[dovecot-cvs]
dovecot/src/auth db-ldap.c, 1.42, 1.43 db-ldap.h, 1.21, 1.22
cras at dovecot.org
cras at dovecot.org
Thu Jun 8 20:01:32 EEST 2006
Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv22969
Modified Files:
db-ldap.c db-ldap.h
Log Message:
Added support for SASL binding. Patch by Geert Jansen
Index: db-ldap.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/db-ldap.c,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -d -r1.42 -r1.43
--- db-ldap.c 31 May 2006 11:03:53 -0000 1.42
+++ db-ldap.c 8 Jun 2006 17:01:30 -0000 1.43
@@ -35,6 +35,11 @@
DEF(SET_STR, dnpass),
DEF(SET_BOOL, auth_bind),
DEF(SET_STR, auth_bind_userdn),
+ DEF(SET_BOOL, sasl_bind),
+ DEF(SET_STR, sasl_mech),
+ DEF(SET_STR, sasl_realm),
+ DEF(SET_STR, sasl_authz_id),
+ DEF(SET_STR, sasl_props),
DEF(SET_STR, deref),
DEF(SET_STR, scope),
DEF(SET_STR, base),
@@ -57,6 +62,11 @@
MEMBER(dnpass) NULL,
MEMBER(auth_bind) FALSE,
MEMBER(auth_bind_userdn) NULL,
+ MEMBER(sasl_bind) FALSE,
+ MEMBER(sasl_mech) NULL,
+ MEMBER(sasl_realm) NULL,
+ MEMBER(sasl_authz_id) NULL,
+ MEMBER(sasl_props) NULL,
MEMBER(deref) "never",
MEMBER(scope) "subtree",
MEMBER(base) NULL,
@@ -214,9 +224,45 @@
}
}
+static int sasl_interact(LDAP *ld, unsigned flags, void *defaults,
+ void *interact)
+{
+ sasl_interact_t *in;
+ struct sasl_bind_context *context;
+ const char *p;
+
+ context = (struct sasl_bind_context *) defaults;
+ for (in=interact; in->id != SASL_CB_LIST_END; in++)
+ {
+ p = NULL;
+ switch (in->id)
+ {
+ case SASL_CB_GETREALM:
+ p = context->realm;
+ break;
+ case SASL_CB_AUTHNAME:
+ p = context->authcid;
+ break;
+ case SASL_CB_USER:
+ p = context->authzid;
+ break;
+ case SASL_CB_PASS:
+ p = context->passwd;
+ break;
+ }
+ if (p) {
+ in->len = strlen(p);
+ in->result = p;
+ }
+
+ }
+ return LDAP_SUCCESS;
+}
+
bool db_ldap_connect(struct ldap_connection *conn)
{
int ret, fd;
+ struct sasl_bind_context context;
if (conn->connected)
return TRUE;
@@ -253,16 +299,37 @@
}
/* FIXME: we shouldn't use blocking bind */
- ret = ldap_simple_bind_s(conn->ld, conn->set.dn, conn->set.dnpass);
- if (ret == LDAP_SERVER_DOWN) {
- i_error("LDAP: Can't connect to server: %s", conn->set.hosts);
- return FALSE;
- }
- if (ret != LDAP_SUCCESS) {
- i_error("LDAP: ldap_simple_bind_s() failed (dn %s): %s",
- conn->set.dn == NULL ? "(none)" : conn->set.dn,
- ldap_get_error(conn));
- return FALSE;
+ if (conn->set.sasl_bind) {
+
+ context.authcid = conn->set.dn;
+ context.passwd = conn->set.dnpass;
+ context.realm = conn->set.sasl_realm;
+ context.authzid = conn->set.sasl_authz_id;
+
+ ret = ldap_sasl_interactive_bind_s(conn->ld, NULL, conn->set.sasl_mech,
+ NULL, NULL, LDAP_SASL_QUIET,
+ sasl_interact, &context);
+ if (ret == LDAP_SERVER_DOWN) {
+ i_error("LDAP: Can't connect to server: %s", conn->set.hosts);
+ return FALSE;
+ }
+ if (ret != LDAP_SUCCESS) {
+ i_error("LDAP: ldap_sasl_interactive_bind_s() failed: %s",
+ ldap_get_error(conn));
+ return FALSE;
+ }
+ } else {
+ ret = ldap_simple_bind_s(conn->ld, conn->set.dn, conn->set.dnpass);
+ if (ret == LDAP_SERVER_DOWN) {
+ i_error("LDAP: Can't connect to server: %s", conn->set.hosts);
+ return FALSE;
+ }
+ if (ret != LDAP_SUCCESS) {
+ i_error("LDAP: ldap_simple_bind_s() failed (dn %s): %s",
+ conn->set.dn == NULL ? "(none)" : conn->set.dn,
+ ldap_get_error(conn));
+ return FALSE;
+ }
}
conn->connected = TRUE;
Index: db-ldap.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/db-ldap.h,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -d -r1.21 -r1.22
--- db-ldap.h 31 May 2006 11:03:53 -0000 1.21
+++ db-ldap.h 8 Jun 2006 17:01:30 -0000 1.22
@@ -2,6 +2,7 @@
#define __DB_LDAP_H
#include <ldap.h>
+#include <sasl/sasl.h>
struct auth_request;
struct ldap_connection;
@@ -18,6 +19,13 @@
const char *dnpass;
bool auth_bind;
const char *auth_bind_userdn;
+
+ bool sasl_bind;
+ const char *sasl_mech;
+ const char *sasl_realm;
+ const char *sasl_authz_id;
+ const char *sasl_props;
+
const char *deref;
const char *scope;
const char *base;
@@ -66,6 +74,13 @@
char **attributes; /* points to pass_attr_names / user_attr_names */
};
+struct sasl_bind_context {
+ const char *authcid;
+ const char *passwd;
+ const char *realm;
+ const char *authzid;
+};
+
void db_ldap_search(struct ldap_connection *conn, struct ldap_request *request,
int scope);
More information about the dovecot-cvs
mailing list