db-ldap.c revision 76b43e4417bab52e913da39b5f5bc2a130d3f149
76b43e4417bab52e913da39b5f5bc2a130d3f149Timo Sirainen/* Copyright (c) 2003-2008 Dovecot authors, see the included COPYING file */
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen#if defined(PASSDB_LDAP) || defined(USERDB_LDAP)
594d203bdcbd160688bce5d5a6d65783b919ad49Timo Sirainen# define LDAP_SASL_QUIET 0 /* Doesn't exist in Solaris LDAP */
a8fc29f19ea6e2d472ba779b2dd5ca4e1f3dac79Timo Sirainen/* Older versions may require calling ldap_result() twice */
48559742084e98049335c21c53dfd1ff95f11cd8Timo Sirainen/* Solaris LDAP library doesn't have LDAP_OPT_SUCCESS */
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen const char *name, *value, *template, *val_1_arr[2];
1cb29929a19dea32779606cd54a1e63aefead88dTimo Sirainen const char *const *static_attrs;
a84eb0599fa1d796206eaed65c4e3239f0799276Timo Sirainen#define DEF_STR(name) DEF_STRUCT_STR(name, ldap_settings)
a84eb0599fa1d796206eaed65c4e3239f0799276Timo Sirainen#define DEF_INT(name) DEF_STRUCT_INT(name, ldap_settings)
a84eb0599fa1d796206eaed65c4e3239f0799276Timo Sirainen#define DEF_BOOL(name) DEF_STRUCT_BOOL(name, ldap_settings)
e53ca064060239939bd554a562ba007367dac8edTimo Sirainen MEMBER(user_attrs) "homeDirectory=home,uidNumber=uid,gidNumber=gid",
5a8b0ce25f7838652b4a0cb9dab0ad19ec0fab25Timo Sirainen MEMBER(user_filter) "(&(objectClass=posixAccount)(uid=%u))",
e53ca064060239939bd554a562ba007367dac8edTimo Sirainen MEMBER(pass_attrs) "uid=user,userPassword=password",
5a8b0ce25f7838652b4a0cb9dab0ad19ec0fab25Timo Sirainen MEMBER(pass_filter) "(&(objectClass=posixAccount)(uid=%u))",
c4457e497e01b57565d24da624968699b166e02aTimo Sirainenstatic struct ldap_connection *ldap_connections = NULL;
16133a719ce8b6a5b8cedd721340cc1607c43433Timo Sirainenstatic int db_ldap_bind(struct ldap_connection *conn);
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainenstatic void db_ldap_conn_close(struct ldap_connection *conn);
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen i_fatal("LDAP: Unknown deref option '%s'", str);
e82af44fe25ca9b88210f313548dc08538e4a677Timo Sirainen i_fatal("LDAP: Unknown scope option '%s'", str);
78361883c67c58e339697c167ca285731f50287bTimo Sirainenstatic int ldap_get_errno(struct ldap_connection *conn)
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen ret = ldap_get_option(conn->ld, LDAP_OPT_ERROR_NUMBER, (void *) &err);
78361883c67c58e339697c167ca285731f50287bTimo Sirainenconst char *ldap_get_error(struct ldap_connection *conn)
613daa324c2b61ec69291519a57186be7cc23286Timo Sirainenstatic void ldap_conn_reconnect(struct ldap_connection *conn)
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainenstatic int ldap_handle_error(struct ldap_connection *conn)
613daa324c2b61ec69291519a57186be7cc23286Timo Sirainen /* invalid input */
613daa324c2b61ec69291519a57186be7cc23286Timo Sirainen /* connection problems */
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainenstatic int db_ldap_request_bind(struct ldap_connection *conn,
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen i_assert(request->type == LDAP_REQUEST_TYPE_BIND);
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen i_assert(conn->conn_state == LDAP_CONN_STATE_BOUND_AUTH ||
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen conn->conn_state == LDAP_CONN_STATE_BOUND_DEFAULT);
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen request->msgid = ldap_bind(conn->ld, brequest->dn,
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen auth_request_log_error(request->auth_request, "ldap",
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen "ldap_bind(%s) failed: %s",
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen /* broken request, remove it */
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainenstatic int db_ldap_request_search(struct ldap_connection *conn,
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen i_assert(conn->conn_state == LDAP_CONN_STATE_BOUND_DEFAULT);
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen ldap_search(conn->ld, srequest->base, conn->set.ldap_scope,
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen auth_request_log_error(request->auth_request, "ldap",
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen "ldap_search() failed (filter %s): %s",
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen /* broken request, remove it */
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainenstatic bool db_ldap_request_queue_next(struct ldap_connection *conn)
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen struct ldap_request *const *requestp, *request;
