Lines Matching refs:dict_ldap
215 dict_ldap->dict.error = (__err); \
419 static int dict_ldap_bind_sasl(DICT_LDAP *dict_ldap) in dict_ldap_bind_sasl() argument
428 vstring_sprintf(minssf, "minssf=%d", dict_ldap->sasl_minssf); in dict_ldap_bind_sasl()
430 if ((rc = ldap_set_option(dict_ldap->ld, LDAP_OPT_X_SASL_SECPROPS, in dict_ldap_bind_sasl()
434 props.authcid = dict_ldap->bind_dn; in dict_ldap_bind_sasl()
435 props.passwd = dict_ldap->bind_pw; in dict_ldap_bind_sasl()
436 props.realm = dict_ldap->sasl_realm; in dict_ldap_bind_sasl()
437 props.authzid = dict_ldap->sasl_authz; in dict_ldap_bind_sasl()
439 if ((rc = ldap_sasl_interactive_bind_s(dict_ldap->ld, NULL, in dict_ldap_bind_sasl()
440 dict_ldap->sasl_mechs, NULL, NULL, in dict_ldap_bind_sasl()
452 static int dict_ldap_bind_st(DICT_LDAP *dict_ldap) in dict_ldap_bind_st() argument
460 cred.bv_val = dict_ldap->bind_pw; in dict_ldap_bind_st()
462 if ((rc = ldap_sasl_bind(dict_ldap->ld, dict_ldap->bind_dn, in dict_ldap_bind_st()
466 if ((rc = dict_ldap_result(dict_ldap->ld, msgid, dict_ldap->timeout, in dict_ldap_bind_st()
471 rc = ldap_parse_result(dict_ldap->ld, res, &err, 0, 0, 0, 0, FREE_RESULT); in dict_ldap_bind_st()
505 static int dict_ldap_set_tls_options(DICT_LDAP *dict_ldap) in dict_ldap_set_tls_options() argument
512 LDAP *ld = dict_ldap->ld; in dict_ldap_set_tls_options()
519 if (dict_ldap->start_tls || dict_ldap->ldap_ssl) { in dict_ldap_set_tls_options()
520 if (*dict_ldap->tls_random_file) { in dict_ldap_set_tls_options()
522 dict_ldap->tls_random_file)) != LDAP_SUCCESS) { in dict_ldap_set_tls_options()
524 myname, dict_ldap->tls_random_file, in dict_ldap_set_tls_options()
529 if (*dict_ldap->tls_ca_cert_file) { in dict_ldap_set_tls_options()
531 dict_ldap->tls_ca_cert_file)) != LDAP_SUCCESS) { in dict_ldap_set_tls_options()
533 myname, dict_ldap->tls_ca_cert_file, in dict_ldap_set_tls_options()
538 if (*dict_ldap->tls_ca_cert_dir) { in dict_ldap_set_tls_options()
540 dict_ldap->tls_ca_cert_dir)) != LDAP_SUCCESS) { in dict_ldap_set_tls_options()
542 myname, dict_ldap->tls_ca_cert_dir, in dict_ldap_set_tls_options()
547 if (*dict_ldap->tls_cert) { in dict_ldap_set_tls_options()
549 dict_ldap->tls_cert)) != LDAP_SUCCESS) { in dict_ldap_set_tls_options()
551 myname, dict_ldap->tls_cert, in dict_ldap_set_tls_options()
556 if (*dict_ldap->tls_key) { in dict_ldap_set_tls_options()
558 dict_ldap->tls_key)) != LDAP_SUCCESS) { in dict_ldap_set_tls_options()
560 myname, dict_ldap->tls_key, in dict_ldap_set_tls_options()
565 if (*dict_ldap->tls_cipher_suite) { in dict_ldap_set_tls_options()
567 dict_ldap->tls_cipher_suite)) != LDAP_SUCCESS) { in dict_ldap_set_tls_options()
569 myname, dict_ldap->tls_cipher_suite, in dict_ldap_set_tls_options()
575 &(dict_ldap->tls_require_cert))) != LDAP_SUCCESS) { in dict_ldap_set_tls_options()
577 myname, dict_ldap->tls_require_cert, in dict_ldap_set_tls_options()
596 static int dict_ldap_connect(DICT_LDAP *dict_ldap) in dict_ldap_connect() argument
612 if (dict_ldap->debuglevel > 0 && in dict_ldap_connect()
618 &(dict_ldap->debuglevel)) != LBER_OPT_SUCCESS) in dict_ldap_connect()
622 &(dict_ldap->debuglevel)) != LDAP_OPT_SUCCESS) in dict_ldap_connect()
626 dict_ldap->dict.error = 0; in dict_ldap_connect()
