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
82 return LDAP_DEREF_FINDING; |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
83 if (strcasecmp(str, "always") == 0) |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
84 return LDAP_DEREF_ALWAYS; |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
85 |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
86 i_fatal("LDAP: Unknown deref option '%s'", str); |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
87 } |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
88 |
|
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
89 static int scope2str(const char *str) |
|
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
90 { |
|
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
91 if (strcasecmp(str, "base") == 0) |
|
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
92 return LDAP_SCOPE_BASE; |
|
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
93 if (strcasecmp(str, "onelevel") == 0) |
|
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
94 return LDAP_SCOPE_ONELEVEL; |
|
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
95 if (strcasecmp(str, "subtree") == 0) |
|
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
96 return LDAP_SCOPE_SUBTREE; |
|
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
97 |
|
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
98 i_fatal("LDAP: Unknown scope option '%s'", str); |
|
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
99 } |
|
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
100 |
| 1210 | 101 const char *ldap_get_error(struct ldap_connection *conn) |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
102 { |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
103 int ret, err; |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
104 |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
105 ret = ldap_get_option(conn->ld, LDAP_OPT_ERROR_NUMBER, (void *) &err); |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
106 if (ret != LDAP_SUCCESS) { |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
107 i_error("LDAP: Can't get error number: %s", |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
108 ldap_err2string(ret)); |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
109 return "??"; |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
110 } |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
111 |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
112 return ldap_err2string(err); |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
113 } |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
114 |
|
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
115 void db_ldap_search(struct ldap_connection *conn, struct ldap_request *request, |
|
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
116 int scope) |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
117 { |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
118 int msgid; |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
119 |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
120 if (!conn->connected) { |
|
2648
cc2e39912eb3
Added preinit() call to userdb/passdbs, which is called before dropping
Timo Sirainen <tss@iki.fi>
parents:
2325
diff
changeset
|
121 if (!db_ldap_connect(conn)) { |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
122 request->callback(conn, request, NULL); |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
123 return; |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
124 } |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
125 } |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
126 |
|
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
127 msgid = ldap_search(conn->ld, request->base, scope, |
|
3731
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
128 request->filter, request->attributes, 0); |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
129 if (msgid == -1) { |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
130 i_error("LDAP: ldap_search() failed (filter %s): %s", |
|
3731
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
131 request->filter, ldap_get_error(conn)); |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
132 request->callback(conn, request, NULL); |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
133 return; |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
134 } |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
135 |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
136 hash_insert(conn->requests, POINTER_CAST(msgid), request); |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
137 } |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
138 |
|
3731
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
139 static void ldap_conn_retry_requests(struct ldap_connection *conn) |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
140 { |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
141 struct hash_table *old_requests; |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
142 struct hash_iterate_context *iter; |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
143 void *key, *value; |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
144 |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
145 i_assert(conn->connected); |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
146 |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
147 if (hash_size(conn->requests) == 0) |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
148 return; |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
149 |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
150 old_requests = conn->requests; |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
151 conn->requests = hash_create(default_pool, conn->pool, 0, NULL, NULL); |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
152 |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
153 iter = hash_iterate_init(old_requests); |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
154 while (hash_iterate(iter, &key, &value)) { |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
155 struct ldap_request *request = value; |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
156 |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
157 i_assert(conn->connected); |
|
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
158 db_ldap_search(conn, request, conn->set.ldap_scope); |
|
3731
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
159 } |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
160 hash_iterate_deinit(iter); |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
161 hash_destroy(old_requests); |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
162 } |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
