Mercurial > dovecot > original-hg > dovecot-1.2
annotate src/auth/passdb-ldap.c @ 9008:fc4f65a4ca60 HEAD
virtual: Don't show mailboxes as \Noselect.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Fri, 01 May 2009 14:56:52 -0400 |
parents | 643a96aec996 |
children | a31fb9b7179a |
rev | line source |
---|---|
8590
b9faf4db2a9f
Updated copyright notices to include year 2009.
Timo Sirainen <tss@iki.fi>
parents:
8573
diff
changeset
|
1 /* Copyright (c) 2003-2009 Dovecot authors, see the included COPYING file */ |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
2 |
3474
9096b7957413
Removed direct config.h including. I'm not sure why it was done before,
Timo Sirainen <tss@iki.fi>
parents:
3324
diff
changeset
|
3 #include "common.h" |
8217
c47b78e843aa
Separate "unknown passdb/userdb X" and "support for X not compiled in" error messages.
Timo Sirainen <tss@iki.fi>
parents:
7985
diff
changeset
|
4 #include "passdb.h" |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
5 |
8872
643a96aec996
Fixed --with-ldap=plugin and --with-gssapi=plugin
Timo Sirainen <tss@iki.fi>
parents:
8710
diff
changeset
|
6 #if defined(PASSDB_LDAP) && (defined(BUILTIN_LDAP) || defined(PLUGIN_BUILD)) |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
7 |
7045
ae0556fb268d
If LDAP server disconnects the connection and we haven't sent requests for a
Timo Sirainen <tss@iki.fi>
parents:
6999
diff
changeset
|
8 #include "ioloop.h" |
3158
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3101
diff
changeset
|
9 #include "hash.h" |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
10 #include "str.h" |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
11 #include "var-expand.h" |
1192
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
1191
diff
changeset
|
12 #include "password-scheme.h" |
3161
6a3254e3c3de
Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents:
3158
diff
changeset
|
13 #include "auth-cache.h" |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
14 #include "db-ldap.h" |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
15 |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
16 #include <ldap.h> |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
17 #include <stdlib.h> |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
18 |
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
19 struct ldap_passdb_module { |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
20 struct passdb_module module; |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
21 |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
22 struct ldap_connection *conn; |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
23 }; |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
24 |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
25 struct passdb_ldap_request { |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
26 union { |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
27 struct ldap_request ldap; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
28 struct ldap_request_search search; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
29 struct ldap_request_bind bind; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
30 } request; |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
31 |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
32 union { |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
33 verify_plain_callback_t *verify_plain; |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
34 lookup_credentials_callback_t *lookup_credentials; |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
35 } callback; |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
36 }; |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
37 |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
38 static LDAPMessage * |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
39 handle_request_get_entry(struct ldap_connection *conn, |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
40 struct auth_request *auth_request, |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
41 struct passdb_ldap_request *request, LDAPMessage *res) |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
42 { |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
43 enum passdb_result passdb_result; |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
44 LDAPMessage *entry; |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
45 |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
46 passdb_result = PASSDB_RESULT_INTERNAL_FAILURE; |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
47 |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3840
diff
changeset
|
48 if (res != NULL) { |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
49 /* LDAP search was successful */ |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
50 entry = ldap_first_entry(conn->ld, res); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
51 if (entry == NULL) { |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
52 passdb_result = PASSDB_RESULT_USER_UNKNOWN; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
53 auth_request_log_info(auth_request, "ldap", |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
54 "unknown user"); |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
55 } else { |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
56 if (ldap_next_entry(conn->ld, entry) == NULL) { |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
57 /* success */ |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
58 return entry; |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
59 } |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
60 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
61 auth_request_log_error(auth_request, "ldap", |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
62 "Multiple replies found for user"); |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
63 } |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
64 } |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
65 |
5593
f8dc0bdb06a7
Removed enum passdb_credentials. Use scheme strings directly instead. This
Timo Sirainen <tss@iki.fi>
parents:
5563
diff
changeset
|
66 if (auth_request->credentials_scheme != NULL) { |
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
67 request->callback.lookup_credentials(passdb_result, NULL, 0, |
5553
ed1e0985b9ea
Don't crash if doing non-plaintext ldap passdb lookup for unknown user.
Timo Sirainen <tss@iki.fi>
parents:
5488
diff
changeset
|
68 auth_request); |
ed1e0985b9ea
Don't crash if doing non-plaintext ldap passdb lookup for unknown user.
