Mercurial > dovecot > original-hg > dovecot-1.2
annotate src/auth/db-ldap.c @ 9008:fc4f65a4ca60 HEAD
virtual: Don't show mailboxes as \Noselect.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Fri, 01 May 2009 14:56:52 -0400 |
parents | 0d3b712342d9 |
children | 4323944abc43 |
rev | line source |
---|---|
8590
b9faf4db2a9f
Updated copyright notices to include year 2009.
Timo Sirainen <tss@iki.fi>
parents:
8573
diff
changeset
|
1 /* Copyright (c) 2003-2009 Dovecot authors, see the included COPYING file */ |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
2 |
3474
9096b7957413
Removed direct config.h including. I'm not sure why it was done before,
Timo Sirainen <tss@iki.fi>
parents:
3306
diff
changeset
|
3 #include "common.h" |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
4 |
8872
643a96aec996
Fixed --with-ldap=plugin and --with-gssapi=plugin
Timo Sirainen <tss@iki.fi>
parents:
8705
diff
changeset
|
5 #if defined(BUILTIN_LDAP) || defined(PLUGIN_BUILD) |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
6 |
1075
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1062
diff
changeset
|
7 #include "network.h" |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
8 #include "ioloop.h" |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
9 #include "array.h" |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
10 #include "hash.h" |
7079
d45c3058b91a
Renamed queue to aqueue ("array queue") because struct queue already exists
Timo Sirainen <tss@iki.fi>
parents:
7062
diff
changeset
|
11 #include "aqueue.h" |
1189
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
12 #include "str.h" |
7397 | 13 #include "env-util.h" |
5884
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
14 #include "var-expand.h" |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
15 #include "settings.h" |
3502
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
16 #include "userdb.h" |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
17 #include "db-ldap.h" |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
18 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
19 #include <stddef.h> |
1610
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1330
diff
changeset
|
20 #include <stdlib.h> |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
21 |
4426
b8089cf41c96
Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents:
4415
diff
changeset
|
22 #define HAVE_LDAP_SASL |
4427
ffafc8583e06
Prefer sasl/sasl.h. Require SASL v2, otherwise disable it.
Timo Sirainen <tss@iki.fi>
parents:
4426
diff
changeset
|
23 #ifdef HAVE_SASL_SASL_H |
ffafc8583e06
Prefer sasl/sasl.h. Require SASL v2, otherwise disable it.
Timo Sirainen <tss@iki.fi>
parents:
4426
diff
changeset
|
24 # include <sasl/sasl.h> |
ffafc8583e06
Prefer sasl/sasl.h. Require SASL v2, otherwise disable it.
Timo Sirainen <tss@iki.fi>
parents:
4426
diff
changeset
|
25 #elif defined (HAVE_SASL_H) |
4426
b8089cf41c96
Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents:
4415
diff
changeset
|
26 # include <sasl.h> |
b8089cf41c96
Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents:
4415
diff
changeset
|
27 #else |
b8089cf41c96
Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents:
4415
diff
changeset
|
28 # undef HAVE_LDAP_SASL |
b8089cf41c96
Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents:
4415
diff
changeset
|
29 #endif |
7191
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
30 #ifdef LDAP_OPT_X_TLS |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
31 # define OPENLDAP_TLS_OPTIONS |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
32 #endif |
4427
ffafc8583e06
Prefer sasl/sasl.h. Require SASL v2, otherwise disable it.
Timo Sirainen <tss@iki.fi>
parents:
4426
diff
changeset
|
33 #if SASL_VERSION_MAJOR < 2 |
ffafc8583e06
Prefer sasl/sasl.h. Require SASL v2, otherwise disable it.
Timo Sirainen <tss@iki.fi>
parents:
4426
diff
changeset
|
34 # undef HAVE_LDAP_SASL |
ffafc8583e06
Prefer sasl/sasl.h. Require SASL v2, otherwise disable it.
Timo Sirainen <tss@iki.fi>
parents:
4426
diff
changeset
|
35 #endif |
4426
b8089cf41c96
Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents:
4415
diff
changeset
|
36 |
4806 | 37 #ifndef LDAP_SASL_QUIET |
38 # define LDAP_SASL_QUIET 0 /* Doesn't exist in Solaris LDAP */ | |
39 #endif | |
40 | |
1181
ac7dbb236b59
Rather than block for two seconds, we can just call ldap_result() again if
Timo Sirainen <tss@iki.fi>
parents:
1143
diff
changeset
|
41 /* Older versions may require calling ldap_result() twice */ |
ac7dbb236b59
Rather than block for two seconds, we can just call ldap_result() again if
Timo Sirainen <tss@iki.fi>
parents:
1143
diff
changeset
|
42 #if LDAP_VENDOR_VERSION <= 20112 |
1086
067130d609b7
Define OPENLDAP_ASYNC_WORKAROUND
Timo Sirainen <tss@iki.fi>
parents:
1075
diff
changeset
|
43 # define OPENLDAP_ASYNC_WORKAROUND |
067130d609b7
Define OPENLDAP_ASYNC_WORKAROUND
Timo Sirainen <tss@iki.fi>
parents:
1075
diff
changeset
|
44 #endif |
067130d609b7
Define OPENLDAP_ASYNC_WORKAROUND
Timo Sirainen <tss@iki.fi>
parents:
1075
diff
changeset
|
45 |
2325
7613e0f68513
Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents:
1910
diff
changeset
|
46 /* Solaris LDAP library doesn't have LDAP_OPT_SUCCESS */ |
7613e0f68513
Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents:
1910
diff
changeset
|
47 #ifndef LDAP_OPT_SUCCESS |
7613e0f68513
Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents:
1910
diff
changeset
|
48 # define LDAP_OPT_SUCCESS LDAP_SUCCESS |
7613e0f68513
Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents:
1910
diff
changeset
|
49 #endif |
7613e0f68513
Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents:
1910
diff
changeset
|
50 |
5884
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
51 struct db_ldap_result_iterate_context { |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
52 struct ldap_connection *conn; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
53 LDAPMessage *entry; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
54 struct auth_request *auth_request; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
55 |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
56 struct hash_table *attr_map; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
57 struct var_expand_table *var_table; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
58 |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
59 char *attr, **vals; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
60 const char *name, *value, *template, *val_1_arr[2]; |
6149
a744ae38a9e1
Having =key=value in pass_attrs or user_attrs allows returning static
Timo Sirainen <tss@iki.fi>
parents:
6148
diff
changeset
|
61 const char *const *static_attrs; |
5884
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
62 BerElement *ber; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
63 |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
64 string_t *var, *debug; |
6144
d779b7220e23
LDAP crashfixes. Based on patch by Katsu Yamamoto.
Timo Sirainen <tss@iki.fi>
parents:
5884
diff
changeset
|
65 unsigned int value_idx; |
5884
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
66 }; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
67 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
68 struct db_ldap_sasl_bind_context { |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
69 const char *authcid; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
70 const char *passwd; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
71 const char *realm; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
72 const char *authzid; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
73 }; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
74 |
5474
331337b735c9
Added type checks to setting defines.
Timo Sirainen <tss@iki.fi>
parents:
5040
diff
changeset
|
75 #define DEF_STR(name) DEF_STRUCT_STR(name, ldap_settings) |
331337b735c9
Added type checks to setting defines.
Timo Sirainen <tss@iki.fi>
parents:
5040
diff
changeset
|
76 #define DEF_INT(name) DEF_STRUCT_INT(name, ldap_settings) |
331337b735c9
Added type checks to setting defines.
Timo Sirainen <tss@iki.fi>
parents:
5040
diff
changeset
|
77 #define DEF_BOOL(name) DEF_STRUCT_BOOL(name, ldap_settings) |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
78 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
79 static struct setting_def setting_defs[] = { |
5474
331337b735c9
Added type checks to setting defines.
Timo Sirainen <tss@iki.fi>
parents:
5040
diff
changeset
|
80 DEF_STR(hosts), |
331337b735c9
Added type checks to setting defines.
Timo Sirainen <tss@iki.fi>
parents:
5040
diff
changeset
|
81 DEF_STR(uris), |
331337b735c9
Added type checks to setting defines.
Timo Sirainen <tss@iki.fi>
parents:
5040
diff
changeset
|
82 DEF_STR(dn), |
331337b735c9
Added type checks to setting defines.
Timo Sirainen <tss@iki.fi>
parents:
5040
diff
changeset
|
83 DEF_STR(dnpass), |
331337b735c9
Added type checks to setting defines.
Timo Sirainen <tss@iki.fi>
parents:
5040
diff
changeset
|
84 DEF_BOOL(auth_bind), |
331337b735c9
Added type checks to setting defines.
Timo Sirainen <tss@iki.fi>
parents:
5040
diff
changeset
|
85 DEF_STR(auth_bind_userdn), |
331337b735c9
Added type checks to setting defines.
Timo Sirainen <tss@iki.fi>
parents:
5040
diff
changeset
|
86 DEF_BOOL(tls), |
331337b735c9
Added type checks to setting defines.
Timo Sirainen <tss@iki.fi>
parents:
5040
diff
changeset
|
87 DEF_BOOL(sasl_bind), |
331337b735c9
Added type checks to setting defines.
Timo Sirainen <tss@iki.fi>
parents:
5040
diff
changeset
|
88 DEF_STR(sasl_mech), |
331337b735c9
Added type checks to setting defines.
Timo Sirainen <tss@iki.fi>
parents:
5040
diff
changeset
|
89 DEF_STR(sasl_realm), |
331337b735c9
Added type checks to setting defines.
Timo Sirainen <tss@iki.fi>
parents:
5040
diff
changeset
|
90 DEF_STR(sasl_authz_id), |
7191
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
91 DEF_STR(tls_ca_cert_file), |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
92 DEF_STR(tls_ca_cert_dir), |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
93 DEF_STR(tls_cert_file), |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
94 DEF_STR(tls_key_file), |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
95 DEF_STR(tls_cipher_suite), |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
96 DEF_STR(tls_require_cert), |
5474
331337b735c9
Added type checks to setting defines.
Timo Sirainen <tss@iki.fi>
parents:
5040
diff
changeset
|
97 DEF_STR(deref), |
331337b735c9
Added type checks to setting defines.
Timo Sirainen <tss@iki.fi>
parents:
5040
diff
changeset
|
98 DEF_STR(scope), |
331337b735c9
Added type checks to setting defines.
Timo Sirainen <tss@iki.fi>
parents:
5040
diff
changeset
|
99 DEF_STR(base), |
331337b735c9
Added type checks to setting defines.
Timo Sirainen <tss@iki.fi>
parents:
5040
diff
changeset
|
100 DEF_INT(ldap_version), |
7396
a61102ad418f
Added debug_level LDAP option to specify OpenLDAP's debug level.
Timo Sirainen <tss@iki.fi>
parents:
7345
diff
changeset
|
101 DEF_STR(debug_level), |
7397 | 102 DEF_STR(ldaprc_path), |
5474
331337b735c9
Added type checks to setting defines.
Timo Sirainen <tss@iki.fi>
parents:
5040
diff
changeset
|
103 DEF_STR(user_attrs), |
331337b735c9
Added type checks to setting defines.
Timo Sirainen <tss@iki.fi>
parents:
5040
diff
changeset
|
104 DEF_STR(user_filter), |
331337b735c9
Added type checks to setting defines.
Timo Sirainen <tss@iki.fi>
parents:
5040
diff
changeset
|
105 DEF_STR(pass_attrs), |
331337b735c9
Added type checks to setting defines.
Timo Sirainen <tss@iki.fi>
parents:
5040
diff
changeset
|
106 DEF_STR(pass_filter), |
331337b735c9
Added type checks to setting defines.
Timo Sirainen <tss@iki.fi>
parents:
5040
diff
changeset
|
107 DEF_STR(default_pass_scheme), |
3913
af15aab60ff1
Settings' default listing wasn't ended properly, which could have caused
Timo Sirainen <tss@iki.fi>
parents:
3908
diff
changeset
|
108 |
af15aab60ff1
Settings' default listing wasn't ended properly, which could have caused
Timo Sirainen <tss@iki.fi>
parents:
3908
diff
changeset
|
109 { 0, NULL, 0 } |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
110 }; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
111 |
8027
62cf70991cf2
extern/static fixes (from a sparse check by Diego Liziero)
Timo Sirainen <tss@iki.fi>
parents:
7465
diff
changeset
|
112 static struct ldap_settings default_ldap_settings = { |
1910 | 113 MEMBER(hosts) NULL, |
114 MEMBER(uris) NULL, | |
1075
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1062
diff
changeset
|
115 MEMBER(dn) NULL, |
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1062
diff
changeset
|
116 MEMBER(dnpass) NULL, |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
117 MEMBER(auth_bind) FALSE, |
3840
935f12d0d2fe
Added fast authbinding and auth_bind_userdn setting. Patch by Geff
Timo Sirainen <tss@iki.fi>
parents:
3771
diff
changeset
|
118 MEMBER(auth_bind_userdn) NULL, |
4415
b91816cd1d16
Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents:
4405
diff
changeset
|
119 MEMBER(tls) FALSE, |
4319
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
120 MEMBER(sasl_bind) FALSE, |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
121 MEMBER(sasl_mech) NULL, |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
122 MEMBER(sasl_realm) NULL, |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
123 MEMBER(sasl_authz_id) NULL, |
7191
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
124 MEMBER(tls_ca_cert_file) NULL, |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
125 MEMBER(tls_ca_cert_dir) NULL, |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
126 MEMBER(tls_cert_file) NULL, |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
127 MEMBER(tls_key_file) NULL, |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
128 MEMBER(tls_cipher_suite) NULL, |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
129 MEMBER(tls_require_cert) NULL, |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
130 MEMBER(deref) "never", |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
131 MEMBER(scope) "subtree", |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
132 MEMBER(base) NULL, |
8704
ffcb2fb59c1d
Changed default ldap_version from 2 to 3. Some servers no longer allow v2.
Timo Sirainen <tss@iki.fi>
parents:
8590
diff
changeset
|
133 MEMBER(ldap_version) 3, |
7396
a61102ad418f
Added debug_level LDAP option to specify OpenLDAP's debug level.