630 dict_ldap->server_host); in dict_ldap_connect()
634 ldap_initialize(&(dict_ldap->ld), dict_ldap->server_host); in dict_ldap_connect()
636 dict_ldap->ld = ldap_init(dict_ldap->server_host, in dict_ldap_connect()
637 (int) dict_ldap->server_port); in dict_ldap_connect()
639 if (dict_ldap->ld == NULL) { in dict_ldap_connect()
641 myname, dict_ldap->server_host); in dict_ldap_connect()
642 dict_ldap->dict.error = DICT_ERR_RETRY; in dict_ldap_connect()
645 mytimeval.tv_sec = dict_ldap->timeout; in dict_ldap_connect()
647 if (ldap_set_option(dict_ldap->ld, LDAP_OPT_NETWORK_TIMEOUT, &mytimeval) != in dict_ldap_connect()
650 DICT_LDAP_UNBIND_RETURN(dict_ldap->ld, DICT_ERR_RETRY, -1); in dict_ldap_connect()
656 dict_ldap->dict.error = DICT_ERR_RETRY; in dict_ldap_connect()
659 alarm(dict_ldap->timeout); in dict_ldap_connect()
661 dict_ldap->ld = ldap_open(dict_ldap->server_host, in dict_ldap_connect()
662 (int) dict_ldap->server_port); in dict_ldap_connect()
664 dict_ldap->ld = 0; in dict_ldap_connect()
670 dict_ldap->dict.error = DICT_ERR_RETRY; in dict_ldap_connect()
673 if (dict_ldap->ld == NULL) { in dict_ldap_connect()
675 myname, dict_ldap->server_host); in dict_ldap_connect()
676 dict_ldap->dict.error = DICT_ERR_RETRY; in dict_ldap_connect()
686 if (ldap_set_option(dict_ldap->ld, LDAP_OPT_PROTOCOL_VERSION, in dict_ldap_connect()
687 &dict_ldap->version) != LDAP_OPT_SUCCESS) { in dict_ldap_connect()
689 DICT_LDAP_UNBIND_RETURN(dict_ldap->ld, DICT_ERR_RETRY, -1); in dict_ldap_connect()
692 if (ldap_get_option(dict_ldap->ld, in dict_ldap_connect()
694 &dict_ldap->version) != LDAP_OPT_SUCCESS) in dict_ldap_connect()
698 myname, dict_ldap->version); in dict_ldap_connect()
705 if (dict_ldap->size_limit) { in dict_ldap_connect()
706 if (ldap_set_option(dict_ldap->ld, LDAP_OPT_SIZELIMIT, in dict_ldap_connect()
707 &dict_ldap->size_limit) != LDAP_OPT_SUCCESS) { in dict_ldap_connect()
709 myname, dict_ldap->parser->name, dict_ldap->size_limit); in dict_ldap_connect()
710 DICT_LDAP_UNBIND_RETURN(dict_ldap->ld, DICT_ERR_RETRY, -1); in dict_ldap_connect()
718 if (ldap_set_option(dict_ldap->ld, LDAP_OPT_DEREF, in dict_ldap_connect()
719 &(dict_ldap->dereference)) != LDAP_OPT_SUCCESS) in dict_ldap_connect()
725 if (ldap_set_option(dict_ldap->ld, LDAP_OPT_REFERRALS, in dict_ldap_connect()
726 dict_ldap->chase_referrals ? LDAP_OPT_ON : LDAP_OPT_OFF) in dict_ldap_connect()
729 DICT_LDAP_UNBIND_RETURN(dict_ldap->ld, DICT_ERR_RETRY, -1); in dict_ldap_connect()
732 if (dict_ldap->chase_referrals) { in dict_ldap_connect()
738 if (dict_ldap_set_tls_options(dict_ldap) != 0) in dict_ldap_connect()
739 DICT_LDAP_UNBIND_RETURN(dict_ldap->ld, DICT_ERR_RETRY, -1); in dict_ldap_connect()
740 if (dict_ldap->start_tls) { in dict_ldap_connect()
744 DICT_LDAP_UNBIND_RETURN(dict_ldap->ld, DICT_ERR_RETRY, -1); in dict_ldap_connect()
746 alarm(dict_ldap->timeout); in dict_ldap_connect()
748 rc = ldap_start_tls_s(dict_ldap->ld, NULL, NULL); in dict_ldap_connect()
751 dict_ldap->ld = 0; /* Unknown state after in dict_ldap_connect()
759 dict_ldap->dict.error = DICT_ERR_RETRY; in dict_ldap_connect()
765 dict_ldap->dict.error = DICT_ERR_RETRY; in dict_ldap_connect()
771 #define DN_LOG_VAL(dict_ldap) \ in dict_ldap_connect() argument
