From: Marco Bettini <marco.bettini@open-xchange.com>
Date: Mon, 14 Oct 2024 14:56:39 +0000 (+0000)
Subject: auth: Move db_ldap_set_*() - Move to lib-ldap
X-Git-Tag: 2.4.0~125
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ec19da66ce74b636413a3e30601346218c987541;p=thirdparty%2Fdovecot%2Fcore.git

auth: Move db_ldap_set_*() - Move to lib-ldap
---

diff --git a/src/auth/Makefile.am b/src/auth/Makefile.am
index 9a1019b451..490455559b 100644
--- a/src/auth/Makefile.am
+++ b/src/auth/Makefile.am
@@ -65,7 +65,8 @@ auth_LDFLAGS = -export-dynamic
 
 auth_libs = \
 	$(AUTH_LUA_LIBS) \
-	$(LIBDOVECOT_SQL)
+	$(LIBDOVECOT_SQL) \
+	$(LIBDOVECOT_LDAP)
 
 auth_CPPFLAGS = $(AM_CPPFLAGS) $(BINARY_CFLAGS)
 auth_LDADD = $(auth_libs) $(LIBDOVECOT) $(AUTH_LIBS) $(BINARY_LDFLAGS) $(AUTH_LUA_LDADD)
diff --git a/src/auth/db-ldap.c b/src/auth/db-ldap.c
index f276a897ed..d1c7a330e6 100644
--- a/src/auth/db-ldap.c
+++ b/src/auth/db-ldap.c
@@ -18,6 +18,7 @@
 #include "ssl-settings.h"
 #include "userdb.h"
 #include "db-ldap.h"
+#include "ldap-utils.h"
 
 #include <unistd.h>
 
@@ -845,57 +846,6 @@ static void db_ldap_get_fd(struct ldap_connection *conn)
 	net_set_nonblock(conn->fd, TRUE);
 }
 
-static void
-db_ldap_set_opt(const char *log_prefix, LDAP *ld, int opt,
-		const void *value, const char *optname, const char *value_str)
-{
-	int ret;
-
-	ret = ldap_set_option(ld, opt, value);
-	if (ret != LDAP_SUCCESS) {
-		i_fatal("%sCan't set option %s to %s: %s",
-			log_prefix, optname, value_str, ldap_err2string(ret));
-	}
-}
-
-static void
-db_ldap_set_opt_str(const char *log_prefix, LDAP *ld, int opt,
-		    const char *value, const char *optname)
-{
-	if (*value != '\0')
-		db_ldap_set_opt(log_prefix, ld, opt, value, optname, value);
-}
-
-static void db_ldap_set_tls_options(const char *log_prefix, bool starttls,
-				    const char *uris,
-				    const struct ssl_settings *ssl_set)
-{
-#ifdef OPENLDAP_TLS_OPTIONS
-	if (!starttls && strstr(uris, "ldaps:") == NULL)
-		return;
-
-	db_ldap_set_opt_str(log_prefix, NULL, LDAP_OPT_X_TLS_CACERTFILE,
-			    ssl_set->ssl_client_ca_file, "ssl_client_ca_file");
-	db_ldap_set_opt_str(log_prefix, NULL, LDAP_OPT_X_TLS_CACERTDIR,
-			    ssl_set->ssl_client_ca_dir, "ssl_client_ca_dir");
-	db_ldap_set_opt_str(log_prefix, NULL, LDAP_OPT_X_TLS_CERTFILE,
-			    ssl_set->ssl_client_cert_file, "ssl_client_cert_file");
-	db_ldap_set_opt_str(log_prefix, NULL, LDAP_OPT_X_TLS_KEYFILE,
-			    ssl_set->ssl_client_key_file, "ssl_client_key_file");
-	db_ldap_set_opt_str(log_prefix, NULL, LDAP_OPT_X_TLS_CIPHER_SUITE,
-			    ssl_set->ssl_cipher_list, "ssl_cipher_list");
-	db_ldap_set_opt_str(log_prefix, NULL, LDAP_OPT_X_TLS_PROTOCOL_MIN,
-			    ssl_set->ssl_min_protocol, "ssl_min_protocol");
-	db_ldap_set_opt_str(log_prefix, NULL, LDAP_OPT_X_TLS_ECNAME,
-			    ssl_set->ssl_curve_list, "ssl_curve_list");
-
-	bool requires = ssl_set->ssl_client_require_valid_cert;
-	int opt = requires ? LDAP_OPT_X_TLS_HARD : LDAP_OPT_X_TLS_ALLOW;
-	db_ldap_set_opt(log_prefix, NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &opt,
-			"ssl_client_require_valid_cert", requires ? "yes" : "no" );
-#endif
-}
-
 static const char *
 db_ldap_log_callback(struct ldap_connection *conn)
 {
@@ -925,7 +875,7 @@ db_ldap_del_connection_callback(LDAP *ld ATTR_UNUSED, Sockbuf *sb ATTR_UNUSED,
 	/* does nothing, but must exist in struct ldap_conncb */
 }
 
