db-ldap.c revision 5f5870385cff47efd2f58e7892f251cf13761528
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
5f5870385cff47efd2f58e7892f251cf13761528Timo Sirainen/* Copyright (c) 2003-2012 Dovecot authors, see the included COPYING file */
44fc0a34c39f1ddb3a776918630010867a5dd04eTimo Sirainen#if defined(BUILTIN_LDAP) || defined(PLUGIN_BUILD)
594d203bdcbd160688bce5d5a6d65783b919ad49Timo Sirainen# define LDAP_SASL_QUIET 0 /* Doesn't exist in Solaris LDAP */
a8fc29f19ea6e2d472ba779b2dd5ca4e1f3dac79Timo Sirainen/* Older versions may require calling ldap_result() twice */
48559742084e98049335c21c53dfd1ff95f11cd8Timo Sirainen/* Solaris LDAP library doesn't have LDAP_OPT_SUCCESS */
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen const char **values;
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen /* ldap_attr_name => struct db_ldap_value */
a84eb0599fa1d796206eaed65c4e3239f0799276Timo Sirainen#define DEF_STR(name) DEF_STRUCT_STR(name, ldap_settings)
a84eb0599fa1d796206eaed65c4e3239f0799276Timo Sirainen#define DEF_INT(name) DEF_STRUCT_INT(name, ldap_settings)
a84eb0599fa1d796206eaed65c4e3239f0799276Timo Sirainen#define DEF_BOOL(name) DEF_STRUCT_BOOL(name, ldap_settings)
ab0d9eecd85f74acae18fe88529302e0776cc500Timo Sirainenstatic struct ldap_settings default_ldap_settings = {
7bafda1813454621e03615e83d55bccfa7cc56bdTimo Sirainen .user_attrs = "homeDirectory=home,uidNumber=uid,gidNumber=gid",
7bafda1813454621e03615e83d55bccfa7cc56bdTimo Sirainen .user_filter = "(&(objectClass=posixAccount)(uid=%u))",
7bafda1813454621e03615e83d55bccfa7cc56bdTimo Sirainen .pass_attrs = "uid=user,userPassword=password",
7bafda1813454621e03615e83d55bccfa7cc56bdTimo Sirainen .pass_filter = "(&(objectClass=posixAccount)(uid=%u))",
7bafda1813454621e03615e83d55bccfa7cc56bdTimo Sirainen .iterate_filter = "(objectClass=posixAccount)",
c4457e497e01b57565d24da624968699b166e02aTimo Sirainenstatic struct ldap_connection *ldap_connections = NULL;
16133a719ce8b6a5b8cedd721340cc1607c43433Timo Sirainenstatic int db_ldap_bind(struct ldap_connection *conn);
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainenstatic void db_ldap_conn_close(struct ldap_connection *conn);
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen i_fatal("LDAP: Unknown deref option '%s'", str);
e82af44fe25ca9b88210f313548dc08538e4a677Timo Sirainen i_fatal("LDAP: Unknown scope option '%s'", str);
b96dcd982888d89e6f2508258d6d9588d79c7a26Timo Sirainenstatic int tls_require_cert2str(const char *str)
b96dcd982888d89e6f2508258d6d9588d79c7a26Timo Sirainen i_fatal("LDAP: Unknown tls_require_cert value '%s'", str);
78361883c67c58e339697c167ca285731f50287bTimo Sirainenstatic int ldap_get_errno(struct ldap_connection *conn)
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen ret = ldap_get_option(conn->ld, LDAP_OPT_ERROR_NUMBER, (void *) &err);
78361883c67c58e339697c167ca285731f50287bTimo Sirainenconst char *ldap_get_error(struct ldap_connection *conn)
c184857e1fc86878761f6e47896c9cc1fad2d666Timo Sirainen const char *ret;
c184857e1fc86878761f6e47896c9cc1fad2d666Timo Sirainen ldap_get_option(conn->ld, LDAP_OPT_ERROR_STRING, (void *)&str);
c184857e1fc86878761f6e47896c9cc1fad2d666Timo Sirainen ldap_set_option(conn->ld, LDAP_OPT_ERROR_STRING, NULL);
613daa324c2b61ec69291519a57186be7cc23286Timo Sirainenstatic void ldap_conn_reconnect(struct ldap_connection *conn)
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainenstatic int ldap_handle_error(struct ldap_connection *conn)
613daa324c2b61ec69291519a57186be7cc23286Timo Sirainen /* invalid input */
613daa324c2b61ec69291519a57186be7cc23286Timo Sirainen /* connection problems */
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainenstatic int db_ldap_request_bind(struct ldap_connection *conn,
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen i_assert(request->type == LDAP_REQUEST_TYPE_BIND);
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen i_assert(conn->conn_state == LDAP_CONN_STATE_BOUND_AUTH ||
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen conn->conn_state == LDAP_CONN_STATE_BOUND_DEFAULT);
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen request->msgid = ldap_bind(conn->ld, brequest->dn,
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen auth_request_log_error(request->auth_request, "ldap",