772 ((dict_ldap)->bind_dn[0] ? (dict_ldap)->bind_dn : "empty or implicit") in dict_ldap_connect()
778 if (DICT_LDAP_DO_BIND(dict_ldap)) { in dict_ldap_connect()
781 myname, dict_ldap->server_host, DN_LOG_VAL(dict_ldap)); in dict_ldap_connect()
784 if (DICT_LDAP_DO_SASL(dict_ldap)) { in dict_ldap_connect()
785 rc = dict_ldap_bind_sasl(dict_ldap); in dict_ldap_connect()
787 rc = dict_ldap_bind_st(dict_ldap); in dict_ldap_connect()
790 rc = dict_ldap_bind_st(dict_ldap); in dict_ldap_connect()
795 myname, dict_ldap->server_host, DN_LOG_VAL(dict_ldap), in dict_ldap_connect()
797 DICT_LDAP_UNBIND_RETURN(dict_ldap->ld, DICT_ERR_RETRY, -1); in dict_ldap_connect()
801 myname, dict_ldap->server_host, DN_LOG_VAL(dict_ldap)); in dict_ldap_connect()
804 DICT_LDAP_CONN(dict_ldap)->conn_ld = dict_ldap->ld; in dict_ldap_connect()
808 myname, dict_ldap->parser->name); in dict_ldap_connect()
816 static void dict_ldap_conn_find(DICT_LDAP *dict_ldap) in dict_ldap_conn_find() argument
823 int sslon = dict_ldap->start_tls || dict_ldap->ldap_ssl; in dict_ldap_conn_find()
834 ADDSTR(keybuf, dict_ldap->server_host); in dict_ldap_conn_find()
835 ADDINT(keybuf, dict_ldap->server_port); in dict_ldap_conn_find()
836 ADDINT(keybuf, dict_ldap->bind); in dict_ldap_conn_find()
837 ADDSTR(keybuf, DICT_LDAP_DO_BIND(dict_ldap) ? dict_ldap->bind_dn : ""); in dict_ldap_conn_find()
838 ADDSTR(keybuf, DICT_LDAP_DO_BIND(dict_ldap) ? dict_ldap->bind_pw : ""); in dict_ldap_conn_find()
839 ADDINT(keybuf, dict_ldap->dereference); in dict_ldap_conn_find()
840 ADDINT(keybuf, dict_ldap->chase_referrals); in dict_ldap_conn_find()
841 ADDINT(keybuf, dict_ldap->debuglevel); in dict_ldap_conn_find()
842 ADDINT(keybuf, dict_ldap->version); in dict_ldap_conn_find()
845 ADDSTR(keybuf, DICT_LDAP_DO_SASL(dict_ldap) ? dict_ldap->sasl_mechs : ""); in dict_ldap_conn_find()
846 ADDSTR(keybuf, DICT_LDAP_DO_SASL(dict_ldap) ? dict_ldap->sasl_realm : ""); in dict_ldap_conn_find()
847 ADDSTR(keybuf, DICT_LDAP_DO_SASL(dict_ldap) ? dict_ldap->sasl_authz : ""); in dict_ldap_conn_find()
848 ADDINT(keybuf, DICT_LDAP_DO_SASL(dict_ldap) ? dict_ldap->sasl_minssf : 0); in dict_ldap_conn_find()
850 ADDINT(keybuf, dict_ldap->ldap_ssl); in dict_ldap_conn_find()
851 ADDINT(keybuf, dict_ldap->start_tls); in dict_ldap_conn_find()
852 ADDINT(keybuf, sslon ? dict_ldap->tls_require_cert : 0); in dict_ldap_conn_find()
853 ADDSTR(keybuf, sslon ? dict_ldap->tls_ca_cert_file : ""); in dict_ldap_conn_find()
854 ADDSTR(keybuf, sslon ? dict_ldap->tls_ca_cert_dir : ""); in dict_ldap_conn_find()
855 ADDSTR(keybuf, sslon ? dict_ldap->tls_cert : ""); in dict_ldap_conn_find()
856 ADDSTR(keybuf, sslon ? dict_ldap->tls_key : ""); in dict_ldap_conn_find()
857 ADDSTR(keybuf, sslon ? dict_ldap->tls_random_file : ""); in dict_ldap_conn_find()
858 ADDSTR(keybuf, sslon ? dict_ldap->tls_cipher_suite : ""); in dict_ldap_conn_find()
867 if ((dict_ldap->ht = binhash_locate(conn_hash, key, len)) == 0) { in dict_ldap_conn_find()
871 dict_ldap->ht = binhash_enter(conn_hash, key, len, (void *) conn); in dict_ldap_conn_find()
873 ++DICT_LDAP_CONN(dict_ldap)->conn_refcount; in dict_ldap_conn_find()
909 static char **url_attrs(DICT_LDAP *dict_ldap, LDAPURLDesc * url) in url_attrs() argument
929 return (dict_ldap->result_attributes->argv); in url_attrs()