Timo Sirainen <tss@iki.fi>
parents:
7345
diff
changeset
|
134 MEMBER(debug_level) "0", |
7397 | 135 MEMBER(ldaprc_path) "", |
6147
45a12a1bd299
Changed default pass_attrs and user_attrs to use the new format.
Timo Sirainen <tss@iki.fi>
parents:
6144
diff
changeset
|
136 MEMBER(user_attrs) "homeDirectory=home,uidNumber=uid,gidNumber=gid", |
3094
d78e9a31b6d8
Move default filters/attrs to setting defaults rather than check it from
Timo Sirainen <tss@iki.fi>
parents:
2994
diff
changeset
|
137 MEMBER(user_filter) "(&(objectClass=posixAccount)(uid=%u))", |
6147
45a12a1bd299
Changed default pass_attrs and user_attrs to use the new format.
Timo Sirainen <tss@iki.fi>
parents:
6144
diff
changeset
|
138 MEMBER(pass_attrs) "uid=user,userPassword=password", |
3094
d78e9a31b6d8
Move default filters/attrs to setting defaults rather than check it from
Timo Sirainen <tss@iki.fi>
parents:
2994
diff
changeset
|
139 MEMBER(pass_filter) "(&(objectClass=posixAccount)(uid=%u))", |
5872
93bd157917ca
Changed userdb callback API. Don't require uid/gid to be returned by userdb.
Timo Sirainen <tss@iki.fi>
parents:
5554
diff
changeset
|
140 MEMBER(default_pass_scheme) "crypt" |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
141 }; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
142 |
1143
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
143 static struct ldap_connection *ldap_connections = NULL; |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
144 |
4741
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4624
diff
changeset
|
145 static int db_ldap_bind(struct ldap_connection *conn); |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
146 static void db_ldap_conn_close(struct ldap_connection *conn); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
147 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
148 static int deref2str(const char *str) |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
149 { |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
150 if (strcasecmp(str, "never") == 0) |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
151 return LDAP_DEREF_NEVER; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
152 if (strcasecmp(str, "searching") == 0) |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
153 return LDAP_DEREF_SEARCHING; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
154 if (strcasecmp(str, "finding") == 0) |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
155 return LDAP_DEREF_FINDING; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
156 if (strcasecmp(str, "always") == 0) |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
157 return LDAP_DEREF_ALWAYS; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
158 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
159 i_fatal("LDAP: Unknown deref option '%s'", str); |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
160 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
161 |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
162 static int scope2str(const char *str) |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
163 { |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
164 if (strcasecmp(str, "base") == 0) |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
165 return LDAP_SCOPE_BASE; |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
166 if (strcasecmp(str, "onelevel") == 0) |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
167 return LDAP_SCOPE_ONELEVEL; |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
168 if (strcasecmp(str, "subtree") == 0) |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
169 return LDAP_SCOPE_SUBTREE; |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
170 |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
171 i_fatal("LDAP: Unknown scope option '%s'", str); |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
172 } |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
1086
diff
changeset
|
173 |
7191
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
174 #ifdef OPENLDAP_TLS_OPTIONS |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
175 static int tls_require_cert2str(const char *str) |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
176 { |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
177 if (strcasecmp(str, "never") == 0) |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
178 return LDAP_OPT_X_TLS_NEVER; |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
179 if (strcasecmp(str, "hard") == 0) |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
180 return LDAP_OPT_X_TLS_HARD; |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
181 if (strcasecmp(str, "demand") == 0) |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
182 return LDAP_OPT_X_TLS_DEMAND; |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
183 if (strcasecmp(str, "allow") == 0) |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
184 return LDAP_OPT_X_TLS_ALLOW; |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
185 if (strcasecmp(str, "try") == 0) |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
186 return LDAP_OPT_X_TLS_TRY; |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
187 |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
188 i_fatal("LDAP: Unknown tls_require_cert value '%s'", str); |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
189 } |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
190 #endif |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
191 |
5006
129aa779a7f8
Last change for making ldap_bind() error handling better was actually
Timo Sirainen <tss@iki.fi>
parents:
4996
diff
changeset
|
192 static int ldap_get_errno(struct ldap_connection *conn) |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
193 { |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
194 int ret, err; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
195 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
196 ret = ldap_get_option(conn->ld, LDAP_OPT_ERROR_NUMBER, (void *) &err); |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
197 if (ret != LDAP_SUCCESS) { |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
198 i_error("LDAP: Can't get error number: %s", |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
199 ldap_err2string(ret)); |
6368
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
200 return LDAP_UNAVAILABLE; |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
201 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
202 |
5006
129aa779a7f8
Last change for making ldap_bind() error handling better was actually
Timo Sirainen <tss@iki.fi>
parents:
4996
diff
changeset
|
203 return err; |
129aa779a7f8
Last change for making ldap_bind() error handling better was actually
Timo Sirainen <tss@iki.fi>
parents:
4996
diff
changeset
|
204 } |
129aa779a7f8
Last change for making ldap_bind() error handling better was actually
Timo Sirainen <tss@iki.fi>
parents:
4996
diff
changeset
|
205 |
129aa779a7f8
Last change for making ldap_bind() error handling better was actually
Timo Sirainen <tss@iki.fi>
parents:
4996
diff
changeset
|
206 const char *ldap_get_error(struct ldap_connection *conn) |
129aa779a7f8
Last change for making ldap_bind() error handling better was actually
Timo Sirainen <tss@iki.fi>
parents:
4996
diff
changeset
|
207 { |
129aa779a7f8
Last change for making ldap_bind() error handling better was actually
Timo Sirainen <tss@iki.fi>
parents:
4996
diff
changeset
|
208 return ldap_err2string(ldap_get_errno(conn)); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
209 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
210 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
211 static void ldap_conn_reconnect(struct ldap_connection *conn) |
4772
d36a5df3f492
Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents:
4751
diff
changeset
|
212 { |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
213 db_ldap_conn_close(conn); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
214 if (db_ldap_connect(conn) < 0) |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
215 db_ldap_conn_close(conn); |
4772
d36a5df3f492
Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents:
4751
diff
changeset
|
216 } |
d36a5df3f492
Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents:
4751
diff
changeset
|
217 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
218 static int ldap_handle_error(struct ldap_connection *conn) |
6368
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
219 { |
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
220 int err = ldap_get_errno(conn); |
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
221 |
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
222 switch (err) { |
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
223 case LDAP_SUCCESS: |
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
224 i_unreached(); |
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
225 case LDAP_SIZELIMIT_EXCEEDED: |
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
226 case LDAP_TIMELIMIT_EXCEEDED: |
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
227 case LDAP_NO_SUCH_ATTRIBUTE: |
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
228 case LDAP_UNDEFINED_TYPE: |
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
229 case LDAP_INAPPROPRIATE_MATCHING: |
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
230 case LDAP_CONSTRAINT_VIOLATION: |
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
231 case LDAP_TYPE_OR_VALUE_EXISTS: |
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
232 case LDAP_INVALID_SYNTAX: |
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
233 case LDAP_NO_SUCH_OBJECT: |
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
234 case LDAP_ALIAS_PROBLEM: |
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
235 case LDAP_INVALID_DN_SYNTAX: |
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
236 case LDAP_IS_LEAF: |
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
237 case LDAP_ALIAS_DEREF_PROBLEM: |
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
238 case LDAP_FILTER_ERROR: |
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
239 /* invalid input */ |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
240 return -1; |
6368
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
241 case LDAP_SERVER_DOWN: |
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
242 case LDAP_TIMEOUT: |
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
243 case LDAP_UNAVAILABLE: |
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
244 case LDAP_BUSY: |
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
245 #ifdef LDAP_CONNECT_ERROR |
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
246 case LDAP_CONNECT_ERROR: |
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
247 #endif |
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
248 case LDAP_LOCAL_ERROR: |
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
249 case LDAP_INVALID_CREDENTIALS: |
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
250 default: |
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
251 /* connection problems */ |
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
252 ldap_conn_reconnect(conn); |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
253 return 0; |
6368
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
254 } |
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
255 } |
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
256 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
257 static int db_ldap_request_bind(struct ldap_connection *conn, |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
258 struct ldap_request *request) |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
259 { |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
260 struct ldap_request_bind *brequest = |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
261 (struct ldap_request_bind *)request; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
262 |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
263 i_assert(request->type == LDAP_REQUEST_TYPE_BIND); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
264 i_assert(request->msgid == -1); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
265 i_assert(conn->conn_state == LDAP_CONN_STATE_BOUND_AUTH || |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
266 conn->conn_state == LDAP_CONN_STATE_BOUND_DEFAULT); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
267 i_assert(conn->pending_count == 0); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
268 |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
269 request->msgid = ldap_bind(conn->ld, brequest->dn, |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
270 request->auth_request->mech_password, |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
271 LDAP_AUTH_SIMPLE); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
272 if (request->msgid == -1) { |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
273 auth_request_log_error(request->auth_request, "ldap", |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
274 "ldap_bind(%s) failed: %s", |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
275 brequest->dn, ldap_get_error(conn)); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
276 if (ldap_handle_error(conn) < 0) { |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
277 /* broken request, remove it */ |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
278 return 0; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
279 } |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
280 return -1; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
281 } |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
282 conn->conn_state = LDAP_CONN_STATE_BINDING; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
283 return 1; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
284 } |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
285 |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
286 static int db_ldap_request_search(struct ldap_connection *conn, |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
287 struct ldap_request *request) |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
288 { |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
289 struct ldap_request_search *srequest = |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
290 (struct ldap_request_search *)request; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
291 |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
292 i_assert(conn->conn_state == LDAP_CONN_STATE_BOUND_DEFAULT); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
293 i_assert(request->msgid == -1); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
294 |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
295 request->msgid = |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
296 ldap_search(conn->ld, srequest->base, conn->set.ldap_scope, |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
297 srequest->filter, srequest->attributes, 0); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
298 if (request->msgid == -1) { |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
299 auth_request_log_error(request->auth_request, "ldap", |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
300 "ldap_search() failed (filter %s): %s", |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
301 srequest->filter, ldap_get_error(conn)); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
302 if (ldap_handle_error(conn) < 0) { |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
303 /* broken request, remove it */ |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
304 return 0; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
305 } |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
306 return -1; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
307 } |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
308 return 1; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
309 } |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
310 |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
311 static bool db_ldap_request_queue_next(struct ldap_connection *conn) |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
312 { |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
313 struct ldap_request *const *requestp, *request; |
7079
d45c3058b91a
Renamed queue to aqueue ("array queue") because struct queue already exists
Timo Sirainen <tss@iki.fi>
parents:
7062
diff
changeset
|
314 unsigned int queue_size = aqueue_count(conn->request_queue); |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
315 int ret = -1; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
316 |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
317 if (conn->pending_count == queue_size) { |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
318 /* no non-pending requests */ |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
319 return FALSE; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
320 } |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
321 if (queue_size > DB_LDAP_MAX_PENDING_REQUESTS) { |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
322 /* wait until server has replied to some requests */ |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
323 return FALSE; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
324 } |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
325 |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
326 if (db_ldap_connect(conn) < 0) |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
327 return FALSE; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
328 |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
329 requestp = array_idx(&conn->request_array, |
7079
d45c3058b91a
Renamed queue to aqueue ("array queue") because struct queue already exists
Timo Sirainen <tss@iki.fi>
parents:
7062
diff
changeset
|
330 aqueue_idx(conn->request_queue, |
d45c3058b91a
Renamed queue to aqueue ("array queue") because struct queue already exists
Timo Sirainen <tss@iki.fi>
parents:
7062
diff
changeset
|
331 conn->pending_count)); |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
332 request = *requestp; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
333 |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
334 if (conn->pending_count > 0 && |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
335 request->type == LDAP_REQUEST_TYPE_BIND) { |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
336 /* we can't do binds until all existing requests are finished */ |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
337 return FALSE; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
338 } |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
339 |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
340 switch (conn->conn_state) { |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
341 case LDAP_CONN_STATE_DISCONNECTED: |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
342 case LDAP_CONN_STATE_BINDING: |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
343 /* wait until we're in bound state */ |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
344 return FALSE; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
345 case LDAP_CONN_STATE_BOUND_AUTH: |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
346 if (request->type == LDAP_REQUEST_TYPE_BIND) |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
347 break; |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
348 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
349 /* bind to default dn first */ |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
350 i_assert(conn->pending_count == 0); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
351 (void)db_ldap_bind(conn); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
352 return FALSE; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
353 case LDAP_CONN_STATE_BOUND_DEFAULT: |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
354 /* we can do anything in this state */ |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
355 break; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
356 } |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
357 |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
358 switch (request->type) { |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
359 case LDAP_REQUEST_TYPE_BIND: |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
360 ret = db_ldap_request_bind(conn, request); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
361 break; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
362 case LDAP_REQUEST_TYPE_SEARCH: |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
363 ret = db_ldap_request_search(conn, request); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
364 break; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
365 } |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
366 |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
367 if (ret > 0) { |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
368 /* success */ |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
369 i_assert(request->msgid != -1); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
370 conn->pending_count++; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
371 return TRUE; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
372 } else if (ret < 0) { |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
373 /* disconnected */ |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
374 return FALSE; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
375 } else { |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
376 /* broken request, remove from queue */ |
7079
d45c3058b91a
Renamed queue to aqueue ("array queue") because struct queue already exists
Timo Sirainen <tss@iki.fi>
parents:
7062
diff
changeset
|
377 aqueue_delete_tail(conn->request_queue); |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
378 request->callback(conn, request, NULL); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
379 return TRUE; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
380 } |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
381 } |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
382 |
8987
0d3b712342d9
ldap: If first request is over 60 seconds old while a new request comes, reconnect.
Timo Sirainen <tss@iki.fi>
parents:
8872
diff
changeset
|
383 static bool |
0d3b712342d9
ldap: If first request is over 60 seconds old while a new request comes, reconnect.
