From: Timo Sirainen Date: Thu, 12 Dec 2024 12:49:44 +0000 (+0200) Subject: auth: Add passdb_ and userdb_ prefixes to auth-specific ldap_* settings X-Git-Tag: 2.4.0~73 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f4ba4f9c6ac4dffb5c108a8d44092693b439de48;p=thirdparty%2Fdovecot%2Fcore.git auth: Add passdb_ and userdb_ prefixes to auth-specific ldap_* settings --- diff --git a/src/auth/db-ldap-settings.c b/src/auth/db-ldap-settings.c index 2b1d7e4c48..e7fe979c4f 100644 --- a/src/auth/db-ldap-settings.c +++ b/src/auth/db-ldap-settings.c @@ -70,27 +70,25 @@ const struct setting_parser_info ldap_setting_parser_info = { #undef DEF #undef DEFN #define DEF(type, field) \ - SETTING_DEFINE_STRUCT_##type("ldap_"#field, field, struct ldap_pre_settings) -#define DEFN(type, field, name) \ - SETTING_DEFINE_STRUCT_##type(#name, field, struct ldap_pre_settings) + SETTING_DEFINE_STRUCT_##type(#field, field, struct ldap_pre_settings) static const struct setting_define ldap_pre_setting_defines[] = { - { .type = SET_FILTER_NAME, .key = "passdb_ldap", }, - { .type = SET_FILTER_NAME, .key = "userdb_ldap", }, - DEF(STR, base), - DEFN(BOOL, passdb_ldap_bind, passdb_ldap_bind), - DEFN(STR, passdb_ldap_bind_userdn, passdb_ldap_bind_userdn), - DEF(STR, filter), - DEF(STR, iterate_filter), + DEF(STR, ldap_base), + DEF(BOOL, passdb_ldap_bind), + DEF(STR, passdb_ldap_filter), + DEF(STR, passdb_ldap_bind_userdn), + DEF(STR, userdb_ldap_filter), + DEF(STR, userdb_ldap_iterate_filter), SETTING_DEFINE_LIST_END }; static const struct ldap_pre_settings ldap_pre_default_settings = { - .base = "", + .ldap_base = "", .passdb_ldap_bind = FALSE, + .passdb_ldap_filter = "", .passdb_ldap_bind_userdn = "", - .filter = "", - .iterate_filter = "", + .userdb_ldap_filter = "", + .userdb_ldap_iterate_filter = "", }; const struct setting_parser_info ldap_pre_setting_parser_info = { @@ -105,11 +103,9 @@ const struct setting_parser_info ldap_pre_setting_parser_info = { #undef DEF #define DEF(type, field) \ - SETTING_DEFINE_STRUCT_##type("ldap_"#field, field, struct ldap_post_settings) + SETTING_DEFINE_STRUCT_##type("userdb_ldap_"#field, field, struct ldap_post_settings) static const struct setting_define ldap_post_setting_defines[] = { - { .type = SET_FILTER_NAME, .key = "passdb_ldap", }, - { .type = SET_FILTER_NAME, .key = "userdb_ldap", }, DEF(STRLIST, iterate_fields), SETTING_DEFINE_LIST_END }; @@ -204,7 +200,7 @@ int ldap_setting_post_check(const struct ldap_settings *set, const char **error_ int ldap_pre_settings_post_check(const struct ldap_pre_settings *set, const char **error_r) { - if (*set->base == '\0') { + if (*set->ldap_base == '\0') { *error_r = "No ldap_base given"; return -1; } diff --git a/src/auth/db-ldap-settings.h b/src/auth/db-ldap-settings.h index 0460f218e3..a51b35e77c 100644 --- a/src/auth/db-ldap-settings.h +++ b/src/auth/db-ldap-settings.h @@ -44,15 +44,16 @@ struct ldap_pre_settings { pool_t pool; /* shared: */ - const char *base; - const char *filter; + const char *ldap_base; /* passdb: */ bool passdb_ldap_bind; + const char *passdb_ldap_filter; const char *passdb_ldap_bind_userdn; /* userdb: */ - const char *iterate_filter; + const char *userdb_ldap_filter; + const char *userdb_ldap_iterate_filter; }; struct ldap_post_settings { diff --git a/src/auth/passdb-ldap.c b/src/auth/passdb-ldap.c index 3cde6dff30..3416def067 100644 --- a/src/auth/passdb-ldap.c +++ b/src/auth/passdb-ldap.c @@ -79,7 +79,7 @@ ldap_lookup_finish(struct auth_request *auth_request, auth_request_db_log_unknown_user(auth_request); } else if (ldap_request->entries > 1) { e_error(authdb_event(auth_request), - "ldap_filter matched multiple objects, aborting"); + "passdb_ldap_filter matched multiple objects, aborting"); passdb_result = PASSDB_RESULT_INTERNAL_FAILURE; } else if (auth_request->passdb_password == NULL && ldap_request->require_password && @@ -224,7 +224,7 @@ ldap_bind_lookup_dn_fail(struct auth_request *auth_request, } else { i_assert(request->entries > 