-static void db_ldap_set_options(struct ldap_connection *conn)
+static void ldap_set_options(struct ldap_connection *conn)
 {
 	int ret;
 
@@ -948,21 +898,20 @@ static void db_ldap_set_options(struct ldap_connection *conn)
 			conn->log_prefix, ldap_err2string(ret));
 #endif
 
-	db_ldap_set_opt(conn->log_prefix, conn->ld, LDAP_OPT_DEREF, &conn->set->parsed_deref,
+	ldap_set_opt(conn->log_prefix, conn->ld, LDAP_OPT_DEREF, &conn->set->parsed_deref,
 			"ldap_deref", conn->set->deref);
 #ifdef LDAP_OPT_DEBUG_LEVEL
 	if (conn->set->debug_level != 0) {
-		db_ldap_set_opt(conn->log_prefix, NULL, LDAP_OPT_DEBUG_LEVEL, &conn->set->debug_level,
+		ldap_set_opt(conn->log_prefix, NULL, LDAP_OPT_DEBUG_LEVEL, &conn->set->debug_level,
 				"ldap_debug_level", dec2str(conn->set->debug_level));
 		event_set_forced_debug(conn->event, TRUE);
 	}
 #endif
 
-	db_ldap_set_opt(conn->log_prefix, conn->ld, LDAP_OPT_PROTOCOL_VERSION,
-			&conn->set->version,
-			"ldap_version", dec2str(conn->set->version));
-	db_ldap_set_tls_options(conn->log_prefix, conn->set->starttls,
-				conn->set->uris, conn->ssl_set);
+	ldap_set_opt(conn->log_prefix, conn->ld, LDAP_OPT_PROTOCOL_VERSION,
+		     &conn->set->version, "ldap_version", dec2str(conn->set->version));
+	ldap_set_tls_options(conn->log_prefix, conn->set->starttls,
+			     conn->set->uris, conn->ssl_set);
 }
 
 static void db_ldap_init_ld(struct ldap_connection *conn)
@@ -972,7 +921,7 @@ static void db_ldap_init_ld(struct ldap_connection *conn)
 		i_fatal("%sldap_initialize() failed: %s",
 			conn->log_prefix, ldap_err2string(ret));
 	}
-	db_ldap_set_options(conn);
+	ldap_set_options(conn);
 }
 
 int db_ldap_connect(struct ldap_connection *conn)
diff --git a/src/lib-ldap/Makefile.am b/src/lib-ldap/Makefile.am
index 871256f2c3..f33a823ae5 100644
--- a/src/lib-ldap/Makefile.am
+++ b/src/lib-ldap/Makefile.am
@@ -16,6 +16,7 @@ libdldap_la_SOURCES = \
 	ldap-iterator.c \
 	ldap-search.c \
 	ldap-settings.c \
+	ldap-utils.c \
 	ldap-compare.c \
 	ldap-entry.c
 
