[dovecot-cvs] dovecot/src/auth db-ldap.c, 1.42, 1.43 db-ldap.h, 1.21, 1.22

cras at dovecot.org cras at dovecot.org
Thu Jun 8 20:01:32 EEST 2006 

Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv22969

Modified Files:
	db-ldap.c db-ldap.h 
Log Message:
Added support for SASL binding. Patch by Geert Jansen



Index: db-ldap.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/db-ldap.c,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -d -r1.42 -r1.43
--- db-ldap.c	31 May 2006 11:03:53 -0000	1.42
+++ db-ldap.c	8 Jun 2006 17:01:30 -0000	1.43
@@ -35,6 +35,11 @@
 	DEF(SET_STR, dnpass),
 	DEF(SET_BOOL, auth_bind),
 	DEF(SET_STR, auth_bind_userdn),
+	DEF(SET_BOOL, sasl_bind),
+	DEF(SET_STR, sasl_mech),
+	DEF(SET_STR, sasl_realm),
+	DEF(SET_STR, sasl_authz_id),
+	DEF(SET_STR, sasl_props),
 	DEF(SET_STR, deref),
 	DEF(SET_STR, scope),
 	DEF(SET_STR, base),
@@ -57,6 +62,11 @@
 	MEMBER(dnpass) NULL,
 	MEMBER(auth_bind) FALSE,
 	MEMBER(auth_bind_userdn) NULL,
+	MEMBER(sasl_bind) FALSE,
+	MEMBER(sasl_mech) NULL,
+	MEMBER(sasl_realm) NULL,
+	MEMBER(sasl_authz_id) NULL,
+	MEMBER(sasl_props) NULL,
 	MEMBER(deref) "never",
 	MEMBER(scope) "subtree",
 	MEMBER(base) NULL,
@@ -214,9 +224,45 @@
 	}
 }
 
+static int sasl_interact(LDAP *ld, unsigned flags, void *defaults,
+		   	 void *interact)
+{
+	sasl_interact_t *in;
+	struct sasl_bind_context *context;
+	const char *p;
+
+	context = (struct sasl_bind_context *) defaults;
+	for (in=interact; in->id != SASL_CB_LIST_END; in++)
+	{
+		p = NULL;
+		switch (in->id)
+		{
+		case SASL_CB_GETREALM:
+			p = context->realm;
+			break;
+		case SASL_CB_AUTHNAME:
+			p = context->authcid;
+			break;
+		case SASL_CB_USER:
+			p = context->authzid;
+			break;
+		case SASL_CB_PASS:
+			p = context->passwd;
+			break;
+		}
+		if (p) {
+			in->len = strlen(p);
+			in->result = p;
+		}
+		
+	}
+	return LDAP_SUCCESS;
+}
+
 bool db_ldap_connect(struct ldap_connection *conn)
 {
 	int ret, fd;
+	struct sasl_bind_context context;
 
 	if (conn->connected)
 		return TRUE;
@@ -253,16 +299,37 @@
 	}
 
 	/* FIXME: we shouldn't use blocking bind */
-	ret = ldap_simple_bind_s(conn->ld, conn->set.dn, conn->set.dnpass);
-	if (ret == LDAP_SERVER_DOWN) {
-		i_error("LDAP: Can't connect to server: %s", conn->set.hosts);
-		return FALSE;
-	}
-	if (ret != LDAP_SUCCESS) {
-		i_error("LDAP: ldap_simple_bind_s() failed (dn %s): %s",
-			conn->set.dn == NULL ? "(none)" : conn->set.dn,
-			ldap_get_error(conn));
-		return FALSE;
+	if (conn->set.sasl_bind) {
+
+		context.authcid = conn->set.dn;
+		context.passwd = conn->set.dnpass;
+		context.realm = conn->set.sasl_realm;
+		context.authzid = conn->set.sasl_authz_id;
+
+		ret = ldap_sasl_interactive_bind_s(conn->ld, NULL, conn->set.sasl_mech,
+						   NULL, NULL, LDAP_SASL_QUIET,
+						   sasl_interact, &context);
+		if (ret == LDAP_SERVER_DOWN) {
+			i_error("LDAP: Can't connect to server: %s", conn->set.hosts);
+			return FALSE;
+		}
+		if (ret != LDAP_SUCCESS) {
+			i_error("LDAP: ldap_sasl_interactive_bind_s() failed: %s",
+				ldap_get_error(conn));
+			return FALSE;
+		}
+	} else {
+		ret = ldap_simple_bind_s(conn->ld, conn->set.dn, conn->set.dnpass);
+		if (ret == LDAP_SERVER_DOWN) {
+			i_error("LDAP: Can't connect to server: %s", conn->set.hosts);
+			return FALSE;
+		}
+		if (ret != LDAP_SUCCESS) {
+			i_error("LDAP: ldap_simple_bind_s() failed (dn %s): %s",
+				conn->set.dn == NULL ? "(none)" : conn->set.dn,
+				ldap_get_error(conn));
+			return FALSE;
+		}
 	}
 
 	conn->connected = TRUE;

Index: db-ldap.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/db-ldap.h,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -d -r1.21 -r1.22
--- db-ldap.h	31 May 2006 11:03:53 -0000	1.21
+++ db-ldap.h	8 Jun 2006 17:01:30 -0000	1.22
@@ -2,6 +2,7 @@
 #define __DB_LDAP_H
 
 #include <ldap.h>
+#include <sasl/sasl.h>
 
 struct auth_request;
 struct ldap_connection;
@@ -18,6 +19,13 @@
 	const char *dnpass;
 	bool auth_bind;
 	const char *auth_bind_userdn;
+
+	bool sasl_bind;
+	const char *sasl_mech;
+	const char *sasl_realm;
+	const char *sasl_authz_id;
+	const char *sasl_props;
+
 	const char *deref;
 	const char *scope;
 	const char *base;
@@ -66,6 +74,13 @@
 	char **attributes; /* points to pass_attr_names / user_attr_names */
 };
 
+struct sasl_bind_context {
+	const char *authcid;
+	const char *passwd;
+	const char *realm;
+	const char *authzid;
+};
+
 void db_ldap_search(struct ldap_connection *conn, struct ldap_request *request,
 		    int scope);

More information about the dovecot-cvs mailing list