951 for (a2 = dict_ldap->result_attributes->argv; *a2; ++a2) { in url_attrs()
970 static void dict_ldap_get_values(DICT_LDAP *dict_ldap, LDAPMessage *res, in dict_ldap_get_values() argument
995 ldap_count_entries(dict_ldap->ld, res)); in dict_ldap_get_values()
997 for (entry = ldap_first_entry(dict_ldap->ld, res); entry != NULL; in dict_ldap_get_values()
998 entry = ldap_next_entry(dict_ldap->ld, entry)) { in dict_ldap_get_values()
1005 if (dict_ldap->dict.error == 0 in dict_ldap_get_values()
1006 && dict_ldap->size_limit in dict_ldap_get_values()
1007 && ++entries > dict_ldap->size_limit) { in dict_ldap_get_values()
1009 myname, recursion, dict_ldap->parser->name, in dict_ldap_get_values()
1010 dict_ldap->size_limit); in dict_ldap_get_values()
1011 dict_ldap->dict.error = DICT_ERR_RETRY; in dict_ldap_get_values()
1019 if (dict_ldap->num_terminal > 0) { in dict_ldap_get_values()
1020 for (i = 0; i < dict_ldap->num_terminal; ++i) { in dict_ldap_get_values()
1021 attr = dict_ldap->result_attributes->argv[i]; in dict_ldap_get_values()
1022 if (!(vals = ldap_get_values_len(dict_ldap->ld, entry, attr))) in dict_ldap_get_values()
1036 if (is_terminal == 0 && dict_ldap->num_leaf > 0) { in dict_ldap_get_values()
1037 for (i = dict_ldap->num_attributes; in dict_ldap_get_values()
1038 dict_ldap->result_attributes->argv[i]; ++i) { in dict_ldap_get_values()
1039 attr = dict_ldap->result_attributes->argv[i]; in dict_ldap_get_values()
1040 if (!(vals = ldap_get_values_len(dict_ldap->ld, entry, attr))) in dict_ldap_get_values()
1048 for (attr = ldap_first_attribute(dict_ldap->ld, entry, &ber); in dict_ldap_get_values()
1050 attr = ldap_next_attribute(dict_ldap->ld, entry, ber)) { in dict_ldap_get_values()
1052 vals = ldap_get_values_len(dict_ldap->ld, entry, attr); in dict_ldap_get_values()
1070 if (dict_ldap->dict.error != 0 || valcount == 0) { in dict_ldap_get_values()
1085 for (i = 0; dict_ldap->result_attributes->argv[i]; i++) in dict_ldap_get_values()
1086 if (attrdesc_subtype(dict_ldap->result_attributes->argv[i], in dict_ldap_get_values()
1094 if (i < dict_ldap->num_attributes || is_terminal) { in dict_ldap_get_values()
1095 if ((is_terminal && i >= dict_ldap->num_terminal) in dict_ldap_get_values()
1097 i < dict_ldap->num_terminal + dict_ldap->num_leaf)) { in dict_ldap_get_values()
1106 if (db_common_expand(dict_ldap->ctx, in dict_ldap_get_values()
1107 dict_ldap->result_format, in dict_ldap_get_values()
1110 && dict_ldap->expansion_limit > 0 in dict_ldap_get_values()
1111 && ++expansion > dict_ldap->expansion_limit) { in dict_ldap_get_values()
1114 dict_ldap->parser->name, name); in dict_ldap_get_values()
1115 dict_ldap->dict.error = DICT_ERR_RETRY; in dict_ldap_get_values()
1119 if (dict_ldap->dict.error != 0) in dict_ldap_get_values()
1126 } else if (recursion < dict_ldap->recursion_limit in dict_ldap_get_values()
1127 && dict_ldap->result_attributes->argv[i]) { in dict_ldap_get_values()
1133 if ((attrs = url_attrs(dict_ldap, url)) != 0) { in dict_ldap_get_values()
1138 rc = search_st(dict_ldap->ld, url->lud_dn, in dict_ldap_get_values()
1141 attrs, dict_ldap->timeout, in dict_ldap_get_values()
1156 dict_ldap->dict.error = DICT_ERR_RETRY; in dict_ldap_get_values()