Timo Sirainen <tss@iki.fi>
parents:
8872
diff
changeset
|
384 db_ldap_check_limits(struct ldap_connection *conn, struct ldap_request *request) |
0d3b712342d9
ldap: If first request is over 60 seconds old while a new request comes, reconnect.
Timo Sirainen <tss@iki.fi>
parents:
8872
diff
changeset
|
385 { |
0d3b712342d9
ldap: If first request is over 60 seconds old while a new request comes, reconnect.
Timo Sirainen <tss@iki.fi>
parents:
8872
diff
changeset
|
386 struct ldap_request *const *first_requestp; |
0d3b712342d9
ldap: If first request is over 60 seconds old while a new request comes, reconnect.
Timo Sirainen <tss@iki.fi>
parents:
8872
diff
changeset
|
387 unsigned int count; |
0d3b712342d9
ldap: If first request is over 60 seconds old while a new request comes, reconnect.
Timo Sirainen <tss@iki.fi>
parents:
8872
diff
changeset
|
388 time_t secs_diff; |
0d3b712342d9
ldap: If first request is over 60 seconds old while a new request comes, reconnect.
Timo Sirainen <tss@iki.fi>
parents:
8872
diff
changeset
|
389 |
0d3b712342d9
ldap: If first request is over 60 seconds old while a new request comes, reconnect.
Timo Sirainen <tss@iki.fi>
parents:
8872
diff
changeset
|
390 count = aqueue_count(conn->request_queue); |
0d3b712342d9
ldap: If first request is over 60 seconds old while a new request comes, reconnect.
Timo Sirainen <tss@iki.fi>
parents:
8872
diff
changeset
|
391 if (count == 0) |
0d3b712342d9
ldap: If first request is over 60 seconds old while a new request comes, reconnect.
Timo Sirainen <tss@iki.fi>
parents:
8872
diff
changeset
|
392 return TRUE; |
0d3b712342d9
ldap: If first request is over 60 seconds old while a new request comes, reconnect.
Timo Sirainen <tss@iki.fi>
parents:
8872
diff
changeset
|
393 |
0d3b712342d9
ldap: If first request is over 60 seconds old while a new request comes, reconnect.
Timo Sirainen <tss@iki.fi>
parents:
8872
diff
changeset
|
394 first_requestp = array_idx(&conn->request_array, |
0d3b712342d9
ldap: If first request is over 60 seconds old while a new request comes, reconnect.
Timo Sirainen <tss@iki.fi>
parents:
8872
diff
changeset
|
395 aqueue_idx(conn->request_queue, 0)); |
0d3b712342d9
ldap: If first request is over 60 seconds old while a new request comes, reconnect.
Timo Sirainen <tss@iki.fi>
parents:
8872
diff
changeset
|
396 secs_diff = ioloop_time - (*first_requestp)->create_time; |
0d3b712342d9
ldap: If first request is over 60 seconds old while a new request comes, reconnect.
Timo Sirainen <tss@iki.fi>
parents:
8872
diff
changeset
|
397 if (secs_diff > DB_LDAP_REQUEST_LOST_TIMEOUT_SECS) { |
0d3b712342d9
ldap: If first request is over 60 seconds old while a new request comes, reconnect.
Timo Sirainen <tss@iki.fi>
parents:
8872
diff
changeset
|
398 auth_request_log_error(request->auth_request, "ldap", |
0d3b712342d9
ldap: If first request is over 60 seconds old while a new request comes, reconnect.
Timo Sirainen <tss@iki.fi>
parents:
8872
diff
changeset
|
399 "Connection appears to be hanging, reconnecting"); |
0d3b712342d9
ldap: If first request is over 60 seconds old while a new request comes, reconnect.
Timo Sirainen <tss@iki.fi>
parents:
8872
diff
changeset
|
400 ldap_conn_reconnect(conn); |
0d3b712342d9
ldap: If first request is over 60 seconds old while a new request comes, reconnect.
Timo Sirainen <tss@iki.fi>
parents:
8872
diff
changeset
|
401 return TRUE; |
0d3b712342d9
ldap: If first request is over 60 seconds old while a new request comes, reconnect.
Timo Sirainen <tss@iki.fi>
parents:
8872
diff
changeset
|
402 } |
0d3b712342d9
ldap: If first request is over 60 seconds old while a new request comes, reconnect.
Timo Sirainen <tss@iki.fi>
parents:
8872
diff
changeset
|
403 if (conn->request_queue->full && count >= DB_LDAP_MAX_QUEUE_SIZE) { |
0d3b712342d9
ldap: If first request is over 60 seconds old while a new request comes, reconnect.
Timo Sirainen <tss@iki.fi>
parents:
8872
diff
changeset
|
404 /* Queue is full already, fail this request */ |
0d3b712342d9
ldap: If first request is over 60 seconds old while a new request comes, reconnect.
Timo Sirainen <tss@iki.fi>
parents:
8872
diff
changeset
|
405 auth_request_log_error(request->auth_request, "ldap", |
0d3b712342d9
ldap: If first request is over 60 seconds old while a new request comes, reconnect.
Timo Sirainen <tss@iki.fi>
parents:
8872
diff
changeset
|
406 "Request queue is full (oldest added %d secs ago)", |
0d3b712342d9
ldap: If first request is over 60 seconds old while a new request comes, reconnect.
Timo Sirainen <tss@iki.fi>
parents:
8872
diff
changeset
|
407 (int)secs_diff); |
0d3b712342d9
ldap: If first request is over 60 seconds old while a new request comes, reconnect.
Timo Sirainen <tss@iki.fi>
parents:
8872
diff
changeset
|
408 return FALSE; |
0d3b712342d9
ldap: If first request is over 60 seconds old while a new request comes, reconnect.
Timo Sirainen <tss@iki.fi>
parents:
8872
diff
changeset
|
409 } |
0d3b712342d9
ldap: If first request is over 60 seconds old while a new request comes, reconnect.
Timo Sirainen <tss@iki.fi>
parents:
8872
diff
changeset
|
410 return TRUE; |
0d3b712342d9
ldap: If first request is over 60 seconds old while a new request comes, reconnect.
Timo Sirainen <tss@iki.fi>
parents:
8872
diff
changeset
|
411 } |
0d3b712342d9
ldap: If first request is over 60 seconds old while a new request comes, reconnect.
Timo Sirainen <tss@iki.fi>
parents:
8872
diff
changeset
|
412 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
413 void db_ldap_request(struct ldap_connection *conn, |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
414 struct ldap_request *request) |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
415 { |
7293
f78b83bf16b7
Don't crash if ldap userdb lookup fails.
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
416 i_assert(request->auth_request != NULL); |
f78b83bf16b7
Don't crash if ldap userdb lookup fails.
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
417 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
418 request->msgid = -1; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
419 request->create_time = ioloop_time; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
420 |
8987
0d3b712342d9
ldap: If first request is over 60 seconds old while a new request comes, reconnect.
Timo Sirainen <tss@iki.fi>
parents:
8872
diff
changeset
|
421 if (!db_ldap_check_limits(conn, request)) { |
4742 | 422 request->callback(conn, request, NULL); |
423 return; | |
4741
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4624
diff
changeset
|
424 } |
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4624
diff
changeset
|
425 |
7079
d45c3058b91a
Renamed queue to aqueue ("array queue") because struct queue already exists
Timo Sirainen <tss@iki.fi>
parents:
7062
diff
changeset
|
426 aqueue_append(conn->request_queue, &request); |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
427 (void)db_ldap_request_queue_next(conn); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
428 } |
4751 | 429 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
430 static int db_ldap_connect_finish(struct ldap_connection *conn, int ret) |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
431 { |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
432 if (ret == LDAP_SERVER_DOWN) { |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
433 i_error("LDAP: Can't connect to server: %s", |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
434 conn->set.uris != NULL ? |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
435 conn->set.uris : conn->set.hosts); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
436 return -1; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
437 } |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
438 if (ret != LDAP_SUCCESS) { |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
439 i_error("LDAP: binding failed (dn %s): %s", |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
440 conn->set.dn == NULL ? "(none)" : conn->set.dn, |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
441 ldap_get_error(conn)); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
442 return -1; |
6368
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
443 } |
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
444 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
445 conn->conn_state = LDAP_CONN_STATE_BOUND_DEFAULT; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
446 while (db_ldap_request_queue_next(conn)) |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
447 ; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
448 return 0; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
449 } |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
450 |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
451 static void db_ldap_default_bind_finished(struct ldap_connection *conn, |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
452 LDAPMessage *res) |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
453 { |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
454 int ret; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
455 |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
456 i_assert(conn->pending_count == 0); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
457 conn->default_bind_msgid = -1; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
458 |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
459 ret = ldap_result2error(conn->ld, res, FALSE); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
460 if (db_ldap_connect_finish(conn, ret) < 0) { |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
461 /* lost connection, close it */ |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
462 db_ldap_conn_close(conn); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
463 } |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
464 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
465 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
466 static void db_ldap_abort_requests(struct ldap_connection *conn, |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
467 unsigned int max_count, |
7062
36402809db43
When aborting queued requests, log the reason for it.
Timo Sirainen <tss@iki.fi>
parents:
7050
diff
changeset
|
468 unsigned int timeout_secs, |
36402809db43
When aborting queued requests, log the reason for it.
Timo Sirainen <tss@iki.fi>
parents:
7050
diff
changeset
|
469 bool error, const char *reason) |
3731
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
470 { |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
471 struct ldap_request *const *requestp, *request; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
472 time_t diff; |
3731
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
473 |
7079
d45c3058b91a
Renamed queue to aqueue ("array queue") because struct queue already exists
Timo Sirainen <tss@iki.fi>
parents:
7062
diff
changeset
|
474 while (aqueue_count(conn->request_queue) > 0 && max_count > 0) { |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
475 requestp = array_idx(&conn->request_array, |
7079
d45c3058b91a
Renamed queue to aqueue ("array queue") because struct queue already exists
Timo Sirainen <tss@iki.fi>
parents:
7062
diff
changeset
|
476 aqueue_idx(conn->request_queue, 0)); |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
477 request = *requestp; |
3731
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
478 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
479 diff = ioloop_time - request->create_time; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
480 if (diff < (time_t)timeout_secs) |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
481 break; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
482 |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
483 /* timed out, abort */ |
7079
d45c3058b91a
Renamed queue to aqueue ("array queue") because struct queue already exists
Timo Sirainen <tss@iki.fi>
parents:
7062
diff
changeset
|
484 aqueue_delete_tail(conn->request_queue); |
3731
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
485 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
486 if (request->msgid != -1) { |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
487 i_assert(conn->pending_count > 0); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
488 conn->pending_count--; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
489 } |
7062
36402809db43
When aborting queued requests, log the reason for it.
Timo Sirainen <tss@iki.fi>
parents:
7050
diff
changeset
|
490 if (error) { |
36402809db43
When aborting queued requests, log the reason for it.
Timo Sirainen <tss@iki.fi>
parents:
7050
diff
changeset
|
491 auth_request_log_error(request->auth_request, "ldap", |
36402809db43
When aborting queued requests, log the reason for it.
Timo Sirainen <tss@iki.fi>
parents:
7050
diff
changeset
|
492 "%s", reason); |
36402809db43
When aborting queued requests, log the reason for it.
Timo Sirainen <tss@iki.fi>
parents:
7050
diff
changeset
|
493 } else { |
36402809db43
When aborting queued requests, log the reason for it.
Timo Sirainen <tss@iki.fi>
parents:
7050
diff
changeset
|
494 auth_request_log_info(request->auth_request, "ldap", |
36402809db43
When aborting queued requests, log the reason for it.
Timo Sirainen <tss@iki.fi>
parents:
7050
diff
changeset
|
495 "%s", reason); |
36402809db43
When aborting queued requests, log the reason for it.
Timo Sirainen <tss@iki.fi>
parents:
7050
diff
changeset
|
496 } |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
497 request->callback(conn, request, NULL); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
498 max_count--; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
499 } |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
500 } |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
501 |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
502 static void |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
503 db_ldap_handle_result(struct ldap_connection *conn, LDAPMessage *res) |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
504 { |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
505 struct ldap_request *const *requests, *request = NULL; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
506 unsigned int i, count; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
507 int msgid, ret; |
3731
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
508 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
509 msgid = ldap_msgid(res); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
510 if (msgid == conn->default_bind_msgid) { |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
511 db_ldap_default_bind_finished(conn, res); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
512 return; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
513 } |
3731
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
514 |
7079
d45c3058b91a
Renamed queue to aqueue ("array queue") because struct queue already exists
Timo Sirainen <tss@iki.fi>
parents:
7062
diff
changeset
|
515 count = aqueue_count(conn->request_queue); |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
516 requests = count == 0 ? NULL : array_idx(&conn->request_array, 0); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
517 for (i = 0; i < count; i++) { |
7079
d45c3058b91a
Renamed queue to aqueue ("array queue") because struct queue already exists
Timo Sirainen <tss@iki.fi>
parents:
7062
diff
changeset
|
518 request = requests[aqueue_idx(conn->request_queue, i)]; |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
519 if (request->msgid == msgid) |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
520 break; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
521 if (request->msgid == -1) { |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
522 request = NULL; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
523 break; |
4741
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4624
diff
changeset
|
524 } |
3731
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
525 } |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
526 if (request == NULL) { |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
527 i_error("LDAP: Reply with unknown msgid %d", msgid); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
528 return; |
4772
d36a5df3f492
Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents:
4751
diff
changeset
|
529 } |
d36a5df3f492
Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents:
4751
diff
changeset
|
530 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
531 if (request->type == LDAP_REQUEST_TYPE_BIND) { |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
532 i_assert(conn->conn_state == LDAP_CONN_STATE_BINDING); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
533 i_assert(conn->pending_count == 1); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
534 conn->conn_state = LDAP_CONN_STATE_BOUND_AUTH; |
4741
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4624
diff
changeset
|
535 } |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
536 i_assert(conn->pending_count > 0); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
537 conn->pending_count--; |
7079
d45c3058b91a
Renamed queue to aqueue ("array queue") because struct queue already exists
Timo Sirainen <tss@iki.fi>
parents:
7062
diff
changeset
|
538 aqueue_delete(conn->request_queue, i); |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
539 |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
540 ret = ldap_result2error(conn->ld, res, 0); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
541 if (ret != LDAP_SUCCESS && request->type == LDAP_REQUEST_TYPE_SEARCH) { |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
542 /* handle search failures here */ |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
543 struct ldap_request_search *srequest = |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
544 (struct ldap_request_search *)request; |
4772
d36a5df3f492
Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents:
4751
diff
changeset
|
545 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
546 auth_request_log_error(request->auth_request, "ldap", |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
547 "ldap_search(%s) failed: %s", |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
548 srequest->filter, ldap_err2string(ret)); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
549 res = NULL; |
4772
d36a5df3f492
Handle LDAP requests while being disconnected more correctly.