163 |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
164 static void ldap_conn_reconnect(struct ldap_connection *conn) |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
165 { |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
166 ldap_conn_close(conn, FALSE); |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
167 |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
168 if (!db_ldap_connect(conn)) { |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
169 /* failed to reconnect. fail all requests. */ |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
170 ldap_conn_close(conn, TRUE); |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
171 } |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
172 } |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
173 |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
174 static void ldap_input(void *context) |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
175 { |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
176 struct ldap_connection *conn = context; |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
177 struct ldap_request *request; |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
178 struct timeval timeout; |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
179 LDAPMessage *res; |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
180 int ret, msgid; |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
181 |
| 1210 | 182 while (conn->ld != NULL) { |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
183 memset(&timeout, 0, sizeof(timeout)); |
|
1181
ac7dbb236b59
Rather than block for two seconds, we can just call ldap_result() again if
Timo Sirainen <tss@iki.fi>
parents:
1143
diff
changeset
|
184 ret = ldap_result(conn->ld, LDAP_RES_ANY, 1, &timeout, &res); |
|
1075
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1062
diff
changeset
|
185 #ifdef OPENLDAP_ASYNC_WORKAROUND |
|
1181
ac7dbb236b59
Rather than block for two seconds, we can just call ldap_result() again if
Timo Sirainen <tss@iki.fi>
parents:
1143
diff
changeset
|
186 if (ret == 0) { |
|
ac7dbb236b59
Rather than block for two seconds, we can just call ldap_result() again if
Timo Sirainen <tss@iki.fi>
parents:
1143
diff
changeset
|
187 /* try again, there may be another in buffer */ |
|
ac7dbb236b59
Rather than block for two seconds, we can just call ldap_result() again if
Timo Sirainen <tss@iki.fi>
parents:
1143
diff
changeset
|
188 ret = ldap_result(conn->ld, LDAP_RES_ANY, 1, |
|
ac7dbb236b59
Rather than block for two seconds, we can just call ldap_result() again if
Timo Sirainen <tss@iki.fi>
parents:
1143
diff
changeset
|
189 &timeout, &res); |
|
ac7dbb236b59
Rather than block for two seconds, we can just call ldap_result() again if
Timo Sirainen <tss@iki.fi>
parents:
1143
diff
changeset
|
190 } |
|
1075
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1062
diff
changeset
|
191 #endif |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
192 if (ret <= 0) { |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
193 if (ret < 0) { |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
194 i_error("LDAP: ldap_result() failed: %s", |
| 1210 | 195 ldap_get_error(conn)); |
|
3731
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
196 ldap_conn_reconnect(conn); |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
197 } |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
198 return; |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
199 } |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
200 |
| 1210 | 201 msgid = ldap_msgid(res); |
| 202 request = hash_lookup(conn->requests, POINTER_CAST(msgid)); | |
| 203 if (request == NULL) { | |
| 204 i_error("LDAP: Reply with unknown msgid %d", | |
| 205 msgid); | |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
206 } else { |
| 1210 | 207 hash_remove(conn->requests, POINTER_CAST(msgid)); |
| 208 request->callback(conn, request, res); | |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
209 } |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
210 |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
211 ldap_msgfree(res); |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
212 } |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
213 } |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
214 |
|
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3840
diff
changeset
|
215 bool db_ldap_connect(struct ldap_connection *conn) |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
216 { |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
217 int ret, fd; |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
218 |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
219 if (conn->connected) |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
220 return TRUE; |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
221 |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
222 if (conn->ld == NULL) { |
| 1910 | 223 if (conn->set.uris != NULL) { |
|
2325
7613e0f68513
Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents:
1910
diff
changeset
|
224 #ifdef LDAP_HAVE_INITIALIZE |
| 1910 | 225 if (ldap_initialize(&conn->ld, conn->set.uris) != LDAP_SUCCESS) |
| 226 conn->ld = NULL; | |
|
2325
7613e0f68513
Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents:
1910
diff
changeset
|
227 #else |
|
7613e0f68513
Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents:
1910
diff
changeset
|
228 i_fatal("LDAP: Your LDAP library doesn't support " |
|
7613e0f68513
Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents:
1910
diff
changeset
|
229 "'uris' setting, use 'hosts' instead."); |
|
7613e0f68513
Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents:
1910
diff
changeset
|
230 #endif |
| 1910 | 231 } else |
| 232 conn->ld = ldap_init(conn->set.hosts, LDAP_PORT); | |
| 233 | |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
234 if (conn->ld == NULL) |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
235 i_fatal("LDAP: ldap_init() failed with hosts: %s", |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
236 conn->set.hosts); |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
237 |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
238 ret = ldap_set_option(conn->ld, LDAP_OPT_DEREF, |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
239 (void *) &conn->set.ldap_deref); |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
240 if (ret != LDAP_SUCCESS) { |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
241 i_fatal("LDAP: Can't set deref option: %s", |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
242 ldap_err2string(ret)); |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
243 } |
| 1282 | 244 |
