[dovecot-cvs] dovecot/src/auth db-ldap.c, 1.34, 1.35 db-ldap.h, 1.17, 1.18 passdb-ldap.c, 1.39, 1.40

Sat Jan 7 03:25:10 EET 2006

Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv11266/src/auth

Modified Files:
	db-ldap.c db-ldap.h passdb-ldap.c 
Log Message:
Added fast authbinding and auth_bind_userdn setting. Patch by Geff
<boing at boing.com>



Index: db-ldap.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/db-ldap.c,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -d -r1.34 -r1.35

--- db-ldap.c	30 Dec 2005 15:43:41 -0000	1.34
+++ db-ldap.c	7 Jan 2006 01:25:05 -0000	1.35
@@ -34,6 +34,7 @@
 	DEF(SET_STR, dn),
 	DEF(SET_STR, dnpass),
 	DEF(SET_BOOL, auth_bind),
+	DEF(SET_STR, auth_bind_userdn),
 	DEF(SET_STR, deref),
 	DEF(SET_STR, scope),
 	DEF(SET_STR, base),
@@ -53,6 +54,7 @@
 	MEMBER(dn) NULL,
 	MEMBER(dnpass) NULL,
 	MEMBER(auth_bind) FALSE,
+	MEMBER(auth_bind_userdn) NULL,
 	MEMBER(deref) "never",
 	MEMBER(scope) "subtree",
 	MEMBER(base) NULL,

Index: db-ldap.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/db-ldap.h,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -d -r1.17 -r1.18
--- db-ldap.h	30 Dec 2005 15:43:41 -0000	1.17
+++ db-ldap.h	7 Jan 2006 01:25:05 -0000	1.18
@@ -16,6 +16,7 @@
 	const char *dn;
 	const char *dnpass;
 	int auth_bind;
+	const char *auth_bind_userdn;
 	const char *deref;
 	const char *scope;
 	const char *base;

Index: passdb-ldap.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb-ldap.c,v
retrieving revision 1.39
retrieving revision 1.40
diff -u -d -r1.39 -r1.40
--- passdb-ldap.c	30 Dec 2005 17:55:48 -0000	1.39
+++ passdb-ldap.c	7 Jan 2006 01:25:05 -0000	1.40
@@ -219,32 +219,18 @@
 	passdb_ldap_request->callback.verify_plain(passdb_result, auth_request);
 }
 
-static void
-handle_request_authbind_search(struct ldap_connection *conn,
-			       struct ldap_request *ldap_request,
-			       LDAPMessage *res)
+static void authbind_start(struct ldap_connection *conn,
+			   struct ldap_request *ldap_request, const char *dn)
 {
 	struct passdb_ldap_request *passdb_ldap_request =
 		(struct passdb_ldap_request *)ldap_request;
 	struct auth_request *auth_request = ldap_request->context;
-	LDAPMessage *entry;
-	const char *dn;
 	int msgid;
 
-	entry = handle_request_get_entry(conn, auth_request,
-					 passdb_ldap_request, res);
-	if (entry == NULL)
-		return;
-
-	dn = ldap_get_dn(conn->ld, entry);
-
-	/* switch the handler to the authenticated bind handler */
-	ldap_request->callback = handle_request_authbind;
-
 	msgid = ldap_bind(conn->ld, dn, auth_request->mech_password,
 			  LDAP_AUTH_SIMPLE);
 	if (msgid == -1) {
-		i_error("ldap_bind() failed: %s", ldap_get_error(conn));
+		i_error("ldap_bind(%s) failed: %s", dn, ldap_get_error(conn));
 		passdb_ldap_request->callback.
 			verify_plain(PASSDB_RESULT_INTERNAL_FAILURE,
 				     auth_request);
@@ -256,6 +242,27 @@
 	hash_insert(conn->requests, POINTER_CAST(msgid), ldap_request);
 }
 
+static void
+handle_request_authbind_search(struct ldap_connection *conn,
+			       struct ldap_request *ldap_request,
+			       LDAPMessage *res)
+{
+	struct passdb_ldap_request *passdb_ldap_request =
+		(struct passdb_ldap_request *)ldap_request;
+	struct auth_request *auth_request = ldap_request->context;
+	LDAPMessage *entry;
+
+	entry = handle_request_get_entry(conn, auth_request,
+					 passdb_ldap_request, res);
+	if (entry == NULL)
+		return;
+
+	/* switch the handler to the authenticated bind handler */
+	ldap_request->callback = handle_request_authbind;
+
+        authbind_start(conn, ldap_request, ldap_get_dn(conn->ld, entry));
+}
+
 static void ldap_lookup_pass(struct auth_request *auth_request,
 			     struct ldap_request *ldap_request)
 {
@@ -292,6 +299,27 @@
 }
 
 static void
+ldap_verify_plain_auth_bind_userdn(struct auth_request *auth_request,
+				   struct ldap_request *ldap_request)
+{
+	struct passdb_module *_module = auth_request->passdb->passdb;
+	struct ldap_passdb_module *module =
+		(struct ldap_passdb_module *)_module;
+	struct ldap_connection *conn = module->conn;
+        const struct var_expand_table *vars;
+	string_t *dn;
+
+	vars = auth_request_get_var_expand_table(auth_request, ldap_escape);
+	dn = t_str_new(512);
+	var_expand(dn, conn->set.auth_bind_userdn, vars);
+
+	ldap_request->callback = handle_request_authbind;
+	ldap_request->context = auth_request;
+
+        authbind_start(conn, ldap_request, str_c(dn));
+}
+
+static void
 ldap_verify_plain_authbind(struct auth_request *auth_request,
 			   struct ldap_request *ldap_request)
 {
@@ -341,7 +369,9 @@
 	ldap_request = p_new(request->pool, struct passdb_ldap_request, 1);
 	ldap_request->callback.verify_plain = callback;
 
-	if (conn->set.auth_bind)
+	if (conn->set.auth_bind_userdn != NULL)
+		ldap_verify_plain_auth_bind_userdn(request, &ldap_request->request);
+	else if (conn->set.auth_bind)
 		ldap_verify_plain_authbind(request, &ldap_request->request);
 	else
 		ldap_lookup_pass(request, &ldap_request->request);