Timo Sirainen <tss@iki.fi>
parents:
4751
diff
changeset
|
550 } |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
551 |
7226
e6693a0ec8e1
Renamed T_FRAME_BEGIN/END to T_BEGIN/END. Removed T_FRAME() macro and
Timo Sirainen <tss@iki.fi>
parents:
7202
diff
changeset
|
552 T_BEGIN { |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
553 request->callback(conn, request, res); |
7226
e6693a0ec8e1
Renamed T_FRAME_BEGIN/END to T_BEGIN/END. Removed T_FRAME() macro and
Timo Sirainen <tss@iki.fi>
parents:
7202
diff
changeset
|
554 } T_END; |
4741
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4624
diff
changeset
|
555 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
556 if (i > 0) { |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
557 /* see if there are timed out requests */ |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
558 db_ldap_abort_requests(conn, i, |
7062
36402809db43
When aborting queued requests, log the reason for it.
Timo Sirainen <tss@iki.fi>
parents:
7050
diff
changeset
|
559 DB_LDAP_REQUEST_LOST_TIMEOUT_SECS, |
36402809db43
When aborting queued requests, log the reason for it.
Timo Sirainen <tss@iki.fi>
parents:
7050
diff
changeset
|
560 TRUE, "Request lost"); |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
561 } |
3731
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
562 } |
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
563 |
4907
5b4c9b20eba0
Replaced void *context from a lot of callbacks with the actual context
Timo Sirainen <tss@iki.fi>
parents:
4903
diff
changeset
|
564 static void ldap_input(struct ldap_connection *conn) |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
565 { |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
566 struct timeval timeout; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
567 LDAPMessage *res; |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
568 int ret; |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
569 |
5037
d7198e2682c6
Do ldap_bind() only when there are no requests waiting, and don't do
Timo Sirainen <tss@iki.fi>
parents:
5006
diff
changeset
|
570 for (;;) { |
d7198e2682c6
Do ldap_bind() only when there are no requests waiting, and don't do
Timo Sirainen <tss@iki.fi>
parents:
5006
diff
changeset
|
571 if (conn->ld == NULL) |
d7198e2682c6
Do ldap_bind() only when there are no requests waiting, and don't do
Timo Sirainen <tss@iki.fi>
parents:
5006
diff
changeset
|
572 return; |
d7198e2682c6
Do ldap_bind() only when there are no requests waiting, and don't do
Timo Sirainen <tss@iki.fi>
parents:
5006
diff
changeset
|
573 |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
574 memset(&timeout, 0, sizeof(timeout)); |
1181
ac7dbb236b59
Rather than block for two seconds, we can just call ldap_result() again if
Timo Sirainen <tss@iki.fi>
parents:
1143
diff
changeset
|
575 ret = ldap_result(conn->ld, LDAP_RES_ANY, 1, &timeout, &res); |
1075
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1062
diff
changeset
|
576 #ifdef OPENLDAP_ASYNC_WORKAROUND |
1181
ac7dbb236b59
Rather than block for two seconds, we can just call ldap_result() again if
Timo Sirainen <tss@iki.fi>
parents:
1143
diff
changeset
|
577 if (ret == 0) { |
ac7dbb236b59
Rather than block for two seconds, we can just call ldap_result() again if
Timo Sirainen <tss@iki.fi>
parents:
1143
diff
changeset
|
578 /* try again, there may be another in buffer */ |
ac7dbb236b59
Rather than block for two seconds, we can just call ldap_result() again if
Timo Sirainen <tss@iki.fi>
parents:
1143
diff
changeset
|
579 ret = ldap_result(conn->ld, LDAP_RES_ANY, 1, |
ac7dbb236b59
Rather than block for two seconds, we can just call ldap_result() again if
Timo Sirainen <tss@iki.fi>
parents:
1143
diff
changeset
|
580 &timeout, &res); |
ac7dbb236b59
Rather than block for two seconds, we can just call ldap_result() again if
Timo Sirainen <tss@iki.fi>
parents:
1143
diff
changeset
|
581 } |
1075
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1062
diff
changeset
|
582 #endif |
5037
d7198e2682c6
Do ldap_bind() only when there are no requests waiting, and don't do
Timo Sirainen <tss@iki.fi>
parents:
5006
diff
changeset
|
583 if (ret <= 0) |
d7198e2682c6
Do ldap_bind() only when there are no requests waiting, and don't do
Timo Sirainen <tss@iki.fi>
parents:
5006
diff
changeset
|
584 break; |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
585 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
586 db_ldap_handle_result(conn, res); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
587 ldap_msgfree(res); |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
588 } |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
589 conn->last_reply_stamp = ioloop_time; |
5037
d7198e2682c6
Do ldap_bind() only when there are no requests waiting, and don't do
Timo Sirainen <tss@iki.fi>
parents:
5006
diff
changeset
|
590 |
7045
ae0556fb268d
If LDAP server disconnects the connection and we haven't sent requests for a
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
591 if (ret == 0) { |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
592 /* send more requests */ |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
593 while (db_ldap_request_queue_next(conn)) |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
594 ; |
7045
ae0556fb268d
If LDAP server disconnects the connection and we haven't sent requests for a
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
595 } else if (ldap_get_errno(conn) != LDAP_SERVER_DOWN) { |
6368
a930c2ecd73c
Reconnect if ldap_search() returns a failure related to connection problems.
Timo Sirainen <tss@iki.fi>
parents:
6198
diff
changeset
|
596 i_error("LDAP: ldap_result() failed: %s", ldap_get_error(conn)); |
6369
f7cc3723ad99
Actually reconnect always if ldap_result() fails for any reason. There
Timo Sirainen <tss@iki.fi>
parents:
6368
diff
changeset
|
597 ldap_conn_reconnect(conn); |
7079
d45c3058b91a
Renamed queue to aqueue ("array queue") because struct queue already exists
Timo Sirainen <tss@iki.fi>
parents:
7062
diff
changeset
|
598 } else if (aqueue_count(conn->request_queue) > 0 || |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
599 ioloop_time - conn->last_reply_stamp < |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
600 DB_LDAP_IDLE_RECONNECT_SECS) { |
7045
ae0556fb268d
If LDAP server disconnects the connection and we haven't sent requests for a
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
601 i_error("LDAP: Connection lost to LDAP server, reconnecting"); |
ae0556fb268d
If LDAP server disconnects the connection and we haven't sent requests for a
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
602 ldap_conn_reconnect(conn); |
5037
d7198e2682c6
Do ldap_bind() only when there are no requests waiting, and don't do
Timo Sirainen <tss@iki.fi>
parents:
5006
diff
changeset
|
603 } else { |
7045
ae0556fb268d
If LDAP server disconnects the connection and we haven't sent requests for a
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
604 /* server probably disconnected an idle connection. don't |
ae0556fb268d
If LDAP server disconnects the connection and we haven't sent requests for a
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
605 reconnect until the next request comes. */ |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
606 db_ldap_conn_close(conn); |
5037
d7198e2682c6
Do ldap_bind() only when there are no requests waiting, and don't do
Timo Sirainen <tss@iki.fi>
parents:
5006
diff
changeset
|
607 } |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
608 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
609 |
4426
b8089cf41c96
Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents:
4415
diff
changeset
|
610 #ifdef HAVE_LDAP_SASL |
4405
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
611 static int |
6411
6a64e64fa3a3
Renamed __attr_*__ to ATTR_*. Renamed __attrs_used__ to ATTRS_DEFINED.
Timo Sirainen <tss@iki.fi>
parents:
6370
diff
changeset
|
612 sasl_interact(LDAP *ld ATTR_UNUSED, unsigned flags ATTR_UNUSED, |
4405
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
613 void *defaults, void *interact) |
4319
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
614 { |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
615 struct db_ldap_sasl_bind_context *context = defaults; |
4319
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
616 sasl_interact_t *in; |
4405
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
617 const char *str; |
4319
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
618 |
4405
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
619 for (in = interact; in->id != SASL_CB_LIST_END; in++) { |
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
620 switch (in->id) { |
4319
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
621 case SASL_CB_GETREALM: |
4405
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
622 str = context->realm; |
4319
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
623 break; |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
624 case SASL_CB_AUTHNAME: |
4405
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
625 str = context->authcid; |
4319
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
626 break; |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
627 case SASL_CB_USER: |
4405
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
628 str = context->authzid; |
4319
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
629 break; |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
630 case SASL_CB_PASS: |
4405
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
631 str = context->passwd; |
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
632 break; |
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
633 default: |
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
634 str = NULL; |
4319
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
635 break; |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
636 } |
4405
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
637 if (str != NULL) { |
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
638 in->len = strlen(str); |
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
639 in->result = str; |
4319
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
640 } |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
641 |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
642 } |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
643 return LDAP_SUCCESS; |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
644 } |
4426
b8089cf41c96
Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents:
4415
diff
changeset
|
645 #endif |
4319
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
646 |
4741
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4624
diff
changeset
|
647 static int db_ldap_bind(struct ldap_connection *conn) |
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4624
diff
changeset
|
648 { |
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4624
diff
changeset
|
649 int msgid; |
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4624
diff
changeset
|
650 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
651 i_assert(conn->conn_state != LDAP_CONN_STATE_BINDING); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
652 i_assert(conn->default_bind_msgid == -1); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
653 i_assert(conn->pending_count == 0); |
4741
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4624
diff
changeset
|
654 |
4996
cfef56a6bf4a
If ldap_bind() fails directly, log the "ldap server down" errors more nicely.
Timo Sirainen <tss@iki.fi>
parents:
4907
diff
changeset
|
655 msgid = ldap_bind(conn->ld, conn->set.dn, conn->set.dnpass, |
cfef56a6bf4a
If ldap_bind() fails directly, log the "ldap server down" errors more nicely.
Timo Sirainen <tss@iki.fi>
parents:
4907
diff
changeset
|
656 LDAP_AUTH_SIMPLE); |
4741
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4624
diff
changeset
|
657 if (msgid == -1) { |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
658 i_assert(ldap_get_errno(conn) != LDAP_SUCCESS); |
6576
66e6311e22b3
If ldap_bind() failed because LDAP server was down, we never reconnected.
Timo Sirainen <tss@iki.fi>
parents:
6475
diff
changeset
|
659 if (db_ldap_connect_finish(conn, ldap_get_errno(conn)) < 0) { |
66e6311e22b3
If ldap_bind() failed because LDAP server was down, we never reconnected.
Timo Sirainen <tss@iki.fi>
parents:
6475
diff
changeset
|
660 /* lost connection, close it */ |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
661 db_ldap_conn_close(conn); |
6576
66e6311e22b3
If ldap_bind() failed because LDAP server was down, we never reconnected.
Timo Sirainen <tss@iki.fi>
parents:
6475
diff
changeset
|
662 } |
4741
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4624
diff
changeset
|
663 return -1; |
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4624
diff
changeset
|
664 } |
4751 | 665 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
666 conn->conn_state = LDAP_CONN_STATE_BINDING; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
667 conn->default_bind_msgid = msgid; |
4741
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4624
diff
changeset
|
668 return 0; |
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4624
diff
changeset
|
669 } |
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4624
diff
changeset
|
670 |
4742 | 671 static void db_ldap_get_fd(struct ldap_connection *conn) |
672 { | |
673 int ret; | |
674 | |
675 /* get the connection's fd */ | |
676 ret = ldap_get_option(conn->ld, LDAP_OPT_DESC, (void *)&conn->fd); | |
677 if (ret != LDAP_SUCCESS) { | |
678 i_fatal("LDAP: Can't get connection fd: %s", | |
679 ldap_err2string(ret)); | |
680 } | |
6873
3069e66789b3
Die if (Solaris) LDAP library returns wrong file descriptor.
Timo Sirainen <tss@iki.fi>
parents:
6576
diff
changeset
|
681 if (conn->fd <= CLIENT_LISTEN_FD) { |
3069e66789b3
Die if (Solaris) LDAP library returns wrong file descriptor.
Timo Sirainen <tss@iki.fi>
parents:
6576
diff
changeset
|
682 /* Solaris LDAP library seems to be broken */ |
3069e66789b3
Die if (Solaris) LDAP library returns wrong file descriptor.
Timo Sirainen <tss@iki.fi>
parents:
6576
diff
changeset
|
683 i_fatal("LDAP: Buggy LDAP library returned wrong fd: %d", |
3069e66789b3
Die if (Solaris) LDAP library returns wrong file descriptor.
Timo Sirainen <tss@iki.fi>
parents:
6576
diff
changeset
|
684 conn->fd); |
3069e66789b3
Die if (Solaris) LDAP library returns wrong file descriptor.
