auth: ldap - Change string auth_sasl_mechanism into bool list auth_sasl_mechanisms

author Marco Bettini <marco.bettini@open-xchange.com>

Fri, 6 Sep 2024 15:04:16 +0000 (15:04 +0000)

committer Aki Tuomi <aki.tuomi@open-xchange.com>

Fri, 17 Jan 2025 08:39:59 +0000 (10:39 +0200)
author Marco Bettini <marco.bettini@open-xchange.com>
Fri, 6 Sep 2024 15:04:16 +0000 (15:04 +0000)
committer Aki Tuomi <aki.tuomi@open-xchange.com>
Fri, 17 Jan 2025 08:39:59 +0000 (10:39 +0200)
diff --git a/src/auth/db-ldap-settings.c b/src/auth/db-ldap-settings.c

index 18c9e2de704d01a797164866dae9e9f0b7d75be9..0ab93f75f1eab9f4407105c2403f8d78879d050e 100644 (file)
--- a/src/auth/db-ldap-settings.c
+++ b/src/auth/db-ldap-settings.c
@@ -1,6 +1,7 @@
  /* Copyright (c) 2005-2024 Dovecot authors, see the included COPYING file */
  
  #include "lib.h"
+#include "array.h"
  #include "settings.h"
  #include "db-ldap-settings.h"
  
@@ -22,7 +23,7 @@ static const struct setting_define ldap_setting_defines[] = {
         DEF(STR, connection_group),
         DEF(STR, auth_dn),
         DEF(STR, auth_dn_password),
-       DEF(STR, auth_sasl_mechanism),
+       DEF(BOOLLIST, auth_sasl_mechanisms),
         DEF(STR, auth_sasl_realm),
         DEF(STR, auth_sasl_authz_id),
         DEF(BOOL, starttls),
@@ -38,7 +39,7 @@ static const struct ldap_settings ldap_default_settings = {
         .connection_group = "",
         .auth_dn = "",
         .auth_dn_password = "",
-       .auth_sasl_mechanism = "",
+       .auth_sasl_mechanisms = ARRAY_INIT,
         .auth_sasl_realm = "",
         .auth_sasl_authz_id = "",
         .starttls = FALSE,
@@ -183,7 +184,7 @@ static bool ldap_setting_check(void *_set, pool_t pool ATTR_UNUSED,
  #endif
  
  #ifndef HAVE_LDAP_SASL
-       if (*set->auth_sasl_mechanism != '\0') {
+       if (!array_is_empty(&set->auth_sasl_mechanisms)) {
                 *error_r = "ldap_auth_sasl_mechanism set, but no SASL support compiled in";
                 return FALSE;
         }
@@ -202,7 +203,7 @@ int ldap_setting_post_check(const struct ldap_settings *set, const char **error_
         }
  
         if (set->version < 3) {
-               if (*set->auth_sasl_mechanism != '\0') {
+               if (!array_is_empty(&set->auth_sasl_mechanisms)) {
                         *error_r = "ldap_auth_sasl_mechanism requires ldap_version=3";
                         return -1;
                 }
diff --git a/src/auth/db-ldap-settings.h b/src/auth/db-ldap-settings.h

index 26ab3bc1045a4152a10bca162a4f20e32b011dc3..00b441e07908980281e29708f639b88aec2b91fd 100644 (file)
--- a/src/auth/db-ldap-settings.h
+++ b/src/auth/db-ldap-settings.h
@@ -20,7 +20,7 @@ struct ldap_settings {
         const char *auth_dn;
         const char *auth_dn_password;
  
-       const char *auth_sasl_mechanism;
+       ARRAY_TYPE(const_string) auth_sasl_mechanisms;
         const char *auth_sasl_realm;
         const char *auth_sasl_authz_id;
  
diff --git a/src/auth/db-ldap.c b/src/auth/db-ldap.c

index 8db3f6df24ad1708df165f2dc99d2c48416aefec..8d8dffc054a5430b2ad3c0b22b9df5846a16c54c 100644 (file)
--- a/src/auth/db-ldap.c
+++ b/src/auth/db-ldap.c
@@ -759,10 +759,12 @@ static int db_ldap_bind_sasl(struct ldap_connection *conn)
         context.realm = conn->set->auth_sasl_realm;
         context.authzid = conn->set->auth_sasl_authz_id;
  
+       const char *mechs = t_array_const_string_join(
+               &conn->set->auth_sasl_mechanisms, " ");
+
         /* There doesn't seem to be a way to do SASL binding
            asynchronously.. */
-       ret = ldap_sasl_interactive_bind_s(conn->ld, NULL,
-                                          conn->set->auth_sasl_mechanism,
+       ret = ldap_sasl_interactive_bind_s(conn->ld, NULL, mechs,
                                            NULL, NULL, LDAP_SASL_QUIET,
                                            sasl_interact, &context);
         if (db_ldap_connect_finish(conn, ret) < 0)
@@ -816,15 +818,12 @@ static int db_ldap_bind_simple(struct ldap_connection *conn)
  
  static int db_ldap_bind(struct ldap_connection *conn)
  {
-       if (*conn->set->auth_sasl_mechanism != '\0') {
-               if (db_ldap_bind_sasl(conn) < 0)
-                       return -1;
-       } else {
-               if (db_ldap_bind_simple(conn) < 0)
-                       return -1;
-       }
-
-       return 0;
+       int ret;
+       if (array_is_empty(&conn->set->auth_sasl_mechanisms))
+               ret = db_ldap_bind_simple(conn);
+       else
+               ret = db_ldap_bind_sasl(conn);
+       return ret < 0 ? -1 : 0;
  }
  
  static void db_ldap_get_fd(struct ldap_connection *conn)
author	Marco Bettini <marco.bettini@open-xchange.com>
	Fri, 6 Sep 2024 15:04:16 +0000 (15:04 +0000)
committer	Aki Tuomi <aki.tuomi@open-xchange.com>
	Fri, 17 Jan 2025 08:39:59 +0000 (10:39 +0200)
src/auth/db-ldap-settings.c		patch \| blob \| blame \| history
src/auth/db-ldap-settings.h		patch \| blob \| blame \| history
src/auth/db-ldap.c		patch \| blob \| blame \| history