static void ldap_bind_lookup_dn(struct auth_request *auth_request,
struct passdb_ldap_request *request)
{
struct passdb_module *_module = auth_request->passdb->passdb;
struct ldap_passdb_module *module =
(struct ldap_passdb_module *)_module;
struct ldap_connection *conn = module->conn;
struct ldap_request_search *srequest = &request->request.search;
const struct var_expand_table *vars;
string_t *str;
srequest->request.type = LDAP_REQUEST_TYPE_SEARCH;
vars = auth_request_get_var_expand_table(auth_request, ldap_escape);
str = t_str_new(512);
var_expand(str, conn->set.base, vars);
srequest->base = p_strdup(auth_request->pool, str_c(str));
str_truncate(str, 0);
var_expand(str, conn->set.pass_filter, vars);
srequest->filter = p_strdup(auth_request->pool, str_c(str));
/* we don't need the attributes to perform authentication, but they
may contain some extra parameters. if a password is returned,
it's just ignored. */
srequest->attr_map = &conn->pass_attr_map;
srequest->attributes = conn->pass_attr_names;
auth_request_log_debug(auth_request, "ldap",
"bind search: base=%s filter=%s",
srequest->base, srequest->filter);
srequest->request.callback = ldap_bind_lookup_dn_callback;
db_ldap_request(conn, &srequest->request);
}
static void ldap_lookup_pass(struct auth_request *auth_request,
struct passdb_ldap_request *request)
{
struct passdb_module *_module = auth_request->passdb->passdb;
struct ldap_passdb_module *module =
(struct ldap_passdb_module *)_module;
struct ldap_connection *conn = module->conn;
struct ldap_request_search *srequest = &request->request.search;
const struct var_expand_table *vars;
const char **attr_names = (const char **)conn->pass_attr_names;
string_t *str;
srequest->request.type = LDAP_REQUEST_TYPE_SEARCH;
vars = auth_request_get_var_expand_table(auth_request, ldap_escape);
str = t_str_new(512);
var_expand(str, conn->set.base, vars);
srequest->base = p_strdup(auth_request->pool, str_c(str));
str_truncate(str, 0);
var_expand(str, conn->set.pass_filter, vars);
srequest->filter = p_strdup(auth_request->pool, str_c(str));
srequest->attr_map = &conn->pass_attr_map;
srequest->attributes = conn->pass_attr_names;
auth_request_log_debug(auth_request, "ldap", "pass search: "
"base=%s scope=%s filter=%s fields=%s",
srequest->base, conn->set.scope,
srequest->filter, attr_names == NULL ? "(all)" :
t_strarray_join(attr_names, ","));
srequest->request.callback = ldap_lookup_pass_callback;
db_ldap_request(conn, &srequest->request);
}
static struct userdb_iterate_context *
userdb_ldap_iterate_init(struct auth_request *auth_request,
userdb_iter_callback_t *callback, void *context)
{
struct userdb_module *_module = auth_request->userdb->userdb;
struct ldap_userdb_module *module =
(struct ldap_userdb_module *)_module;
struct ldap_connection *conn = module->conn;
struct ldap_userdb_iterate_context *ctx;
struct userdb_iter_ldap_request *request;
const char **attr_names = (const char **)conn->iterate_attr_names;
string_t *str;
ctx = i_new(struct ldap_userdb_iterate_context, 1);
ctx->ctx.auth_request = auth_request;
ctx->ctx.callback = callback;
ctx->ctx.context = context;
ctx->conn = conn;
request = &ctx->request;
request->ctx = ctx;
auth_request_ref(auth_request);
request->request.request.auth_request = auth_request;
str = t_str_new(512);
auth_request_var_expand(str, conn->set.base, auth_request, ldap_escape);
request->request.base = p_strdup(auth_request->pool, str_c(str));
str_truncate(str, 0);
auth_request_var_expand(str, conn->set.iterate_filter,
auth_request, ldap_escape);
request->request.filter = p_strdup(auth_request->pool, str_c(str));
request->request.attr_map = &conn->iterate_attr_map;
request->request.attributes = conn->iterate_attr_names;
request->request.multi_entry = TRUE;
if (global_auth_settings->debug) {
i_debug("ldap: iterate: base=%s scope=%s filter=%s fields=%s",
request->request.base, conn->set.scope,
request->request.filter, attr_names == NULL ? "(all)" :
t_strarray_join(attr_names, ","));
}
request->request.request.callback = userdb_ldap_iterate_callback;
db_ldap_request(conn, &request->request.request);
return &ctx->ctx;
}
static void ldap_auth_bind(struct ldap_connection *conn,
struct ldap_request_bind *brequest)
{
struct passdb_ldap_request *passdb_ldap_request =
(struct passdb_ldap_request *)brequest;
struct auth_request *auth_request = brequest->request.auth_request;
if (*auth_request->mech_password == '\0') {
/* Assume that empty password fails. This is especially
important with Windows 2003 AD, which always returns success
with empty passwords. */
auth_request_log_info(auth_request, "ldap",
"Login attempt with empty password");
passdb_ldap_request->callback.
verify_plain(PASSDB_RESULT_PASSWORD_MISMATCH,
auth_request);
return;
}
brequest->request.callback = ldap_auth_bind_callback;
db_ldap_request(conn, &brequest->request);
}
static void userdb_ldap_lookup(struct auth_request *auth_request,
userdb_callback_t *callback)
{
struct userdb_module *_module = auth_request->userdb->userdb;
struct ldap_userdb_module *module =
(struct ldap_userdb_module *)_module;
struct ldap_connection *conn = module->conn;
const char **attr_names = (const char **)conn->user_attr_names;
struct userdb_ldap_request *request;
string_t *str;
auth_request_ref(auth_request);
request = p_new(auth_request->pool, struct userdb_ldap_request, 1);
request->userdb_callback = callback;
str = t_str_new(512);
auth_request_var_expand(str, conn->set.base, auth_request, ldap_escape);
request->request.base = p_strdup(auth_request->pool, str_c(str));
str_truncate(str, 0);
auth_request_var_expand(str, conn->set.user_filter, auth_request, ldap_escape);
request->request.filter = p_strdup(auth_request->pool, str_c(str));
request->request.attr_map = &conn->user_attr_map;
request->request.attributes = conn->user_attr_names;
auth_request_log_debug(auth_request, AUTH_SUBSYS_DB, "user search: "
"base=%s scope=%s filter=%s fields=%s",
request->request.base, conn->set.scope,
request->request.filter,
attr_names == NULL ? "(all)" :
t_strarray_join(attr_names, ","));
request->request.request.auth_request = auth_request;
request->request.request.callback = userdb_ldap_lookup_callback;
db_ldap_request(conn, &request->request.request);
}