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen "ldap_bind(%s) failed: %s",
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen /* broken request, remove it */
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainenstatic int db_ldap_request_search(struct ldap_connection *conn,
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen i_assert(conn->conn_state == LDAP_CONN_STATE_BOUND_DEFAULT);
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen ldap_search(conn->ld, srequest->base, conn->set.ldap_scope,
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen auth_request_log_error(request->auth_request, "ldap",
43d3ea2780b5f8557ede7b4c039e8f56cb8d357dTimo Sirainen "ldap_search(%s) parsing failed: %s",
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen /* broken request, remove it */
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainenstatic bool db_ldap_request_queue_next(struct ldap_connection *conn)
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen struct ldap_request *const *requestp, *request;
89676692402d8a58415b2c11256652322091ebabTimo Sirainen /* connecting may call db_ldap_connect_finish(), which gets us back
89676692402d8a58415b2c11256652322091ebabTimo Sirainen here. so do the connection before checking the request queue. */
42ec694fb0f2e1fb1d8afcfb441382daea487bd9Timo Sirainen if (conn->pending_count == aqueue_count(conn->request_queue)) {
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen /* no non-pending requests */
42ec694fb0f2e1fb1d8afcfb441382daea487bd9Timo Sirainen if (conn->pending_count > DB_LDAP_MAX_PENDING_REQUESTS) {
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen /* wait until server has replied to some requests */
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen /* we can't do binds until all existing requests are finished */
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen /* wait until we're in bound state */
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen /* bind to default dn first */
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen /* we can do anything in this state */
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen /* success */
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen } else if (ret < 0) {
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen /* disconnected */
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen /* broken request, remove from queue */
584a5375b70caa8bf7b202248aea84092bcb9c22Timo Sirainendb_ldap_check_limits(struct ldap_connection *conn, struct ldap_request *request)
584a5375b70caa8bf7b202248aea84092bcb9c22Timo Sirainen unsigned int count;
584a5375b70caa8bf7b202248aea84092bcb9c22Timo Sirainen first_requestp = array_idx(&conn->request_array,
584a5375b70caa8bf7b202248aea84092bcb9c22Timo Sirainen secs_diff = ioloop_time - (*first_requestp)->create_time;
584a5375b70caa8bf7b202248aea84092bcb9c22Timo Sirainen if (secs_diff > DB_LDAP_REQUEST_LOST_TIMEOUT_SECS) {
584a5375b70caa8bf7b202248aea84092bcb9c22Timo Sirainen auth_request_log_error(request->auth_request, "ldap",
584a5375b70caa8bf7b202248aea84092bcb9c22Timo Sirainen "Connection appears to be hanging, reconnecting");
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainenvoid db_ldap_request(struct ldap_connection *conn,
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainenstatic int db_ldap_connect_finish(struct ldap_connection *conn, int ret)
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen conn->set.dn == NULL ? "(none)" : conn->set.dn,
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen conn->conn_state = LDAP_CONN_STATE_BOUND_DEFAULT;
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainenstatic void db_ldap_default_bind_finished(struct ldap_connection *conn,
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen ret = ldap_result2error(conn->ld, res, FALSE);
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen /* lost connection, close it */
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainenstatic void db_ldap_abort_requests(struct ldap_connection *conn,
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen struct ldap_request *const *requestp, *request;