Timo Sirainen <tss@iki.fi>
parents:
6576
diff
changeset
|
685 } |
4742 | 686 i_assert(conn->fd != -1); |
687 net_set_nonblock(conn->fd, TRUE); | |
688 } | |
689 | |
7191
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
690 static void |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
691 db_ldap_set_opt(struct ldap_connection *conn, int opt, const void *value, |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
692 const char *optname, const char *value_str) |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
693 { |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
694 int ret; |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
695 |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
696 ret = ldap_set_option(conn == NULL ? NULL : conn->ld, opt, value); |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
697 if (ret != LDAP_SUCCESS) { |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
698 i_fatal("LDAP: Can't set option %s to %s: %s", |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
699 optname, value_str, ldap_err2string(ret)); |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
700 } |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
701 } |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
702 |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
703 static void |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
704 db_ldap_set_opt_str(struct ldap_connection *conn, int opt, const char *value, |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
705 const char *optname) |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
706 { |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
707 if (value != NULL) |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
708 db_ldap_set_opt(conn, opt, value, optname, value); |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
709 } |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
710 |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
711 static void db_ldap_set_tls_options(struct ldap_connection *conn) |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
712 { |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
713 if (!conn->set.tls) |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
714 return; |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
715 |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
716 #ifdef OPENLDAP_TLS_OPTIONS |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
717 db_ldap_set_opt_str(NULL, LDAP_OPT_X_TLS_CACERTFILE, |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
718 conn->set.tls_ca_cert_file, "tls_ca_cert_file"); |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
719 db_ldap_set_opt_str(NULL, LDAP_OPT_X_TLS_CACERTDIR, |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
720 conn->set.tls_ca_cert_dir, "tls_ca_cert_dir"); |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
721 db_ldap_set_opt_str(NULL, LDAP_OPT_X_TLS_CERTFILE, |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
722 conn->set.tls_cert_file, "tls_cert_file"); |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
723 db_ldap_set_opt_str(NULL, LDAP_OPT_X_TLS_KEYFILE, |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
724 conn->set.tls_key_file, "tls_key_file"); |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
725 db_ldap_set_opt_str(NULL, LDAP_OPT_X_TLS_CIPHER_SUITE, |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
726 conn->set.tls_cipher_suite, "tls_cipher_suite"); |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
727 if (conn->set.tls_require_cert != NULL) { |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
728 int value = tls_require_cert2str(conn->set.tls_require_cert); |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
729 db_ldap_set_opt(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &value, |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
730 "tls_require_cert", conn->set.tls_require_cert); |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
731 } |
7192
5b654defd376
If any of the tls_* settings are used but support isn't compiled in, log a
Timo Sirainen <tss@iki.fi>
parents:
7191
diff
changeset
|
732 #else |
5b654defd376
If any of the tls_* settings are used but support isn't compiled in, log a
Timo Sirainen <tss@iki.fi>
parents:
7191
diff
changeset
|
733 if (conn->set.tls_ca_cert_file != NULL || |
5b654defd376
If any of the tls_* settings are used but support isn't compiled in, log a
Timo Sirainen <tss@iki.fi>
parents:
7191
diff
changeset
|
734 conn->set.tls_ca_cert_dir != NULL || |
5b654defd376
If any of the tls_* settings are used but support isn't compiled in, log a
Timo Sirainen <tss@iki.fi>
parents:
7191
diff
changeset
|
735 conn->set.tls_cert_file != NULL || |
5b654defd376
If any of the tls_* settings are used but support isn't compiled in, log a
Timo Sirainen <tss@iki.fi>
parents:
7191
diff
changeset
|
736 conn->set.tls_key_file != NULL || |
5b654defd376
If any of the tls_* settings are used but support isn't compiled in, log a
Timo Sirainen <tss@iki.fi>
parents:
7191
diff
changeset
|
737 conn->set.tls_cipher_suite != NULL) |
5b654defd376
If any of the tls_* settings are used but support isn't compiled in, log a
Timo Sirainen <tss@iki.fi>
parents:
7191
diff
changeset
|
738 i_warning("LDAP: tls_* settings ignored, " |
5b654defd376
If any of the tls_* settings are used but support isn't compiled in, log a
Timo Sirainen <tss@iki.fi>
parents:
7191
diff
changeset
|
739 "your LDAP library doesn't seem to support them"); |
7191
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
740 #endif |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
741 } |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
742 |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
743 static void db_ldap_set_options(struct ldap_connection *conn) |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
744 { |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
745 unsigned int ldap_version; |
7396
a61102ad418f
Added debug_level LDAP option to specify OpenLDAP's debug level.
Timo Sirainen <tss@iki.fi>
parents:
7345
diff
changeset
|
746 int value; |
7191
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
747 |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
748 db_ldap_set_opt(conn, LDAP_OPT_DEREF, &conn->set.ldap_deref, |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
749 "deref", conn->set.deref); |
7396
a61102ad418f
Added debug_level LDAP option to specify OpenLDAP's debug level.
Timo Sirainen <tss@iki.fi>
parents:
7345
diff
changeset
|
750 #ifdef LDAP_OPT_DEBUG_LEVEL |
a61102ad418f
Added debug_level LDAP option to specify OpenLDAP's debug level.
Timo Sirainen <tss@iki.fi>
parents:
7345
diff
changeset
|
751 value = atoi(conn->set.debug_level); |
a61102ad418f
Added debug_level LDAP option to specify OpenLDAP's debug level.
Timo Sirainen <tss@iki.fi>
parents:
7345
diff
changeset
|
752 if (value != 0) { |
a61102ad418f
Added debug_level LDAP option to specify OpenLDAP's debug level.
Timo Sirainen <tss@iki.fi>
parents:
7345
diff
changeset
|
753 db_ldap_set_opt(NULL, LDAP_OPT_DEBUG_LEVEL, &value, |
a61102ad418f
Added debug_level LDAP option to specify OpenLDAP's debug level.
Timo Sirainen <tss@iki.fi>
parents:
7345
diff
changeset
|
754 "debug_level", conn->set.debug_level); |
a61102ad418f
Added debug_level LDAP option to specify OpenLDAP's debug level.
Timo Sirainen <tss@iki.fi>
parents:
7345
diff
changeset
|
755 } |
a61102ad418f
Added debug_level LDAP option to specify OpenLDAP's debug level.
Timo Sirainen <tss@iki.fi>
parents:
7345
diff
changeset
|
756 #endif |
7191
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
757 |
7344
57ae4181bb32
If sasl_bind=yes or tls=yes is used and ldap_version<3, fail with an error.
Timo Sirainen <tss@iki.fi>
parents:
7293
diff
changeset
|
758 if (conn->set.ldap_version < 3) { |
57ae4181bb32
If sasl_bind=yes or tls=yes is used and ldap_version<3, fail with an error.
Timo Sirainen <tss@iki.fi>
parents:
7293
diff
changeset
|
759 if (conn->set.sasl_bind) |
57ae4181bb32
If sasl_bind=yes or tls=yes is used and ldap_version<3, fail with an error.
Timo Sirainen <tss@iki.fi>
parents:
7293
diff
changeset
|
760 i_fatal("LDAP: sasl_bind=yes requires ldap_version=3"); |
57ae4181bb32
If sasl_bind=yes or tls=yes is used and ldap_version<3, fail with an error.
Timo Sirainen <tss@iki.fi>
parents:
7293
diff
changeset
|
761 if (conn->set.tls) |
57ae4181bb32
If sasl_bind=yes or tls=yes is used and ldap_version<3, fail with an error.
Timo Sirainen <tss@iki.fi>
parents:
7293
diff
changeset
|
762 i_fatal("LDAP: tls=yes requires ldap_version=3"); |
57ae4181bb32
If sasl_bind=yes or tls=yes is used and ldap_version<3, fail with an error.
Timo Sirainen <tss@iki.fi>
parents:
7293
diff
changeset
|
763 } |
57ae4181bb32
If sasl_bind=yes or tls=yes is used and ldap_version<3, fail with an error.
Timo Sirainen <tss@iki.fi>
parents:
7293
diff
changeset
|
764 |
57ae4181bb32
If sasl_bind=yes or tls=yes is used and ldap_version<3, fail with an error.
Timo Sirainen <tss@iki.fi>
parents:
7293
diff
changeset
|
765 ldap_version = conn->set.ldap_version; |
7191
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
766 db_ldap_set_opt(conn, LDAP_OPT_PROTOCOL_VERSION, &ldap_version, |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
767 "protocol_version", dec2str(ldap_version)); |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
768 db_ldap_set_tls_options(conn); |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
769 } |
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
770 |
4741
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4624
diff
changeset
|
771 int db_ldap_connect(struct ldap_connection *conn) |
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4624
diff
changeset
|
772 { |
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4624
diff
changeset
|
773 int ret; |
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4624
diff
changeset
|
774 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
775 if (conn->conn_state != LDAP_CONN_STATE_DISCONNECTED) |
4741
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4624
diff
changeset
|
776 return 0; |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
777 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
778 i_assert(conn->pending_count == 0); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
779 if (conn->ld == NULL) { |
1910 | 780 if (conn->set.uris != NULL) { |
2325
7613e0f68513
Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents:
1910
diff
changeset
|
781 #ifdef LDAP_HAVE_INITIALIZE |
1910 | 782 if (ldap_initialize(&conn->ld, conn->set.uris) != LDAP_SUCCESS) |
783 conn->ld = NULL; | |
2325
7613e0f68513
Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents:
1910
diff
changeset
|
784 #else |
7613e0f68513
Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents:
1910
diff
changeset
|
785 i_fatal("LDAP: Your LDAP library doesn't support " |
7613e0f68513
Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents:
1910
diff
changeset
|
786 "'uris' setting, use 'hosts' instead."); |
7613e0f68513
Fixed to compile with Solaris LDAP library
Timo Sirainen <tss@iki.fi>
parents:
1910
diff
changeset
|
787 #endif |
1910 | 788 } else |
789 conn->ld = ldap_init(conn->set.hosts, LDAP_PORT); | |
790 | |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
791 if (conn->ld == NULL) |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
792 i_fatal("LDAP: ldap_init() failed with hosts: %s", |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
793 conn->set.hosts); |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
794 |
7191
1cbaa724aba8
Added support for OpenLDAP-specific TLS settings.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
795 db_ldap_set_options(conn); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
796 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
797 |
4415
b91816cd1d16
Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents:
4405
diff
changeset
|
798 if (conn->set.tls) { |
b91816cd1d16
Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents:
4405
diff
changeset
|
799 #ifdef LDAP_HAVE_START_TLS_S |
b91816cd1d16
Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents:
4405
diff
changeset
|
800 ret = ldap_start_tls_s(conn->ld, NULL, NULL); |
b91816cd1d16
Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents:
4405
diff
changeset
|
801 if (ret != LDAP_SUCCESS) { |
7345
0c7dc0b0bb7b
Fail with a clear error if both tls=yes and ldaps:// URI is used.
Timo Sirainen <tss@iki.fi>
parents:
7344
diff
changeset
|
802 if (ret == LDAP_OPERATIONS_ERROR && |
0c7dc0b0bb7b
Fail with a clear error if both tls=yes and ldaps:// URI is used.
Timo Sirainen <tss@iki.fi>
parents:
7344
diff
changeset
|
803 strncmp(conn->set.uris, "ldaps:", 6) == 0) { |
0c7dc0b0bb7b
Fail with a clear error if both tls=yes and ldaps:// URI is used.
Timo Sirainen <tss@iki.fi>
parents:
7344
diff
changeset
|
804 i_fatal("LDAP: Don't use both tls=yes " |
0c7dc0b0bb7b
Fail with a clear error if both tls=yes and ldaps:// URI is used.
Timo Sirainen <tss@iki.fi>
parents:
7344
diff
changeset
|
805 "and ldaps URI"); |
0c7dc0b0bb7b
Fail with a clear error if both tls=yes and ldaps:// URI is used.
Timo Sirainen <tss@iki.fi>
parents:
7344
diff
changeset
|
806 } |
4415
b91816cd1d16
Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents:
4405
diff
changeset
|
807 i_error("LDAP: ldap_start_tls_s() failed: %s", |
b91816cd1d16
Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents:
4405
diff
changeset
|
808 ldap_err2string(ret)); |
4741
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4624
diff
changeset
|
809 return -1; |
4415
b91816cd1d16
Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents:
4405
diff
changeset
|
810 } |
b91816cd1d16
Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents:
4405
diff
changeset
|
811 #else |
b91816cd1d16
Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents:
4405
diff
changeset
|
812 i_error("LDAP: Your LDAP library doesn't support TLS"); |
4741
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4624
diff
changeset
|
813 return -1; |
4415
b91816cd1d16
Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents:
4405
diff
changeset
|
814 #endif |
b91816cd1d16
Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents:
4405
diff
changeset
|
815 } |
b91816cd1d16
Added TLS support for LDAP if the library supports it.
Timo Sirainen <tss@iki.fi>
parents:
4405
diff
changeset
|
816 |
4319
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
817 if (conn->set.sasl_bind) { |
4426
b8089cf41c96
Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents:
4415
diff
changeset
|
818 #ifdef HAVE_LDAP_SASL |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
819 struct db_ldap_sasl_bind_context context; |
4426
b8089cf41c96
Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents:
4415
diff
changeset
|
820 |
b8089cf41c96
Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents:
4415
diff
changeset
|
821 memset(&context, 0, sizeof(context)); |
4319
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
822 context.authcid = conn->set.dn; |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
823 context.passwd = conn->set.dnpass; |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
824 context.realm = conn->set.sasl_realm; |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
825 context.authzid = conn->set.sasl_authz_id; |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
826 |
4743 | 827 /* There doesn't seem to be a way to do SASL binding |
828 asynchronously.. */ | |
4405
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
829 ret = ldap_sasl_interactive_bind_s(conn->ld, NULL, |
fe17f63521ea
Compiler warning fixes and some coding style cleanups.