Timo Sirainen <tss@iki.fi>
parents:
5488
diff
changeset
|
69 } else { |
ed1e0985b9ea
Don't crash if doing non-plaintext ldap passdb lookup for unknown user.
Timo Sirainen <tss@iki.fi>
parents:
5488
diff
changeset
|
70 request->callback.verify_plain(passdb_result, auth_request); |
ed1e0985b9ea
Don't crash if doing non-plaintext ldap passdb lookup for unknown user.
Timo Sirainen <tss@iki.fi>
parents:
5488
diff
changeset
|
71 } |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3840
diff
changeset
|
72 auth_request_unref(&auth_request); |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
73 return NULL; |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
74 } |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
75 |
5884
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
76 static void |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
77 ldap_query_save_result(struct ldap_connection *conn, |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
78 LDAPMessage *entry, struct auth_request *auth_request) |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
79 { |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
80 struct db_ldap_result_iterate_context *ldap_iter; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
81 const char *name, *value; |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
82 |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
83 ldap_iter = db_ldap_result_iterate_init(conn, entry, auth_request, |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
84 conn->pass_attr_map); |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
85 while (db_ldap_result_iterate_next(ldap_iter, &name, &value)) { |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
86 auth_request_set_field(auth_request, name, value, |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
87 conn->set.default_pass_scheme); |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
88 } |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
89 } |
1c1dee40e495
Moved generic LDAP result iteration to db_ldap. It also supports now
Timo Sirainen <tss@iki.fi>
parents:
5872
diff
changeset
|
90 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
91 static void |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
92 ldap_lookup_pass_callback(struct ldap_connection *conn, |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
93 struct ldap_request *request, LDAPMessage *res) |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
94 { |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
95 struct passdb_ldap_request *ldap_request = |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
96 (struct passdb_ldap_request *)request; |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
97 struct auth_request *auth_request = request->auth_request; |
3161
6a3254e3c3de
Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents:
3158
diff
changeset
|
98 enum passdb_result passdb_result; |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
99 LDAPMessage *entry; |
3158
8849f2e380d1
userdb can now return extra parameters to master. Removed special handling
Timo Sirainen <tss@iki.fi>
parents:
3101
diff
changeset
|
100 const char *password, *scheme; |
1191
65e48854491d
Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents:
1189
diff
changeset
|
101 int ret; |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
102 |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
103 entry = handle_request_get_entry(conn, auth_request, ldap_request, res); |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
104 if (entry == NULL) |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
105 return; |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
106 |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
107 /* got first LDAP entry */ |
3161
6a3254e3c3de
Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents:
3158
diff
changeset
|
108 passdb_result = PASSDB_RESULT_INTERNAL_FAILURE; |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
109 password = NULL; |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
110 |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
111 ldap_query_save_result(conn, entry, auth_request); |
8568
935930abeb7a
LDAP: Allow empty/missing password field if nopassword field is given.
Timo Sirainen <tss@iki.fi>
parents:
8217
diff
changeset
|
112 if (ldap_next_entry(conn->ld, entry) != NULL) { |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
113 auth_request_log_error(auth_request, "ldap", |
5488 | 114 "pass_filter matched multiple objects, aborting"); |
5619
121af23cfc65
Empty password doesn't anymore allow user to log in with any password,
Timo Sirainen <tss@iki.fi>
parents:
5598
diff
changeset
|
115 } else if (auth_request->passdb_password == NULL && |
121af23cfc65
Empty password doesn't anymore allow user to log in with any password,
Timo Sirainen <tss@iki.fi>
parents:
5598
diff
changeset
|
116 !auth_request->no_password) { |
121af23cfc65
Empty password doesn't anymore allow user to log in with any password,
Timo Sirainen <tss@iki.fi>
parents:
5598
diff
changeset
|
117 auth_request_log_info(auth_request, "ldap", |
8568
935930abeb7a
LDAP: Allow empty/missing password field if nopassword field is given.