| 245 ret = ldap_set_option(conn->ld, LDAP_OPT_PROTOCOL_VERSION, | |
| 246 (void *) &conn->set.ldap_version); | |
| 247 if (ret != LDAP_OPT_SUCCESS) { | |
| 248 i_fatal("LDAP: Can't set protocol version %u: %s", | |
| 249 conn->set.ldap_version, ldap_err2string(ret)); | |
| 250 } | |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
251 } |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
252 |
|
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
253 /* FIXME: we shouldn't use blocking bind */ |
|
1075
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1062
diff
changeset
|
254 ret = ldap_simple_bind_s(conn->ld, conn->set.dn, conn->set.dnpass); |
| 1210 | 255 if (ret == LDAP_SERVER_DOWN) { |
| 256 i_error("LDAP: Can't connect to server: %s", conn->set.hosts); | |
| 257 return FALSE; | |
| 258 } | |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
259 if (ret != LDAP_SUCCESS) { |
| 1210 | 260 i_error("LDAP: ldap_simple_bind_s() failed (dn %s): %s", |
| 261 conn->set.dn == NULL ? "(none)" : conn->set.dn, | |
| 262 ldap_get_error(conn)); | |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
263 return FALSE; |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
264 } |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
265 |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
266 conn->connected = TRUE; |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
267 |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
268 /* register LDAP input to ioloop */ |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
269 ret = ldap_get_option(conn->ld, LDAP_OPT_DESC, (void *) &fd); |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
270 if (ret != LDAP_SUCCESS) { |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
271 i_fatal("LDAP: Can't get connection fd: %s", |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
272 ldap_err2string(ret)); |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
273 } |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
274 |
|
1075
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1062
diff
changeset
|
275 net_set_nonblock(fd, TRUE); |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
276 conn->io = io_add(fd, IO_READ, ldap_input, conn); |
|
3731
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
277 |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
278 /* in case there are requests waiting, retry them */ |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
279 ldap_conn_retry_requests(conn); |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
280 return TRUE; |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
281 } |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
282 |
|
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3840
diff
changeset
|
283 static void ldap_conn_close(struct ldap_connection *conn, bool flush_requests) |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
284 { |
|
1897
1e6ed8045f2b
Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents:
1709
diff
changeset
|
285 struct hash_iterate_context *iter; |
|
1e6ed8045f2b
Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents:
1709
diff
changeset
|
286 void *key, *value; |
|
1e6ed8045f2b
Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents:
1709
diff
changeset
|
287 |
|
3731
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
288 if (flush_requests) { |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
289 iter = hash_iterate_init(conn->requests); |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
290 while (hash_iterate(iter, &key, &value)) { |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
291 struct ldap_request *request = value; |
|
1897
1e6ed8045f2b
Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents:
1709
diff
changeset
|
292 |
|
3731
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
293 request->callback(conn, request, NULL); |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
294 } |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
295 hash_iterate_deinit(iter); |
|
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
296 hash_clear(conn->requests, FALSE); |
|
1897
1e6ed8045f2b
Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents:
1709
diff
changeset
|
297 } |
| 1210 | 298 |
| 299 conn->connected = FALSE; | |
| 300 | |
|
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
301 if (conn->io != NULL) |
|
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
302 io_remove(&conn->io); |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
303 |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
304 if (conn->ld != NULL) { |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
305 ldap_unbind(conn->ld); |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
306 conn->ld = NULL; |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
307 } |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
308 } |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
309 |
|
3158
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
310 void db_ldap_set_attrs(struct ldap_connection *conn, const char *attrlist, |
|
3306
aebed9a9edac
If both userdb and passdb used LDAP the later one was overriding first one's
Timo Sirainen <tss@iki.fi>
parents:
3212
diff
changeset
|
311 char ***attr_names_r, struct hash_table *attr_map, |
|
3158
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
312 const char *const default_attr_map[]) |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
313 { |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
314 const char *const *attr; |
|
3158
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
315 char *name, *value, *p; |
|
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
316 unsigned int i, size; |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
317 |
|
3158
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
318 if (*attrlist == '\0') |
|
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
319 return; |
|
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
320 |
|
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
321 t_push(); |
|
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
322 attr = t_strsplit(attrlist, ","); |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
323 |
| 3212 | 324 /* @UNSAFE */ |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
325 for (size = 0; attr[size] != NULL; size++) ; |
|
3306
aebed9a9edac
If both userdb and passdb used LDAP the later one was overriding first one's
Timo Sirainen <tss@iki.fi>
parents:
3212
diff
changeset
|
326 *attr_names_r = p_new(conn->pool, char *, size + 1); |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
327 |
|
3158
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
328 for (i = 0; i < size; i++) { |
|