1163 rc = search_st(dict_ldap->ld, vals[i]->bv_val, in dict_ldap_get_values()
1165 dict_ldap->result_attributes->argv, in dict_ldap_get_values()
1166 dict_ldap->timeout, &resloop); in dict_ldap_get_values()
1170 dict_ldap_get_values(dict_ldap, resloop, result, name); in dict_ldap_get_values()
1184 dict_ldap->dict.error = DICT_ERR_RETRY; in dict_ldap_get_values()
1191 if (dict_ldap->dict.error != 0) in dict_ldap_get_values()
1194 if (msg_verbose && dict_ldap->dict.error == 0) in dict_ldap_get_values()
1198 } else if (recursion >= dict_ldap->recursion_limit in dict_ldap_get_values()
1199 && dict_ldap->result_attributes->argv[i]) { in dict_ldap_get_values()
1202 dict_ldap->parser->name, attr, vals[0]->bv_val); in dict_ldap_get_values()
1203 dict_ldap->dict.error = DICT_ERR_RETRY; in dict_ldap_get_values()
1221 DICT_LDAP *dict_ldap = (DICT_LDAP *) dict; in dict_ldap_lookup() local
1230 dict_ldap->dict.error = 0; in dict_ldap_lookup()
1242 myname, dict_ldap->parser->name, name); in dict_ldap_lookup()
1261 if ((domain_rc = db_common_check_domain(dict_ldap->ctx, name)) == 0) { in dict_ldap_lookup()
1264 myname, dict_ldap->parser->name, name); in dict_ldap_lookup()
1286 dict_ldap->ld = DICT_LDAP_CONN(dict_ldap)->conn_ld; in dict_ldap_lookup()
1291 if (dict_ldap->ld == NULL) { in dict_ldap_lookup()
1295 myname, dict_ldap->parser->name); in dict_ldap_lookup()
1297 dict_ldap_connect(dict_ldap); in dict_ldap_lookup()
1302 if (dict_ldap->dict.error) in dict_ldap_lookup()
1306 myname, dict_ldap->parser->name); in dict_ldap_lookup()
1315 sizelimit = dict_ldap->size_limit ? dict_ldap->size_limit : LDAP_NO_LIMIT; in dict_ldap_lookup()
1316 if (ldap_set_option(dict_ldap->ld, LDAP_OPT_SIZELIMIT, &sizelimit) in dict_ldap_lookup()
1319 myname, dict_ldap->parser->name, dict_ldap->size_limit); in dict_ldap_lookup()
1320 dict_ldap->dict.error = DICT_ERR_RETRY; in dict_ldap_lookup()
1333 if (!db_common_expand(dict_ldap->ctx, dict_ldap->search_base, in dict_ldap_lookup()
1337 dict_ldap->parser->name, dict_ldap->search_base); in dict_ldap_lookup()
1340 if (!db_common_expand(dict_ldap->ctx, dict_ldap->query, in dict_ldap_lookup()
1344 dict_ldap->parser->name, dict_ldap->query); in dict_ldap_lookup()
1353 dict_ldap->parser->name, vstring_str(query)); in dict_ldap_lookup()
1355 rc = search_st(dict_ldap->ld, vstring_str(base), dict_ldap->scope, in dict_ldap_lookup()
1356 vstring_str(query), dict_ldap->result_attributes->argv, in dict_ldap_lookup()
1357 dict_ldap->timeout, &res); in dict_ldap_lookup()
1362 myname, dict_ldap->parser->name); in dict_ldap_lookup()
1364 dict_ldap_unbind(dict_ldap->ld); in dict_ldap_lookup()
1365 dict_ldap->ld = DICT_LDAP_CONN(dict_ldap)->conn_ld = 0; in dict_ldap_lookup()
1366 dict_ldap_connect(dict_ldap); in dict_ldap_lookup()
1371 if (dict_ldap->dict.error) in dict_ldap_lookup()
1374 rc = search_st(dict_ldap->ld, vstring_str(base), dict_ldap->scope, in dict_ldap_lookup()
1375 vstring_str(query), dict_ldap->result_attributes->argv, in dict_ldap_lookup()
1376 dict_ldap->timeout, &res); in dict_ldap_lookup()
1387 dict_ldap_get_values(dict_ldap, res, result, name); in dict_ldap_lookup()
1394 rc = dict_ldap_get_errno(dict_ldap->ld); in dict_ldap_lookup()
1413 if (dict_ldap->dynamic_base) in dict_ldap_lookup()