Timo Sirainen <tss@iki.fi>
parents:
4319
diff
changeset
|
830 conn->set.sasl_mech, |
4319
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
831 NULL, NULL, LDAP_SASL_QUIET, |
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
832 sasl_interact, &context); |
4743 | 833 if (db_ldap_connect_finish(conn, ret) < 0) |
834 return -1; | |
4426
b8089cf41c96
Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents:
4415
diff
changeset
|
835 #else |
b8089cf41c96
Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents:
4415
diff
changeset
|
836 i_fatal("LDAP: sasl_bind=yes but no SASL support compiled in"); |
b8089cf41c96
Check for sasl.h and sasl/sasl.h existence and use the one that's found. If
Timo Sirainen <tss@iki.fi>
parents:
4415
diff
changeset
|
837 #endif |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
838 conn->conn_state = LDAP_CONN_STATE_BOUND_DEFAULT; |
4319
31a28cd0b020
Added support for SASL binding. Patch by Geert Jansen
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
839 } else { |
4741
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4624
diff
changeset
|
840 if (db_ldap_bind(conn) < 0) |
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4624
diff
changeset
|
841 return -1; |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
842 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
843 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
844 db_ldap_get_fd(conn); |
4741
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4624
diff
changeset
|
845 conn->io = io_add(conn->fd, IO_READ, ldap_input, conn); |
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4624
diff
changeset
|
846 return 0; |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
847 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
848 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
849 static void db_ldap_disconnect_timeout(struct ldap_connection *conn) |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
850 { |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
851 db_ldap_abort_requests(conn, -1U, |
8705
a7503487627d
ldap: Give better error message when aborting LDAP requests due to not being connected.
Timo Sirainen <tss@iki.fi>
parents:
8704
diff
changeset
|
852 DB_LDAP_REQUEST_DISCONNECT_TIMEOUT_SECS, FALSE, |
a7503487627d
ldap: Give better error message when aborting LDAP requests due to not being connected.
Timo Sirainen <tss@iki.fi>
parents:
8704
diff
changeset
|
853 "Aborting (timeout), we're not connected to LDAP server"); |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
854 |
7079
d45c3058b91a
Renamed queue to aqueue ("array queue") because struct queue already exists
Timo Sirainen <tss@iki.fi>
parents:
7062
diff
changeset
|
855 if (aqueue_count(conn->request_queue) == 0) { |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
856 /* no requests left, remove this timeout handler */ |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
857 timeout_remove(&conn->to); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
858 } |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
859 } |
1897
1e6ed8045f2b
Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents:
1709
diff
changeset
|
860 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
861 static void db_ldap_conn_close(struct ldap_connection *conn) |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
862 { |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
863 struct ldap_request *const *requests, *request; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
864 unsigned int i; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
865 |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
866 conn->conn_state = LDAP_CONN_STATE_DISCONNECTED; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
867 conn->default_bind_msgid = -1; |
1897
1e6ed8045f2b
Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents:
1709
diff
changeset
|
868 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
869 if (conn->pending_count != 0) { |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
870 requests = array_idx(&conn->request_array, 0); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
871 for (i = 0; i < conn->pending_count; i++) { |
7079
d45c3058b91a
Renamed queue to aqueue ("array queue") because struct queue already exists
Timo Sirainen <tss@iki.fi>
parents:
7062
diff
changeset
|
872 request = requests[aqueue_idx(conn->request_queue, i)]; |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
873 |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
874 i_assert(request->msgid != -1); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
875 request->msgid = -1; |
3731
0a7beabfe332
If LDAP lookup fails because connection gets closed, try retrying it again
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
876 } |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
877 conn->pending_count = 0; |
1897
1e6ed8045f2b
Changed hash_foreach() to iterator.
Timo Sirainen <tss@iki.fi>
parents:
1709
diff
changeset
|
878 } |
1210 | 879 |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
880 if (conn->ld != NULL) { |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
881 ldap_unbind(conn->ld); |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
882 conn->ld = NULL; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
883 } |
4741
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4624
diff
changeset
|
884 conn->fd = -1; |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
885 |
8101
06cb6f9d3054
ldap: Avoid kqueue/epoll errors when LDAP connection closes unexpectedly.
Timo Sirainen <tss@iki.fi>
parents:
8027
diff
changeset
|
886 if (conn->io != NULL) { |
06cb6f9d3054
ldap: Avoid kqueue/epoll errors when LDAP connection closes unexpectedly.
Timo Sirainen <tss@iki.fi>
parents:
8027
diff
changeset
|
887 /* the fd may have already been closed before ldap_unbind(), |
06cb6f9d3054
ldap: Avoid kqueue/epoll errors when LDAP connection closes unexpectedly.
Timo Sirainen <tss@iki.fi>
parents:
8027
diff
changeset
|
888 so we'll have to use io_remove_closed(). */ |
06cb6f9d3054
ldap: Avoid kqueue/epoll errors when LDAP connection closes unexpectedly.
Timo Sirainen <tss@iki.fi>
parents:
8027
diff
changeset
|
889 io_remove_closed(&conn->io); |
06cb6f9d3054
ldap: Avoid kqueue/epoll errors when LDAP connection closes unexpectedly.
Timo Sirainen <tss@iki.fi>
parents:
8027
diff
changeset
|
890 } |
06cb6f9d3054
ldap: Avoid kqueue/epoll errors when LDAP connection closes unexpectedly.
Timo Sirainen <tss@iki.fi>
parents:
8027
diff
changeset
|
891 |
7079
d45c3058b91a
Renamed queue to aqueue ("array queue") because struct queue already exists
Timo Sirainen <tss@iki.fi>
parents:
7062
diff
changeset
|
892 if (aqueue_count(conn->request_queue) == 0) { |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
893 if (conn->to != NULL) |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
894 timeout_remove(&conn->to); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
895 } else if (conn->to == NULL) { |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
896 conn->to = timeout_add(DB_LDAP_REQUEST_DISCONNECT_TIMEOUT_SECS * |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
897 1000/2, db_ldap_disconnect_timeout, conn); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
898 } |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
899 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
900 |
3158
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
901 void db_ldap_set_attrs(struct ldap_connection *conn, const char *attrlist, |
3306
aebed9a9edac
If both userdb and passdb used LDAP the later one was overriding first one's
Timo Sirainen <tss@iki.fi>
parents:
3212
diff
changeset
|
902 char ***attr_names_r, struct hash_table *attr_map, |
4741
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4624
diff
changeset
|
903 const char *skip_attr) |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
904 { |
6175
6c3788e03f7e
Ignore spaces after commas in user_attrs and pass_attrs.
Timo Sirainen <tss@iki.fi>
parents:
6152
diff
changeset
|
905 const char *const *attr, *attr_data, *p; |
6149
a744ae38a9e1
Having =key=value in pass_attrs or user_attrs allows returning static
Timo Sirainen <tss@iki.fi>
parents:
6148
diff
changeset
|
906 string_t *static_data; |
6175
6c3788e03f7e
Ignore spaces after commas in user_attrs and pass_attrs.
Timo Sirainen <tss@iki.fi>
parents:
6152
diff
changeset
|
907 char *name, *value; |
4741
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4624
diff
changeset
|
908 unsigned int i, j, size; |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
909 |
3158
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
910 if (*attrlist == '\0') |
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
911 return; |
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
912 |
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
913 attr = t_strsplit(attrlist, ","); |
6149
a744ae38a9e1
Having =key=value in pass_attrs or user_attrs allows returning static
Timo Sirainen <tss@iki.fi>
parents:
6148
diff
changeset
|
914 static_data = t_str_new(128); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
915 |
3212 | 916 /* @UNSAFE */ |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
917 for (size = 0; attr[size] != NULL; size++) ; |
3306
aebed9a9edac
If both userdb and passdb used LDAP the later one was overriding first one's
Timo Sirainen <tss@iki.fi>
parents:
3212
diff
changeset
|
918 *attr_names_r = p_new(conn->pool, char *, size + 1); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
919 |
4741
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4624
diff
changeset
|
920 for (i = j = 0; i < size; i++) { |
6175
6c3788e03f7e
Ignore spaces after commas in user_attrs and pass_attrs.
Timo Sirainen <tss@iki.fi>
parents:
6152
diff
changeset
|
921 /* allow spaces here so "foo=1, bar=2" works */ |
6c3788e03f7e
Ignore spaces after commas in user_attrs and pass_attrs.
Timo Sirainen <tss@iki.fi>
parents:
6152
diff
changeset
|
922 attr_data = attr[i]; |
6c3788e03f7e
Ignore spaces after commas in user_attrs and pass_attrs.
Timo Sirainen <tss@iki.fi>
parents:
6152
diff
changeset
|
923 while (*attr_data == ' ') attr_data++; |
6c3788e03f7e
Ignore spaces after commas in user_attrs and pass_attrs.
Timo Sirainen <tss@iki.fi>
parents:
6152
diff
changeset
|
924 |
6c3788e03f7e
Ignore spaces after commas in user_attrs and pass_attrs.
Timo Sirainen <tss@iki.fi>
parents:
6152
diff
changeset
|
925 p = strchr(attr_data, '='); |
6148
668a768fc8fd
Removed deprecated pass_attrs and user_attrs configuration method.
Timo Sirainen <tss@iki.fi>
parents:
6147
diff
changeset
|
926 if (p == NULL) |
6175
6c3788e03f7e
Ignore spaces after commas in user_attrs and pass_attrs.
Timo Sirainen <tss@iki.fi>
parents:
6152
diff
changeset
|
927 name = value = p_strdup(conn->pool, attr_data); |
6c3788e03f7e
Ignore spaces after commas in user_attrs and pass_attrs.
Timo Sirainen <tss@iki.fi>
parents:
6152
diff
changeset
|
928 else if (p != attr_data) { |
6c3788e03f7e
Ignore spaces after commas in user_attrs and pass_attrs.
Timo Sirainen <tss@iki.fi>
parents:
6152
diff
changeset
|
929 name = p_strdup_until(conn->pool, attr_data, p); |
3158
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
930 value = p_strdup(conn->pool, p + 1); |
6149
a744ae38a9e1
Having =key=value in pass_attrs or user_attrs allows returning static
Timo Sirainen <tss@iki.fi>
parents:
6148
diff
changeset
|
931 } else { |
a744ae38a9e1
Having =key=value in pass_attrs or user_attrs allows returning static
Timo Sirainen <tss@iki.fi>
parents:
6148
diff
changeset
|
932 /* =<static key>=<static value> */ |
a744ae38a9e1
Having =key=value in pass_attrs or user_attrs allows returning static
Timo Sirainen <tss@iki.fi>
parents:
6148
diff
changeset
|
933 if (str_len(static_data) > 0) |
a744ae38a9e1
Having =key=value in pass_attrs or user_attrs allows returning static
Timo Sirainen <tss@iki.fi>
parents:
6148
diff
changeset
|
934 str_append_c(static_data, ','); |
a744ae38a9e1
Having =key=value in pass_attrs or user_attrs allows returning static
Timo Sirainen <tss@iki.fi>
parents:
6148
diff
changeset
|
935 str_append(static_data, p + 1); |
a744ae38a9e1
Having =key=value in pass_attrs or user_attrs allows returning static
Timo Sirainen <tss@iki.fi>
parents:
6148
diff
changeset
|
936 continue; |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
937 } |
3158
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3094
diff
changeset
|
938 |
4816
8ac2a2d27364
Cleanup: Don't put string literals into non-const pointers.
Timo Sirainen <tss@iki.fi>
parents:
4806
diff
changeset
|
939 if (*name != '\0' && |
8ac2a2d27364
Cleanup: Don't put string literals into non-const pointers.
Timo Sirainen <tss@iki.fi>
parents:
4806
diff
changeset
|
940 (skip_attr == NULL || strcmp(skip_attr, value) != 0)) { |
8573
f9166a09423a
Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents:
8256
diff
changeset
|
941 hash_table_insert(attr_map, name, value); |
4741
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4624
diff
changeset
|
942 (*attr_names_r)[j++] = name; |
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4624
diff
changeset
|
943 } |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
944 } |
6149
a744ae38a9e1
Having =key=value in pass_attrs or user_attrs allows returning static
Timo Sirainen <tss@iki.fi>
parents:
6148
diff
changeset
|
945 if (str_len(static_data) > 0) { |
8573
f9166a09423a
Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents:
8256
diff
changeset
|
946 hash_table_insert(attr_map, "", |
f9166a09423a
Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents:
8256
diff
changeset
|
947 p_strdup(conn->pool, str_c(static_data))); |
6149
a744ae38a9e1
Having =key=value in pass_attrs or user_attrs allows returning static
Timo Sirainen <tss@iki.fi>
parents:
6148
diff
changeset
|
948 } |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
949 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
950 |
5884
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
951 struct var_expand_table * |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
952 db_ldap_value_get_var_expand_table(struct auth_request *auth_request) |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
953 { |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
954 const struct var_expand_table *auth_table; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
955 struct var_expand_table *table; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
956 unsigned int count; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
957 |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
958 auth_table = auth_request_get_var_expand_table(auth_request, NULL); |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
959 for (count = 0; auth_table[count].key != '\0'; count++) ; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
960 count++; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
961 |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
962 table = t_new(struct var_expand_table, count + 1); |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
963 table[0].key = '$'; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
964 memcpy(table + 1, auth_table, sizeof(*table) * count); |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
965 return table; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
966 } |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
967 |
1330
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
968 #define IS_LDAP_ESCAPED_CHAR(c) \ |
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
969 ((c) == '*' || (c) == '(' || (c) == ')' || (c) == '\\') |
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
970 |
4295
4fc637010202
Escape SQL strings using sql_escape_string(). Fixes the problems with
Timo Sirainen <tss@iki.fi>
parents:
4180
diff
changeset
|
971 const char *ldap_escape(const char *str, |
6411
6a64e64fa3a3
Renamed __attr_*__ to ATTR_*. Renamed __attrs_used__ to ATTRS_DEFINED.
Timo Sirainen <tss@iki.fi>
parents:
6370
diff
changeset
|
972 const struct auth_request *auth_request ATTR_UNUSED) |
1189
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
973 { |
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
974 const char *p; |
1330
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
975 string_t *ret; |
1189
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
976 |
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
977 for (p = str; *p != '\0'; p++) { |
1330
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
978 if (IS_LDAP_ESCAPED_CHAR(*p)) |
1189
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
979 break; |
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
980 } |
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
981 |
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
982 if (*p == '\0') |
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
983 return str; |
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
984 |
1330
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
985 ret = t_str_new((size_t) (p - str) + 64); |
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
986 str_append_n(ret, str, (size_t) (p - str)); |
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
987 |
1189
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
988 for (; *p != '\0'; p++) { |
1330
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
989 if (IS_LDAP_ESCAPED_CHAR(*p)) |
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
990 str_append_c(ret, '\\'); |
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
991 str_append_c(ret, *p); |
1189
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
992 } |
1330
7cde19dbe754
Moved auth_username_chars from db-pgsql to generic for all. Some other
Timo Sirainen <tss@iki.fi>
parents:
1282
diff
changeset
|
993 return str_c(ret); |
1189
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
994 } |
2cb8e2136283
Escape special chars in username if needed.