63cde222abaaa2a9bdaa9a143698dbc8b23bd742Timo Sirainen unsigned int queue_size = aqueue_count(conn->request_queue);
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen /* no non-pending requests */
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen if (queue_size > DB_LDAP_MAX_PENDING_REQUESTS) {
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen /* wait until server has replied to some requests */
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen /* we can't do binds until all existing requests are finished */
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen /* wait until we're in bound state */
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen /* bind to default dn first */
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen /* we can do anything in this state */
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen /* success */
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen } else if (ret < 0) {
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen /* disconnected */
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen /* broken request, remove from queue */
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainenvoid db_ldap_request(struct ldap_connection *conn,
63cde222abaaa2a9bdaa9a143698dbc8b23bd742Timo Sirainen aqueue_count(conn->request_queue) >= DB_LDAP_MAX_QUEUE_SIZE) {
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen /* Queue is full already, fail this request */
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen auth_request_log_error(request->auth_request, "ldap",
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen "Request queue is full");
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainenstatic int db_ldap_connect_finish(struct ldap_connection *conn, int ret)
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen conn->set.dn == NULL ? "(none)" : conn->set.dn,
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen conn->conn_state = LDAP_CONN_STATE_BOUND_DEFAULT;
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainenstatic void db_ldap_default_bind_finished(struct ldap_connection *conn,
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen ret = ldap_result2error(conn->ld, res, FALSE);
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen /* lost connection, close it */
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainenstatic void db_ldap_abort_requests(struct ldap_connection *conn,
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen struct ldap_request *const *requestp, *request;
63cde222abaaa2a9bdaa9a143698dbc8b23bd742Timo Sirainen while (aqueue_count(conn->request_queue) > 0 && max_count > 0) {
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen /* timed out, abort */
3cff7935d606a75357472a3e4269e0b06ac1bef2Timo Sirainen auth_request_log_error(request->auth_request, "ldap",
3cff7935d606a75357472a3e4269e0b06ac1bef2Timo Sirainen auth_request_log_info(request->auth_request, "ldap",
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainendb_ldap_handle_result(struct ldap_connection *conn, LDAPMessage *res)
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen struct ldap_request *const *requests, *request = NULL;
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen unsigned int i, count;
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen requests = count == 0 ? NULL : array_idx(&conn->request_array, 0);
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen for (i = 0; i < count; i++) {
63cde222abaaa2a9bdaa9a143698dbc8b23bd742Timo Sirainen request = requests[aqueue_idx(conn->request_queue, i)];
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen i_error("LDAP: Reply with unknown msgid %d", msgid);
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen if (request->type == LDAP_REQUEST_TYPE_BIND) {
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen i_assert(conn->conn_state == LDAP_CONN_STATE_BINDING);
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen conn->conn_state = LDAP_CONN_STATE_BOUND_AUTH;
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen if (ret != LDAP_SUCCESS && request->type == LDAP_REQUEST_TYPE_SEARCH) {
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen /* handle search failures here */
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen auth_request_log_error(request->auth_request, "ldap",
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen "ldap_search(%s) failed: %s",
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen /* see if there are timed out requests */
2cfe9983ce7a6280636ee12beccc2e865111967bTimo Sirainenstatic void ldap_input(struct ldap_connection *conn)
