auth: Support standard auth variables in LDAP subqueries

Updated copyright notices to include the year 2018.

auth: Debug log an LDAP request result only once

auth: Have ldap_request instead of auth_request in db_ldap_result_iterate_context This makes it easier to access ldap_request where needed later.

auth: Don't use undefined SASL_VERSION_MAJOR

auth: Fix %{ldap_dn} not to leak memory

global: Remove dead code Found with clang static analyzer.

auth: LDAP request queue has no size limit anymore - remove dead code

global: start relying on timeout_remove(NULL) being a no-op Cleanup performed with the following semantic patch: @@ expression E; @@ - if (E != NULL) { - timeout_remove(&E); - } + timeout_remove(&E);

global: start relying on io_remove{,_closed}(NULL) being a no-op Cleanup performed with the following semantic patch: @@ expression E; @@ - if (E != NULL) { - io_remove(&E); - } + io_remove(&E); @@ expression E; @@ - if (E != NULL) { - io_remove_closed(&E); - } + io_remove_closed(&E);

auth: Expand %{ldap_dn} to ldap_get_dn().

auth: Escape LDAP search filter properly This is syntaxical escaping to make ldap servers accept queries with escapable characters, instead of erroring out.

global: Add asserts to make static analyzer happier.

Updated copyright notices to include the year 2017.

global: Replaced all instances of memset(p, 0, sizeof(*p)) with the new i_zero() macro. Used the following script: C_FILES=`git ls-files *.c` H_FILES=`git ls-files *.h` for F in "$C_FILES $H_FILES"; do echo "$F" perl -p -i -e 's/safe_memset\(&\(?([^,]*)\)?,\s*0,\s*sizeof\(\g1\)\)/i_zero_safe(&$1)/g' $F perl -p -i -e 's/safe_memset\(([^,]*),\s*0,\s*sizeof\(\*\g1\)\)/i_zero_safe($1)/g' $F perl -p -i -e 's/memset\(&\(?([^,]*)\)?,\s*0,\s*sizeof\(\g1\)\)/i_zero(&$1)/g' $F perl -p -i -e 's/memset\(([^,]*),\s*0,\s*sizeof\(\*\g1\)\)/i_zero($1)/g' $F done

global: Change string position/length from unsigned int to size_t Mainly to avoid truncating >4GB strings, which might potentially cause some security holes. Normally there are other limits, which prevent such excessive strings from being created in the first place. I'm sure this didn't find everything. Maybe everything could be found with compiler warnings. -Wconversion kind of does it, but it gives way too many unnecessary warnings. These were mainly found with: grep " = strlen" egrep "unsigned int.*(size|len)"

auth: silence var_expand_with_funcs in db-ldap This needs to be silenced since it's logging errors of variable expansions that are not meant to be successful. The function is used here just for filling the attr_names array in ldap_field_find_context and the resulting string is not used.

lib: API change - var_expand_func_table.func() can now return error. None of the existing functions were changed to return errors (yet).

lib: API change - var_expand*() now returns error string. This allows callers to fail properly if the format string is invalid.

global: Use i_strchr_to_next() wherever useful.

auth: Compiler warning fix

auth: Fix default SASL bind for LDAP User may configure Dovecot to use SASL bind as default bind method. This can be the case when ldapi:/// (or ldaps:///) with SASL EXTERNAL is used. Currently, Dovecot returns LDAP connection to wrong bind state after first successful auth bind, LDAP simple bind always used to rebind. This may broke setup when ACL in LDAP configured not to allow search/bind for such simple bind.

auth: Introduce db_ldap_bind_sasl() function Do refactoring in db_ldap_connect() before fixing the SASL bind issue in the next commit.

global: Require comparisons to be strict boolean expressions * No implicit integer -> boolean or pointer -> boolean conversions * !expr can be used only if expr is boolean type These were checked with a patched clang. It found various actual bugs, which were fixed by the previous commits.

auth: Support %variable expansion for LDAP field names. For example this is now allowed: user_attrs = \ =namespace/%{ldap:enabledNamespace}/enabled=yes \ ...

auth: If auth request contains "debug" field, enable auth_debug=yes for the request.

global: freshen copyright git ls-files | xargs perl -p -i -e 's/(\d+)-201[0-5]/$1-2016/g;s/ (201[0-5]) Dovecot/ $1-2016 Dovecot/'

auth: Added hardcoded 5 second timeout to LDAP connect() Although it doesn't look like the timeout is exactly 5 seconds always due to OpenSSL's internal workings, but this should be good enough.

auth ldap: If tls_* settings are used, pass them to LDAP library even if tls=no Most importantly this allows using the settings for ldaps URLs. And they hopefully won't hurt anything if neither STARTTLS nor ldaps are used.

