Mercurial > dovecot > original-hg > dovecot-1.2

annotate src/auth/passdb-ldap.c @ 9008:fc4f65a4ca60 HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
virtual: Don't show mailboxes as \Noselect.
author Timo Sirainen <tss@iki.fi>
date Fri, 01 May 2009 14:56:52 -0400
parents 643a96aec996
children a31fb9b7179a
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
8590
b9faf4db2a9f Updated copyright notices to include year 2009.
Timo Sirainen <tss@iki.fi>
parents: 8573
diff changeset
1 /* Copyright (c) 2003-2009 Dovecot authors, see the included COPYING file */
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
2
3474
9096b7957413 Removed direct config.h including. I'm not sure why it was done before,
Timo Sirainen <tss@iki.fi>
parents: 3324
diff changeset
3 #include "common.h"
8217
c47b78e843aa Separate "unknown passdb/userdb X" and "support for X not compiled in" error messages.
Timo Sirainen <tss@iki.fi>
parents: 7985
diff changeset
4 #include "passdb.h"
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
5
8872
643a96aec996 Fixed --with-ldap=plugin and --with-gssapi=plugin
Timo Sirainen <tss@iki.fi>
parents: 8710
diff changeset
6 #if defined(PASSDB_LDAP) && (defined(BUILTIN_LDAP) || defined(PLUGIN_BUILD))
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
7
7045
ae0556fb268d If LDAP server disconnects the connection and we haven't sent requests for a
Timo Sirainen <tss@iki.fi>
parents: 6999
diff changeset
8 #include "ioloop.h"
3158
8849f2e380d1 userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents: 3101
diff changeset
9 #include "hash.h"
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
10 #include "str.h"
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
11 #include "var-expand.h"
1192
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents: 1191
diff changeset
12 #include "password-scheme.h"
3161
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents: 3158
diff changeset
13 #include "auth-cache.h"
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
14 #include "db-ldap.h"
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
15
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
16 #include <ldap.h>
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
17 #include <stdlib.h>
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
18
3657
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
19 struct ldap_passdb_module {
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
20 struct passdb_module module;
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
21
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
22 struct ldap_connection *conn;
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
23 };
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
24
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
25 struct passdb_ldap_request {
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
26 union {
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
27 struct ldap_request ldap;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
28 struct ldap_request_search search;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
29 struct ldap_request_bind bind;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
30 } request;
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
31
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
32 union {
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
33 verify_plain_callback_t *verify_plain;
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
34 lookup_credentials_callback_t *lookup_credentials;
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
35 } callback;
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
36 };
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
37
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
38 static LDAPMessage *
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
39 handle_request_get_entry(struct ldap_connection *conn,
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
40 struct auth_request *auth_request,
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
41 struct passdb_ldap_request *request, LDAPMessage *res)
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
42 {
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
43 enum passdb_result passdb_result;
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
44 LDAPMessage *entry;
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
45
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
46 passdb_result = PASSDB_RESULT_INTERNAL_FAILURE;
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
47
3879
928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents: 3840
diff changeset
48 if (res != NULL) {
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
49 /* LDAP search was successful */
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
50 entry = ldap_first_entry(conn->ld, res);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
51 if (entry == NULL) {
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
52 passdb_result = PASSDB_RESULT_USER_UNKNOWN;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
53 auth_request_log_info(auth_request, "ldap",
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
54 "unknown user");
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
55 } else {
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
56 if (ldap_next_entry(conn->ld, entry) == NULL) {
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
57 /* success */
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
58 return entry;
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
59 }
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
60
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
61 auth_request_log_error(auth_request, "ldap",
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
62 "Multiple replies found for user");
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
63 }
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
64 }
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
65
5593
f8dc0bdb06a7 Removed enum passdb_credentials. Use scheme strings directly instead. This
Timo Sirainen <tss@iki.fi>
parents: 5563
diff changeset
66 if (auth_request->credentials_scheme != NULL) {
5598
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents: 5593
diff changeset
67 request->callback.lookup_credentials(passdb_result, NULL, 0,
5553
ed1e0985b9ea Don't crash if doing non-plaintext ldap passdb lookup for unknown user.
Timo Sirainen <tss@iki.fi>
parents: 5488
diff changeset
68 auth_request);
ed1e0985b9ea Don't crash if doing non-plaintext ldap passdb lookup for unknown user.
Timo Sirainen <tss@iki.fi>
parents: 5488
diff changeset
69 } else {
ed1e0985b9ea Don't crash if doing non-plaintext ldap passdb lookup for unknown user.