1417 myname, dict_ldap->parser->name, in dict_ldap_lookup()
1419 dict_ldap->dict.error = DICT_ERR_RETRY; in dict_ldap_lookup()
1434 dict_ldap_unbind(dict_ldap->ld); in dict_ldap_lookup()
1435 dict_ldap->ld = DICT_LDAP_CONN(dict_ldap)->conn_ld = 0; in dict_ldap_lookup()
1440 dict_ldap->dict.error = DICT_ERR_RETRY; in dict_ldap_lookup()
1454 return (VSTRING_LEN(result) > 0 && !dict_ldap->dict.error ? vstring_str(result) : 0); in dict_ldap_lookup()
1462 DICT_LDAP *dict_ldap = (DICT_LDAP *) dict; in dict_ldap_close() local
1463 LDAP_CONN *conn = DICT_LDAP_CONN(dict_ldap); in dict_ldap_close()
1464 BINHASH_INFO *ht = dict_ldap->ht; in dict_ldap_close()
1470 myname, dict_ldap->parser->name); in dict_ldap_close()
1475 cfg_parser_free(dict_ldap->parser); in dict_ldap_close()
1476 myfree(dict_ldap->server_host); in dict_ldap_close()
1477 myfree(dict_ldap->search_base); in dict_ldap_close()
1478 myfree(dict_ldap->query); in dict_ldap_close()
1479 if (dict_ldap->result_format) in dict_ldap_close()
1480 myfree(dict_ldap->result_format); in dict_ldap_close()
1481 argv_free(dict_ldap->result_attributes); in dict_ldap_close()
1482 myfree(dict_ldap->bind_dn); in dict_ldap_close()
1483 myfree(dict_ldap->bind_pw); in dict_ldap_close()
1484 if (dict_ldap->ctx) in dict_ldap_close()
1485 db_common_free_ctx(dict_ldap->ctx); in dict_ldap_close()
1488 if (DICT_LDAP_DO_SASL(dict_ldap)) { in dict_ldap_close()
1489 myfree(dict_ldap->sasl_mechs); in dict_ldap_close()
1490 myfree(dict_ldap->sasl_realm); in dict_ldap_close()
1491 myfree(dict_ldap->sasl_authz); in dict_ldap_close()
1494 myfree(dict_ldap->tls_ca_cert_file); in dict_ldap_close()
1495 myfree(dict_ldap->tls_ca_cert_dir); in dict_ldap_close()
1496 myfree(dict_ldap->tls_cert); in dict_ldap_close()
1497 myfree(dict_ldap->tls_key); in dict_ldap_close()
1498 myfree(dict_ldap->tls_random_file); in dict_ldap_close()
1499 myfree(dict_ldap->tls_cipher_suite); in dict_ldap_close()
1511 DICT_LDAP *dict_ldap; in dict_ldap_open() local
1541 dict_ldap = (DICT_LDAP *) dict_alloc(DICT_TYPE_LDAP, ldapsource, in dict_ldap_open()
1542 sizeof(*dict_ldap)); in dict_ldap_open()
1543 dict_ldap->dict.lookup = dict_ldap_lookup; in dict_ldap_open()
1544 dict_ldap->dict.close = dict_ldap_close; in dict_ldap_open()
1545 dict_ldap->dict.flags = dict_flags; in dict_ldap_open()
1547 dict_ldap->ld = NULL; in dict_ldap_open()
1548 dict_ldap->parser = parser; in dict_ldap_open()
1550 server_host = cfg_get_str(dict_ldap->parser, "server_host", in dict_ldap_open()
1556 dict_ldap->server_port = in dict_ldap_open()
1557 cfg_get_int(dict_ldap->parser, "server_port", LDAP_PORT, 0, 0); in dict_ldap_open()
1562 dict_ldap->version = cfg_get_int(dict_ldap->parser, "version", 2, 2, 0); in dict_ldap_open()
1563 switch (dict_ldap->version) { in dict_ldap_open()
1565 dict_ldap->version = LDAP_VERSION2; in dict_ldap_open()
1568 dict_ldap->version = LDAP_VERSION3; in dict_ldap_open()
1572 dict_ldap->version); in dict_ldap_open()
1573 dict_ldap->version = LDAP_VERSION2; in dict_ldap_open()
1577 dict_ldap->ldap_ssl = 0; in dict_ldap_open()
1598 dict_ldap->version != LDAP_VERSION3) { in dict_ldap_open()
1601 dict_ldap->version = LDAP_VERSION3; in dict_ldap_open()
1604 dict_ldap->ldap_ssl = 1; in dict_ldap_open()
1616 dict_ldap->server_port); in dict_ldap_open()