63cde222abaaa2a9bdaa9a143698dbc8b23bd742Timo Sirainen while (aqueue_count(conn->request_queue) > 0 && max_count > 0) {
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen /* timed out, abort */
3cff7935d606a75357472a3e4269e0b06ac1bef2Timo Sirainen auth_request_log_error(request->auth_request, "ldap",
3cff7935d606a75357472a3e4269e0b06ac1bef2Timo Sirainen auth_request_log_info(request->auth_request, "ldap",
43d3ea2780b5f8557ede7b4c039e8f56cb8d357dTimo Sirainendb_ldap_find_request(struct ldap_connection *conn, int msgid,
43d3ea2780b5f8557ede7b4c039e8f56cb8d357dTimo Sirainen unsigned int *idx_r)
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen struct ldap_request *const *requests, *request = NULL;
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen unsigned int i, count;
43d3ea2780b5f8557ede7b4c039e8f56cb8d357dTimo Sirainen requests = array_idx(&conn->request_array, 0);
43d3ea2780b5f8557ede7b4c039e8f56cb8d357dTimo Sirainen for (i = 0; i < count; i++) {
43d3ea2780b5f8557ede7b4c039e8f56cb8d357dTimo Sirainen request = requests[aqueue_idx(conn->request_queue, i)];
43d3ea2780b5f8557ede7b4c039e8f56cb8d357dTimo Sirainendb_ldap_handle_result(struct ldap_connection *conn, LDAPMessage *res)
43d3ea2780b5f8557ede7b4c039e8f56cb8d357dTimo Sirainen unsigned int idx;
43d3ea2780b5f8557ede7b4c039e8f56cb8d357dTimo Sirainen request = db_ldap_find_request(conn, msgid, &idx);
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen i_error("LDAP: Reply with unknown msgid %d", msgid);
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen if (request->type == LDAP_REQUEST_TYPE_BIND) {
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen i_assert(conn->conn_state == LDAP_CONN_STATE_BINDING);
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen conn->conn_state = LDAP_CONN_STATE_BOUND_AUTH;
43d3ea2780b5f8557ede7b4c039e8f56cb8d357dTimo Sirainen /* we're going to ignore this */
43d3ea2780b5f8557ede7b4c039e8f56cb8d357dTimo Sirainen i_error("LDAP: Reply with unexpected type %d",
43d3ea2780b5f8557ede7b4c039e8f56cb8d357dTimo Sirainen if (ldap_msgtype(res) == LDAP_RES_SEARCH_ENTRY)
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen if (ret != LDAP_SUCCESS && request->type == LDAP_REQUEST_TYPE_SEARCH) {
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen /* handle search failures here */
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen auth_request_log_error(request->auth_request, "ldap",
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen "ldap_search(base=%s filter=%s) failed: %s",
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen /* see if there are timed out requests */
2cfe9983ce7a6280636ee12beccc2e865111967bTimo Sirainenstatic void ldap_input(struct ldap_connection *conn)
43d3ea2780b5f8557ede7b4c039e8f56cb8d357dTimo Sirainen ret = ldap_result(conn->ld, LDAP_RES_ANY, 0, &timeout, &res);
a8fc29f19ea6e2d472ba779b2dd5ca4e1f3dac79Timo Sirainen /* try again, there may be another in buffer */
c51fe409810cbb2432b72d6819bd183469fcaebcTimo Sirainen prev_reply_diff = ioloop_time - conn->last_reply_stamp;
43d3ea2780b5f8557ede7b4c039e8f56cb8d357dTimo Sirainen /* input disabled, continue once it's enabled */
43d3ea2780b5f8557ede7b4c039e8f56cb8d357dTimo Sirainen } else if (ret == 0) {
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen /* send more requests */
d39e77e1f7f58e1e21042a673b718541fa3f63c7Timo Sirainen } else if (ldap_get_errno(conn) != LDAP_SERVER_DOWN) {
613daa324c2b61ec69291519a57186be7cc23286Timo Sirainen i_error("LDAP: ldap_result() failed: %s", ldap_get_error(conn));
63cde222abaaa2a9bdaa9a143698dbc8b23bd742Timo Sirainen } else if (aqueue_count(conn->request_queue) > 0 ||
c51fe409810cbb2432b72d6819bd183469fcaebcTimo Sirainen prev_reply_diff < DB_LDAP_IDLE_RECONNECT_SECS) {
d39e77e1f7f58e1e21042a673b718541fa3f63c7Timo Sirainen i_error("LDAP: Connection lost to LDAP server, reconnecting");
d39e77e1f7f58e1e21042a673b718541fa3f63c7Timo Sirainen /* server probably disconnected an idle connection. don't
d39e77e1f7f58e1e21042a673b718541fa3f63c7Timo Sirainen reconnect until the next request comes. */
43d32cbe60fdaef2699d99f1ca259053e9350411Timo Sirainensasl_interact(LDAP *ld ATTR_UNUSED, unsigned flags ATTR_UNUSED,
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen struct db_ldap_sasl_bind_context *context = defaults;