Timo Sirainen <tss@iki.fi>
parents: 5488
diff changeset
70 request->callback.verify_plain(passdb_result, auth_request);
ed1e0985b9ea Don't crash if doing non-plaintext ldap passdb lookup for unknown user.
Timo Sirainen <tss@iki.fi>
parents: 5488
diff changeset
71 }
3879
928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents: 3840
diff changeset
72 auth_request_unref(&auth_request);
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
73 return NULL;
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
74 }
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
75
5884
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents: 5872
diff changeset
76 static void
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents: 5872
diff changeset
77 ldap_query_save_result(struct ldap_connection *conn,
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents: 5872
diff changeset
78 LDAPMessage *entry, struct auth_request *auth_request)
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents: 5872
diff changeset
79 {
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents: 5872
diff changeset
80 struct db_ldap_result_iterate_context *ldap_iter;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents: 5872
diff changeset
81 const char *name, *value;
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents: 5872
diff changeset
82
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents: 5872
diff changeset
83 ldap_iter = db_ldap_result_iterate_init(conn, entry, auth_request,
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents: 5872
diff changeset
84 conn->pass_attr_map);
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents: 5872
diff changeset
85 while (db_ldap_result_iterate_next(ldap_iter, &name, &value)) {
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents: 5872
diff changeset
86 auth_request_set_field(auth_request, name, value,
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents: 5872
diff changeset
87 conn->set.default_pass_scheme);
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents: 5872
diff changeset
88 }
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents: 5872
diff changeset
89 }
1c1dee40e495 Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents: 5872
diff changeset
90
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
91 static void
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
92 ldap_lookup_pass_callback(struct ldap_connection *conn,
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
93 struct ldap_request *request, LDAPMessage *res)
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
94 {
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
95 struct passdb_ldap_request *ldap_request =
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
96 (struct passdb_ldap_request *)request;
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
97 struct auth_request *auth_request = request->auth_request;
3161
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents: 3158
diff changeset
98 enum passdb_result passdb_result;
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
99 LDAPMessage *entry;
3158
8849f2e380d1 userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents: 3101
diff changeset
100 const char *password, *scheme;
1191
65e48854491d Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents: 1189
diff changeset
101 int ret;
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
102
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
103 entry = handle_request_get_entry(conn, auth_request, ldap_request, res);
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
104 if (entry == NULL)
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
105 return;
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
106
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
107 /* got first LDAP entry */
3161
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents: 3158
diff changeset
108 passdb_result = PASSDB_RESULT_INTERNAL_FAILURE;
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
109 password = NULL;
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
110
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
111 ldap_query_save_result(conn, entry, auth_request);
8568
935930abeb7a LDAP: Allow empty/missing password field if nopassword field is given.
Timo Sirainen <tss@iki.fi>
parents: 8217
diff changeset
112 if (ldap_next_entry(conn->ld, entry) != NULL) {
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
113 auth_request_log_error(auth_request, "ldap",
5488
3a8a3b2badab Error message changed
Timo Sirainen <tss@iki.fi>
parents: 5223
diff changeset
114 "pass_filter matched multiple objects, aborting");
5619
121af23cfc65 Empty password doesn't anymore allow user to log in with any password,
Timo Sirainen <tss@iki.fi>
parents: 5598
diff changeset
115 } else if (auth_request->passdb_password == NULL &&
121af23cfc65 Empty password doesn't anymore allow user to log in with any password,
Timo Sirainen <tss@iki.fi>
parents: 5598
diff changeset
116 !auth_request->no_password) {
121af23cfc65 Empty password doesn't anymore allow user to log in with any password,
Timo Sirainen <tss@iki.fi>
parents: 5598
diff changeset
117 auth_request_log_info(auth_request, "ldap",
8568
935930abeb7a LDAP: Allow empty/missing password field if nopassword field is given.
Timo Sirainen <tss@iki.fi>
parents: 8217
diff changeset
118 "No password returned (and no nopassword)");
5619
121af23cfc65 Empty password doesn't anymore allow user to log in with any password,
Timo Sirainen <tss@iki.fi>
parents: 5598
diff changeset
119 passdb_result = PASSDB_RESULT_PASSWORD_MISMATCH;
1182
27fb52c532a4 Handle LDAP failures better.