Remove now-unnecessary direct stdlib.h #includes.

Removed all invocations of atoi().

auth ldap: Crashfixes for earlier changes. Hopefully works correctly now

auth ldap: Fixed crash when handling invalid SSL option.

auth ldap: Fixed assert-crash when both passdb ldap and userdb ldap was used

auth ldap: Start LDAP connection only after auth process initialization is finished. This way even if connecting to LDAP takes a while it won't cause the master process to kill the auth process due to it not sending the startup "I'm ok" notification early enough.

auth ldap: Make sure config file path is included in all fatal error messages.

auth ldap: If any tls_* settings are given when they're not supported, fail with fatal instead of just warning. These may be important for intended security, especially tls_cipher_suite. We shouldn't allow setting them and then somewhat silently just ignore them.

auth ldap: Call ldap_init*() already at db_ldap_init(). ldap_init*() doesn't start connecting yet, but this way we can verify that all the settings are correct.

auth ldap: More concentration of i_fatal() calls to db_ldap_init()

auth ldap: Moved more LDAP fatal checks to db_ldap_init()

auth ldap: Improved ldap_initialize() failure's error logging.

auth ldap: Include LDAP config path in all fatal errors. Also moved all such error checks to db_ldap_init().

global: freshen copyright Robomatically: git ls-files | xargs perl -p -i -e 's/(\d+)-201[0-4]/$1-2015/g;s/ (201[0-4]) Dovecot/ $1-2015 Dovecot/' Happy 2015 everyone! Signed-off-by: Phil Carmody <phil@dovecot.fi>

auth: Mark memory pools as growing and use the same sizes for all mechanisms. Mainly to have DEBUG log fewer warnings.

ldap: Treat "No such object" errors to search the same as if no results were returned. Trying to look up a nonexistent base returns this error.

auth: LDAP errors may have crashed the auth process.

auth: Use special AUTH_SUBSYS_DB/MECH parameters as auth_request_log*() subsystem. This avoids hardcoded strings all over the place and also allows assigning the correct passdb/userdb name for log messages generated by generic passdb/userdb code, which doesn't know exactly where it was called from.

Updated copyright notices to include year 2014.

auth: If LDAP server returns LDAP_OPERATIONS_ERROR, reconnect. Apparently the server somehow lost the bind.

ldap: Added blocking=yes setting to use auth-workers.

auth: Use refcounting for LDAPMessage to make sure it always gets freed correctly. This may fix some memory leaks in some (error?) cases.

auth: If passdb ldap returned no values for userdb_ fields, use userdb prefetch anyway.

auth ldap: If ldap debug_level>0, log how long initialization took.

auth: Fixed crash if LDAP query returned multiple results.

ldap auth: Don't access freed memory.

ldap: Another fix to sub-dn-lookup.

ldap: Crashfix

ldap: Compiling fix to previous change

ldap: Improved sub-dn-lookup error message.

ldap: Various crashfixes

ldap: Don't crash if attributes have no @subrequests.

ldap auth: Removed base() wrapper around @dn values. The idea was to provide extensibility, but it can better be done with LDAP URLs.

ldap auth: "!ldapField" now requests the given field, but doesn't return it directly. It's only useful for listing fields that %{ldap_ptr} can potentially access.

ldap auth: Added %{ldap_ptr:realAttr} to get the value from the realAttr. For example: password_attrs = \ =proxy=y, \ =host=%{ldap_ptr:activeHost}, \ primaryHost, secondaryHost Where activeHost's value is either "primaryHost" or "secondaryHost".

ldap auth: Fix to previous change.

ldap auth: Support field values containing DNs to other LDAP records and getting them. For example: user_attrs = \ =user=%{ldap:uid}, \ @mail=base(%{ldap:mailDN}), \ =uid=%{ldap:uidNumber@mail}, \ =gid=%{ldap:gidNumber@mail}, \ =home=%{ldap:rootPath@mail}/%d/%n This first does the regular lookup, and then does another lookup using mailDN's value as the new lookup's base. The other lookup's filter is currently hardcoded to "no filter".

Replaced all -1U and (unsigned int)-1 with UINT_MAX. It's somewhat clearer this way. Also clang's -fsanitize=integer gives runtime errors about -1U (but not about explicit casts, so no need to change (type)-1 casts).

Oops :) Update copyrights to 2013 without breaking all .c files.