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
329 p = strchr(attr[i], '='); |
|
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
330 if (p == NULL) { |
|
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
331 name = p_strdup(conn->pool, attr[i]); |
|
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
332 value = *default_attr_map == NULL ? name : |
|
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
333 p_strdup(conn->pool, *default_attr_map); |
|
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
334 } else { |
|
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
335 name = p_strdup_until(conn->pool, attr[i], p); |
|
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
336 value = p_strdup(conn->pool, p + 1); |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
337 } |
|
3158
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
338 |
|
3306
aebed9a9edac
If both userdb and passdb used LDAP the later one was overriding first one's
Timo Sirainen <tss@iki.fi>
parents:
3212
diff
changeset
|
339 (*attr_names_r)[i] = name; |
|
3158
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
340 if (*name != '\0') |
|
3306
aebed9a9edac
If both userdb and passdb used LDAP the later one was overriding first one's
Timo Sirainen <tss@iki.fi>
parents:
3212
diff
changeset
|
341 hash_insert(attr_map, name, value); |
|
3158
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
342 |
|
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
343 if (*default_attr_map != NULL) |
|
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
344 default_attr_map++; |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
345 } |
|
3158
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
346 t_pop(); |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
347 } |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
348 |
|
1330
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
349 #define IS_LDAP_ESCAPED_CHAR(c) \ |
|
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
350 ((c) == '*' || (c) == '(' || (c) == ')' || (c) == '\\') |
|
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
351 |
|
1189
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
352 const char *ldap_escape(const char *str) |
|
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
353 { |
|
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
354 const char *p; |
|
1330
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
355 string_t *ret; |
|
1189
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
356 |
|
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
357 for (p = str; *p != '\0'; p++) { |
|
1330
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
358 if (IS_LDAP_ESCAPED_CHAR(*p)) |
|
1189
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
359 break; |
|
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
360 } |
|
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
361 |
|
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
362 if (*p == '\0') |
|
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
363 return str; |
|
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
364 |
|
1330
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
365 ret = t_str_new((size_t) (p - str) + 64); |
|
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
366 str_append_n(ret, str, (size_t) (p - str)); |
|
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
367 |
|
1189
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
368 for (; *p != '\0'; p++) { |
|
1330
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
369 if (IS_LDAP_ESCAPED_CHAR(*p)) |
|
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
370 str_append_c(ret, '\\'); |
|
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
371 str_append_c(ret, *p); |
|
1189
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
372 } |
|
1330
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
373 return str_c(ret); |
|
1189
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
374 } |
|
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
375 |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
376 static const char *parse_setting(const char *key, const char *value, |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
377 void *context) |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
378 { |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
379 struct ldap_connection *conn = context; |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
380 |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
381 return parse_setting_from_defs(conn->pool, setting_defs, |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
382 &conn->set, key, value); |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
383 } |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
384 |
|
1143
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
385 static struct ldap_connection *ldap_conn_find(const char *config_path) |
|
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
386 { |
|
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
387 struct ldap_connection *conn; |
|
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
388 |
|
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
389 for (conn = ldap_connections; conn != NULL; conn = conn->next) { |
|
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
390 if (strcmp(conn->config_path, config_path) == 0) |
|
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
391 return conn; |
|
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
392 } |
|
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
393 |
|
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
394 return NULL; |
|
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
395 } |
|
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
396 |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
397 struct ldap_connection *db_ldap_init(const char *config_path) |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
398 { |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
399 struct ldap_connection *conn; |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
400 pool_t pool; |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
401 |
|
1143
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
402 /* see if it already exists */ |
|
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
403 conn = ldap_conn_find(config_path); |
|
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
404 if (conn != NULL) { |
|
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
405 conn->refcount++; |
|
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
406 return conn; |
|
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
407 } |
|
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