Timo Sirainen <tss@iki.fi>
parents: 1136
diff changeset
120 } else {
4731
bd702f6cac23 Non-plaintext authentication didn't work with sql as passdb. Cleaned up the
Timo Sirainen <tss@iki.fi>
parents: 4557
diff changeset
121 /* passdb_password may change on the way,
bd702f6cac23 Non-plaintext authentication didn't work with sql as passdb. Cleaned up the
Timo Sirainen <tss@iki.fi>
parents: 4557
diff changeset
122 so we'll need to strdup. */
bd702f6cac23 Non-plaintext authentication didn't work with sql as passdb. Cleaned up the
Timo Sirainen <tss@iki.fi>
parents: 4557
diff changeset
123 password = t_strdup(auth_request->passdb_password);
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
124 passdb_result = PASSDB_RESULT_OK;
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
125 }
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
126
1191
65e48854491d Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents: 1189
diff changeset
127 scheme = password_get_scheme(&password);
3273
9860bab7b7e3 Don't crash if password lookup failed.
Timo Sirainen <tss@iki.fi>
parents: 3272
diff changeset
128 /* auth_request_set_field() sets scheme */
9860bab7b7e3 Don't crash if password lookup failed.
Timo Sirainen <tss@iki.fi>
parents: 3272
diff changeset
129 i_assert(password == NULL || scheme != NULL);
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
130
5593
f8dc0bdb06a7 Removed enum passdb_credentials. Use scheme strings directly instead. This
Timo Sirainen <tss@iki.fi>
parents: 5563
diff changeset
131 if (auth_request->credentials_scheme != NULL) {
3655
62fc6883faeb Fixes and cleanups to credentials handling. Also fixed auth caching to work
Timo Sirainen <tss@iki.fi>
parents: 3474
diff changeset
132 passdb_handle_credentials(passdb_result, password, scheme,
1191
65e48854491d Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents: 1189
diff changeset
133 ldap_request->callback.lookup_credentials,
65e48854491d Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents: 1189
diff changeset
134 auth_request);
4791
7be447e805da Cleanups, extra assert
Timo Sirainen <tss@iki.fi>
parents: 4789
diff changeset
135 } else {
7be447e805da Cleanups, extra assert
Timo Sirainen <tss@iki.fi>
parents: 4789
diff changeset
136 if (password != NULL) {
7be447e805da Cleanups, extra assert
Timo Sirainen <tss@iki.fi>
parents: 4789
diff changeset
137 ret = auth_request_password_verify(auth_request,
7be447e805da Cleanups, extra assert
Timo Sirainen <tss@iki.fi>
parents: 4789
diff changeset
138 auth_request->mech_password,
7be447e805da Cleanups, extra assert
Timo Sirainen <tss@iki.fi>
parents: 4789
diff changeset
139 password, scheme, "ldap");
7be447e805da Cleanups, extra assert
Timo Sirainen <tss@iki.fi>
parents: 4789
diff changeset
140 passdb_result = ret > 0 ? PASSDB_RESULT_OK :
7be447e805da Cleanups, extra assert
Timo Sirainen <tss@iki.fi>
parents: 4789
diff changeset
141 PASSDB_RESULT_PASSWORD_MISMATCH;
7be447e805da Cleanups, extra assert
Timo Sirainen <tss@iki.fi>
parents: 4789
diff changeset
142 }
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
143
3161
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents: 3158
diff changeset
144 ldap_request->callback.verify_plain(passdb_result,
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents: 3158
diff changeset
145 auth_request);
1191
65e48854491d Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents: 1189
diff changeset
146 }
3879
928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents: 3840
diff changeset
147 auth_request_unref(&auth_request);
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
148 }
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
149
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
150 static void
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
151 ldap_auth_bind_callback(struct ldap_connection *conn,
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4731
diff changeset
152 struct ldap_request *ldap_request, LDAPMessage *res)
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
153 {
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
154 struct passdb_ldap_request *passdb_ldap_request =
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4731
diff changeset
155 (struct passdb_ldap_request *)ldap_request;
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
156 struct auth_request *auth_request = ldap_request->auth_request;
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
157 enum passdb_result passdb_result;
8710
eaf8c93be56e auth_debug_passwords=yes: If auth bind fails, log the attempted password.
Timo Sirainen <tss@iki.fi>
parents: 8590
diff changeset
158 const char *str;
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
159 int ret;
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
160
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
161 passdb_result = PASSDB_RESULT_INTERNAL_FAILURE;
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
162
3879
928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents: 3840
diff changeset
163 if (res != NULL) {
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
164 ret = ldap_result2error(conn->ld, res, 0);
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
165 if (ret == LDAP_SUCCESS)
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
166 passdb_result = PASSDB_RESULT_OK;
4750
c02b31f07299 Do better logging.
