[dovecot-cvs]
dovecot/src/auth db-ldap.c, 1.34, 1.35 db-ldap.h, 1.17,
1.18 passdb-ldap.c, 1.39, 1.40
cras at dovecot.org
cras at dovecot.org
Sat Jan 7 03:25:10 EET 2006
Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv11266/src/auth
Modified Files:
db-ldap.c db-ldap.h passdb-ldap.c
Log Message:
Added fast authbinding and auth_bind_userdn setting. Patch by Geff
<boing at boing.com>
Index: db-ldap.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/db-ldap.c,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -d -r1.34 -r1.35
--- db-ldap.c 30 Dec 2005 15:43:41 -0000 1.34
+++ db-ldap.c 7 Jan 2006 01:25:05 -0000 1.35
@@ -34,6 +34,7 @@
DEF(SET_STR, dn),
DEF(SET_STR, dnpass),
DEF(SET_BOOL, auth_bind),
+ DEF(SET_STR, auth_bind_userdn),
DEF(SET_STR, deref),
DEF(SET_STR, scope),
DEF(SET_STR, base),
@@ -53,6 +54,7 @@
MEMBER(dn) NULL,
MEMBER(dnpass) NULL,
MEMBER(auth_bind) FALSE,
+ MEMBER(auth_bind_userdn) NULL,
MEMBER(deref) "never",
MEMBER(scope) "subtree",
MEMBER(base) NULL,
Index: db-ldap.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/db-ldap.h,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -d -r1.17 -r1.18
--- db-ldap.h 30 Dec 2005 15:43:41 -0000 1.17
+++ db-ldap.h 7 Jan 2006 01:25:05 -0000 1.18
@@ -16,6 +16,7 @@
const char *dn;
const char *dnpass;
int auth_bind;
+ const char *auth_bind_userdn;
const char *deref;
const char *scope;
const char *base;
Index: passdb-ldap.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb-ldap.c,v
retrieving revision 1.39
retrieving revision 1.40
diff -u -d -r1.39 -r1.40
--- passdb-ldap.c 30 Dec 2005 17:55:48 -0000 1.39
+++ passdb-ldap.c 7 Jan 2006 01:25:05 -0000 1.40
@@ -219,32 +219,18 @@
passdb_ldap_request->callback.verify_plain(passdb_result, auth_request);
}
-static void
-handle_request_authbind_search(struct ldap_connection *conn,
- struct ldap_request *ldap_request,
- LDAPMessage *res)
+static void authbind_start(struct ldap_connection *conn,
+ struct ldap_request *ldap_request, const char *dn)
{
struct passdb_ldap_request *passdb_ldap_request =
(struct passdb_ldap_request *)ldap_request;
struct auth_request *auth_request = ldap_request->context;
- LDAPMessage *entry;
- const char *dn;
int msgid;
- entry = handle_request_get_entry(conn, auth_request,
- passdb_ldap_request, res);
- if (entry == NULL)
- return;
-
- dn = ldap_get_dn(conn->ld, entry);
-
- /* switch the handler to the authenticated bind handler */
- ldap_request->callback = handle_request_authbind;
-
msgid = ldap_bind(conn->ld, dn, auth_request->mech_password,
LDAP_AUTH_SIMPLE);
if (msgid == -1) {
- i_error("ldap_bind() failed: %s", ldap_get_error(conn));
+ i_error("ldap_bind(%s) failed: %s", dn, ldap_get_error(conn));
passdb_ldap_request->callback.
verify_plain(PASSDB_RESULT_INTERNAL_FAILURE,
auth_request);
@@ -256,6 +242,27 @@
hash_insert(conn->requests, POINTER_CAST(msgid), ldap_request);
}
+static void
+handle_request_authbind_search(struct ldap_connection *conn,
+ struct ldap_request *ldap_request,
+ LDAPMessage *res)
+{
+ struct passdb_ldap_request *passdb_ldap_request =
+ (struct passdb_ldap_request *)ldap_request;
+ struct auth_request *auth_request = ldap_request->context;
+ LDAPMessage *entry;
+
+ entry = handle_request_get_entry(conn, auth_request,
+ passdb_ldap_request, res);
+ if (entry == NULL)
+ return;
+
+ /* switch the handler to the authenticated bind handler */
+ ldap_request->callback = handle_request_authbind;
+
+ authbind_start(conn, ldap_request, ldap_get_dn(conn->ld, entry));
+}
+
static void ldap_lookup_pass(struct auth_request *auth_request,
struct ldap_request *ldap_request)
{
@@ -292,6 +299,27 @@
}
static void
+ldap_verify_plain_auth_bind_userdn(struct auth_request *auth_request,
+ struct ldap_request *ldap_request)
+{
+ struct passdb_module *_module = auth_request->passdb->passdb;
+ struct ldap_passdb_module *module =
+ (struct ldap_passdb_module *)_module;
+ struct ldap_connection *conn = module->conn;
+ const struct var_expand_table *vars;
+ string_t *dn;
+
+ vars = auth_request_get_var_expand_table(auth_request, ldap_escape);
+ dn = t_str_new(512);
+ var_expand(dn, conn->set.auth_bind_userdn, vars);
+
+ ldap_request->callback = handle_request_authbind;
+ ldap_request->context = auth_request;
+
+ authbind_start(conn, ldap_request, str_c(dn));
+}
+
+static void
ldap_verify_plain_authbind(struct auth_request *auth_request,
struct ldap_request *ldap_request)
{
@@ -341,7 +369,9 @@
ldap_request = p_new(request->pool, struct passdb_ldap_request, 1);
ldap_request->callback.verify_plain = callback;
- if (conn->set.auth_bind)
+ if (conn->set.auth_bind_userdn != NULL)
+ ldap_verify_plain_auth_bind_userdn(request, &ldap_request->request);
+ else if (conn->set.auth_bind)
ldap_verify_plain_authbind(request, &ldap_request->request);
else
ldap_lookup_pass(request, &ldap_request->request);
More information about the dovecot-cvs
mailing list