23f8c5356cacdbd1cc09a39a08ef37a39125bb74Timo Sirainen const char *str;
23f8c5356cacdbd1cc09a39a08ef37a39125bb74Timo Sirainen for (in = interact; in->id != SASL_CB_LIST_END; in++) {
2d0a002723dac5c58c250f6566efb1f5e474c169Timo Sirainenstatic void ldap_connection_timeout(struct ldap_connection *conn)
2d0a002723dac5c58c250f6566efb1f5e474c169Timo Sirainen i_assert(conn->conn_state == LDAP_CONN_STATE_BINDING);
2d0a002723dac5c58c250f6566efb1f5e474c169Timo Sirainen i_error("LDAP: Initial binding to LDAP server timed out");
16133a719ce8b6a5b8cedd721340cc1607c43433Timo Sirainenstatic int db_ldap_bind(struct ldap_connection *conn)
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen i_assert(conn->conn_state != LDAP_CONN_STATE_BINDING);
763fd2ac217023c0940415379abcd5eb7a0f7ba7Timo Sirainen msgid = ldap_bind(conn->ld, conn->set.dn, conn->set.dnpass,
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen i_assert(ldap_get_errno(conn) != LDAP_SUCCESS);
7cf0a6613fca9983b8a3443f9f6ef15df5a22162Timo Sirainen if (db_ldap_connect_finish(conn, ldap_get_errno(conn)) < 0) {
7cf0a6613fca9983b8a3443f9f6ef15df5a22162Timo Sirainen /* lost connection, close it */
2d0a002723dac5c58c250f6566efb1f5e474c169Timo Sirainen conn->to = timeout_add(DB_LDAP_REQUEST_LOST_TIMEOUT_SECS*1000,
b270b29d458f3cbd6e63320bb17e23f809da0045Timo Sirainenstatic void db_ldap_get_fd(struct ldap_connection *conn)
b270b29d458f3cbd6e63320bb17e23f809da0045Timo Sirainen /* get the connection's fd */
b270b29d458f3cbd6e63320bb17e23f809da0045Timo Sirainen ret = ldap_get_option(conn->ld, LDAP_OPT_DESC, (void *)&conn->fd);
d2ded6e1da2d07ac070888873ddc10999a6d87baTimo Sirainen /* Solaris LDAP library seems to be broken */
d2ded6e1da2d07ac070888873ddc10999a6d87baTimo Sirainen i_fatal("LDAP: Buggy LDAP library returned wrong fd: %d",
b96dcd982888d89e6f2508258d6d9588d79c7a26Timo Sirainendb_ldap_set_opt(struct ldap_connection *conn, int opt, const void *value,
b96dcd982888d89e6f2508258d6d9588d79c7a26Timo Sirainen ret = ldap_set_option(conn == NULL ? NULL : conn->ld, opt, value);
b96dcd982888d89e6f2508258d6d9588d79c7a26Timo Sirainen i_fatal("LDAP: Can't set option %s to %s: %s",
b96dcd982888d89e6f2508258d6d9588d79c7a26Timo Sirainendb_ldap_set_opt_str(struct ldap_connection *conn, int opt, const char *value,
b96dcd982888d89e6f2508258d6d9588d79c7a26Timo Sirainen db_ldap_set_opt(conn, opt, value, optname, value);
b96dcd982888d89e6f2508258d6d9588d79c7a26Timo Sirainenstatic void db_ldap_set_tls_options(struct ldap_connection *conn)
b96dcd982888d89e6f2508258d6d9588d79c7a26Timo Sirainen db_ldap_set_opt_str(NULL, LDAP_OPT_X_TLS_CACERTFILE,
b96dcd982888d89e6f2508258d6d9588d79c7a26Timo Sirainen conn->set.tls_ca_cert_file, "tls_ca_cert_file");
b96dcd982888d89e6f2508258d6d9588d79c7a26Timo Sirainen db_ldap_set_opt_str(NULL, LDAP_OPT_X_TLS_CACERTDIR,
b96dcd982888d89e6f2508258d6d9588d79c7a26Timo Sirainen conn->set.tls_ca_cert_dir, "tls_ca_cert_dir");
b96dcd982888d89e6f2508258d6d9588d79c7a26Timo Sirainen db_ldap_set_opt_str(NULL, LDAP_OPT_X_TLS_CERTFILE,
b96dcd982888d89e6f2508258d6d9588d79c7a26Timo Sirainen db_ldap_set_opt_str(NULL, LDAP_OPT_X_TLS_KEYFILE,
b96dcd982888d89e6f2508258d6d9588d79c7a26Timo Sirainen db_ldap_set_opt_str(NULL, LDAP_OPT_X_TLS_CIPHER_SUITE,
b96dcd982888d89e6f2508258d6d9588d79c7a26Timo Sirainen conn->set.tls_cipher_suite, "tls_cipher_suite");
b96dcd982888d89e6f2508258d6d9588d79c7a26Timo Sirainen int value = tls_require_cert2str(conn->set.tls_require_cert);
b96dcd982888d89e6f2508258d6d9588d79c7a26Timo Sirainen db_ldap_set_opt(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &value,
b96dcd982888d89e6f2508258d6d9588d79c7a26Timo Sirainen "tls_require_cert", conn->set.tls_require_cert);
f023d5a1665cc388131159914898ceecc526eda5Timo Sirainen "your LDAP library doesn't seem to support them");
b96dcd982888d89e6f2508258d6d9588d79c7a26Timo Sirainenstatic void db_ldap_set_options(struct ldap_connection *conn)
b96dcd982888d89e6f2508258d6d9588d79c7a26Timo Sirainen db_ldap_set_opt(conn, LDAP_OPT_DEREF, &conn->set.ldap_deref,
f4a19b0cf11cdff437571708d9d788d02a906a00Timo Sirainen db_ldap_set_opt(NULL, LDAP_OPT_DEBUG_LEVEL, &value,
4756ae94c4db02e694c3425d9d949678117b66a3Timo Sirainen i_fatal("LDAP: sasl_bind=yes requires ldap_version=3");
