auth_DEPENDENCIES = $(auth_libs) $(LIBDOVECOT_DEPS)
auth_SOURCES = main.c $(auth_common_sources)
-ldap_sources = db-ldap.c db-ldap-settings.c passdb-ldap.c userdb-ldap.c
+ldap_sources = db-ldap.c db-ldap-sasl.c db-ldap-settings.c passdb-ldap.c userdb-ldap.c
lua_sources = db-lua.c passdb-lua.c userdb-lua.c
auth_common_sources = \
auth-worker-connection.h \
auth-worker-server.h \
db-ldap.h \
+ db-ldap-sasl.h \
db-ldap-settings.h \
db-sql.h \
db-passwd-file.h \
--- /dev/null
+/* Copyright (c) 2023 Dovecot authors, see the included COPYING file */
+
+#include "lib.h"
+#include "ldap-sasl.h"
+#include "db-ldap.h"
+#include "db-ldap-sasl.h"
+
+#if defined(BUILTIN_LDAP) || defined(PLUGIN_BUILD)
+
+#include <stddef.h>
+#include <unistd.h>
+
+#ifndef LDAP_SASL_QUIET
+# define LDAP_SASL_QUIET 0 /* Doesn't exist in Solaris LDAP */
+#endif
+
+struct db_ldap_sasl_bind_context {
+ const char *authcid;
+ const char *passwd;
+ const char *realm;
+ const char *authzid;
+};
+
+#ifdef HAVE_LDAP_SASL
+static int
+sasl_interact(LDAP *ld ATTR_UNUSED, unsigned int flags ATTR_UNUSED,
+ void *defaults, void *interact)
+{
+ struct db_ldap_sasl_bind_context *context = defaults;
+ sasl_interact_t *in;
+ const char *str;
+
+ for (in = interact; in->id != SASL_CB_LIST_END; in++) {
+ switch (in->id) {
+ case SASL_CB_GETREALM:
+ str = context->realm;
+ break;
+ case SASL_CB_AUTHNAME:
+ str = context->authcid;
+ break;
+ case SASL_CB_USER:
+ str = context->authzid;
+ break;
+ case SASL_CB_PASS:
+ str = context->passwd;
+ break;
+ default:
+ str = NULL;
+ break;
+ }
+ if (str != NULL) {
+ in->len = strlen(str);
+ in->result = str;
+ }
+ }
+ return LDAP_SUCCESS;
+}
+
+int db_ldap_bind_sasl_interactive(struct ldap_connection *conn)
+{
+ struct db_ldap_sasl_bind_context context;
+
+ i_zero(&context);
+ context.authcid = conn->set->auth_dn;
+ context.passwd = conn->set->auth_dn_password;
+ context.realm = conn->set->auth_sasl_realm;
+ context.authzid = conn->set->auth_sasl_authz_id;
+
+ const char *mechs = t_array_const_string_join(
+ &conn->set->auth_sasl_mechanisms, " ");
+
+ /* There doesn't seem to be a way to do SASL binding
+ asynchronously.. */
+ return ldap_sasl_interactive_bind_s(conn->ld, NULL, mechs,
+ NULL, NULL, LDAP_SASL_QUIET,
+ sasl_interact, &context);
+}
+#else
+int db_ldap_bind_sasl_interactive(struct ldap_connection *conn ATTR_UNUSED)
+{
+ i_unreached(); /* already checked at init */
+}
+#endif
+
+#endif
--- /dev/null
+#ifndef DB_LDAP_SASL_H
+#define DB_LDAP_SASL_H
+
+int db_ldap_bind_sasl_interactive(struct ldap_connection *conn);
+
+#endif
#ifdef HAVE_LDAP
/* <settings checks> */
+#include "ldap-sasl.h"
#include "ldap-settings-parse.h"
static bool ldap_setting_check(void *_set, pool_t pool, const char **error_r);
#ifndef DB_LDAP_SETTINGS_H
#define DB_LDAP_SETTINGS_H
-/* <settings checks> */
-#define HAVE_LDAP_SASL
-#ifdef HAVE_SASL_SASL_H
-# include <sasl/sasl.h>
-#elif defined (HAVE_SASL_H)
-# include <sasl.h>
-#else
-# undef HAVE_LDAP_SASL
-#endif
-#if !defined(SASL_VERSION_MAJOR) || SASL_VERSION_MAJOR < 2
-# undef HAVE_LDAP_SASL
-#endif
-/* </settings checks> */
-
enum db_ldap_lookup_type {
DB_LDAP_LOOKUP_TYPE_PASSDB,
DB_LDAP_LOOKUP_TYPE_USERDB,
