From: Marco Bettini Date: Thu, 1 Aug 2024 09:35:17 +0000 (+0000) Subject: auth: struct ldap_connection - Change set into a pointer X-Git-Tag: 2.4.1~784 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d615f2185a70e1fbe924dd4e720892c39a915e14;p=thirdparty%2Fdovecot%2Fcore.git auth: struct ldap_connection - Change set into a pointer --- diff --git a/src/auth/db-ldap.c b/src/auth/db-ldap.c index 3990c111eb..7a75354d40 100644 --- a/src/auth/db-ldap.c +++ b/src/auth/db-ldap.c @@ -339,7 +339,7 @@ static int db_ldap_request_search(struct ldap_connection *conn, ldap_search_ext( conn->ld, *srequest->base == '\0' ? NULL : srequest->base, - conn->set.ldap_scope, srequest->filter, srequest->attributes, + conn->set->ldap_scope, srequest->filter, srequest->attributes, 0, NULL, NULL, 0, 0, &request->msgid); if (request->msgid == -1) { e_error(authdb_event(request->auth_request), @@ -475,13 +475,13 @@ static int db_ldap_connect_finish(struct ldap_connection *conn, int ret) { if (ret == LDAP_SERVER_DOWN) { e_error(conn->event, "Can't connect to server: %s", - conn->set.uris != NULL ? - conn->set.uris : conn->set.hosts); + conn->set->uris != NULL ? + conn->set->uris : conn->set->hosts); return -1; } if (ret != LDAP_SUCCESS) { e_error(conn->event, "binding failed (dn %s): %s", - conn->set.dn == NULL ? "(none)" : conn->set.dn, + conn->set->dn == NULL ? "(none)" : conn->set->dn, ldap_get_error(conn)); return -1; } @@ -859,15 +859,15 @@ static int db_ldap_bind_sasl(struct ldap_connection *conn) int ret; i_zero(&context); - context.authcid = conn->set.dn; - context.passwd = conn->set.dnpass; - context.realm = conn->set.sasl_realm; - context.authzid = conn->set.sasl_authz_id; + context.authcid = conn->set->dn; + context.passwd = conn->set->dnpass; + context.realm = conn->set->sasl_realm; + context.authzid = conn->set->sasl_authz_id; /* There doesn't seem to be a way to do SASL binding asynchronously.. */ ret = ldap_sasl_interactive_bind_s(conn->ld, NULL, - conn->set.sasl_mech, + conn->set->sasl_mech, NULL, NULL, LDAP_SASL_QUIET, sasl_interact, &context); if (db_ldap_connect_finish(conn, ret) < 0) @@ -894,7 +894,7 @@ static int db_ldap_bind_simple(struct ldap_connection *conn) i_assert(conn->default_bind_msgid == -1); i_assert(conn->pending_count == 0); - msgid = ldap_bind(conn->ld, conn->set.dn, conn->set.dnpass, + msgid = ldap_bind(conn->ld, conn->set->dn, conn->set->dnpass, LDAP_AUTH_SIMPLE); if (msgid == -1) { i_assert(ldap_get_errno(conn) != LDAP_SUCCESS); @@ -916,7 +916,7 @@ static int db_ldap_bind_simple(struct ldap_connection *conn) static int db_ldap_bind(struct ldap_connection *conn) { - if (conn->set.sasl_bind) { + if (conn->set->sasl_bind) { if (db_ldap_bind_sasl(conn) < 0) return -1; } else { @@ -968,25 +968,25 @@ static void db_ldap_set_tls_options(struct ldap_connection *conn) { #ifdef OPENLDAP_TLS_OPTIONS