a8fc29f19ea6e2d472ba779b2dd5ca4e1f3dac79Timo Sirainen ret = ldap_result(conn->ld, LDAP_RES_ANY, 1, &timeout, &res);
a8fc29f19ea6e2d472ba779b2dd5ca4e1f3dac79Timo Sirainen /* try again, there may be another in buffer */
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen /* send more requests */
d39e77e1f7f58e1e21042a673b718541fa3f63c7Timo Sirainen } else if (ldap_get_errno(conn) != LDAP_SERVER_DOWN) {
613daa324c2b61ec69291519a57186be7cc23286Timo Sirainen i_error("LDAP: ldap_result() failed: %s", ldap_get_error(conn));
63cde222abaaa2a9bdaa9a143698dbc8b23bd742Timo Sirainen } else if (aqueue_count(conn->request_queue) > 0 ||
d39e77e1f7f58e1e21042a673b718541fa3f63c7Timo Sirainen i_error("LDAP: Connection lost to LDAP server, reconnecting");
d39e77e1f7f58e1e21042a673b718541fa3f63c7Timo Sirainen /* server probably disconnected an idle connection. don't
d39e77e1f7f58e1e21042a673b718541fa3f63c7Timo Sirainen reconnect until the next request comes. */
43d32cbe60fdaef2699d99f1ca259053e9350411Timo Sirainensasl_interact(LDAP *ld ATTR_UNUSED, unsigned flags ATTR_UNUSED,
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen struct db_ldap_sasl_bind_context *context = defaults;
23f8c5356cacdbd1cc09a39a08ef37a39125bb74Timo Sirainen const char *str;
23f8c5356cacdbd1cc09a39a08ef37a39125bb74Timo Sirainen for (in = interact; in->id != SASL_CB_LIST_END; in++) {
16133a719ce8b6a5b8cedd721340cc1607c43433Timo Sirainenstatic int db_ldap_bind(struct ldap_connection *conn)
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen i_assert(conn->conn_state != LDAP_CONN_STATE_BINDING);
763fd2ac217023c0940415379abcd5eb7a0f7ba7Timo Sirainen msgid = ldap_bind(conn->ld, conn->set.dn, conn->set.dnpass,
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen i_assert(ldap_get_errno(conn) != LDAP_SUCCESS);
7cf0a6613fca9983b8a3443f9f6ef15df5a22162Timo Sirainen if (db_ldap_connect_finish(conn, ldap_get_errno(conn)) < 0) {
7cf0a6613fca9983b8a3443f9f6ef15df5a22162Timo Sirainen /* lost connection, close it */
b270b29d458f3cbd6e63320bb17e23f809da0045Timo Sirainenstatic void db_ldap_get_fd(struct ldap_connection *conn)
b270b29d458f3cbd6e63320bb17e23f809da0045Timo Sirainen /* get the connection's fd */
b270b29d458f3cbd6e63320bb17e23f809da0045Timo Sirainen ret = ldap_get_option(conn->ld, LDAP_OPT_DESC, (void *)&conn->fd);
d2ded6e1da2d07ac070888873ddc10999a6d87baTimo Sirainen /* Solaris LDAP library seems to be broken */
d2ded6e1da2d07ac070888873ddc10999a6d87baTimo Sirainen i_fatal("LDAP: Buggy LDAP library returned wrong fd: %d",
16133a719ce8b6a5b8cedd721340cc1607c43433Timo Sirainenint db_ldap_connect(struct ldap_connection *conn)
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen if (conn->conn_state != LDAP_CONN_STATE_DISCONNECTED)
e65cc79f80577e83c706f0678c78e2c0bd91434fTimo Sirainen if (ldap_initialize(&conn->ld, conn->set.uris) != LDAP_SUCCESS)
48559742084e98049335c21c53dfd1ff95f11cd8Timo Sirainen i_fatal("LDAP: Your LDAP library doesn't support "
48559742084e98049335c21c53dfd1ff95f11cd8Timo Sirainen "'uris' setting, use 'hosts' instead.");
e65cc79f80577e83c706f0678c78e2c0bd91434fTimo Sirainen conn->ld = ldap_init(conn->set.hosts, LDAP_PORT);
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen i_fatal("LDAP: ldap_init() failed with hosts: %s",
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen ret = ldap_set_option(conn->ld, LDAP_OPT_DEREF,
16133a719ce8b6a5b8cedd721340cc1607c43433Timo Sirainen /* If SASL binds are used, the protocol version needs to be
16133a719ce8b6a5b8cedd721340cc1607c43433Timo Sirainen at least 3 */
b567e0172c73dcf7642462e86962060358dd5f28Timo Sirainen ret = ldap_set_option(conn->ld, LDAP_OPT_PROTOCOL_VERSION,
b567e0172c73dcf7642462e86962060358dd5f28Timo Sirainen i_fatal("LDAP: Can't set protocol version %u: %s",
40992309053d51192ae1b36d1dd6c057f2d37257Timo Sirainen i_error("LDAP: ldap_start_tls_s() failed: %s",
40992309053d51192ae1b36d1dd6c057f2d37257Timo Sirainen i_error("LDAP: Your LDAP library doesn't support TLS");
efb7a523ea2f7670ca07acaaa5aeb30692ad6cd3Timo Sirainen /* There doesn't seem to be a way to do SASL binding
efb7a523ea2f7670ca07acaaa5aeb30692ad6cd3Timo Sirainen asynchronously.. */
23f8c5356cacdbd1cc09a39a08ef37a39125bb74Timo Sirainen ret = ldap_sasl_interactive_bind_s(conn->ld, NULL,
efb7a523ea2f7670ca07acaaa5aeb30692ad6cd3Timo Sirainen i_fatal("LDAP: sasl_bind=yes but no SASL support compiled in");
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen conn->conn_state = LDAP_CONN_STATE_BOUND_DEFAULT;
16133a719ce8b6a5b8cedd721340cc1607c43433Timo Sirainen conn->io = io_add(conn->fd, IO_READ, ldap_input, conn);
