From: Marco Bettini <marco.bettini@open-xchange.com>
Date: Wed, 20 Mar 2024 16:25:00 +0000 (+0000)
Subject: auth: db-ldap-settings - Defer some checks to runtime
X-Git-Tag: 2.4.1~771
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d6ee1d14dd4282ce3446341617cd51e6d7dbc8c2;p=thirdparty%2Fdovecot%2Fcore.git

auth: db-ldap-settings - Defer some checks to runtime
---

diff --git a/src/auth/db-ldap-settings.c b/src/auth/db-ldap-settings.c
index dc711ea291..5773ea393e 100644
--- a/src/auth/db-ldap-settings.c
+++ b/src/auth/db-ldap-settings.c
@@ -132,16 +132,6 @@ static bool ldap_setting_check(void *_set, pool_t pool ATTR_UNUSED,
 		return FALSE;
 	}
 
-	if (*set->base == '\0') {
-		*error_r = "No ldap_base given";
-		return FALSE;
-	}
-
-	if (*set->uris == '\0' && *set->hosts == '\0') {
-		*error_r = "Neither ldap_uris nor ldap_hosts set";
-		return FALSE;
-	}
-
 #ifndef LDAP_HAVE_INITIALIZE
 	if (*set->uris != '\0') {
 		*error_r = "ldap_uris set, but Dovecot compiled without support for LDAP uris "
@@ -164,18 +154,33 @@ static bool ldap_setting_check(void *_set, pool_t pool ATTR_UNUSED,
 	}
 #endif
 
+	return TRUE;
+}
+
+/* </settings checks> */
+
+int ldap_setting_post_check(const struct ldap_settings *set, const char **error_r)
+{
+	if (*set->base == '\0') {
+		*error_r = "No ldap_base given";
+		return -1;
+	}
+
+	if (*set->uris == '\0' && *set->hosts == '\0') {
+		*error_r = "Neither ldap_uris nor ldap_hosts set";
+		return -1;
+	}
+
 	if (set->version < 3) {
 		if (set->sasl_bind) {
 			*error_r = "ldap_sasl_bind=yes requires ldap_version=3";
-			return FALSE;
+			return -1;
 		}
 		if (set->starttls) {
 			*error_r = "ldap_starttls=yes requires ldap_version=3";
-			return FALSE;
+			return -1;
 		}
 	}
 
-	return TRUE;
+	return 0;
 }
-
-/* </settings checks> */
diff --git a/src/auth/db-ldap-settings.h b/src/auth/db-ldap-settings.h
index 82e79eb028..ff9e0421f9 100644
--- a/src/auth/db-ldap-settings.h
+++ b/src/auth/db-ldap-settings.h
@@ -42,5 +42,6 @@ struct ldap_settings {
 };
 
 extern const struct setting_parser_info ldap_setting_parser_info;
+int ldap_setting_post_check(const struct ldap_settings *set, const char **error_r);
 
 #endif
diff --git a/src/auth/db-ldap.c b/src/auth/db-ldap.c
index 74a24a915f..f0cede3d7c 100644
--- a/src/auth/db-ldap.c
+++ b/src/auth/db-ldap.c
@@ -1683,9 +1683,12 @@ struct ldap_connection *db_ldap_init(struct event *event)
 {
         const struct ldap_settings *set;
 	const struct ssl_settings *ssl_set;
+	const char *error;
 
 	set     = settings_get_or_fatal(event, &ldap_setting_parser_info);
 	ssl_set = settings_get_or_fatal(event, &ssl_setting_parser_info);
+	if (ldap_setting_post_check(set, &error) < 0)
+		i_fatal("LDAP: %s", error);
 
 	/* see if it already exists */
 	struct ldap_connection *conn = db_ldap_conn_find(set, ssl_set);