Timo Sirainen <tss@iki.fi>
parents:
8217
diff
changeset
|
118 "No password returned (and no nopassword)"); |
5619
121af23cfc65
Empty password doesn't anymore allow user to log in with any password,
Timo Sirainen <tss@iki.fi>
parents:
5598
diff
changeset
|
119 passdb_result = PASSDB_RESULT_PASSWORD_MISMATCH; |
1182 | 120 } else { |
4731
bd702f6cac23
Non-plaintext authentication didn't work with sql as passdb. Cleaned up the
Timo Sirainen <tss@iki.fi>
parents:
4557
diff
changeset
|
121 /* passdb_password may change on the way, |
bd702f6cac23
Non-plaintext authentication didn't work with sql as passdb. Cleaned up the
Timo Sirainen <tss@iki.fi>
parents:
4557
diff
changeset
|
122 so we'll need to strdup. */ |
bd702f6cac23
Non-plaintext authentication didn't work with sql as passdb. Cleaned up the
Timo Sirainen <tss@iki.fi>
parents:
4557
diff
changeset
|
123 password = t_strdup(auth_request->passdb_password); |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
124 passdb_result = PASSDB_RESULT_OK; |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
125 } |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
126 |
1191
65e48854491d
Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents:
1189
diff
changeset
|
127 scheme = password_get_scheme(&password); |
3273
9860bab7b7e3
Don't crash if password lookup failed.
Timo Sirainen <tss@iki.fi>
parents:
3272
diff
changeset
|
128 /* auth_request_set_field() sets scheme */ |
9860bab7b7e3
Don't crash if password lookup failed.
Timo Sirainen <tss@iki.fi>
parents:
3272
diff
changeset
|
129 i_assert(password == NULL || scheme != NULL); |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
130 |
5593
f8dc0bdb06a7
Removed enum passdb_credentials. Use scheme strings directly instead. This
Timo Sirainen <tss@iki.fi>
parents:
5563
diff
changeset
|
131 if (auth_request->credentials_scheme != NULL) { |
3655
62fc6883faeb
Fixes and cleanups to credentials handling. Also fixed auth caching to work
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
132 passdb_handle_credentials(passdb_result, password, scheme, |
1191
65e48854491d
Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents:
1189
diff
changeset
|
133 ldap_request->callback.lookup_credentials, |
65e48854491d
Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents:
1189
diff
changeset
|
134 auth_request); |
4791 | 135 } else { |
136 if (password != NULL) { | |
137 ret = auth_request_password_verify(auth_request, | |
138 auth_request->mech_password, | |
139 password, scheme, "ldap"); | |
140 passdb_result = ret > 0 ? PASSDB_RESULT_OK : | |
141 PASSDB_RESULT_PASSWORD_MISMATCH; | |
142 } | |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
143 |
3161
6a3254e3c3de
Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents:
3158
diff
changeset
|
144 ldap_request->callback.verify_plain(passdb_result, |
6a3254e3c3de
Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents:
3158
diff
changeset
|
145 auth_request); |
1191
65e48854491d
Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents:
1189
diff
changeset
|
146 } |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3840
diff
changeset
|
147 auth_request_unref(&auth_request); |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
148 } |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
149 |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
150 static void |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
151 ldap_auth_bind_callback(struct ldap_connection *conn, |
4741
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4731
diff
changeset
|
152 struct ldap_request *ldap_request, LDAPMessage *res) |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
153 { |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
154 struct passdb_ldap_request *passdb_ldap_request = |
4741
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4731
diff
changeset
|
155 (struct passdb_ldap_request *)ldap_request; |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
156 struct auth_request *auth_request = ldap_request->auth_request; |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
157 enum passdb_result passdb_result; |
8710
eaf8c93be56e
auth_debug_passwords=yes: If auth bind fails, log the attempted password.
Timo Sirainen <tss@iki.fi>
parents:
8590
diff
changeset
|
158 const char *str; |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
159 int ret; |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
160 |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
161 passdb_result = PASSDB_RESULT_INTERNAL_FAILURE; |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
162 |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3840
diff
changeset
|
163 if (res != NULL) { |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
164 ret = ldap_result2error(conn->ld, res, 0); |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
165 if (ret == LDAP_SUCCESS) |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
166 passdb_result = PASSDB_RESULT_OK; |
4750 | 167 else if (ret == LDAP_INVALID_CREDENTIALS) { |
8710
eaf8c93be56e
auth_debug_passwords=yes: If auth bind fails, log the attempted password.
Timo Sirainen <tss@iki.fi>
parents:
8590
diff
changeset
|
168 str = "invalid credentials"; |
eaf8c93be56e
auth_debug_passwords=yes: If auth bind fails, log the attempted password.
Timo Sirainen <tss@iki.fi>
parents:
8590
diff
changeset
|
169 if (auth_request->auth->verbose_debug_passwords) { |
eaf8c93be56e
auth_debug_passwords=yes: If auth bind fails, log the attempted password.