@@ -34,6 +35,7 @@ headers = \
 noinst_HEADERS = \
 	ldap-connection-pool.h \
 	ldap-private.h \
+	ldap-utils.h \
 	ldap-settings.h \
 	ldap-settings-parse.h
 
diff --git a/src/lib-ldap/ldap-utils.c b/src/lib-ldap/ldap-utils.c
new file mode 100644
index 0000000000..bd0420e0e7
--- /dev/null
+++ b/src/lib-ldap/ldap-utils.c
@@ -0,0 +1,66 @@
+/* Copyright (c) 2024 Dovecot authors */
+
+#include "lib.h"
+#include "ldap-utils.h"
+#include "ssl-settings.h"
+
+void ldap_set_opt(const char *prefix, LDAP *ld, int opt, const void *value,
+		  const char *optname, const char *value_str)
+{
+	int ret;
+
+	ret = ldap_set_option(ld, opt, value);
+	if (ret != LDAP_SUCCESS) {
+		i_fatal("%sCan't set option %s to %s: %s",
+			prefix, optname, value_str, ldap_err2string(ret));
+	}
+}
+
+void ldap_set_opt_str(const char *prefix, LDAP *ld, int opt, const char *value,
+		      const char *optname)
+{
+	if (*value != '\0')
+		ldap_set_opt(prefix, ld, opt, value, optname, value);
+}
+
+#ifndef LDAP_OPT_X_TLS
+void ldap_set_tls_options(const char *prefix ATTR_UNUSED,
+			  bool starttls ATTR_UNUSED, const char *uris ATTR_UNUSED,
+			  const struct ssl_settings *ssl_set ATTR_UNUSED) { }
+#else
+
+void ldap_set_tls_options(const char *prefix, bool starttls, const char *uris,
+			  const struct ssl_settings *ssl_set)
+{
+	if (!starttls && strstr(uris, "ldaps:") == NULL)
+		return;
+
+	const char *ssl_client_ca_file = t_strcut(ssl_set->ssl_client_ca_file, '\n');
+	ldap_set_opt_str(prefix, NULL, LDAP_OPT_X_TLS_CACERTFILE,
+			 ssl_client_ca_file, "ssl_client_ca_file");
+
+	ldap_set_opt_str(prefix, NULL, LDAP_OPT_X_TLS_CACERTDIR,
+			 ssl_set->ssl_client_ca_dir, "ssl_client_ca_dir");
+
+	const char *ssl_client_cert_file = t_strcut(ssl_set->ssl_client_cert_file, '\n');
+	ldap_set_opt_str(prefix, NULL, LDAP_OPT_X_TLS_CERTFILE,
+			 ssl_client_cert_file, "ssl_client_cert_file");
+
+	const char *ssl_client_key_file = t_strcut(ssl_set->ssl_client_key_file, '\n');
+	ldap_set_opt_str(prefix, NULL, LDAP_OPT_X_TLS_KEYFILE,
+			 ssl_client_key_file, "ssl_client_key_file");
+
+	ldap_set_opt_str(prefix, NULL, LDAP_OPT_X_TLS_CIPHER_SUITE,
+			 ssl_set->ssl_cipher_list, "ssl_cipher_list");
+	ldap_set_opt_str(prefix, NULL, LDAP_OPT_X_TLS_PROTOCOL_MIN,
+			 ssl_set->ssl_min_protocol, "ssl_min_protocol");
+	ldap_set_opt_str(prefix, NULL, LDAP_OPT_X_TLS_ECNAME,
+			 ssl_set->ssl_curve_list, "ssl_curve_list");
+
+	bool requires = ssl_set->ssl_client_require_valid_cert;
+	int opt = requires ? LDAP_OPT_X_TLS_HARD : LDAP_OPT_X_TLS_NEVER;
+	ldap_set_opt(prefix, NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &opt,
+		     "ssl_client_require_valid_cert", requires ? "yes" : "no" );
+}
+
+#endif
diff --git a/src/lib-ldap/ldap-utils.h b/src/lib-ldap/ldap-utils.h
new file mode 100644
index 0000000000..73bc47e587
--- /dev/null
+++ b/src/lib-ldap/ldap-utils.h
@@ -0,0 +1,17 @@
+#ifndef LDAP_UTILS_H
+#define LDAP_UTILS_H
+
+#include <ldap.h>
+
+struct ssl_settings;
+
+void ldap_set_opt(const char *prefix, LDAP *ld, int opt, const void *value,
+		  const char *optname, const char *value_str);
+
+void ldap_set_opt_str(const char *prefix, LDAP *ld, int opt, const char *value,
+		      const char *optname);
+
+void ldap_set_tls_options(const char *prefix, bool starttls, const char *uris,
+			  const struct ssl_settings *ssl_set);
+
+#endif