Timo Sirainen <tss@iki.fi>
parents: 4742
diff changeset
167 else if (ret == LDAP_INVALID_CREDENTIALS) {
8710
eaf8c93be56e auth_debug_passwords=yes: If auth bind fails, log the attempted password.
Timo Sirainen <tss@iki.fi>
parents: 8590
diff changeset
168 str = "invalid credentials";
eaf8c93be56e auth_debug_passwords=yes: If auth bind fails, log the attempted password.
Timo Sirainen <tss@iki.fi>
parents: 8590
diff changeset
169 if (auth_request->auth->verbose_debug_passwords) {
eaf8c93be56e auth_debug_passwords=yes: If auth bind fails, log the attempted password.
Timo Sirainen <tss@iki.fi>
parents: 8590
diff changeset
170 str = t_strconcat(str, " (given password: ",
eaf8c93be56e auth_debug_passwords=yes: If auth bind fails, log the attempted password.
Timo Sirainen <tss@iki.fi>
parents: 8590
diff changeset
171 auth_request->mech_password,
eaf8c93be56e auth_debug_passwords=yes: If auth bind fails, log the attempted password.
Timo Sirainen <tss@iki.fi>
parents: 8590
diff changeset
172 ")", NULL);
eaf8c93be56e auth_debug_passwords=yes: If auth bind fails, log the attempted password.
Timo Sirainen <tss@iki.fi>
parents: 8590
diff changeset
173 }
eaf8c93be56e auth_debug_passwords=yes: If auth bind fails, log the attempted password.
Timo Sirainen <tss@iki.fi>
parents: 8590
diff changeset
174 auth_request_log_info(auth_request, "ldap", "%s", str);
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
175 passdb_result = PASSDB_RESULT_PASSWORD_MISMATCH;
4750
c02b31f07299 Do better logging.
Timo Sirainen <tss@iki.fi>
parents: 4742
diff changeset
176 } else {
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4731
diff changeset
177 auth_request_log_error(auth_request, "ldap",
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
178 "ldap_bind() failed: %s",
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
179 ldap_err2string(ret));
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
180 }
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
181 }
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
182
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
183 passdb_ldap_request->callback.
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
184 verify_plain(passdb_result, auth_request);
3879
928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents: 3840
diff changeset
185 auth_request_unref(&auth_request);
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
186 }
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
187
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
188 static void ldap_auth_bind(struct ldap_connection *conn,
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
189 struct ldap_request_bind *brequest)
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
190 {
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
191 struct passdb_ldap_request *passdb_ldap_request =
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
192 (struct passdb_ldap_request *)brequest;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
193 struct auth_request *auth_request = brequest->request.auth_request;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
194
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
195 if (*auth_request->mech_password == '\0') {
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
196 /* Assume that empty password fails. This is especially
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
197 important with Windows 2003 AD, which always returns success
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
198 with empty passwords. */
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
199 auth_request_log_info(auth_request, "ldap",
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
200 "Login attempt with empty password");
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
201 passdb_ldap_request->callback.
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
202 verify_plain(PASSDB_RESULT_PASSWORD_MISMATCH,
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
203 auth_request);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
204 return;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
205 }
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
206
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
207 brequest->request.callback = ldap_auth_bind_callback;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
208 db_ldap_request(conn, &brequest->request);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
209 }
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
210
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
211 static void ldap_bind_lookup_dn_callback(struct ldap_connection *conn,
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
212 struct ldap_request *ldap_request,
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
213 LDAPMessage *res)
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
214 {
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
215 struct passdb_ldap_request *passdb_ldap_request =
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
216 (struct passdb_ldap_request *)ldap_request;
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
217 struct ldap_request_bind *brequest;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
218 struct auth_request *auth_request = ldap_request->auth_request;
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
219 LDAPMessage *entry;
6151
e841f00d368c auth_bind=yes and empty auth_bind_userdn leaked memory.
Timo Sirainen <tss@iki.fi>
parents: 6148
diff changeset
220 char *dn;
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
221
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
222 entry = handle_request_get_entry(conn, auth_request,
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
223 passdb_ldap_request, res);
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
224 if (entry == NULL)
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
225 return;
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
226
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4731
diff changeset
227 ldap_query_save_result(conn, entry, auth_request);
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4731
diff changeset
228
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
229 /* convert search request to bind request */
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
230 brequest = &passdb_ldap_request->request.bind;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
231 memset(brequest, 0, sizeof(*brequest));
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
232 brequest->request.type = LDAP_REQUEST_TYPE_BIND;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
233 brequest->request.auth_request = auth_request;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
234
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
235 /* switch the handler to the authenticated bind handler */
6151
e841f00d368c auth_bind=yes and empty auth_bind_userdn leaked memory.