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainenstatic void db_ldap_disconnect_timeout(struct ldap_connection *conn)
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen /* no requests left, remove this timeout handler */
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainenstatic void db_ldap_conn_close(struct ldap_connection *conn)
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen struct ldap_request *const *requests, *request;
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen unsigned int i;
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen conn->conn_state = LDAP_CONN_STATE_DISCONNECTED;
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen requests = array_idx(&conn->request_array, 0);
63cde222abaaa2a9bdaa9a143698dbc8b23bd742Timo Sirainen request = requests[aqueue_idx(conn->request_queue, i)];
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen conn->to = timeout_add(DB_LDAP_REQUEST_DISCONNECT_TIMEOUT_SECS *
9f431ccfb6932746db56245c8a3d3415717ef545Timo Sirainenvoid db_ldap_set_attrs(struct ldap_connection *conn, const char *attrlist,
0d7d27765267594a5870892268ab345148306d49Timo Sirainen char ***attr_names_r, struct hash_table *attr_map,
16133a719ce8b6a5b8cedd721340cc1607c43433Timo Sirainen unsigned int i, j, size;
0e90e1b11b699166a4a4c5e01d132a28c3e26affTimo Sirainen /* @UNSAFE */
0d7d27765267594a5870892268ab345148306d49Timo Sirainen *attr_names_r = p_new(conn->pool, char *, size + 1);
16133a719ce8b6a5b8cedd721340cc1607c43433Timo Sirainen for (i = j = 0; i < size; i++) {
99ee694f4099ea3dcc3b6b8331b093a8f1a2c604Timo Sirainen /* allow spaces here so "foo=1, bar=2" works */
99ee694f4099ea3dcc3b6b8331b093a8f1a2c604Timo Sirainen name = value = p_strdup(conn->pool, attr_data);
99ee694f4099ea3dcc3b6b8331b093a8f1a2c604Timo Sirainen else if (p != attr_data) {
99ee694f4099ea3dcc3b6b8331b093a8f1a2c604Timo Sirainen name = p_strdup_until(conn->pool, attr_data, p);
1cb29929a19dea32779606cd54a1e63aefead88dTimo Sirainen /* =<static key>=<static value> */
73583cff4f0ca9ee87204256ca1994adf17cb94cTimo Sirainen (skip_attr == NULL || strcmp(skip_attr, value) != 0)) {
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainendb_ldap_value_get_var_expand_table(struct auth_request *auth_request)
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen unsigned int count;
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen auth_table = auth_request_get_var_expand_table(auth_request, NULL);
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen for (count = 0; auth_table[count].key != '\0'; count++) ;
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen table = t_new(struct var_expand_table, count + 1);
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen memcpy(table + 1, auth_table, sizeof(*table) * count);
1c38a95332f1945c9806d7d83175a0d948f51291Timo Sirainen ((c) == '*' || (c) == '(' || (c) == ')' || (c) == '\\')
43d32cbe60fdaef2699d99f1ca259053e9350411Timo Sirainen const struct auth_request *auth_request ATTR_UNUSED)
d1f0acc7fc722e13e8296228703adfe8a884d59eTimo Sirainen const char *p;
d1f0acc7fc722e13e8296228703adfe8a884d59eTimo Sirainen if (*p == '\0')
d1f0acc7fc722e13e8296228703adfe8a884d59eTimo Sirainen for (; *p != '\0'; p++) {
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainendb_ldap_result_iterate_init(struct ldap_connection *conn, LDAPMessage *entry,
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen ctx = t_new(struct db_ldap_result_iterate_context, 1);
1cb29929a19dea32779606cd54a1e63aefead88dTimo Sirainen ctx->static_attrs = t_strsplit(static_data, ",");
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen ctx->attr = ldap_first_attribute(conn->ld, entry, &ctx->ber);
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainendb_ldap_result_iterate_finish(struct db_ldap_result_iterate_context *ctx)
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen if (ctx->debug != NULL && str_len(ctx->debug) > 0) {
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen auth_request_log_debug(ctx->auth_request, "ldap",
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainendb_ldap_result_change_attr(struct db_ldap_result_iterate_context *ctx)
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen ctx->name = hash_lookup(ctx->attr_map, ctx->attr);
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen str_printfa(ctx->debug, " %s(%s)=", ctx->attr,
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen if (ctx->name == NULL || *ctx->name == '\0') {
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen (ctx->template = strchr(ctx->name, '=')) != NULL) {
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen /* we want to use variables */