Timo Sirainen <tss@iki.fi>
parents:
1182
diff
changeset
|
995 |
5884
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
996 struct db_ldap_result_iterate_context * |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
997 db_ldap_result_iterate_init(struct ldap_connection *conn, LDAPMessage *entry, |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
998 struct auth_request *auth_request, |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
999 struct hash_table *attr_map) |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1000 { |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1001 struct db_ldap_result_iterate_context *ctx; |
6149
a744ae38a9e1
Having =key=value in pass_attrs or user_attrs allows returning static
Timo Sirainen <tss@iki.fi>
parents:
6148
diff
changeset
|
1002 const char *static_data; |
5884
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1003 |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1004 ctx = t_new(struct db_ldap_result_iterate_context, 1); |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1005 ctx->conn = conn; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1006 ctx->entry = entry; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1007 ctx->auth_request = auth_request; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1008 ctx->attr_map = attr_map; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1009 |
8573
f9166a09423a
Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents:
8256
diff
changeset
|
1010 static_data = hash_table_lookup(attr_map, ""); |
7455
0dbf10f4493a
Allow %variables in static LDAP fields.
Timo Sirainen <tss@iki.fi>
parents:
7446
diff
changeset
|
1011 if (static_data != NULL) { |
0dbf10f4493a
Allow %variables in static LDAP fields.
Timo Sirainen <tss@iki.fi>
parents:
7446
diff
changeset
|
1012 const struct var_expand_table *table; |
0dbf10f4493a
Allow %variables in static LDAP fields.
Timo Sirainen <tss@iki.fi>
parents:
7446
diff
changeset
|
1013 string_t *str; |
0dbf10f4493a
Allow %variables in static LDAP fields.
Timo Sirainen <tss@iki.fi>
parents:
7446
diff
changeset
|
1014 |
0dbf10f4493a
Allow %variables in static LDAP fields.
Timo Sirainen <tss@iki.fi>
parents:
7446
diff
changeset
|
1015 table = auth_request_get_var_expand_table(auth_request, NULL); |
0dbf10f4493a
Allow %variables in static LDAP fields.
Timo Sirainen <tss@iki.fi>
parents:
7446
diff
changeset
|
1016 str = t_str_new(256); |
0dbf10f4493a
Allow %variables in static LDAP fields.
Timo Sirainen <tss@iki.fi>
parents:
7446
diff
changeset
|
1017 var_expand(str, static_data, table); |
0dbf10f4493a
Allow %variables in static LDAP fields.
Timo Sirainen <tss@iki.fi>
parents:
7446
diff
changeset
|
1018 ctx->static_attrs = t_strsplit(str_c(str), ","); |
0dbf10f4493a
Allow %variables in static LDAP fields.
Timo Sirainen <tss@iki.fi>
parents:
7446
diff
changeset
|
1019 } |
6149
a744ae38a9e1
Having =key=value in pass_attrs or user_attrs allows returning static
Timo Sirainen <tss@iki.fi>
parents:
6148
diff
changeset
|
1020 |
5884
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1021 if (auth_request->auth->verbose_debug) |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1022 ctx->debug = t_str_new(256); |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1023 |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1024 ctx->attr = ldap_first_attribute(conn->ld, entry, &ctx->ber); |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1025 return ctx; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1026 } |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1027 |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1028 static void |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1029 db_ldap_result_iterate_finish(struct db_ldap_result_iterate_context *ctx) |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1030 { |
7202
ace71babd1ec
auth_debug: If LDAP server returned no fields, log it.
Timo Sirainen <tss@iki.fi>
parents:
7192
diff
changeset
|
1031 if (ctx->debug != NULL) { |
ace71babd1ec
auth_debug: If LDAP server returned no fields, log it.
Timo Sirainen <tss@iki.fi>
parents:
7192
diff
changeset
|
1032 if (str_len(ctx->debug) > 0) { |
ace71babd1ec
auth_debug: If LDAP server returned no fields, log it.
Timo Sirainen <tss@iki.fi>
parents:
7192
diff
changeset
|
1033 auth_request_log_debug(ctx->auth_request, "ldap", |
ace71babd1ec
auth_debug: If LDAP server returned no fields, log it.
Timo Sirainen <tss@iki.fi>
parents:
7192
diff
changeset
|
1034 "result: %s", str_c(ctx->debug) + 1); |
ace71babd1ec
auth_debug: If LDAP server returned no fields, log it.
Timo Sirainen <tss@iki.fi>
parents:
7192
diff
changeset
|
1035 } else { |
ace71babd1ec
auth_debug: If LDAP server returned no fields, log it.
Timo Sirainen <tss@iki.fi>
parents:
7192
diff
changeset
|
1036 auth_request_log_debug(ctx->auth_request, "ldap", |
ace71babd1ec
auth_debug: If LDAP server returned no fields, log it.
Timo Sirainen <tss@iki.fi>
parents:
7192
diff
changeset
|
1037 "no fields returned by the server"); |
ace71babd1ec
auth_debug: If LDAP server returned no fields, log it.
Timo Sirainen <tss@iki.fi>
parents:
7192
diff
changeset
|
1038 } |
5884
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1039 } |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1040 |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1041 ber_free(ctx->ber, 0); |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1042 } |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1043 |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1044 static void |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1045 db_ldap_result_change_attr(struct db_ldap_result_iterate_context *ctx) |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1046 { |
8573
f9166a09423a
Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents:
8256
diff
changeset
|
1047 ctx->name = hash_table_lookup(ctx->attr_map, ctx->attr); |
7446
15fbff736ab9
Using templates in pass_attrs or user_attrs was somewhat broken, causing
Timo Sirainen <tss@iki.fi>
parents:
7397
diff
changeset
|
1048 ctx->template = NULL; |
5884
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1049 |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1050 if (ctx->debug != NULL) { |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1051 str_printfa(ctx->debug, " %s(%s)=", ctx->attr, |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1052 ctx->name != NULL ? ctx->name : "?unknown?"); |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1053 } |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1054 |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1055 if (ctx->name == NULL || *ctx->name == '\0') { |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1056 ctx->value = NULL; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1057 return; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1058 } |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1059 |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1060 if (strchr(ctx->name, '%') != NULL && |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1061 (ctx->template = strchr(ctx->name, '=')) != NULL) { |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1062 /* we want to use variables */ |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1063 ctx->name = t_strdup_until(ctx->name, ctx->template); |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1064 ctx->template++; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1065 if (ctx->var_table == NULL) { |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1066 ctx->var_table = db_ldap_value_get_var_expand_table( |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1067 ctx->auth_request); |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1068 ctx->var = t_str_new(256); |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1069 } |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1070 } |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1071 |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1072 ctx->vals = ldap_get_values(ctx->conn->ld, ctx->entry, |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1073 ctx->attr); |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1074 ctx->value = ctx->vals[0]; |
6144
d779b7220e23
LDAP crashfixes. Based on patch by Katsu Yamamoto.
Timo Sirainen <tss@iki.fi>
parents:
5884
diff
changeset
|
1075 ctx->value_idx = 0; |
5884
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1076 } |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1077 |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1078 static void |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1079 db_ldap_result_return_value(struct db_ldap_result_iterate_context *ctx) |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1080 { |
6144
d779b7220e23
LDAP crashfixes. Based on patch by Katsu Yamamoto.
Timo Sirainen <tss@iki.fi>
parents:
5884
diff
changeset
|
1081 bool first = ctx->value_idx == 0; |
5884
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1082 |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1083 if (ctx->template != NULL) { |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1084 ctx->var_table[0].value = ctx->value; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1085 str_truncate(ctx->var, 0); |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1086 var_expand(ctx->var, ctx->template, ctx->var_table); |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1087 ctx->value = str_c(ctx->var); |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1088 } |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1089 |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1090 if (ctx->debug != NULL) { |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1091 if (!first) |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1092 str_append_c(ctx->debug, '/'); |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1093 if (ctx->auth_request->auth->verbose_debug_passwords || |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1094 strcmp(ctx->name, "password") != 0) |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1095 str_append(ctx->debug, ctx->value); |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1096 else |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1097 str_append(ctx->debug, PASSWORD_HIDDEN_STR); |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1098 } |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1099 } |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1100 |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1101 static bool db_ldap_result_int_next(struct db_ldap_result_iterate_context *ctx) |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1102 { |
6149
a744ae38a9e1
Having =key=value in pass_attrs or user_attrs allows returning static
Timo Sirainen <tss@iki.fi>
parents:
6148
diff
changeset
|
1103 const char *p; |
a744ae38a9e1
Having =key=value in pass_attrs or user_attrs allows returning static
Timo Sirainen <tss@iki.fi>
parents:
6148
diff
changeset
|
1104 |
5884
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1105 while (ctx->attr != NULL) { |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1106 if (ctx->vals == NULL) { |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1107 /* a new attribute */ |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1108 db_ldap_result_change_attr(ctx); |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1109 } else { |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1110 /* continuing existing attribute */ |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1111 if (ctx->value != NULL) |
6144
d779b7220e23
LDAP crashfixes. Based on patch by Katsu Yamamoto.
Timo Sirainen <tss@iki.fi>
parents:
5884
diff
changeset
|
1112 ctx->value = ctx->vals[++ctx->value_idx]; |
5884
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1113 } |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1114 |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1115 if (ctx->value != NULL) { |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1116 db_ldap_result_return_value(ctx); |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1117 return TRUE; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1118 } |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1119 |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1120 ldap_value_free(ctx->vals); ctx->vals = NULL; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1121 ldap_memfree(ctx->attr); |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1122 ctx->attr = ldap_next_attribute(ctx->conn->ld, ctx->entry, |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1123 ctx->ber); |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1124 } |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1125 |
6149
a744ae38a9e1
Having =key=value in pass_attrs or user_attrs allows returning static
Timo Sirainen <tss@iki.fi>
parents:
6148
diff
changeset
|
1126 if (ctx->static_attrs != NULL && *ctx->static_attrs != NULL) { |
a744ae38a9e1
Having =key=value in pass_attrs or user_attrs allows returning static
Timo Sirainen <tss@iki.fi>
parents:
6148
diff
changeset
|
1127 p = strchr(*ctx->static_attrs, '='); |
a744ae38a9e1
Having =key=value in pass_attrs or user_attrs allows returning static
Timo Sirainen <tss@iki.fi>
parents:
6148
diff
changeset
|
1128 if (p == NULL) { |
a744ae38a9e1
Having =key=value in pass_attrs or user_attrs allows returning static
Timo Sirainen <tss@iki.fi>
parents:
6148
diff
changeset
|
1129 ctx->name = *ctx->static_attrs; |
a744ae38a9e1
Having =key=value in pass_attrs or user_attrs allows returning static
Timo Sirainen <tss@iki.fi>
parents:
6148
diff
changeset
|
1130 ctx->value = ""; |
a744ae38a9e1
Having =key=value in pass_attrs or user_attrs allows returning static
Timo Sirainen <tss@iki.fi>
parents:
6148
diff
changeset
|
1131 } else { |
a744ae38a9e1
Having =key=value in pass_attrs or user_attrs allows returning static
Timo Sirainen <tss@iki.fi>
parents:
6148
diff
changeset
|
1132 ctx->name = t_strdup_until(*ctx->static_attrs, p); |
a744ae38a9e1
Having =key=value in pass_attrs or user_attrs allows returning static
Timo Sirainen <tss@iki.fi>
parents:
6148
diff
changeset
|
1133 ctx->value = p + 1; |
a744ae38a9e1
Having =key=value in pass_attrs or user_attrs allows returning static
Timo Sirainen <tss@iki.fi>
parents:
6148
diff
changeset
|
1134 } |
7465
6c6af734f284
Static attributes were broken in user_attrs.
Timo Sirainen <tss@iki.fi>
parents:
7455
diff
changeset
|
1135 /* make _next_all() return correct values */ |
6c6af734f284
Static attributes were broken in user_attrs.
Timo Sirainen <tss@iki.fi>
parents:
7455
diff
changeset
|
1136 ctx->template = ""; |
6c6af734f284
Static attributes were broken in user_attrs.