db_ldap_set_opt_str(NULL, LDAP_OPT_X_TLS_CACERTFILE, - conn->set.tls_ca_cert_file, "tls_ca_cert_file"); + conn->set->tls_ca_cert_file, "tls_ca_cert_file"); db_ldap_set_opt_str(NULL, LDAP_OPT_X_TLS_CACERTDIR, - conn->set.tls_ca_cert_dir, "tls_ca_cert_dir"); + conn->set->tls_ca_cert_dir, "tls_ca_cert_dir"); db_ldap_set_opt_str(NULL, LDAP_OPT_X_TLS_CERTFILE, - conn->set.tls_cert_file, "tls_cert_file"); + conn->set->tls_cert_file, "tls_cert_file"); db_ldap_set_opt_str(NULL, LDAP_OPT_X_TLS_KEYFILE, - conn->set.tls_key_file, "tls_key_file"); + conn->set->tls_key_file, "tls_key_file"); db_ldap_set_opt_str(NULL, LDAP_OPT_X_TLS_CIPHER_SUITE, - conn->set.tls_cipher_suite, "tls_cipher_suite"); - if (conn->set.tls_require_cert != NULL) { - db_ldap_set_opt(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &conn->set.ldap_tls_require_cert_parsed, - "tls_require_cert", conn->set.tls_require_cert); + conn->set->tls_cipher_suite, "tls_cipher_suite"); + if (conn->set->tls_require_cert != NULL) { + db_ldap_set_opt(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &conn->set->ldap_tls_require_cert_parsed, + "tls_require_cert", conn->set->tls_require_cert); } #else - if (conn->set.tls_ca_cert_file != NULL || - conn->set.tls_ca_cert_dir != NULL || - conn->set.tls_cert_file != NULL || - conn->set.tls_key_file != NULL || - conn->set.tls_cipher_suite != NULL) { + if (conn->set->tls_ca_cert_file != NULL || + conn->set->tls_ca_cert_dir != NULL || + conn->set->tls_cert_file != NULL || + conn->set->tls_key_file != NULL || + conn->set->tls_cipher_suite != NULL) { i_fatal("LDAP: tls_* settings aren't supported by your LDAP library - they must not be set"); } #endif @@ -1004,18 +1004,18 @@ static void db_ldap_set_options(struct ldap_connection *conn) i_fatal("LDAP: Can't set network-timeout: %s", ldap_err2string(ret)); #endif - db_ldap_set_opt(conn->ld, LDAP_OPT_DEREF, &conn->set.ldap_deref, - "deref", conn->set.deref); + db_ldap_set_opt(conn->ld, LDAP_OPT_DEREF, &conn->set->ldap_deref, + "deref", conn->set->deref); #ifdef LDAP_OPT_DEBUG_LEVEL int debug_level; - if (str_to_int(conn->set.debug_level, &debug_level) >= 0 && debug_level != 0) { + if (str_to_int(conn->set->debug_level, &debug_level) >= 0 && debug_level != 0) { db_ldap_set_opt(NULL, LDAP_OPT_DEBUG_LEVEL, &debug_level, - "debug_level", conn->set.debug_level); + "debug_level", conn->set->debug_level); event_set_forced_debug(conn->event, TRUE); } #endif - unsigned int ldap_version = conn->set.ldap_version; + unsigned int ldap_version = conn->set->ldap_version; db_ldap_set_opt(conn->ld, LDAP_OPT_PROTOCOL_VERSION, &ldap_version, "protocol_version", dec2str(ldap_version)); db_ldap_set_tls_options(conn); @@ -1025,21 +1025,21 @@ static void db_ldap_init_ld(struct ldap_connection *conn) { int ret; - if (conn->set.uris != NULL) { + if (conn->set->uris != NULL) { #ifdef LDAP_HAVE_INITIALIZE - ret = ldap_initialize(&conn->ld, conn->set.uris); + ret = ldap_initialize(&conn->ld, conn->set->uris); if (ret != LDAP_SUCCESS) { i_fatal("LDAP: ldap_initialize() failed with uris %s: %s", - conn->set.uris, ldap_err2string(ret)); + conn->set->uris, ldap_err2string(ret)); } #else i_unreached(); /* already checked at init */ #endif } else { - conn->ld = ldap_init(conn->set.hosts, LDAP_PORT); + conn->ld = ldap_init(conn->set->hosts, LDAP_PORT); if (conn->ld == NULL) { i_fatal("LDAP: ldap_init() failed with hosts: %s", - conn->set.hosts); + conn->set->hosts); } } db_ldap_set_options(conn); @@ -1063,13 +1063,13 @@ int db_ldap_connect(struct ldap_connection *conn) if (conn->ld == NULL) db_ldap_init_ld(conn); - if (conn->set.tls) { + if (conn->set->tls) { #ifdef LDAP_HAVE_START_TLS_S ret = ldap_start_tls_s(conn->ld, NULL, NULL); if (ret != LDAP_SUCCESS) { if (ret == LDAP_OPERATIONS_ERROR && - conn->set.uris != NULL && - str_begins_with(conn->set.uris, "ldaps:")) { + conn->set->uris != NULL && + str_begins_with(conn->set->uris, "ldaps:")) { i_fatal("LDAP: Don't use both tls=yes and ldaps URI"); } e_error(conn->event, "ldap_start_tls_s() failed: %s", @@ -1831,58 +1831,60 @@ struct ldap_connection *db_ldap_init(const char *config_path) conn->default_bind_msgid = -1; conn->fd = -1; conn->config_path = p_strdup(pool, config_path); - conn->set = default_ldap_settings; + + conn->set = p_new(pool, struct ldap_settings, 1); + *conn->set = default_ldap_settings; if (!settings_read_nosection(config_path, parse_setting, conn, &error)) i_fatal("LDAP: %s", error); - if (conn->set.base == NULL) + if (conn->set->base == NULL) i_fatal("LDAP: No base given"); - if (conn->set.uris == NULL && conn->set.hosts == NULL) + if (conn->set->uris == NULL && conn->set->hosts == NULL) i_fatal("LDAP: No uris or hosts set"); #ifndef LDAP_HAVE_INITIALIZE - if (conn->set.uris != NULL) { + if (conn->set->uris != NULL) { i_fatal("LDAP: uris set, but Dovecot compiled without support for LDAP uris " "(ldap_initialize() not supported by LDAP library)"); } #endif #ifndef LDAP_HAVE_START_TLS_S - if (conn->set.tls) + if (conn->set->tls) i_fatal("LDAP: tls=yes, but your LDAP library doesn't support TLS"); #endif #ifndef HAVE_LDAP_SASL - if (conn->set.sasl_bind) + if (conn->set->sasl_bind) i_fatal("LDAP: sasl_bind=yes but no SASL support compiled in"); #endif - if (conn->set.ldap_version < 3) { - if (conn->set.sasl_bind) + if (conn->set->ldap_version < 3) { + if (conn->set->sasl_bind) i_fatal("LDAP: sasl_bind=yes requires ldap_version=3"); - if (conn->set.tls) + if (conn->set->tls) i_fatal("LDAP: tls=yes requires ldap_version=3"); } #ifdef OPENLDAP_TLS_OPTIONS - if (conn->set.tls_require_cert != NULL) { - if (tls_require_cert2str(conn->set.tls_require_cert, - &conn->set.ldap_tls_require_cert_parsed) < 0) + if (conn->set->tls_require_cert != NULL) { + if (tls_require_cert2str(conn->set->tls_require_cert, + &conn->set->ldap_tls_require_cert_parsed) < 0) i_fatal("LDAP: Unknown tls_require_cert value '%s'", - conn->set.tls_require_cert); + conn->set->tls_require_cert); } #endif - if (*conn->set.ldaprc_path != '\0') { + if (*conn->set->ldaprc_path != '\0') { str = getenv("LDAPRC"); - if (str != NULL && strcmp(str, conn->set.ldaprc_path) != 0) { + if (str != NULL && strcmp(str, conn->set->ldaprc_path) != 0) { i_fatal("LDAP: Multiple different ldaprc_path " "settings not allowed (%s and %s)", - str, conn->set.ldaprc_path); + str, conn->set->ldaprc_path); } - env_put("LDAPRC", conn->set.ldaprc_path); + env_put("LDAPRC", conn->set->ldaprc_path); } - if (deref2str(conn->set.deref, &conn->set.ldap_deref) < 0) - i_fatal("LDAP: Unknown deref option '%s'", conn->set.deref); - if (scope2str(conn->set.scope, &conn->set.ldap_scope) < 0) - i_fatal("LDAP: Unknown scope option '%s'", conn->set.scope); + if (deref2str(conn->set->deref, &conn->set->ldap_deref) < 