Timo Sirainen <tss@iki.fi>
parents: 6148
diff changeset
236 dn = ldap_get_dn(conn->ld, entry);
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
237 brequest->dn = p_strdup(auth_request->pool, dn);
6151
e841f00d368c auth_bind=yes and empty auth_bind_userdn leaked memory.
Timo Sirainen <tss@iki.fi>
parents: 6148
diff changeset
238 ldap_memfree(dn);
e841f00d368c auth_bind=yes and empty auth_bind_userdn leaked memory.
Timo Sirainen <tss@iki.fi>
parents: 6148
diff changeset
239
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
240 ldap_auth_bind(conn, brequest);
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
241 }
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
242
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
243 static void ldap_lookup_pass(struct auth_request *auth_request,
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
244 struct passdb_ldap_request *request)
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
245 {
3657
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
246 struct passdb_module *_module = auth_request->passdb->passdb;
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
247 struct ldap_passdb_module *module =
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
248 (struct ldap_passdb_module *)_module;
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
249 struct ldap_connection *conn = module->conn;
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
250 struct ldap_request_search *srequest = &request->request.search;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
251 const struct var_expand_table *vars;
3306
aebed9a9edac If both userdb and passdb used LDAP the later one was overriding first one's
Timo Sirainen <tss@iki.fi>
parents: 3273
diff changeset
252 const char **attr_names = (const char **)conn->pass_attr_names;
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
253 string_t *str;
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
254
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
255 srequest->request.type = LDAP_REQUEST_TYPE_SEARCH;
3088
441759ac4f6a Support variables in LDAP base setting.
Timo Sirainen <tss@iki.fi>
parents: 3069
diff changeset
256 vars = auth_request_get_var_expand_table(auth_request, ldap_escape);
441759ac4f6a Support variables in LDAP base setting.
Timo Sirainen <tss@iki.fi>
parents: 3069
diff changeset
257
441759ac4f6a Support variables in LDAP base setting.
Timo Sirainen <tss@iki.fi>
parents: 3069
diff changeset
258 str = t_str_new(512);
441759ac4f6a Support variables in LDAP base setting.
Timo Sirainen <tss@iki.fi>
parents: 3069
diff changeset
259 var_expand(str, conn->set.base, vars);
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
260 srequest->base = p_strdup(auth_request->pool, str_c(str));
3088
441759ac4f6a Support variables in LDAP base setting.
Timo Sirainen <tss@iki.fi>
parents: 3069
diff changeset
261
3101
6269725cce58 Fixes by Kazuo Moriwaka
Timo Sirainen <tss@iki.fi>
parents: 3094
diff changeset
262 str_truncate(str, 0);
3094
d78e9a31b6d8 Move default filters/attrs to setting defaults rather than check it from
Timo Sirainen <tss@iki.fi>
parents: 3088
diff changeset
263 var_expand(str, conn->set.pass_filter, vars);
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
264 srequest->filter = p_strdup(auth_request->pool, str_c(str));
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
265 srequest->attributes = conn->pass_attr_names;
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
266
4750
c02b31f07299 Do better logging.
Timo Sirainen <tss@iki.fi>
parents: 4742
diff changeset
267 auth_request_log_debug(auth_request, "ldap", "pass search: "
3069
131151e25e4b Added auth_request_log_*().
Timo Sirainen <tss@iki.fi>
parents: 3061
diff changeset
268 "base=%s scope=%s filter=%s fields=%s",
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
269 srequest->base, conn->set.scope,
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
270 srequest->filter, attr_names == NULL ? "(all)" :
3069
131151e25e4b Added auth_request_log_*().
Timo Sirainen <tss@iki.fi>
parents: 3061
diff changeset
271 t_strarray_join(attr_names, ","));
3036
fcecff14e470 Added authentication debugging logging.