4756ae94c4db02e694c3425d9d949678117b66a3Timo Sirainen i_fatal("LDAP: tls=yes requires ldap_version=3");
b96dcd982888d89e6f2508258d6d9588d79c7a26Timo Sirainen db_ldap_set_opt(conn, LDAP_OPT_PROTOCOL_VERSION, &ldap_version,
b96dcd982888d89e6f2508258d6d9588d79c7a26Timo Sirainenint db_ldap_connect(struct ldap_connection *conn)
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen if (conn->conn_state != LDAP_CONN_STATE_DISCONNECTED)
e65cc79f80577e83c706f0678c78e2c0bd91434fTimo Sirainen if (ldap_initialize(&conn->ld, conn->set.uris) != LDAP_SUCCESS)
48559742084e98049335c21c53dfd1ff95f11cd8Timo Sirainen i_fatal("LDAP: Your LDAP library doesn't support "
48559742084e98049335c21c53dfd1ff95f11cd8Timo Sirainen "'uris' setting, use 'hosts' instead.");
e65cc79f80577e83c706f0678c78e2c0bd91434fTimo Sirainen conn->ld = ldap_init(conn->set.hosts, LDAP_PORT);
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen i_fatal("LDAP: ldap_init() failed with hosts: %s",
8f0a5540a21d235f4f830517c6211f6f92948f2cTimo Sirainen "and ldaps URI");
40992309053d51192ae1b36d1dd6c057f2d37257Timo Sirainen i_error("LDAP: ldap_start_tls_s() failed: %s",
40992309053d51192ae1b36d1dd6c057f2d37257Timo Sirainen i_error("LDAP: Your LDAP library doesn't support TLS");
efb7a523ea2f7670ca07acaaa5aeb30692ad6cd3Timo Sirainen /* There doesn't seem to be a way to do SASL binding
efb7a523ea2f7670ca07acaaa5aeb30692ad6cd3Timo Sirainen asynchronously.. */
23f8c5356cacdbd1cc09a39a08ef37a39125bb74Timo Sirainen ret = ldap_sasl_interactive_bind_s(conn->ld, NULL,
efb7a523ea2f7670ca07acaaa5aeb30692ad6cd3Timo Sirainen i_fatal("LDAP: sasl_bind=yes but no SASL support compiled in");
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen conn->conn_state = LDAP_CONN_STATE_BOUND_DEFAULT;
16133a719ce8b6a5b8cedd721340cc1607c43433Timo Sirainen conn->io = io_add(conn->fd, IO_READ, ldap_input, conn);
43d3ea2780b5f8557ede7b4c039e8f56cb8d357dTimo Sirainenvoid db_ldap_enable_input(struct ldap_connection *conn, bool enable)
43d3ea2780b5f8557ede7b4c039e8f56cb8d357dTimo Sirainen conn->io = io_add(conn->fd, IO_READ, ldap_input, conn);
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainenstatic void db_ldap_disconnect_timeout(struct ldap_connection *conn)
1512eb3e1f8d7366122089a03e3c8688986a5a26Timo Sirainen DB_LDAP_REQUEST_DISCONNECT_TIMEOUT_SECS, FALSE,
1512eb3e1f8d7366122089a03e3c8688986a5a26Timo Sirainen "Aborting (timeout), we're not connected to LDAP server");
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen /* no requests left, remove this timeout handler */
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainenstatic void db_ldap_conn_close(struct ldap_connection *conn)
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen struct ldap_request *const *requests, *request;
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen unsigned int i;
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen conn->conn_state = LDAP_CONN_STATE_DISCONNECTED;
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen requests = array_idx(&conn->request_array, 0);
63cde222abaaa2a9bdaa9a143698dbc8b23bd742Timo Sirainen request = requests[aqueue_idx(conn->request_queue, i)];
baf992882696ce085fa9122a559dbba8e627e19fTimo Sirainen /* the fd may have already been closed before ldap_unbind(),
baf992882696ce085fa9122a559dbba8e627e19fTimo Sirainen so we'll have to use io_remove_closed(). */
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen conn->to = timeout_add(DB_LDAP_REQUEST_DISCONNECT_TIMEOUT_SECS *
63cf2e557bdd9dd8bb4e2ecb84763ef884231f18Timo Sirainenstatic const char *
63cf2e557bdd9dd8bb4e2ecb84763ef884231f18Timo Sirainendb_ldap_field_find(const char *data, void *context)
63cf2e557bdd9dd8bb4e2ecb84763ef884231f18Timo Sirainen struct ldap_field_find_context *ctx = context;
63cf2e557bdd9dd8bb4e2ecb84763ef884231f18Timo Sirainen array_append(&ctx->attr_names, &ldap_attr, 1);
9f431ccfb6932746db56245c8a3d3415717ef545Timo Sirainenvoid db_ldap_set_attrs(struct ldap_connection *conn, const char *attrlist,
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen char ***attr_names_r, ARRAY_TYPE(ldap_field) *attr_map,
63cf2e557bdd9dd8bb4e2ecb84763ef884231f18Timo Sirainen static struct var_expand_func_table var_funcs_table[] = {