Timo Sirainen <tss@iki.fi>
parents:
7455
diff
changeset
|
1137 ctx->val_1_arr[0] = ctx->value; |
6149
a744ae38a9e1
Having =key=value in pass_attrs or user_attrs allows returning static
Timo Sirainen <tss@iki.fi>
parents:
6148
diff
changeset
|
1138 ctx->static_attrs++; |
a744ae38a9e1
Having =key=value in pass_attrs or user_attrs allows returning static
Timo Sirainen <tss@iki.fi>
parents:
6148
diff
changeset
|
1139 return TRUE; |
a744ae38a9e1
Having =key=value in pass_attrs or user_attrs allows returning static
Timo Sirainen <tss@iki.fi>
parents:
6148
diff
changeset
|
1140 } |
a744ae38a9e1
Having =key=value in pass_attrs or user_attrs allows returning static
Timo Sirainen <tss@iki.fi>
parents:
6148
diff
changeset
|
1141 |
5884
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1142 db_ldap_result_iterate_finish(ctx); |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1143 return FALSE; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1144 } |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1145 |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1146 bool db_ldap_result_iterate_next(struct db_ldap_result_iterate_context *ctx, |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1147 const char **name_r, const char **value_r) |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1148 { |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1149 if (!db_ldap_result_int_next(ctx)) |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1150 return FALSE; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1151 |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1152 *name_r = ctx->name; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1153 *value_r = ctx->value; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1154 return TRUE; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1155 } |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1156 |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1157 bool db_ldap_result_iterate_next_all(struct db_ldap_result_iterate_context *ctx, |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1158 const char **name_r, |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1159 const char *const **values_r) |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1160 { |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1161 if (!db_ldap_result_int_next(ctx)) |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1162 return FALSE; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1163 |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1164 if (ctx->template != NULL) { |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1165 /* we can use only one value with templates */ |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1166 ctx->val_1_arr[0] = ctx->value; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1167 *values_r = ctx->val_1_arr; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1168 } else { |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1169 *values_r = (const char *const *)ctx->vals; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1170 } |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1171 ctx->value = NULL; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1172 *name_r = ctx->name; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1173 return TRUE; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1174 } |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
1175 |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1176 static const char *parse_setting(const char *key, const char *value, |
4907
5b4c9b20eba0
Replaced void *context from a lot of callbacks with the actual context
Timo Sirainen <tss@iki.fi>
parents:
4903
diff
changeset
|
1177 struct ldap_connection *conn) |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1178 { |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1179 return parse_setting_from_defs(conn->pool, setting_defs, |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1180 &conn->set, key, value); |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1181 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1182 |
1143
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
1183 static struct ldap_connection *ldap_conn_find(const char *config_path) |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
1184 { |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
1185 struct ldap_connection *conn; |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
1186 |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
1187 for (conn = ldap_connections; conn != NULL; conn = conn->next) { |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
1188 if (strcmp(conn->config_path, config_path) == 0) |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
1189 return conn; |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
1190 } |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
1191 |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
1192 return NULL; |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
1193 } |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
1194 |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1195 struct ldap_connection *db_ldap_init(const char *config_path) |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1196 { |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1197 struct ldap_connection *conn; |
7397 | 1198 const char *str; |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1199 pool_t pool; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1200 |
1143
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
1201 /* see if it already exists */ |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
1202 conn = ldap_conn_find(config_path); |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
1203 if (conn != NULL) { |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
1204 conn->refcount++; |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
1205 return conn; |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
1206 } |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
1207 |
3908
afe21b6d4b68
Give a clear error message if SQL/LDAP configuration file path was left
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
1208 if (*config_path == '\0') |
afe21b6d4b68
Give a clear error message if SQL/LDAP configuration file path was left
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
1209 i_fatal("LDAP: Configuration file path not given"); |
afe21b6d4b68
Give a clear error message if SQL/LDAP configuration file path was left
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
1210 |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1211 pool = pool_alloconly_create("ldap_connection", 1024); |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1212 conn = p_new(pool, struct ldap_connection, 1); |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1213 conn->pool = pool; |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
1214 conn->refcount = 1; |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1215 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
1216 conn->conn_state = LDAP_CONN_STATE_DISCONNECTED; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
1217 conn->default_bind_msgid = -1; |
4741
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4624
diff
changeset
|
1218 conn->fd = -1; |
1143
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
1219 conn->config_path = p_strdup(pool, config_path); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1220 conn->set = default_ldap_settings; |
4903
204d7edc7cdc
Added context parameter type safety checks for most callback APIs.
Timo Sirainen <tss@iki.fi>
parents:
4816
diff
changeset
|
1221 if (!settings_read(config_path, NULL, parse_setting, |
204d7edc7cdc
Added context parameter type safety checks for most callback APIs.
Timo Sirainen <tss@iki.fi>
parents:
4816
diff
changeset
|
1222 null_settings_section_callback, conn)) |
1610
6850142c4e25
New configuration file code. Some syntax changes, but tries to be somewhat
Timo Sirainen <tss@iki.fi>
parents:
1330
diff
changeset
|
1223 exit(FATAL_DEFAULT); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1224 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1225 if (conn->set.base == NULL) |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1226 i_fatal("LDAP: No base given"); |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1227 |
4006
0e8f0647504b
Check that uris and hosts settings are correct.
Timo Sirainen <tss@iki.fi>
parents:
3913
diff
changeset
|
1228 if (conn->set.uris == NULL && conn->set.hosts == NULL) |
0e8f0647504b
Check that uris and hosts settings are correct.
Timo Sirainen <tss@iki.fi>
parents:
3913
diff
changeset
|
1229 i_fatal("LDAP: No uris or hosts set"); |
0e8f0647504b
Check that uris and hosts settings are correct.
Timo Sirainen <tss@iki.fi>
parents:
3913
diff
changeset
|
1230 #ifndef LDAP_HAVE_INITIALIZE |
4180
92b572fbb88a
If LDAP library didn't have ldap_initialize() function, we always complained
Timo Sirainen <tss@iki.fi>
parents:
4006
diff
changeset
|
1231 if (conn->set.uris != NULL) { |
4006
0e8f0647504b
Check that uris and hosts settings are correct.
Timo Sirainen <tss@iki.fi>
parents:
3913
diff
changeset
|
1232 i_fatal("LDAP: Dovecot compiled without support for LDAP uris " |
0e8f0647504b
Check that uris and hosts settings are correct.
Timo Sirainen <tss@iki.fi>
parents:
3913
diff
changeset
|
1233 "(ldap_initialize not found)"); |
0e8f0647504b
Check that uris and hosts settings are correct.
Timo Sirainen <tss@iki.fi>
parents:
3913
diff
changeset
|
1234 } |
0e8f0647504b
Check that uris and hosts settings are correct.
Timo Sirainen <tss@iki.fi>
parents:
3913
diff
changeset
|
1235 #endif |
0e8f0647504b
Check that uris and hosts settings are correct.
Timo Sirainen <tss@iki.fi>
parents:
3913
diff
changeset
|
1236 |
7397 | 1237 if (*conn->set.ldaprc_path != '\0') { |
1238 str = getenv("LDAPRC"); | |
1239 if (str != NULL && strcmp(str, conn->set.ldaprc_path) != 0) { | |
1240 i_fatal("LDAP: Multiple different ldaprc_path " | |
1241 "settings not allowed (%s and %s)", | |
1242 str, conn->set.ldaprc_path); | |
1243 } | |
1244 env_put(t_strconcat("LDAPRC=", conn->set.ldaprc_path, NULL)); | |
1245 } | |
1246 | |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1247 conn->set.ldap_deref = deref2str(conn->set.deref); |
3502
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
1248 conn->set.ldap_scope = scope2str(conn->set.scope); |
5e78500f1aee
user_global_uid and user_global_gid settings weren't working. Also changed
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
1249 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
1250 i_array_init(&conn->request_array, DB_LDAP_MAX_QUEUE_SIZE); |
7079
d45c3058b91a
Renamed queue to aqueue ("array queue") because struct queue already exists
Timo Sirainen <tss@iki.fi>
parents:
7062
diff
changeset
|
1251 conn->request_queue = aqueue_init(&conn->request_array.arr); |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
1252 |
1143
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
1253 conn->next = ldap_connections; |
50f10a7a3bad
Use the same LDAP connection for both userdb and passdb if config_path is
Timo Sirainen <tss@iki.fi>
parents:
1141
diff
changeset
|
1254 ldap_connections = conn; |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1255 return conn; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1256 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1257 |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
1258 void db_ldap_unref(struct ldap_connection **_conn) |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1259 { |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
1260 struct ldap_connection *conn = *_conn; |
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3502
diff
changeset
|
1261 struct ldap_connection **p; |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3502
diff
changeset
|
1262 |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
1263 *_conn = NULL; |
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3502
diff
changeset
|
1264 i_assert(conn->refcount >= 0); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1265 if (--conn->refcount > 0) |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1266 return; |
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3502
diff
changeset
|
1267 |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3502
diff
changeset
|
1268 for (p = &ldap_connections; *p != NULL; p = &(*p)->next) { |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3502
diff
changeset
|
1269 if (*p == conn) { |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3502
diff
changeset
|
1270 *p = conn->next; |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3502
diff
changeset
|
1271 break; |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3502
diff
changeset
|
1272 } |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3502
diff
changeset
|
1273 } |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1274 |
7062
36402809db43
When aborting queued requests, log the reason for it.
Timo Sirainen <tss@iki.fi>
parents:
7050
diff
changeset
|
1275 db_ldap_abort_requests(conn, -1U, 0, FALSE, "Shutting down"); |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
1276 i_assert(conn->pending_count == 0); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
1277 db_ldap_conn_close(conn); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
1278 i_assert(conn->to == NULL); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1279 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
1280 array_free(&conn->request_array); |
7079
d45c3058b91a
Renamed queue to aqueue ("array queue") because struct queue already exists
Timo Sirainen <tss@iki.fi>
parents:
7062
diff
changeset
|
1281 aqueue_deinit(&conn->request_queue); |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
1282 |
3306
aebed9a9edac
If both userdb and passdb used LDAP the later one was overriding first one's
Timo Sirainen <tss@iki.fi>
parents:
3212
diff
changeset
|
1283 if (conn->pass_attr_map != NULL) |
8573
f9166a09423a
Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents:
8256
diff
changeset
|
1284 hash_table_destroy(&conn->pass_attr_map); |
3306
aebed9a9edac
If both userdb and passdb used LDAP the later one was overriding first one's
Timo Sirainen <tss@iki.fi>
parents:
3212
diff
changeset
|
1285 if (conn->user_attr_map != NULL) |
8573
f9166a09423a
Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents:
8256
diff
changeset
|
1286 hash_table_destroy(&conn->user_attr_map); |
6428
7cad076906eb
pool_unref() now takes ** pointer.
Timo Sirainen <tss@iki.fi>
parents:
6417
diff
changeset
|
1287 pool_unref(&conn->pool); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1288 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1289 |
6198
4f6c4aeafafb
--with-ldap=plugin builds LDAP passdb and userdb support as a plugin.
Timo Sirainen <tss@iki.fi>
parents:
6175
diff
changeset
|
1290 #ifndef BUILTIN_LDAP |
4f6c4aeafafb
--with-ldap=plugin builds LDAP passdb and userdb support as a plugin.
Timo Sirainen <tss@iki.fi>
parents:
6175
diff
changeset
|
1291 /* Building a plugin */ |
4f6c4aeafafb
--with-ldap=plugin builds LDAP passdb and userdb support as a plugin.
Timo Sirainen <tss@iki.fi>
parents:
6175
diff
changeset
|
1292 extern struct passdb_module_interface passdb_ldap; |
4f6c4aeafafb
--with-ldap=plugin builds LDAP passdb and userdb support as a plugin.
Timo Sirainen <tss@iki.fi>
parents:
6175
diff
changeset
|
1293 extern struct userdb_module_interface userdb_ldap; |
4f6c4aeafafb
--with-ldap=plugin builds LDAP passdb and userdb support as a plugin.
Timo Sirainen <tss@iki.fi>
parents:
6175
diff
changeset
|
1294 |
4f6c4aeafafb
--with-ldap=plugin builds LDAP passdb and userdb support as a plugin.
Timo Sirainen <tss@iki.fi>
parents:
6175
diff
changeset
|
1295 void authdb_ldap_init(void); |
4f6c4aeafafb
--with-ldap=plugin builds LDAP passdb and userdb support as a plugin.
Timo Sirainen <tss@iki.fi>
parents:
6175
diff
changeset
|
1296 void authdb_ldap_deinit(void); |
4f6c4aeafafb
--with-ldap=plugin builds LDAP passdb and userdb support as a plugin.
Timo Sirainen <tss@iki.fi>
parents:
6175
diff
changeset
|
1297 |
4f6c4aeafafb
--with-ldap=plugin builds LDAP passdb and userdb support as a plugin.
Timo Sirainen <tss@iki.fi>
parents:
6175
diff
changeset
|
1298 void authdb_ldap_init(void) |
4f6c4aeafafb
--with-ldap=plugin builds LDAP passdb and userdb support as a plugin.
Timo Sirainen <tss@iki.fi>
parents:
6175
diff
changeset
|
1299 { |
4f6c4aeafafb
--with-ldap=plugin builds LDAP passdb and userdb support as a plugin.
Timo Sirainen <tss@iki.fi>
parents:
6175
diff
changeset
|
1300 passdb_register_module(&passdb_ldap); |
4f6c4aeafafb
--with-ldap=plugin builds LDAP passdb and userdb support as a plugin.
Timo Sirainen <tss@iki.fi>
parents:
6175
diff
changeset
|
1301 userdb_register_module(&userdb_ldap); |
4f6c4aeafafb
--with-ldap=plugin builds LDAP passdb and userdb support as a plugin.
Timo Sirainen <tss@iki.fi>
parents:
6175
diff
changeset
|
1302 |
4f6c4aeafafb
--with-ldap=plugin builds LDAP passdb and userdb support as a plugin.
Timo Sirainen <tss@iki.fi>
parents:
6175
diff
changeset
|
1303 } |
4f6c4aeafafb
--with-ldap=plugin builds LDAP passdb and userdb support as a plugin.
Timo Sirainen <tss@iki.fi>
parents:
6175
diff
changeset
|
1304 void authdb_ldap_deinit(void) |
4f6c4aeafafb
--with-ldap=plugin builds LDAP passdb and userdb support as a plugin.
Timo Sirainen <tss@iki.fi>
parents:
6175
diff
changeset
|
1305 { |
4f6c4aeafafb
--with-ldap=plugin builds LDAP passdb and userdb support as a plugin.
Timo Sirainen <tss@iki.fi>
parents:
6175
diff
changeset
|
1306 passdb_unregister_module(&passdb_ldap); |
4f6c4aeafafb
--with-ldap=plugin builds LDAP passdb and userdb support as a plugin.
Timo Sirainen <tss@iki.fi>
parents:
6175
diff
changeset
|
1307 userdb_unregister_module(&userdb_ldap); |
4f6c4aeafafb
--with-ldap=plugin builds LDAP passdb and userdb support as a plugin.
Timo Sirainen <tss@iki.fi>
parents:
6175
diff
changeset
|
1308 } |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1309 #endif |
6198
4f6c4aeafafb
--with-ldap=plugin builds LDAP passdb and userdb support as a plugin.
Timo Sirainen <tss@iki.fi>
parents:
6175
diff
changeset
|
1310 |
4f6c4aeafafb
--with-ldap=plugin builds LDAP passdb and userdb support as a plugin.
Timo Sirainen <tss@iki.fi>
parents:
6175
diff
changeset
|
1311 #endif |