Timo Sirainen <tss@iki.fi>
parents: 2994
diff changeset
272
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
273 srequest->request.callback = ldap_lookup_pass_callback;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
274 db_ldap_request(conn, &srequest->request);
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
275 }
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
276
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
277 static void ldap_bind_lookup_dn(struct auth_request *auth_request,
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
278 struct passdb_ldap_request *request)
3840
935f12d0d2fe Added fast authbinding and auth_bind_userdn setting. Patch by Geff
Timo Sirainen <tss@iki.fi>
parents: 3772
diff changeset
279 {
935f12d0d2fe Added fast authbinding and auth_bind_userdn setting. Patch by Geff
Timo Sirainen <tss@iki.fi>
parents: 3772
diff changeset
280 struct passdb_module *_module = auth_request->passdb->passdb;
935f12d0d2fe Added fast authbinding and auth_bind_userdn setting. Patch by Geff
Timo Sirainen <tss@iki.fi>
parents: 3772
diff changeset
281 struct ldap_passdb_module *module =
935f12d0d2fe Added fast authbinding and auth_bind_userdn setting. Patch by Geff
Timo Sirainen <tss@iki.fi>
parents: 3772
diff changeset
282 (struct ldap_passdb_module *)_module;
935f12d0d2fe Added fast authbinding and auth_bind_userdn setting. Patch by Geff
Timo Sirainen <tss@iki.fi>
parents: 3772
diff changeset
283 struct ldap_connection *conn = module->conn;
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
284 struct ldap_request_search *srequest = &request->request.search;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
285 const struct var_expand_table *vars;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
286 string_t *str;
3840
935f12d0d2fe Added fast authbinding and auth_bind_userdn setting. Patch by Geff
Timo Sirainen <tss@iki.fi>
parents: 3772
diff changeset
287
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
288 srequest->request.type = LDAP_REQUEST_TYPE_SEARCH;
3840
935f12d0d2fe Added fast authbinding and auth_bind_userdn setting. Patch by Geff
Timo Sirainen <tss@iki.fi>
parents: 3772
diff changeset
289 vars = auth_request_get_var_expand_table(auth_request, ldap_escape);
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
290
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
291 str = t_str_new(512);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
292 var_expand(str, conn->set.base, vars);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
293 srequest->base = p_strdup(auth_request->pool, str_c(str));
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
294
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
295 str_truncate(str, 0);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
296 var_expand(str, conn->set.pass_filter, vars);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
297 srequest->filter = p_strdup(auth_request->pool, str_c(str));
3840
935f12d0d2fe Added fast authbinding and auth_bind_userdn setting. Patch by Geff
Timo Sirainen <tss@iki.fi>
parents: 3772
diff changeset
298
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
299 /* we don't need the attributes to perform authentication, but they
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
300 may contain some extra parameters. if a password is returned,
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
301 it's just ignored. */
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
302 srequest->attributes = conn->pass_attr_names;
3840
935f12d0d2fe Added fast authbinding and auth_bind_userdn setting. Patch by Geff
Timo Sirainen <tss@iki.fi>
parents: 3772
diff changeset
303
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
304 auth_request_log_debug(auth_request, "ldap",
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
305 "bind search: base=%s filter=%s",
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
306 srequest->base, srequest->filter);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
307
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
308 srequest->request.callback = ldap_bind_lookup_dn_callback;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
309 db_ldap_request(conn, &srequest->request);
3840
935f12d0d2fe Added fast authbinding and auth_bind_userdn setting. Patch by Geff
Timo Sirainen <tss@iki.fi>
parents: 3772
diff changeset
310 }
935f12d0d2fe Added fast authbinding and auth_bind_userdn setting. Patch by Geff
Timo Sirainen <tss@iki.fi>
parents: 3772
diff changeset
311
935f12d0d2fe Added fast authbinding and auth_bind_userdn setting. Patch by Geff
Timo Sirainen <tss@iki.fi>
parents: 3772
diff changeset
312 static void
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
313 ldap_verify_plain_auth_bind_userdn(struct auth_request *auth_request,
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
314 struct passdb_ldap_request *request)
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
315 {
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
316 struct passdb_module *_module = auth_request->passdb->passdb;
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
317 struct ldap_passdb_module *module =
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
318 (struct ldap_passdb_module *)_module;
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
319 struct ldap_connection *conn = module->conn;
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
320 struct ldap_request_bind *brequest = &request->request.bind;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
321 const struct var_expand_table *vars;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
322 string_t *dn;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
323
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
324 brequest->request.type = LDAP_REQUEST_TYPE_BIND;
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
325
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
326 vars = auth_request_get_var_expand_table(auth_request, ldap_escape);
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
327 dn = t_str_new(512);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
328 var_expand(dn, conn->set.auth_bind_userdn, vars);
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
329
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
330 brequest->dn = p_strdup(auth_request->pool, str_c(dn));
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
331 ldap_auth_bind(conn, brequest);
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
332 }
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
333
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
334 static void
3161
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents: 3158
diff changeset
335 ldap_verify_plain(struct auth_request *request,
6411
6a64e64fa3a3 Renamed __attr_*__ to ATTR_*. Renamed __attrs_used__ to ATTRS_DEFINED.