63cf2e557bdd9dd8bb4e2ecb84763ef884231f18Timo Sirainen unsigned int i;
63cf2e557bdd9dd8bb4e2ecb84763ef884231f18Timo Sirainen p_array_init(&ctx.attr_names, conn->pool, 16);
99ee694f4099ea3dcc3b6b8331b093a8f1a2c604Timo Sirainen /* allow spaces here so "foo=1, bar=2" works */
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen ldap_attr = name = p_strdup(conn->pool, attr_data);
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen ldap_attr = p_strdup_until(conn->pool, attr_data, p);
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen i_error("ldap: Invalid attrs entry: %s", attr_data);
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen else if (skip_attr == NULL || strcmp(skip_attr, name) != 0) {
63cf2e557bdd9dd8bb4e2ecb84763ef884231f18Timo Sirainen *attr_names_r = array_idx_modifiable(&ctx.attr_names, 0);
7c85bb54c14c0ca3e7171431f99a594615792086Timo Sirainendb_ldap_value_get_var_expand_table(pool_t pool,
43d3ea2780b5f8557ede7b4c039e8f56cb8d357dTimo Sirainen const struct var_expand_table *auth_table = NULL;
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen unsigned int count;
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen auth_table = auth_request_get_var_expand_table(auth_request, NULL);
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen for (count = 0; auth_table[count].key != '\0'; count++) ;
7c85bb54c14c0ca3e7171431f99a594615792086Timo Sirainen table = p_new(pool, struct var_expand_table, count + 2);
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen memcpy(table + 1, auth_table, sizeof(*table) * count);
1c38a95332f1945c9806d7d83175a0d948f51291Timo Sirainen ((c) == '*' || (c) == '(' || (c) == ')' || (c) == '\\')
43d32cbe60fdaef2699d99f1ca259053e9350411Timo Sirainen const struct auth_request *auth_request ATTR_UNUSED)
d1f0acc7fc722e13e8296228703adfe8a884d59eTimo Sirainen const char *p;
d1f0acc7fc722e13e8296228703adfe8a884d59eTimo Sirainen if (*p == '\0')
d1f0acc7fc722e13e8296228703adfe8a884d59eTimo Sirainen for (; *p != '\0'; p++) {
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainenldap_field_hide_password(struct db_ldap_result_iterate_context *ctx,
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen if (strcmp(field->ldap_attr_name, attr) == 0) {
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen strcmp(field->name, "password_noscheme") == 0)
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainenget_ldap_fields(struct db_ldap_result_iterate_context *ctx,
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen struct ldap_connection *conn, LDAPMessage *entry)
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen unsigned int i, count;
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen attr = ldap_first_attribute(conn->ld, entry, &ber);
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen vals = ldap_get_values(conn->ld, entry, attr);
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen ldap_value = p_new(ctx->pool, struct db_ldap_value, 1);
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen ldap_value->values = p_new(ctx->pool, const char *, 1);
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen for (count = 0; vals[count] != NULL; count++) ;
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen ldap_value->values = p_new(ctx->pool, const char *, count + 1);
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen for (i = 0; i < count; i++)
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen ldap_value->values[i] = p_strdup(ctx->pool, vals[i]);
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen str_append(ctx->debug, ldap_value->values[0]);
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen attr = ldap_next_attribute(conn->ld, entry, ber);
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainendb_ldap_result_iterate_init(struct ldap_connection *conn, LDAPMessage *entry,
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen pool = pool_alloconly_create("ldap result iter", 1024);
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen ctx = p_new(pool, struct db_ldap_result_iterate_context, 1);
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen hash_table_create(default_pool, pool, 0, strcase_hash,
c349375340580e4ef10b427323c6e67c14ae4996Timo Sirainenstatic const char *db_ldap_field_expand(const char *data, void *context)
