From: Marco Bettini Date: Fri, 11 Oct 2024 16:10:53 +0000 (+0000) Subject: lib-ldap: ldap_connection - Add ssl_settings ssl_set X-Git-Tag: 2.4.0~128 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=40a67ed8fbe92de06302e010943d2782d8077e70;p=thirdparty%2Fdovecot%2Fcore.git lib-ldap: ldap_connection - Add ssl_settings ssl_set --- diff --git a/src/lib-ldap/ldap-client.c b/src/lib-ldap/ldap-client.c index ee0b251561..619eaf3996 100644 --- a/src/lib-ldap/ldap-client.c +++ b/src/lib-ldap/ldap-client.c @@ -31,7 +31,7 @@ int ldap_client_init_auto(struct event *event, struct ldap_client **client_r, client = i_new(struct ldap_client, 1); client->event = event_create(event); - int ret = ldap_connection_pool_get(ldap_conn_pool, client, set, + int ret = ldap_connection_pool_get(ldap_conn_pool, client, set, set->ssl_set, &client->list, error_r); settings_free(set); if (ret < 0) { diff --git a/src/lib-ldap/ldap-connection-pool.c b/src/lib-ldap/ldap-connection-pool.c index 7635ce0e4f..7273c2ef10 100644 --- a/src/lib-ldap/ldap-connection-pool.c +++ b/src/lib-ldap/ldap-connection-pool.c @@ -60,6 +60,7 @@ void ldap_connection_pool_deinit(struct ldap_connection_pool **_pool) int ldap_connection_pool_get(struct ldap_connection_pool *pool, struct ldap_client *client, const struct ldap_client_settings *set, + const struct ssl_settings *ssl_set, struct ldap_connection_list **list_r, const char **error_r) { @@ -67,13 +68,13 @@ int ldap_connection_pool_get(struct ldap_connection_pool *pool, struct ldap_connection *conn; for (list = pool->conn_list; list != NULL; list = list->next) { - if (ldap_connection_have_settings(list->conn, set)) { + if (ldap_connection_have_settings(list->conn, set, ssl_set)) { list->refcount++; *list_r = list; return 0; } } - if (ldap_connection_init(client, set, &conn, error_r) < 0) + if (ldap_connection_init(client, set, ssl_set, &conn, error_r) < 0) return -1; list = i_new(struct ldap_connection_list, 1); diff --git a/src/lib-ldap/ldap-connection-pool.h b/src/lib-ldap/ldap-connection-pool.h index 00cf1654ea..2d3cc93850 100644 --- a/src/lib-ldap/ldap-connection-pool.h +++ b/src/lib-ldap/ldap-connection-pool.h @@ -3,6 +3,7 @@ struct ldap_client; struct ldap_client_settings; +struct ssl_settings; struct ldap_connection_list { struct ldap_connection_list *prev, *next; @@ -19,6 +20,7 @@ bool ldap_connection_pool_have_references(struct ldap_connection_pool *pool); int ldap_connection_pool_get(struct ldap_connection_pool *pool, struct ldap_client *client, const struct ldap_client_settings *set, + const struct ssl_settings *ssl_set, struct ldap_connection_list **list_r, const char **error_r); void ldap_connection_pool_unref(struct ldap_connection_pool *pool, diff --git a/src/lib-ldap/ldap-connection.c b/src/lib-ldap/ldap-connection.c index a38e2a904f..9b0336cdad 100644 --- a/src/lib-ldap/ldap-connection.c +++ b/src/lib-ldap/ldap-connection.c @@ -35,6 +35,7 @@ void ldap_connection_deinit(struct ldap_connection **_conn) aqueue_idx(conn->request_queue, i)); timeout_remove(&req->to_abort); } + settings_free(conn->ssl_set); settings_free(conn->set); event_unref(&conn->event); pool_unref(&conn->pool); @@ -117,23 +118,23 @@ int ldap_connection_setup(struct ldap_connection *conn, const char **error_r) } bool ldap_connection_have_settings(struct ldap_connection *conn, - const struct ldap_client_settings *set) + const struct ldap_client_settings *set, + const struct ssl_settings *ssl_set) { - const struct ldap_client_settings *conn_set = conn->set; - if (!settings_equal(&ldap_client_setting_parser_info, - conn_set, set, NULL)) + conn->set, set, NULL)) return FALSE; if (strstr(set->uris, "ldaps://") == NULL && !set->starttls) return TRUE; return settings_equal(&ssl_setting_parser_info, - conn_set->ssl_set, set->ssl_set, NULL); + conn->ssl_set, ssl_set, NULL); } int ldap_connection_init(struct ldap_client *client, const struct ldap_client_settings *set, + const struct ssl_settings *ssl_set, struct ldap_connection **conn_r, const char **error_r) { i_assert(set->uris != NULL && set->uris[0] != '\0'); @@ -153,8 +154,10 @@ int ldap_connection_init(struct ldap_client *client, conn->client = client; pool_ref(set->pool); + pool_ref(ssl_set->pool); conn->set = set; + conn->ssl_set = ssl_set; /* deep copy relevant strings */ if (*set->auth_dn_password != '\0') @@ -165,7 +168,7 @@ int ldap_connection_init(struct ldap_client *client, { const struct ssl_iostream_settings *ssl_ioset; - ssl_client_settings_to_iostream_set(set->ssl_set, &ssl_ioset); + ssl_client_settings_to_iostream_set(ssl_set, &ssl_ioset); /* keep in sync with ldap_connection_have_settings() */ conn->ssl_ioset.min_protocol = p_strdup(pool, ssl_ioset->min_protocol); @@ -184,7 +187,6 @@ int ldap_connection_init(struct ldap_client *client, settings_free(ssl_ioset); } - i_assert(ldap_connection_have_settings(conn, set)); if (ldap_connection_setup(conn, error_r) < 0) { ldap_connection_deinit(&conn); diff --git a/src/lib-ldap/ldap-private.h b/src/lib-ldap/ldap-private.h index d4f8fefdf7..78e7e9eb93 100644 --- a/src/lib-ldap/ldap-private.h +++ b/src/lib-ldap/ldap-private.h @@ -60,6 +60,7 @@ struct ldap_connection { BerVarray scred; const struct ldap_client_settings *set; + const struct ssl_settings *ssl_set; struct ssl_iostream_settings ssl_ioset; struct aqueue *request_queue; @@ -102,11 +103,13 @@ struct ldap_search_iterator { int ldap_connection_init(struct ldap_client *client, const struct ldap_client_settings *set, + const struct ssl_settings *ssl_set, struct ldap_connection **conn_r, const char **error_r); void ldap_connection_deinit(struct ldap_connection **_conn); void ldap_connection_switch_ioloop(struct ldap_connection *conn); bool ldap_connection_have_settings(struct ldap_connection *conn, - const struct ldap_client_settings *set); + const struct ldap_client_settings *set, + const struct ssl_settings *ssl_set); void ldap_connection_search_start(struct ldap_connection *conn, const struct ldap_search_input *input,