Timo Sirainen <tss@iki.fi>
parents: 6151
diff changeset
336 const char *password ATTR_UNUSED,
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
337 verify_plain_callback_t *callback)
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
338 {
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
339 struct passdb_module *_module = request->passdb->passdb;
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
340 struct ldap_passdb_module *module =
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
341 (struct ldap_passdb_module *)_module;
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
342 struct ldap_connection *conn = module->conn;
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
343 struct passdb_ldap_request *ldap_request;
2798
54b29901a793 Added simple LRU cache for auth requests. Currently only for sql passdb.
Timo Sirainen <tss@iki.fi>
parents: 2648
diff changeset
344
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4731
diff changeset
345 /* reconnect if needed. this is also done by db_ldap_search(), but
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4731
diff changeset
346 with auth binds we'll have to do it ourself */
4742
62a5d2c10ecd Crashfixes
Timo Sirainen <tss@iki.fi>
parents: 4741
diff changeset
347 if (db_ldap_connect(conn)< 0) {
62a5d2c10ecd Crashfixes
Timo Sirainen <tss@iki.fi>
parents: 4741
diff changeset
348 callback(PASSDB_RESULT_INTERNAL_FAILURE, request);
62a5d2c10ecd Crashfixes
Timo Sirainen <tss@iki.fi>
parents: 4741
diff changeset
349 return;
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4731
diff changeset
350 }
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4731
diff changeset
351
3161
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents: 3158
diff changeset
352 ldap_request = p_new(request->pool, struct passdb_ldap_request, 1);
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
353 ldap_request->callback.verify_plain = callback;
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
354
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
355 auth_request_ref(request);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
356 ldap_request->request.ldap.auth_request = request;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
357
6864
6d271590e0e9 If auth_bind=no, ignore auth_bind_userdn setting instead of having it turn
Timo Sirainen <tss@iki.fi>
parents: 6475
diff changeset
358 if (!conn->set.auth_bind)
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
359 ldap_lookup_pass(request, ldap_request);
6864
6d271590e0e9 If auth_bind=no, ignore auth_bind_userdn setting instead of having it turn
Timo Sirainen <tss@iki.fi>
parents: 6475
diff changeset
360 else if (conn->set.auth_bind_userdn == NULL)
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
361 ldap_bind_lookup_dn(request, ldap_request);
3772
fbadb37f28e4 cleanup
Timo Sirainen <tss@iki.fi>
parents: 3771
diff changeset
362 else
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
363 ldap_verify_plain_auth_bind_userdn(request, ldap_request);
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
364 }
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
365
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
366 static void ldap_lookup_credentials(struct auth_request *request,
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
367 lookup_credentials_callback_t *callback)
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
368 {
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
369 struct passdb_ldap_request *ldap_request;
2798
54b29901a793 Added simple LRU cache for auth requests. Currently only for sql passdb.
Timo Sirainen <tss@iki.fi>
parents: 2648
diff changeset
370
3161
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents: 3158
diff changeset
371 ldap_request = p_new(request->pool, struct passdb_ldap_request, 1);
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
372 ldap_request->callback.lookup_credentials = callback;
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
373
7050
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
374 auth_request_ref(request);
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
375 ldap_request->request.ldap.auth_request = request;
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
376
0dcea80312b0 LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents: 7045
diff changeset
377 ldap_lookup_pass(request, ldap_request);
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
378 }
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
379
3657
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
380 static struct passdb_module *
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
381 passdb_ldap_preinit(struct auth_passdb *auth_passdb, const char *args)
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
382 {
3657
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
383 struct ldap_passdb_module *module;
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
384 struct ldap_connection *conn;
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
385
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
386 module = p_new(auth_passdb->auth->pool, struct ldap_passdb_module, 1);
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
387 module->conn = conn = db_ldap_init(args);
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
388 conn->pass_attr_map =
8573
f9166a09423a Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents: 8568
diff changeset
389 hash_table_create(default_pool, conn->pool, 0, str_hash,
f9166a09423a Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents: 8568
diff changeset
390 (hash_cmp_callback_t *)strcmp);
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
391
3657
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
392 db_ldap_set_attrs(conn, conn->set.pass_attrs, &conn->pass_attr_names,
6148
668a768fc8fd Removed deprecated pass_attrs and user_attrs configuration method.