1625 dict_ldap->server_host = vstring_export(url_list); in dict_ldap_open()
1632 dict_ldap->server_port = LDAP_PORT; in dict_ldap_open()
1635 dict_ldap->server_host); in dict_ldap_open()
1642 scope = cfg_get_str(dict_ldap->parser, "scope", "sub", 1, 0); in dict_ldap_open()
1645 dict_ldap->scope = LDAP_SCOPE_ONELEVEL; in dict_ldap_open()
1647 dict_ldap->scope = LDAP_SCOPE_BASE; in dict_ldap_open()
1649 dict_ldap->scope = LDAP_SCOPE_SUBTREE; in dict_ldap_open()
1653 dict_ldap->scope = LDAP_SCOPE_SUBTREE; in dict_ldap_open()
1658 dict_ldap->search_base = cfg_get_str(dict_ldap->parser, "search_base", in dict_ldap_open()
1667 dict_ldap->timeout = cfg_get_int(dict_ldap->parser, "timeout", 10, 0, 0); in dict_ldap_open()
1668 dict_ldap->query = in dict_ldap_open()
1669 cfg_get_str(dict_ldap->parser, "query_filter", in dict_ldap_open()
1671 if ((dict_ldap->result_format = in dict_ldap_open()
1672 cfg_get_str(dict_ldap->parser, "result_format", 0, 0, 0)) == 0) in dict_ldap_open()
1673 dict_ldap->result_format = in dict_ldap_open()
1674 cfg_get_str(dict_ldap->parser, "result_filter", "%s", 1, 0); in dict_ldap_open()
1682 dict_ldap->ctx = 0; in dict_ldap_open()
1683 dict_ldap->dynamic_base = in dict_ldap_open()
1684 db_common_parse(&dict_ldap->dict, &dict_ldap->ctx, in dict_ldap_open()
1685 dict_ldap->search_base, 1); in dict_ldap_open()
1686 if (!db_common_parse(0, &dict_ldap->ctx, dict_ldap->query, 1)) { in dict_ldap_open()
1688 myname, ldapsource, dict_ldap->query); in dict_ldap_open()
1690 (void) db_common_parse(0, &dict_ldap->ctx, dict_ldap->result_format, 0); in dict_ldap_open()
1691 db_common_parse_domain(dict_ldap->parser, dict_ldap->ctx); in dict_ldap_open()
1697 if (db_common_dict_partial(dict_ldap->ctx)) in dict_ldap_open()
1698 dict_ldap->dict.flags |= DICT_FLAG_PATTERN; in dict_ldap_open()
1700 dict_ldap->dict.flags |= DICT_FLAG_FIXED; in dict_ldap_open()
1702 dict_ldap->dict.fold_buf = vstring_alloc(10); in dict_ldap_open()
1705 attr = cfg_get_str(dict_ldap->parser, "terminal_result_attribute", "", 0, 0); in dict_ldap_open()
1706 dict_ldap->result_attributes = argv_split(attr, CHARS_COMMA_SP); in dict_ldap_open()
1707 dict_ldap->num_terminal = dict_ldap->result_attributes->argc; in dict_ldap_open()
1711 attr = cfg_get_str(dict_ldap->parser, "leaf_result_attribute", "", 0, 0); in dict_ldap_open()
1713 argv_split_append(dict_ldap->result_attributes, attr, CHARS_COMMA_SP); in dict_ldap_open()
1714 dict_ldap->num_leaf = in dict_ldap_open()
1715 dict_ldap->result_attributes->argc - dict_ldap->num_terminal; in dict_ldap_open()
1719 attr = cfg_get_str(dict_ldap->parser, "result_attribute", "maildrop", 0, 0); in dict_ldap_open()
1721 argv_split_append(dict_ldap->result_attributes, attr, CHARS_COMMA_SP); in dict_ldap_open()
1722 dict_ldap->num_attributes = dict_ldap->result_attributes->argc; in dict_ldap_open()
1726 attr = cfg_get_str(dict_ldap->parser, "special_result_attribute", "", 0, 0); in dict_ldap_open()
1728 argv_split_append(dict_ldap->result_attributes, attr, CHARS_COMMA_SP); in dict_ldap_open()
1734 bindopt = cfg_get_str(dict_ldap->parser, "bind", CONFIG_BOOL_YES, 1, 0); in dict_ldap_open()
1735 dict_ldap->bind = name_code(bindopt_table, NAME_CODE_FLAG_NONE, bindopt); in dict_ldap_open()