0) + i_fatal("LDAP: Unknown deref option '%s'", conn->set->deref); + if (scope2str(conn->set->scope, &conn->set->ldap_scope) < 0) + i_fatal("LDAP: Unknown scope option '%s'", conn->set->scope); conn->event = event_create(auth_event); event_set_append_log_prefix(conn->event, "ldap: "); diff --git a/src/auth/db-ldap.h b/src/auth/db-ldap.h index 21b15f1005..bb8a78afd9 100644 --- a/src/auth/db-ldap.h +++ b/src/auth/db-ldap.h @@ -160,7 +160,7 @@ struct ldap_connection { struct event *event; char *config_path; - struct ldap_settings set; + struct ldap_settings *set; LDAP *ld; enum ldap_connection_state conn_state; diff --git a/src/auth/passdb-ldap.c b/src/auth/passdb-ldap.c index 90bc4cbc2e..ee7f2dbc7b 100644 --- a/src/auth/passdb-ldap.c +++ b/src/auth/passdb-ldap.c @@ -58,7 +58,7 @@ ldap_query_save_result(struct ldap_connection *conn, "using value '%s'", name, values[0]); } auth_request_set_field(auth_request, name, values[0], - conn->set.default_pass_scheme); + conn->set->default_pass_scheme); } db_ldap_result_iterate_deinit(&ldap_iter); } @@ -290,21 +290,21 @@ static void ldap_lookup_pass(struct auth_request *auth_request, srequest->request.type = LDAP_REQUEST_TYPE_SEARCH; str = t_str_new(512); - if (auth_request_var_expand(str, conn->set.base, auth_request, + if (auth_request_var_expand(str, conn->set->base, auth_request, ldap_escape, &error) <= 0) { e_error(authdb_event(auth_request), - "Failed to expand base=%s: %s", conn->set.base, error); + "Failed to expand base=%s: %s", conn->set->base, error); passdb_ldap_request_fail(request, PASSDB_RESULT_INTERNAL_FAILURE); return; } srequest->base = p_strdup(auth_request->pool, str_c(str)); str_truncate(str, 0); - if (auth_request_var_expand(str, conn->set.pass_filter, + if (auth_request_var_expand(str, conn->set->pass_filter, auth_request, ldap_escape, &error) <= 0) { e_error(authdb_event(auth_request), "Failed to expand pass_filter=%s: %s", - conn->set.pass_filter, error); + conn->set->pass_filter, error); passdb_ldap_request_fail(request, PASSDB_RESULT_INTERNAL_FAILURE); return; } @@ -314,7 +314,7 @@ static void ldap_lookup_pass(struct auth_request *auth_request, e_debug(authdb_event(auth_request), "pass search: " "base=%s scope=%s filter=%s fields=%s", - srequest->base, conn->set.scope, + srequest->base, conn->set->scope, srequest->filter, attr_names == NULL ? "(all)" : t_strarray_join(attr_names, ",")); @@ -336,21 +336,21 @@ static void ldap_bind_lookup_dn(struct auth_request *auth_request, srequest->request.type = LDAP_REQUEST_TYPE_SEARCH; str = t_str_new(512); - if (auth_request_var_expand(str, conn->set.base, auth_request, + if (auth_request_var_expand(str, conn->set->base, auth_request, ldap_escape, &error) <= 0) { e_error(authdb_event(auth_request), - "Failed to expand base=%s: %s", conn->set.base, error); + "Failed to expand base=%s: %s", conn->set->base, error); passdb_ldap_request_fail(request, PASSDB_RESULT_INTERNAL_FAILURE); return; } srequest->base = p_strdup(auth_request->pool, str_c(str)); str_truncate(str, 0); - if (auth_request_var_expand(str, conn->set.pass_filter, + if (auth_request_var_expand(str, conn->set->pass_filter, auth_request, ldap_escape, &error) <= 