Timo Sirainen <tss@iki.fi>
parents:
8590
diff
changeset
|
170 str = t_strconcat(str, " (given password: ", |
eaf8c93be56e
auth_debug_passwords=yes: If auth bind fails, log the attempted password.
Timo Sirainen <tss@iki.fi>
parents:
8590
diff
changeset
|
171 auth_request->mech_password, |
eaf8c93be56e
auth_debug_passwords=yes: If auth bind fails, log the attempted password.
Timo Sirainen <tss@iki.fi>
parents:
8590
diff
changeset
|
172 ")", NULL); |
eaf8c93be56e
auth_debug_passwords=yes: If auth bind fails, log the attempted password.
Timo Sirainen <tss@iki.fi>
parents:
8590
diff
changeset
|
173 } |
eaf8c93be56e
auth_debug_passwords=yes: If auth bind fails, log the attempted password.
Timo Sirainen <tss@iki.fi>
parents:
8590
diff
changeset
|
174 auth_request_log_info(auth_request, "ldap", "%s", str); |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
175 passdb_result = PASSDB_RESULT_PASSWORD_MISMATCH; |
4750 | 176 } else { |
4741
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4731
diff
changeset
|
177 auth_request_log_error(auth_request, "ldap", |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
178 "ldap_bind() failed: %s", |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
179 ldap_err2string(ret)); |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
180 } |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
181 } |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
182 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
183 passdb_ldap_request->callback. |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
184 verify_plain(passdb_result, auth_request); |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3840
diff
changeset
|
185 auth_request_unref(&auth_request); |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
186 } |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
187 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
188 static void ldap_auth_bind(struct ldap_connection *conn, |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
189 struct ldap_request_bind *brequest) |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
190 { |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
191 struct passdb_ldap_request *passdb_ldap_request = |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
192 (struct passdb_ldap_request *)brequest; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
193 struct auth_request *auth_request = brequest->request.auth_request; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
194 |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
195 if (*auth_request->mech_password == '\0') { |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
196 /* Assume that empty password fails. This is especially |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
197 important with Windows 2003 AD, which always returns success |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
198 with empty passwords. */ |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
199 auth_request_log_info(auth_request, "ldap", |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
200 "Login attempt with empty password"); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
201 passdb_ldap_request->callback. |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
202 verify_plain(PASSDB_RESULT_PASSWORD_MISMATCH, |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
203 auth_request); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
204 return; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
205 } |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
206 |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
207 brequest->request.callback = ldap_auth_bind_callback; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
208 db_ldap_request(conn, &brequest->request); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
209 } |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
210 |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
211 static void ldap_bind_lookup_dn_callback(struct ldap_connection *conn, |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
212 struct ldap_request *ldap_request, |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
213 LDAPMessage *res) |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
214 { |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
215 struct passdb_ldap_request *passdb_ldap_request = |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
216 (struct passdb_ldap_request *)ldap_request; |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
217 struct ldap_request_bind *brequest; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
218 struct auth_request *auth_request = ldap_request->auth_request; |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
219 LDAPMessage *entry; |
6151
e841f00d368c
auth_bind=yes and empty auth_bind_userdn leaked memory.
Timo Sirainen <tss@iki.fi>
parents:
6148
diff
changeset
|
220 char *dn; |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
221 |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
222 entry = handle_request_get_entry(conn, auth_request, |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
223 passdb_ldap_request, res); |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
224 if (entry == NULL) |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
225 return; |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
226 |
4741
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4731
diff
changeset
|
227 ldap_query_save_result(conn, entry, auth_request); |
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4731
diff
changeset
|
228 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
229 /* convert search request to bind request */ |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
230 brequest = &passdb_ldap_request->request.bind; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
231 memset(brequest, 0, sizeof(*brequest)); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
232 brequest->request.type = LDAP_REQUEST_TYPE_BIND; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
233 brequest->request.auth_request = auth_request; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
234 |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
235 /* switch the handler to the authenticated bind handler */ |
6151
e841f00d368c
auth_bind=yes and empty auth_bind_userdn leaked memory.
Timo Sirainen <tss@iki.fi>
parents:
6148
diff
changeset
|
236 dn = ldap_get_dn(conn->ld, entry); |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
237 brequest->dn = p_strdup(auth_request->pool, dn); |
6151
e841f00d368c
auth_bind=yes and empty auth_bind_userdn leaked memory.