408 |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
409 pool = pool_alloconly_create("ldap_connection", 1024); |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
410 conn = p_new(pool, struct ldap_connection, 1); |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
411 conn->pool = pool; |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
412 |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
413 conn->refcount = 1; |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
414 conn->requests = hash_create(default_pool, pool, 0, NULL, NULL); |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
415 |
|
1143
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
416 conn->config_path = p_strdup(pool, config_path); |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
417 conn->set = default_ldap_settings; |
|
1610
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1330
diff
changeset
|
418 if (!settings_read(config_path, NULL, parse_setting, NULL, conn)) |
|
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1330
diff
changeset
|
419 exit(FATAL_DEFAULT); |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
420 |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
421 if (conn->set.base == NULL) |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
422 i_fatal("LDAP: No base given"); |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
423 |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
424 conn->set.ldap_deref = deref2str(conn->set.deref); |
|
3502
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
425 conn->set.ldap_scope = scope2str(conn->set.scope); |
|
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
426 |
|
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
427 if (*conn->set.user_global_uid == '\0') |
|
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
428 conn->set.uid = (uid_t)-1; |
|
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
429 else { |
|
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
430 conn->set.uid = |
|
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
431 userdb_parse_uid(NULL, conn->set.user_global_uid); |
|
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
432 if (conn->set.uid == (uid_t)-1) { |
|
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
433 i_fatal("LDAP: Invalid user_global_uid: %s", |
|
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
434 conn->set.user_global_uid); |
|
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
435 } |
|
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
436 } |
|
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
437 |
|
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
438 if (*conn->set.user_global_gid == '\0') |
|
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
439 conn->set.gid = (gid_t)-1; |
|
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
440 else { |
|
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
441 conn->set.gid = |
|
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
442 userdb_parse_gid(NULL, conn->set.user_global_gid); |
|
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
443 if (conn->set.gid == (gid_t)-1) { |
|
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
444 i_fatal("LDAP: Invalid user_global_gid: %s", |
|
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
445 conn->set.user_global_gid); |
|
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
446 } |
|
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
447 } |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
448 |
|
1143
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
449 conn->next = ldap_connections; |
|
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
450 ldap_connections = conn; |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
451 return conn; |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
452 } |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
453 |
|
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
454 void db_ldap_unref(struct ldap_connection **_conn) |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
455 { |
|
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
456 struct ldap_connection *conn = *_conn; |
|
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3502
diff
changeset
|
457 struct ldap_connection **p; |
|
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3502
diff
changeset
|
458 |
|
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
459 *_conn = NULL; |
|
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3502
diff
changeset
|
460 i_assert(conn->refcount >= 0); |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
461 if (--conn->refcount > 0) |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
462 return; |
|
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3502
diff
changeset
|
463 |
|
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3502
diff
changeset
|
464 for (p = &ldap_connections; *p != NULL; p = &(*p)->next) { |
|
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3502
diff
changeset
|
465 if (*p == conn) { |
|
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3502
diff
changeset
|
466 *p = conn->next; |
|
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3502
diff
changeset
|
467 break; |
|
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3502
diff
changeset
|
468 } |
|
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3502
diff
changeset
|
469 } |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
470 |
|
3731
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
471 ldap_conn_close(conn, TRUE); |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
472 |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
473 hash_destroy(conn->requests); |
|
3306
aebed9a9edac
If both userdb and passdb used LDAP the later one was overriding first one's
Timo Sirainen <tss@iki.fi>
parents:
3212
diff
changeset
|
474 if (conn->pass_attr_map != NULL) |
|
aebed9a9edac
If both userdb and passdb used LDAP the later one was overriding first one's
Timo Sirainen <tss@iki.fi>
parents:
3212
diff
changeset
|
475 hash_destroy(conn->pass_attr_map); |
|
aebed9a9edac
If both userdb and passdb used LDAP the later one was overriding first one's
Timo Sirainen <tss@iki.fi>
parents:
3212
diff
changeset
|
476 if (conn->user_attr_map != NULL) |
|
aebed9a9edac
If both userdb and passdb used LDAP the later one was overriding first one's
Timo Sirainen <tss@iki.fi>
parents:
3212
diff
changeset
|
477 hash_destroy(conn->user_attr_map); |
|
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
478 pool_unref(conn->pool); |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
479 } |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
480 |
|
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
481 #endif |