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen ctx->name = t_strdup_until(ctx->name, ctx->template);
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen ctx->var_table = db_ldap_value_get_var_expand_table(
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen ctx->vals = ldap_get_values(ctx->conn->ld, ctx->entry,
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainendb_ldap_result_return_value(struct db_ldap_result_iterate_context *ctx)
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen var_expand(ctx->var, ctx->template, ctx->var_table);
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen if (ctx->auth_request->auth->verbose_debug_passwords ||
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainenstatic bool db_ldap_result_int_next(struct db_ldap_result_iterate_context *ctx)
1cb29929a19dea32779606cd54a1e63aefead88dTimo Sirainen const char *p;
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen /* a new attribute */
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen /* continuing existing attribute */
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen ctx->attr = ldap_next_attribute(ctx->conn->ld, ctx->entry,
1cb29929a19dea32779606cd54a1e63aefead88dTimo Sirainen if (ctx->static_attrs != NULL && *ctx->static_attrs != NULL) {
1cb29929a19dea32779606cd54a1e63aefead88dTimo Sirainen ctx->name = t_strdup_until(*ctx->static_attrs, p);
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainenbool db_ldap_result_iterate_next(struct db_ldap_result_iterate_context *ctx,
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainenbool db_ldap_result_iterate_next_all(struct db_ldap_result_iterate_context *ctx,
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen const char **name_r,
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen const char *const **values_r)
4261a8b43792dc4db4b39e6910319835b7450e84Timo Sirainen /* we can use only one value with templates */
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainenstatic const char *parse_setting(const char *key, const char *value,
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen return parse_setting_from_defs(conn->pool, setting_defs,
c4457e497e01b57565d24da624968699b166e02aTimo Sirainenstatic struct ldap_connection *ldap_conn_find(const char *config_path)
c4457e497e01b57565d24da624968699b166e02aTimo Sirainen for (conn = ldap_connections; conn != NULL; conn = conn->next) {
c4457e497e01b57565d24da624968699b166e02aTimo Sirainen if (strcmp(conn->config_path, config_path) == 0)
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainenstruct ldap_connection *db_ldap_init(const char *config_path)
c4457e497e01b57565d24da624968699b166e02aTimo Sirainen /* see if it already exists */
2e1e493b248dec0127b1eabeea5a8bc330378fcdTimo Sirainen i_fatal("LDAP: Configuration file path not given");
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen pool = pool_alloconly_create("ldap_connection", 1024);
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen conn = p_new(pool, struct ldap_connection, 1);
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen conn->conn_state = LDAP_CONN_STATE_DISCONNECTED;
c4457e497e01b57565d24da624968699b166e02aTimo Sirainen conn->config_path = p_strdup(pool, config_path);
59151b71059df1190acd75d8717ed04a7920c862Timo Sirainen if (!settings_read(config_path, NULL, parse_setting,
b1504ccfa93e77d906e39e6aa31a592d69f6b5b4Timo Sirainen if (conn->set.uris == NULL && conn->set.hosts == NULL)
b1504ccfa93e77d906e39e6aa31a592d69f6b5b4Timo Sirainen i_fatal("LDAP: Dovecot compiled without support for LDAP uris "
b1504ccfa93e77d906e39e6aa31a592d69f6b5b4Timo Sirainen "(ldap_initialize not found)");
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen conn->set.ldap_deref = deref2str(conn->set.deref);
e714eed72515794c46c6712a611e5ab924d903daTimo Sirainen conn->set.ldap_scope = scope2str(conn->set.scope);
fc4ff2356fee6389d4cf2b3f12f4098a436f0502Timo Sirainen i_array_init(&conn->request_array, DB_LDAP_MAX_QUEUE_SIZE);
63cde222abaaa2a9bdaa9a143698dbc8b23bd742Timo Sirainen conn->request_queue = aqueue_init(&conn->request_array.arr);
d5cebe7f98e63d4e2822863ef2faa4971e8b3a5dTimo Sirainenvoid db_ldap_unref(struct ldap_connection **_conn)
b321df9603081896b70ec44635af96d674a9839aTimo Sirainen for (p = &ldap_connections; *p != NULL; p = &(*p)->next) {
3cff7935d606a75357472a3e4269e0b06ac1bef2Timo Sirainen db_ldap_abort_requests(conn, -1U, 0, FALSE, "Shutting down");
be20a7ddf87cb56ee63016dd0029f0c523be09b6Timo Sirainen/* Building a plugin */
be20a7ddf87cb56ee63016dd0029f0c523be09b6Timo Sirainenextern struct passdb_module_interface passdb_ldap;