Timo Sirainen <tss@iki.fi>
parents:
6148
diff
changeset
|
238 ldap_memfree(dn); |
e841f00d368c
auth_bind=yes and empty auth_bind_userdn leaked memory.
Timo Sirainen <tss@iki.fi>
parents:
6148
diff
changeset
|
239 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
240 ldap_auth_bind(conn, brequest); |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
241 } |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
242 |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
243 static void ldap_lookup_pass(struct auth_request *auth_request, |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
244 struct passdb_ldap_request *request) |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
245 { |
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
246 struct passdb_module *_module = auth_request->passdb->passdb; |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
247 struct ldap_passdb_module *module = |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
248 (struct ldap_passdb_module *)_module; |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
249 struct ldap_connection *conn = module->conn; |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
250 struct ldap_request_search *srequest = &request->request.search; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
251 const struct var_expand_table *vars; |
3306
aebed9a9edac
If both userdb and passdb used LDAP the later one was overriding first one's
Timo Sirainen <tss@iki.fi>
parents:
3273
diff
changeset
|
252 const char **attr_names = (const char **)conn->pass_attr_names; |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
253 string_t *str; |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
254 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
255 srequest->request.type = LDAP_REQUEST_TYPE_SEARCH; |
3088
441759ac4f6a
Support variables in LDAP base setting.
Timo Sirainen <tss@iki.fi>
parents:
3069
diff
changeset
|
256 vars = auth_request_get_var_expand_table(auth_request, ldap_escape); |
441759ac4f6a
Support variables in LDAP base setting.
Timo Sirainen <tss@iki.fi>
parents:
3069
diff
changeset
|
257 |
441759ac4f6a
Support variables in LDAP base setting.
Timo Sirainen <tss@iki.fi>
parents:
3069
diff
changeset
|
258 str = t_str_new(512); |
441759ac4f6a
Support variables in LDAP base setting.
Timo Sirainen <tss@iki.fi>
parents:
3069
diff
changeset
|
259 var_expand(str, conn->set.base, vars); |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
260 srequest->base = p_strdup(auth_request->pool, str_c(str)); |
3088
441759ac4f6a
Support variables in LDAP base setting.
Timo Sirainen <tss@iki.fi>
parents:
3069
diff
changeset
|
261 |
3101 | 262 str_truncate(str, 0); |
3094
d78e9a31b6d8
Move default filters/attrs to setting defaults rather than check it from
Timo Sirainen <tss@iki.fi>
parents:
3088
diff
changeset
|
263 var_expand(str, conn->set.pass_filter, vars); |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
264 srequest->filter = p_strdup(auth_request->pool, str_c(str)); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
265 srequest->attributes = conn->pass_attr_names; |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
266 |
4750 | 267 auth_request_log_debug(auth_request, "ldap", "pass search: " |
3069 | 268 "base=%s scope=%s filter=%s fields=%s", |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
269 srequest->base, conn->set.scope, |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
270 srequest->filter, attr_names == NULL ? "(all)" : |
3069 | 271 t_strarray_join(attr_names, ",")); |
3036
fcecff14e470
Added authentication debugging logging.
Timo Sirainen <tss@iki.fi>
parents:
2994
diff
changeset
|
272 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
273 srequest->request.callback = ldap_lookup_pass_callback; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
274 db_ldap_request(conn, &srequest->request); |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
275 } |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
276 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
277 static void ldap_bind_lookup_dn(struct auth_request *auth_request, |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
278 struct passdb_ldap_request *request) |
3840
935f12d0d2fe
Added fast authbinding and auth_bind_userdn setting. Patch by Geff
Timo Sirainen <tss@iki.fi>
parents:
3772
diff
changeset
|
279 { |
935f12d0d2fe
Added fast authbinding and auth_bind_userdn setting. Patch by Geff
Timo Sirainen <tss@iki.fi>
parents:
3772
diff
changeset
|
280 struct passdb_module *_module = auth_request->passdb->passdb; |
935f12d0d2fe
Added fast authbinding and auth_bind_userdn setting. Patch by Geff
Timo Sirainen <tss@iki.fi>
parents:
3772
diff
changeset
|
281 struct ldap_passdb_module *module = |
935f12d0d2fe
Added fast authbinding and auth_bind_userdn setting. Patch by Geff
Timo Sirainen <tss@iki.fi>
parents:
3772
diff
changeset
|
282 (struct ldap_passdb_module *)_module; |
935f12d0d2fe
Added fast authbinding and auth_bind_userdn setting. Patch by Geff
Timo Sirainen <tss@iki.fi>
parents:
3772
diff
changeset
|
283 struct ldap_connection *conn = module->conn; |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
284 struct ldap_request_search *srequest = &request->request.search; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
285 const struct var_expand_table *vars; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
286 string_t *str; |
3840
935f12d0d2fe
Added fast authbinding and auth_bind_userdn setting. Patch by Geff
Timo Sirainen <tss@iki.fi>
parents:
3772
diff
changeset
|
287 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
288 srequest->request.type = LDAP_REQUEST_TYPE_SEARCH; |
3840
935f12d0d2fe