c349375340580e4ef10b427323c6e67c14ae4996Timo Sirainen struct db_ldap_result_iterate_context *ctx = context;
c349375340580e4ef10b427323c6e67c14ae4996Timo Sirainen ldap_value = hash_table_lookup(ctx->ldap_attrs, data);
c349375340580e4ef10b427323c6e67c14ae4996Timo Sirainen /* ldap attribute wasn't requested */
c349375340580e4ef10b427323c6e67c14ae4996Timo Sirainen str_printfa(ctx->debug, "; %s missing", data);
c349375340580e4ef10b427323c6e67c14ae4996Timo Sirainen /* no value for ldap attribute */
c349375340580e4ef10b427323c6e67c14ae4996Timo Sirainen auth_request_log_warning(ctx->auth_request, "ldap",
c349375340580e4ef10b427323c6e67c14ae4996Timo Sirainen "Multiple values found for '%s', using value '%s'",
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainenstatic const char *const *
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainendb_ldap_result_return_value(struct db_ldap_result_iterate_context *ctx,
c349375340580e4ef10b427323c6e67c14ae4996Timo Sirainen static struct var_expand_func_table var_funcs_table[] = {
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen const char *const *values;
7c85bb54c14c0ca3e7171431f99a594615792086Timo Sirainen /* LDAP attribute doesn't exist */
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen /* use the LDAP attribute's value */
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen /* template */
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen auth_request_log_warning(ctx->auth_request, "ldap",
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen "Multiple values found for '%s', "
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen "using value '%s'",
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen ctx->var_table = db_ldap_value_get_var_expand_table(
c349375340580e4ef10b427323c6e67c14ae4996Timo Sirainen var_expand_with_funcs(ctx->var, field->value, ctx->var_table,
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainenbool db_ldap_result_iterate_next(struct db_ldap_result_iterate_context *ctx,
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen const char **name_r,
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen const char *const **values_r)
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen if (ctx->attr_idx == array_count(ctx->attr_map))
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen field = array_idx(ctx->attr_map, ctx->attr_idx++);
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen ldap_value = *field->ldap_attr_name == '\0' ? NULL :
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen hash_table_lookup(ctx->ldap_attrs, field->ldap_attr_name);
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen else if (ctx->debug && *field->ldap_attr_name != '\0')
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen str_printfa(ctx->debug, "; %s missing", field->ldap_attr_name);
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen *values_r = db_ldap_result_return_value(ctx, field, ldap_value);
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen /* no values. don't confuse the caller with this reply. */
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen return db_ldap_result_iterate_next(ctx, name_r, values_r);
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainendb_ldap_result_finish_debug(struct db_ldap_result_iterate_context *ctx)
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen auth_request_log_debug(ctx->auth_request, "ldap",
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen "no fields returned by the server");
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen iter = hash_table_iterate_init(ctx->ldap_attrs);
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen while (hash_table_iterate(iter, &key, &value)) {
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen str_truncate(ctx->debug, str_len(ctx->debug)-1);
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen auth_request_log_debug(ctx->auth_request, "ldap",
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainenvoid db_ldap_result_iterate_deinit(struct db_ldap_result_iterate_context **_ctx)
0a8926b91a84abf462afdc1ed95def229377d7ffTimo Sirainen struct db_ldap_result_iterate_context *ctx = *_ctx;
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainenstatic const char *parse_setting(const char *key, const char *value,