Timo Sirainen <tss@iki.fi>
parents: 5884
diff changeset
393 conn->pass_attr_map,
4741
deccf9e1aebc LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents: 4731
diff changeset
394 conn->set.auth_bind ? "password" : NULL);
3694
12d00d9ceb6e cache_key was set wrong for sql/ldap passdbs, so auth_cache was completely
Timo Sirainen <tss@iki.fi>
parents: 3669
diff changeset
395 module->module.cache_key =
12d00d9ceb6e cache_key was set wrong for sql/ldap passdbs, so auth_cache was completely
Timo Sirainen <tss@iki.fi>
parents: 3669
diff changeset
396 auth_cache_parse_key(auth_passdb->auth->pool,
6999
9e75e67420b4 If LDAP base contained variables, auth cache should have included them in
Timo Sirainen <tss@iki.fi>
parents: 6864
diff changeset
397 t_strconcat(conn->set.base,
9e75e67420b4 If LDAP base contained variables, auth cache should have included them in
Timo Sirainen <tss@iki.fi>
parents: 6864
diff changeset
398 conn->set.pass_filter, NULL));
3657
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
399 module->module.default_pass_scheme = conn->set.default_pass_scheme;
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
400 return &module->module;
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
401 }
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
402
3657
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
403 static void passdb_ldap_init(struct passdb_module *_module,
6411
6a64e64fa3a3 Renamed __attr_*__ to ATTR_*. Renamed __attrs_used__ to ATTRS_DEFINED.
Timo Sirainen <tss@iki.fi>
parents: 6151
diff changeset
404 const char *args ATTR_UNUSED)
2648
cc2e39912eb3 Added preinit() call to userdb/passdbs, which is called before dropping
Timo Sirainen <tss@iki.fi>
parents: 2099
diff changeset
405 {
3657
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
406 struct ldap_passdb_module *module =
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
407 (struct ldap_passdb_module *)_module;
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
408
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
409 (void)db_ldap_connect(module->conn);
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
410
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
411 if (module->conn->set.auth_bind) {
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
412 /* Credential lookups can't be done with authentication binds */
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
413 _module->iface.lookup_credentials = NULL;
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3731
diff changeset
414 }
2648
cc2e39912eb3 Added preinit() call to userdb/passdbs, which is called before dropping
Timo Sirainen <tss@iki.fi>
parents: 2099
diff changeset
415 }
cc2e39912eb3 Added preinit() call to userdb/passdbs, which is called before dropping
Timo Sirainen <tss@iki.fi>
parents: 2099
diff changeset
416
3657
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
417 static void passdb_ldap_deinit(struct passdb_module *_module)
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
418 {
3657
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
419 struct ldap_passdb_module *module =
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
420 (struct ldap_passdb_module *)_module;
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
421
3879
928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents: 3840
diff changeset
422 db_ldap_unref(&module->conn);
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
423 }
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
424
3657
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
425 struct passdb_module_interface passdb_ldap = {
2942
c7d426f8cb58 Added name variable for userdb_module and passdb_module and changed their
Timo Sirainen <tss@iki.fi>
parents: 2841
diff changeset
426 "ldap",
c7d426f8cb58 Added name variable for userdb_module and passdb_module and changed their
Timo Sirainen <tss@iki.fi>
parents: 2841
diff changeset
427
2648
cc2e39912eb3 Added preinit() call to userdb/passdbs, which is called before dropping
Timo Sirainen <tss@iki.fi>
parents: 2099
diff changeset
428 passdb_ldap_preinit,
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
429 passdb_ldap_init,
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
430 passdb_ldap_deinit,
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
431
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
432 ldap_verify_plain,
4782
2c1cc5bbc260 Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents: 4772
diff changeset
433 ldap_lookup_credentials,
2c1cc5bbc260 Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents: 4772
diff changeset
434 NULL
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
435 };
8217
c47b78e843aa Separate "unknown passdb/userdb X" and "support for X not compiled in" error messages.
Timo Sirainen <tss@iki.fi>
parents: 7985
diff changeset
436 #else
c47b78e843aa Separate "unknown passdb/userdb X" and "support for X not compiled in" error messages.
Timo Sirainen <tss@iki.fi>
parents: 7985
diff changeset
437 struct passdb_module_interface passdb_ldap = {
c47b78e843aa Separate "unknown passdb/userdb X" and "support for X not compiled in" error messages.
Timo Sirainen <tss@iki.fi>
parents: 7985
diff changeset
438 MEMBER(name) "ldap"
c47b78e843aa Separate "unknown passdb/userdb X" and "support for X not compiled in" error messages.
Timo Sirainen <tss@iki.fi>
parents: 7985
diff changeset
439 };
1135
81930fff13cf passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
440 #endif