Added fast authbinding and auth_bind_userdn setting. Patch by Geff
Timo Sirainen <tss@iki.fi>
parents:
3772
diff
changeset
|
289 vars = auth_request_get_var_expand_table(auth_request, ldap_escape); |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
290 |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
291 str = t_str_new(512); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
292 var_expand(str, conn->set.base, vars); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
293 srequest->base = p_strdup(auth_request->pool, str_c(str)); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
294 |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
295 str_truncate(str, 0); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
296 var_expand(str, conn->set.pass_filter, vars); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
297 srequest->filter = p_strdup(auth_request->pool, str_c(str)); |
3840
935f12d0d2fe
Added fast authbinding and auth_bind_userdn setting. Patch by Geff
Timo Sirainen <tss@iki.fi>
parents:
3772
diff
changeset
|
298 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
299 /* we don't need the attributes to perform authentication, but they |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
300 may contain some extra parameters. if a password is returned, |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
301 it's just ignored. */ |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
302 srequest->attributes = conn->pass_attr_names; |
3840
935f12d0d2fe
Added fast authbinding and auth_bind_userdn setting. Patch by Geff
Timo Sirainen <tss@iki.fi>
parents:
3772
diff
changeset
|
303 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
304 auth_request_log_debug(auth_request, "ldap", |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
305 "bind search: base=%s filter=%s", |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
306 srequest->base, srequest->filter); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
307 |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
308 srequest->request.callback = ldap_bind_lookup_dn_callback; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
309 db_ldap_request(conn, &srequest->request); |
3840
935f12d0d2fe
Added fast authbinding and auth_bind_userdn setting. Patch by Geff
Timo Sirainen <tss@iki.fi>
parents:
3772
diff
changeset
|
310 } |
935f12d0d2fe
Added fast authbinding and auth_bind_userdn setting. Patch by Geff
Timo Sirainen <tss@iki.fi>
parents:
3772
diff
changeset
|
311 |
935f12d0d2fe
Added fast authbinding and auth_bind_userdn setting. Patch by Geff
Timo Sirainen <tss@iki.fi>
parents:
3772
diff
changeset
|
312 static void |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
313 ldap_verify_plain_auth_bind_userdn(struct auth_request *auth_request, |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
314 struct passdb_ldap_request *request) |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
315 { |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
316 struct passdb_module *_module = auth_request->passdb->passdb; |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
317 struct ldap_passdb_module *module = |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
318 (struct ldap_passdb_module *)_module; |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
319 struct ldap_connection *conn = module->conn; |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
320 struct ldap_request_bind *brequest = &request->request.bind; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
321 const struct var_expand_table *vars; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
322 string_t *dn; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
323 |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
324 brequest->request.type = LDAP_REQUEST_TYPE_BIND; |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
325 |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
326 vars = auth_request_get_var_expand_table(auth_request, ldap_escape); |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
327 dn = t_str_new(512); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
328 var_expand(dn, conn->set.auth_bind_userdn, vars); |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
329 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
330 brequest->dn = p_strdup(auth_request->pool, str_c(dn)); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
331 ldap_auth_bind(conn, brequest); |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
332 } |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
333 |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
334 static void |
3161
6a3254e3c3de
Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents:
3158
diff
changeset
|
335 ldap_verify_plain(struct auth_request *request, |
6411
6a64e64fa3a3
Renamed __attr_*__ to ATTR_*. Renamed __attrs_used__ to ATTRS_DEFINED.
Timo Sirainen <tss@iki.fi>
parents:
6151
diff
changeset
|
336 const char *password ATTR_UNUSED, |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
337 verify_plain_callback_t *callback) |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
338 { |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
339 struct passdb_module *_module = request->passdb->passdb; |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
340 struct ldap_passdb_module *module = |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
341 (struct ldap_passdb_module *)_module; |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
342 struct ldap_connection *conn = module->conn; |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
343 struct passdb_ldap_request *ldap_request; |
2798
54b29901a793
Added simple LRU cache for auth requests. Currently only for sql passdb.