#include "ssl-settings.h"
#include "userdb.h"
#include "db-ldap.h"
+#include "db-ldap-sasl.h"
#include "ldap-utils.h"
#include <unistd.h>
# define OPENLDAP_TLS_OPTIONS
#endif
-#ifndef LDAP_SASL_QUIET
-# define LDAP_SASL_QUIET 0 /* Doesn't exist in Solaris LDAP */
-#endif
-
/* Older versions may require calling ldap_result() twice */
#if LDAP_VENDOR_VERSION <= 20112
# define OPENLDAP_ASYNC_WORKAROUND
LDAP *ld;
};
-struct db_ldap_sasl_bind_context {
- const char *authcid;
- const char *passwd;
- const char *realm;
- const char *authzid;
-};
-
static struct ldap_connection *ldap_connections = NULL;
static int db_ldap_bind(struct ldap_connection *conn);
bool error, const char *reason);
static void db_ldap_request_free(struct ldap_request *request);
+extern int db_ldap_bind_sasl_interactive(struct ldap_connection *conn);
+
static int ldap_get_errno(struct ldap_connection *conn)
{
int ret, err;
}
}
-#ifdef HAVE_LDAP_SASL
-static int
-sasl_interact(LDAP *ld ATTR_UNUSED, unsigned int flags ATTR_UNUSED,
- void *defaults, void *interact)
-{
- struct db_ldap_sasl_bind_context *context = defaults;
- sasl_interact_t *in;
- const char *str;
-
- for (in = interact; in->id != SASL_CB_LIST_END; in++) {
- switch (in->id) {
- case SASL_CB_GETREALM:
- str = context->realm;
- break;
- case SASL_CB_AUTHNAME:
- str = context->authcid;
- break;
- case SASL_CB_USER:
- str = context->authzid;
- break;
- case SASL_CB_PASS:
- str = context->passwd;
- break;
- default:
- str = NULL;
- break;
- }
- if (str != NULL) {
- in->len = strlen(str);
- in->result = str;
- }
- }
- return LDAP_SUCCESS;
-}
-#endif
-
static void ldap_connection_timeout(struct ldap_connection *conn)
{
i_assert(conn->conn_state == LDAP_CONN_STATE_BINDING);
db_ldap_conn_close(conn);
}
-#ifdef HAVE_LDAP_SASL
static int db_ldap_bind_sasl(struct ldap_connection *conn)
{
- struct db_ldap_sasl_bind_context context;
int ret;
- i_zero(&context);
- context.authcid = conn->set->auth_dn;
- context.passwd = conn->set->auth_dn_password;
- context.realm = conn->set->auth_sasl_realm;
- context.authzid = conn->set->auth_sasl_authz_id;
-
- const char *mechs = t_array_const_string_join(
- &conn->set->auth_sasl_mechanisms, " ");
-
- /* There doesn't seem to be a way to do SASL binding
- asynchronously.. */
- ret = ldap_sasl_interactive_bind_s(conn->ld, NULL, mechs,
- NULL, NULL, LDAP_SASL_QUIET,
- sasl_interact, &context);
+ ret = db_ldap_bind_sasl_interactive(conn);
if (db_ldap_connect_finish(conn, ret) < 0)
return -1;
return 0;
}
-#else
-static int db_ldap_bind_sasl(struct ldap_connection *conn ATTR_UNUSED)
-{
- i_unreached(); /* already checked at init */
-
- return -1;
-}
-#endif
static int db_ldap_bind_simple(struct ldap_connection *conn)
{
noinst_HEADERS = \
ldap-connection-pool.h \
ldap-private.h \
+ ldap-sasl.h \
ldap-settings.h \
ldap-settings-parse.h
--- /dev/null
+#ifndef LDAP_SASL_H
+#define LDAP_SASL_H
+
+#define HAVE_LDAP_SASL
+#ifdef HAVE_SASL_SASL_H
+# include <sasl/sasl.h>
+#elif defined (HAVE_SASL_H)
+# include <sasl.h>
+#else
+# undef HAVE_LDAP_SASL
+#endif
+#if !defined(SASL_VERSION_MAJOR) || SASL_VERSION_MAJOR < 2
+# undef HAVE_LDAP_SASL
+#endif
+
+#endif
projects / thirdparty / dovecot / core.git / commitdiff