0) { e_error(authdb_event(auth_request), "Failed to expand pass_filter=%s: %s", - conn->set.pass_filter, error); + conn->set->pass_filter, error); passdb_ldap_request_fail(request, PASSDB_RESULT_INTERNAL_FAILURE); return; } @@ -385,11 +385,11 @@ ldap_verify_plain_auth_bind_userdn(struct auth_request *auth_request, brequest->request.type = LDAP_REQUEST_TYPE_BIND; dn = t_str_new(512); - if (auth_request_var_expand(dn, conn->set.auth_bind_userdn, + if (auth_request_var_expand(dn, conn->set->auth_bind_userdn, auth_request, ldap_escape, &error) <= 0) { e_error(authdb_event(auth_request), "Failed to expand auth_bind_userdn=%s: %s", - conn->set.auth_bind_userdn, error); + conn->set->auth_bind_userdn, error); passdb_ldap_request_fail(request, PASSDB_RESULT_INTERNAL_FAILURE); return; } @@ -422,9 +422,9 @@ ldap_verify_plain(struct auth_request *request, auth_request_ref(request); ldap_request->request.ldap.auth_request = request; - if (!conn->set.auth_bind) + if (!conn->set->auth_bind) ldap_lookup_pass(request, ldap_request, TRUE); - else if (conn->set.auth_bind_userdn == NULL) + else if (conn->set->auth_bind_userdn == NULL) ldap_bind_lookup_dn(request, ldap_request); else ldap_verify_plain_auth_bind_userdn(request, ldap_request); @@ -448,7 +448,7 @@ static void ldap_lookup_credentials(struct auth_request *request, /* with auth_bind=yes we don't necessarily have a password. this will fail actual password credentials lookups, but it's fine for passdb lookups done by lmtp/doveadm */ - require_password = !module->conn->set.auth_bind; + require_password = !module->conn->set->auth_bind; ldap_lookup_pass(request, ldap_request, require_password); } @@ -461,16 +461,16 @@ passdb_ldap_preinit(pool_t pool, const char *args) module = p_new(pool, struct ldap_passdb_module, 1); module->conn = conn = db_ldap_init(args); p_array_init(&conn->pass_attr_map, pool, 16); - db_ldap_set_attrs(conn, conn->set.pass_attrs, &conn->pass_attr_names, + db_ldap_set_attrs(conn, conn->set->pass_attrs, &conn->pass_attr_names, &conn->pass_attr_map, - conn->set.auth_bind ? "password" : NULL); - module->module.blocking = conn->set.blocking; + conn->set->auth_bind ? "password" : NULL); + module->module.blocking = conn->set->blocking; module->module.default_cache_key = auth_cache_parse_key(pool, - t_strconcat(conn->set.base, - conn->set.pass_attrs, - conn->set.pass_filter, NULL)); - module->module.default_pass_scheme = conn->set.default_pass_scheme; + t_strconcat(conn->set->base, + conn->set->pass_attrs, + conn->set->pass_filter, NULL)); + module->module.default_pass_scheme = conn->set->default_pass_scheme; return &module->module; } diff --git a/src/auth/userdb-ldap.c b/src/auth/userdb-ldap.c index 28b21f699f..f41e3d9709 100644 --- a/src/auth/userdb-ldap.c +++ b/src/auth/userdb-ldap.c @@ -118,21 +118,21 @@ static void userdb_ldap_lookup(struct auth_request *auth_request, request->userdb_callback = callback; str = t_str_new(512); - if (auth_request_var_expand(str, conn->set.base, auth_request, + if (auth_request_var_expand(str, conn->set->base, auth_request, ldap_escape, &error) <= 0) { e_error(authdb_event(auth_request), - "Failed to expand base=%s: %s", conn->set.base, error); + "Failed to expand base=%s: %s", conn->set->base, error); callback(USERDB_RESULT_INTERNAL_FAILURE, auth_request); return; } request->request.base = p_strdup(auth_request->pool, str_c(str)); str_truncate(str, 0); - if (auth_request_var_expand(str, conn->set.user_filter, auth_request, + if (auth_request_var_expand(str, conn->set->user_filter, auth_request, ldap_escape, &error) <= 0) { e_error(authdb_event(auth_request), "Failed to expand user_filter=%s: %s", - conn->set.user_filter, error); + conn->set->user_filter, error); callback(USERDB_RESULT_INTERNAL_FAILURE, auth_request); return; } @@ -143,7 +143,7 @@ static void userdb_ldap_lookup(struct auth_request *auth_request, e_debug(authdb_event(auth_request), "user search: " "base=%s scope=%s filter=%s fields=%s", - request->request.base, conn->set.scope, + request->request.base, conn->set->scope, request->request.filter, attr_names == NULL ? "(all)" : t_strarray_join(attr_names, ",")); @@ -225,21 +225,21 @@ userdb_ldap_iterate_init(struct auth_request *auth_request, request->request.request.auth_request = auth_request; str = t_str_new(512); - if (auth_request_var_expand(str, conn->set.base, auth_request, + if (auth_request_var_expand(str, conn->set->base, auth_request, ldap_escape, &error) <= 0) { e_error(authdb_event(auth_request), - "Failed to expand base=%s: %s", conn->set.base, error); + "Failed to expand base=%s: %s", conn->set->base, error); ctx->ctx.failed = TRUE; return &ctx->ctx; } request->request.base = p_strdup(auth_request->pool, str_c(str)); str_truncate(str, 0); - if (auth_request_var_expand(str, conn->set.iterate_filter, + if (auth_request_var_expand(str, conn->set->iterate_filter, auth_request, ldap_escape, &error) <= 0) { e_error(authdb_event(auth_request), "Failed to expand iterate_filter=%s: %s", - conn->set.iterate_filter, error); + conn->set->iterate_filter, error); ctx->ctx.failed = TRUE; return &ctx->ctx; } @@ -249,7 +249,7 @@ userdb_ldap_iterate_init(struct auth_request *auth_request, request->request.multi_entry = TRUE; e_debug(auth_request->event, "ldap: iterate: base=%s scope=%s filter=%s fields=%s", - request->request.base, conn->set.scope, + request->request.base, conn->set->scope, request->request.filter, attr_names == NULL ? "(all)" : t_strarray_join(attr_names, ",")); request->request.request.callback = userdb_ldap_iterate_callback; @@ -293,17 +293,17 @@ userdb_ldap_preinit(pool_t pool, const char *args) p_array_init(&conn->user_attr_map, pool, 16); p_array_init(&conn->iterate_attr_map, pool, 16); - db_ldap_set_attrs(conn, conn->set.user_attrs, &conn->user_attr_names, + db_ldap_set_attrs(conn, conn->set->user_attrs, &conn->user_attr_names, &conn->user_attr_map, NULL); - db_ldap_set_attrs(conn, conn->set.iterate_attrs, + db_ldap_set_attrs(conn, conn->set->iterate_attrs, &conn->iterate_attr_names, &conn->iterate_attr_map, NULL); - module->module.blocking = conn->set.blocking; + module->module.blocking = conn->set->blocking; module->module.default_cache_key = auth_cache_parse_key(pool, - t_strconcat(conn->set.base, - conn->set.user_attrs, - conn->set.user_filter, NULL)); + t_strconcat(conn->set->base, + conn->set->user_attrs, + conn->set->user_filter, NULL)); return &module->module; }