Timo Sirainen <tss@iki.fi>
parents:
2648
diff
changeset
|
344 |
4741
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4731
diff
changeset
|
345 /* reconnect if needed. this is also done by db_ldap_search(), but |
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4731
diff
changeset
|
346 with auth binds we'll have to do it ourself */ |
4742 | 347 if (db_ldap_connect(conn)< 0) { |
348 callback(PASSDB_RESULT_INTERNAL_FAILURE, request); | |
349 return; | |
4741
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4731
diff
changeset
|
350 } |
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4731
diff
changeset
|
351 |
3161
6a3254e3c3de
Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents:
3158
diff
changeset
|
352 ldap_request = p_new(request->pool, struct passdb_ldap_request, 1); |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
353 ldap_request->callback.verify_plain = callback; |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
354 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
355 auth_request_ref(request); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
356 ldap_request->request.ldap.auth_request = request; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
357 |
6864
6d271590e0e9
If auth_bind=no, ignore auth_bind_userdn setting instead of having it turn
Timo Sirainen <tss@iki.fi>
parents:
6475
diff
changeset
|
358 if (!conn->set.auth_bind) |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
359 ldap_lookup_pass(request, ldap_request); |
6864
6d271590e0e9
If auth_bind=no, ignore auth_bind_userdn setting instead of having it turn
Timo Sirainen <tss@iki.fi>
parents:
6475
diff
changeset
|
360 else if (conn->set.auth_bind_userdn == NULL) |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
361 ldap_bind_lookup_dn(request, ldap_request); |
3772 | 362 else |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
363 ldap_verify_plain_auth_bind_userdn(request, ldap_request); |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
364 } |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
365 |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
366 static void ldap_lookup_credentials(struct auth_request *request, |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
367 lookup_credentials_callback_t *callback) |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
368 { |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
369 struct passdb_ldap_request *ldap_request; |
2798
54b29901a793
Added simple LRU cache for auth requests. Currently only for sql passdb.
Timo Sirainen <tss@iki.fi>
parents:
2648
diff
changeset
|
370 |
3161
6a3254e3c3de
Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents:
3158
diff
changeset
|
371 ldap_request = p_new(request->pool, struct passdb_ldap_request, 1); |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
372 ldap_request->callback.lookup_credentials = callback; |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
373 |
7050
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
374 auth_request_ref(request); |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
375 ldap_request->request.ldap.auth_request = request; |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
376 |
0dcea80312b0
LDAP handling rewrite. Reconnections are handled a lot better now. If
Timo Sirainen <tss@iki.fi>
parents:
7045
diff
changeset
|
377 ldap_lookup_pass(request, ldap_request); |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
378 } |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
379 |
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
380 static struct passdb_module * |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
381 passdb_ldap_preinit(struct auth_passdb *auth_passdb, const char *args) |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
382 { |
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
383 struct ldap_passdb_module *module; |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
384 struct ldap_connection *conn; |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
385 |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
386 module = p_new(auth_passdb->auth->pool, struct ldap_passdb_module, 1); |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
387 module->conn = conn = db_ldap_init(args); |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
388 conn->pass_attr_map = |
8573
f9166a09423a
Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents:
8568
diff
changeset
|
389 hash_table_create(default_pool, conn->pool, 0, str_hash, |
f9166a09423a
Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents:
8568
diff
changeset
|
390 (hash_cmp_callback_t *)strcmp); |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
391 |
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
392 db_ldap_set_attrs(conn, conn->set.pass_attrs, &conn->pass_attr_names, |
6148
668a768fc8fd
Removed deprecated pass_attrs and user_attrs configuration method.