1); e_error(authdb_event(auth_request), - "ldap_filter matched multiple objects, aborting"); + "passdb_ldap_filter matched multiple objects, aborting"); passdb_result = PASSDB_RESULT_INTERNAL_FAILURE; } @@ -291,8 +291,9 @@ static void ldap_lookup_pass(struct auth_request *auth_request, request->require_password = require_password; srequest->request.type = LDAP_REQUEST_TYPE_SEARCH; - srequest->base = p_strdup(auth_request->pool, ldap_set->base); - srequest->filter = p_strdup(auth_request->pool, ldap_set->filter); + srequest->base = p_strdup(auth_request->pool, ldap_set->ldap_base); + srequest->filter = p_strdup(auth_request->pool, + ldap_set->passdb_ldap_filter); srequest->attributes = module->attributes; srequest->sensitive_attr_names = module->sensitive_attr_names; @@ -317,8 +318,9 @@ static void ldap_bind_lookup_dn(struct auth_request *auth_request, struct ldap_request_search *srequest = &request->request.search; srequest->request.type = LDAP_REQUEST_TYPE_SEARCH; - srequest->base = p_strdup(auth_request->pool, ldap_set->base); - srequest->filter = p_strdup(auth_request->pool, ldap_set->filter); + srequest->base = p_strdup(auth_request->pool, ldap_set->ldap_base); + srequest->filter = p_strdup(auth_request->pool, + ldap_set->passdb_ldap_filter); /* we don't need the attributes to perform authentication, but they may contain some extra parameters. if a password is returned, @@ -453,7 +455,8 @@ static int passdb_ldap_preinit(pool_t pool, struct event *event, "password" : NULL); module->module.default_cache_key = auth_cache_parse_key_and_fields( - pool, t_strconcat(ldap_pre->base, ldap_pre->filter, NULL), + pool, t_strconcat(ldap_pre->ldap_base, + ldap_pre->passdb_ldap_filter, NULL), &auth_post->fields, NULL); *module_r = &module->module; diff --git a/src/auth/userdb-ldap.c b/src/auth/userdb-ldap.c index eef7f5a1b5..ece572793c 100644 --- a/src/auth/userdb-ldap.c +++ b/src/auth/userdb-ldap.c @@ -77,7 +77,7 @@ userdb_ldap_lookup_finish(struct auth_request *auth_request, auth_request_db_log_unknown_user(auth_request); } else if (urequest->entries > 1) { e_error(authdb_event(auth_request), - "ldap_filter matched multiple objects, aborting"); + "userdb_ldap_filter matched multiple objects, aborting"); result = USERDB_RESULT_INTERNAL_FAILURE; } else { result = USERDB_RESULT_OK; @@ -135,8 +135,10 @@ static void userdb_ldap_lookup(struct auth_request *auth_request, auth_request_ref(auth_request); request = p_new(auth_request->pool, struct userdb_ldap_request, 1); request->userdb_callback = callback; - request->request.base = p_strdup(auth_request->pool, ldap_pre->base); - request->request.filter = p_strdup(auth_request->pool, ldap_pre->filter); + request->request.base = p_strdup(auth_request->pool, + ldap_pre->ldap_base); + request->request.filter = p_strdup(auth_request->pool, + ldap_pre->userdb_ldap_filter); request->request.attributes = module->attributes; request->request.sensitive_attr_names = module->sensitive_attr_names; @@ -264,8 +266,10 @@ userdb_ldap_iterate_init(struct auth_request *auth_request, auth_request_ref(auth_request); request->request.request.auth_request = auth_request; - request->request.base = p_strdup(auth_request->pool, ldap_pre->base); - request->request.filter = p_strdup(auth_request->pool, ldap_pre->iterate_filter); + request->request.base = p_strdup(auth_request->pool, + ldap_pre->ldap_base); + request->request.filter = p_strdup(auth_request->pool, + ldap_pre->userdb_ldap_iterate_filter); request->request.attributes = module->iterate_attributes; request->request.sensitive_attr_names = module->sensitive_attr_names; request->request.multi_entry = TRUE; @@ -337,7 +341,8 @@ static int userdb_ldap_preinit(pool_t pool, struct event *event, &module->iterate_attributes, NULL, NULL); module->module.default_cache_key = auth_cache_parse_key_and_fields( - pool, t_strconcat(ldap_pre->base, ldap_pre->filter, NULL), + pool, t_strconcat(ldap_pre->ldap_base, + ldap_pre->userdb_ldap_filter, NULL), &auth_post->fields, NULL); *module_r = &module->module;