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen return parse_setting_from_defs(conn->pool, setting_defs,
c4457e497e01b57565d24da624968699b166e02aTimo Sirainenstatic struct ldap_connection *ldap_conn_find(const char *config_path)
c4457e497e01b57565d24da624968699b166e02aTimo Sirainen for (conn = ldap_connections; conn != NULL; conn = conn->next) {
c4457e497e01b57565d24da624968699b166e02aTimo Sirainen if (strcmp(conn->config_path, config_path) == 0)
964c86de7158ccafdfe665853579d71232e2634eTimo Sirainenstruct ldap_connection *db_ldap_init(const char *config_path, bool userdb)
f8464772990b52cb8de4553bc1135adcf72813b8Timo Sirainen const char *str;
c4457e497e01b57565d24da624968699b166e02aTimo Sirainen /* see if it already exists */
2e1e493b248dec0127b1eabeea5a8bc330378fcdTimo Sirainen i_fatal("LDAP: Configuration file path not given");
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen pool = pool_alloconly_create("ldap_connection", 1024);
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen conn = p_new(pool, struct ldap_connection, 1);
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen conn->conn_state = LDAP_CONN_STATE_DISCONNECTED;
c4457e497e01b57565d24da624968699b166e02aTimo Sirainen conn->config_path = p_strdup(pool, config_path);
59151b71059df1190acd75d8717ed04a7920c862Timo Sirainen if (!settings_read(config_path, NULL, parse_setting,
b1504ccfa93e77d906e39e6aa31a592d69f6b5b4Timo Sirainen if (conn->set.uris == NULL && conn->set.hosts == NULL)
b1504ccfa93e77d906e39e6aa31a592d69f6b5b4Timo Sirainen i_fatal("LDAP: Dovecot compiled without support for LDAP uris "
b1504ccfa93e77d906e39e6aa31a592d69f6b5b4Timo Sirainen "(ldap_initialize not found)");
f8464772990b52cb8de4553bc1135adcf72813b8Timo Sirainen if (str != NULL && strcmp(str, conn->set.ldaprc_path) != 0) {
f8464772990b52cb8de4553bc1135adcf72813b8Timo Sirainen i_fatal("LDAP: Multiple different ldaprc_path "
f8464772990b52cb8de4553bc1135adcf72813b8Timo Sirainen "settings not allowed (%s and %s)",
f8464772990b52cb8de4553bc1135adcf72813b8Timo Sirainen env_put(t_strconcat("LDAPRC=", conn->set.ldaprc_path, NULL));
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen conn->set.ldap_deref = deref2str(conn->set.deref);
e714eed72515794c46c6712a611e5ab924d903daTimo Sirainen conn->set.ldap_scope = scope2str(conn->set.scope);
63cde222abaaa2a9bdaa9a143698dbc8b23bd742Timo Sirainen conn->request_queue = aqueue_init(&conn->request_array.arr);
d5cebe7f98e63d4e2822863ef2faa4971e8b3a5dTimo Sirainenvoid db_ldap_unref(struct ldap_connection **_conn)
b321df9603081896b70ec44635af96d674a9839aTimo Sirainen for (p = &ldap_connections; *p != NULL; p = &(*p)->next) {
3cff7935d606a75357472a3e4269e0b06ac1bef2Timo Sirainen db_ldap_abort_requests(conn, -1U, 0, FALSE, "Shutting down");
964c86de7158ccafdfe665853579d71232e2634eTimo Sirainenvoid db_ldap_check_userdb_warning(struct ldap_connection *conn)
964c86de7158ccafdfe665853579d71232e2634eTimo Sirainen const struct ldap_settings *def = &default_ldap_settings;
964c86de7158ccafdfe665853579d71232e2634eTimo Sirainen if (worker || conn->userdb_used || conn->set.userdb_warning_disable)
964c86de7158ccafdfe665853579d71232e2634eTimo Sirainen if (strcmp(conn->set.user_attrs, def->user_attrs) != 0)
964c86de7158ccafdfe665853579d71232e2634eTimo Sirainen else if (strcmp(conn->set.user_filter, def->user_filter) != 0)
964c86de7158ccafdfe665853579d71232e2634eTimo Sirainen else if (strcmp(conn->set.iterate_attrs, def->iterate_attrs) != 0)
964c86de7158ccafdfe665853579d71232e2634eTimo Sirainen else if (strcmp(conn->set.iterate_filter, def->iterate_filter) != 0)
964c86de7158ccafdfe665853579d71232e2634eTimo Sirainen "because userdb ldap not used. "
964c86de7158ccafdfe665853579d71232e2634eTimo Sirainen "(If this is intentional, set userdb_warning_disable=yes)",
be20a7ddf87cb56ee63016dd0029f0c523be09b6Timo Sirainen/* Building a plugin */
cc03958ccda8258252c512412f8d5600ce383b14Timo Sirainenextern struct passdb_module_interface passdb_ldap_plugin;
cc03958ccda8258252c512412f8d5600ce383b14Timo Sirainenextern struct userdb_module_interface userdb_ldap_plugin;
cc03958ccda8258252c512412f8d5600ce383b14Timo Sirainen passdb_unregister_module(&passdb_ldap_plugin);