Timo Sirainen <tss@iki.fi>
parents:
5884
diff
changeset
|
393 conn->pass_attr_map, |
4741
deccf9e1aebc
LDAP code changes: If auth binds are used, bind back to the default dn
Timo Sirainen <tss@iki.fi>
parents:
4731
diff
changeset
|
394 conn->set.auth_bind ? "password" : NULL); |
3694
12d00d9ceb6e
cache_key was set wrong for sql/ldap passdbs, so auth_cache was completely
Timo Sirainen <tss@iki.fi>
parents:
3669
diff
changeset
|
395 module->module.cache_key = |
12d00d9ceb6e
cache_key was set wrong for sql/ldap passdbs, so auth_cache was completely
Timo Sirainen <tss@iki.fi>
parents:
3669
diff
changeset
|
396 auth_cache_parse_key(auth_passdb->auth->pool, |
6999
9e75e67420b4
If LDAP base contained variables, auth cache should have included them in
Timo Sirainen <tss@iki.fi>
parents:
6864
diff
changeset
|
397 t_strconcat(conn->set.base, |
9e75e67420b4
If LDAP base contained variables, auth cache should have included them in
Timo Sirainen <tss@iki.fi>
parents:
6864
diff
changeset
|
398 conn->set.pass_filter, NULL)); |
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
399 module->module.default_pass_scheme = conn->set.default_pass_scheme; |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
400 return &module->module; |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
401 } |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
402 |
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
403 static void passdb_ldap_init(struct passdb_module *_module, |
6411
6a64e64fa3a3
Renamed __attr_*__ to ATTR_*. Renamed __attrs_used__ to ATTRS_DEFINED.
Timo Sirainen <tss@iki.fi>
parents:
6151
diff
changeset
|
404 const char *args ATTR_UNUSED) |
2648
cc2e39912eb3
Added preinit() call to userdb/passdbs, which is called before dropping
Timo Sirainen <tss@iki.fi>
parents:
2099
diff
changeset
|
405 { |
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
406 struct ldap_passdb_module *module = |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
407 (struct ldap_passdb_module *)_module; |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
408 |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
409 (void)db_ldap_connect(module->conn); |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
410 |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
411 if (module->conn->set.auth_bind) { |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
412 /* Credential lookups can't be done with authentication binds */ |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
413 _module->iface.lookup_credentials = NULL; |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3731
diff
changeset
|
414 } |
2648
cc2e39912eb3
Added preinit() call to userdb/passdbs, which is called before dropping
Timo Sirainen <tss@iki.fi>
parents:
2099
diff
changeset
|
415 } |
cc2e39912eb3
Added preinit() call to userdb/passdbs, which is called before dropping
Timo Sirainen <tss@iki.fi>
parents:
2099
diff
changeset
|
416 |
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
417 static void passdb_ldap_deinit(struct passdb_module *_module) |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
418 { |
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
419 struct ldap_passdb_module *module = |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
420 (struct ldap_passdb_module *)_module; |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
421 |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3840
diff
changeset
|
422 db_ldap_unref(&module->conn); |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
423 } |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
424 |
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
425 struct passdb_module_interface passdb_ldap = { |
2942
c7d426f8cb58
Added name variable for userdb_module and passdb_module and changed their
Timo Sirainen <tss@iki.fi>
parents:
2841
diff
changeset
|
426 "ldap", |
c7d426f8cb58
Added name variable for userdb_module and passdb_module and changed their
Timo Sirainen <tss@iki.fi>
parents:
2841
diff
changeset
|
427 |
2648
cc2e39912eb3
Added preinit() call to userdb/passdbs, which is called before dropping
Timo Sirainen <tss@iki.fi>
parents:
2099
diff
changeset
|
428 passdb_ldap_preinit, |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
429 passdb_ldap_init, |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
430 passdb_ldap_deinit, |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
431 |
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
432 ldap_verify_plain, |
4782
2c1cc5bbc260
Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents:
4772
diff
changeset
|
433 ldap_lookup_credentials, |
2c1cc5bbc260
Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents:
4772
diff
changeset
|
434 NULL |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
435 }; |
8217
c47b78e843aa
Separate "unknown passdb/userdb X" and "support for X not compiled in" error messages.
Timo Sirainen <tss@iki.fi>
parents:
7985
diff
changeset
|
436 #else |
c47b78e843aa
Separate "unknown passdb/userdb X" and "support for X not compiled in" error messages.
Timo Sirainen <tss@iki.fi>
parents:
7985
diff
changeset
|
437 struct passdb_module_interface passdb_ldap = { |
c47b78e843aa
Separate "unknown passdb/userdb X" and "support for X not compiled in" error messages.
Timo Sirainen <tss@iki.fi>
parents:
7985
diff
changeset
|
438 MEMBER(name) "ldap" |
c47b78e843aa
Separate "unknown passdb/userdb X" and "support for X not compiled in" error messages.
Timo Sirainen <tss@iki.fi>
parents:
7985
diff
changeset
|
439 }; |
1135
81930fff13cf
passdb ldap added. fixes to userdb ldap.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
440 #endif |