1736 if (dict_ldap->bind < 0) in dict_ldap_open()
1738 dict_ldap->parser->name, "bind", bindopt); in dict_ldap_open()
1744 dict_ldap->bind_dn = cfg_get_str(dict_ldap->parser, "bind_dn", "", 0, 0); in dict_ldap_open()
1749 dict_ldap->bind_pw = cfg_get_str(dict_ldap->parser, "bind_pw", "", 0, 0); in dict_ldap_open()
1754 tmp = cfg_get_bool(dict_ldap->parser, "cache", 0); in dict_ldap_open()
1758 tmp = cfg_get_int(dict_ldap->parser, "cache_expiry", -1, 0, 0); in dict_ldap_open()
1762 tmp = cfg_get_int(dict_ldap->parser, "cache_size", -1, 0, 0); in dict_ldap_open()
1766 dict_ldap->recursion_limit = cfg_get_int(dict_ldap->parser, in dict_ldap_open()
1773 dict_ldap->expansion_limit = cfg_get_int(dict_ldap->parser, in dict_ldap_open()
1776 dict_ldap->size_limit = cfg_get_int(dict_ldap->parser, "size_limit", in dict_ldap_open()
1777 dict_ldap->expansion_limit, 0, 0); in dict_ldap_open()
1782 dict_ldap->dereference = cfg_get_int(dict_ldap->parser, "dereference", in dict_ldap_open()
1784 if (dict_ldap->dereference < 0 || dict_ldap->dereference > 3) { in dict_ldap_open()
1786 myname, ldapsource, dict_ldap->dereference); in dict_ldap_open()
1787 dict_ldap->dereference = 0; in dict_ldap_open()
1790 dict_ldap->chase_referrals = cfg_get_bool(dict_ldap->parser, in dict_ldap_open()
1799 if (DICT_LDAP_DO_SASL(dict_ldap)) { in dict_ldap_open()
1800 dict_ldap->sasl_mechs = in dict_ldap_open()
1801 cfg_get_str(dict_ldap->parser, "sasl_mechs", "", 0, 0); in dict_ldap_open()
1802 dict_ldap->sasl_realm = in dict_ldap_open()
1803 cfg_get_str(dict_ldap->parser, "sasl_realm", "", 0, 0); in dict_ldap_open()
1804 dict_ldap->sasl_authz = in dict_ldap_open()
1805 cfg_get_str(dict_ldap->parser, "sasl_authz_id", "", 0, 0); in dict_ldap_open()
1806 dict_ldap->sasl_minssf = in dict_ldap_open()
1807 cfg_get_int(dict_ldap->parser, "sasl_minssf", 0, 0, 4096); in dict_ldap_open()
1809 dict_ldap->sasl_mechs = 0; in dict_ldap_open()
1810 dict_ldap->sasl_realm = 0; in dict_ldap_open()
1811 dict_ldap->sasl_authz = 0; in dict_ldap_open()
1819 dict_ldap->start_tls = cfg_get_bool(dict_ldap->parser, "start_tls", 0); in dict_ldap_open()
1820 if (dict_ldap->start_tls) { in dict_ldap_open()
1821 if (dict_ldap->version < LDAP_VERSION3) { in dict_ldap_open()
1824 dict_ldap->version = LDAP_VERSION3; in dict_ldap_open()
1835 dict_ldap->tls_require_cert = in dict_ldap_open()
1836 cfg_get_bool(dict_ldap->parser, "tls_require_cert", 0) ? in dict_ldap_open()
1840 dict_ldap->tls_ca_cert_file = cfg_get_str(dict_ldap->parser, in dict_ldap_open()
1844 dict_ldap->tls_ca_cert_dir = cfg_get_str(dict_ldap->parser, in dict_ldap_open()
1848 dict_ldap->tls_cert = cfg_get_str(dict_ldap->parser, "tls_cert", in dict_ldap_open()
1852 dict_ldap->tls_key = cfg_get_str(dict_ldap->parser, "tls_key", in dict_ldap_open()
1856 dict_ldap->tls_random_file = cfg_get_str(dict_ldap->parser, in dict_ldap_open()
1860 dict_ldap->tls_cipher_suite = cfg_get_str(dict_ldap->parser, in dict_ldap_open()
1868 dict_ldap->debuglevel = cfg_get_int(dict_ldap->parser, "debuglevel", in dict_ldap_open()
1875 dict_ldap_conn_find(dict_ldap); in dict_ldap_open()
1880 dict_ldap->dict.owner = cfg_get_owner(dict_ldap->parser); in dict_ldap_open()
1881 return (DICT_DEBUG (&dict_ldap->dict)); in dict_ldap_open()