"sizelimit=%d timelimit=%d tcplimit=%d\n",
search_type == SEARCH_LDAP_MULTIPLE ? "m" :
search_type == SEARCH_LDAP_DN ? "dn" :
"sizelimit=%d timelimit=%d tcplimit=%d\n",
search_type == SEARCH_LDAP_MULTIPLE ? "m" :
search_type == SEARCH_LDAP_DN ? "dn" :
than the host name + "ldaps:///" plus : and a port number, say 20 + the
length of the host name. What we get should accommodate both, easily. */
than the host name + "ldaps:///" plus : and a port number, say 20 + the
length of the host name. What we get should accommodate both, easily. */
/* Handle connection via Unix socket ("ldapi"). We build a basic LDAP URI to
contain the path name, with slashes escaped as %2F. */
if (ldapi)
{
/* Handle connection via Unix socket ("ldapi"). We build a basic LDAP URI to
contain the path name, with slashes escaped as %2F. */
if (ldapi)
{
- int ch;
- init_ptr = init_url + 8;
- Ustrcpy(init_url, "ldapi://");
- while ((ch = *shost++))
- if (ch == '/')
- { Ustrncpy(init_ptr, "%2F", 3); init_ptr += 3; }
- else
- *init_ptr++ = ch;
- *init_ptr = 0;
+ g = string_catn(NULL, US"ldapi://", 8);
+ for (uschar ch; (ch = *shost); shost++)
+ g = ch == '/' ? string_catn(g, US"%2F", 3) : string_catn(g, shost, 1);
- init_ptr = Ustrchr(ldap_url, '/');
- Ustrncpy(init_url, ldap_url, init_ptr - ldap_url);
- init_ptr = init_url + (init_ptr - ldap_url);
- sprintf(CS init_ptr, "//%s:%d/", shost, port);
+ uschar * init_ptr = Ustrchr(ldap_url, '/');
+ g = string_catn(NULL, ldap_url, init_ptr - ldap_url);
+ g = string_fmt_append(g, "//%s:%d/", shost, port);
- DEBUG(D_lookup) debug_printf("ldap_initialize with URL %s\n", init_url);
- if ((rc = ldap_initialize(&ld, CS init_url)) != LDAP_SUCCESS)
+ DEBUG(D_lookup) debug_printf_indent("ldap_initialize with URL %s\n", g->s);
+ if ((rc = ldap_initialize(&ld, CS g->s)) != LDAP_SUCCESS)
eldap_version, host, porttext);
/* If not using ldapi and TLS is available, set appropriate TLS options: hard
eldap_version, host, porttext);
/* If not using ldapi and TLS is available, set appropriate TLS options: hard
cert_option, ldap_err2string(rc));
}
#endif
#ifdef LDAP_OPT_X_TLS_NEWCTX
if ((rc = ldap_set_option(ldsetctx, LDAP_OPT_X_TLS_NEWCTX, &am_server)))
DEBUG(D_lookup)
cert_option, ldap_err2string(rc));
}
#endif
#ifdef LDAP_OPT_X_TLS_NEWCTX
if ((rc = ldap_set_option(ldsetctx, LDAP_OPT_X_TLS_NEWCTX, &am_server)))
DEBUG(D_lookup)
rc, ldap_err2string(rc));
#endif
/* Now add this connection to the chain of cached connections */
rc, ldap_err2string(rc));
#endif
/* Now add this connection to the chain of cached connections */
- lcp = store_get(sizeof(LDAP_CONNECTION));
- lcp->host = (host == NULL)? NULL : string_copy(host);
+ lcp = store_get(sizeof(LDAP_CONNECTION), FALSE);
+ lcp->host = host ? string_copy(host) : NULL;
lcp->bound ? "re-" : "", user, password);
if (eldap_start_tls && !lcp->is_start_tls_called && !ldapi)
lcp->bound ? "re-" : "", user, password);
if (eldap_start_tls && !lcp->is_start_tls_called && !ldapi)
msgid = ldap_search(lcp->ld, ludp->lud_dn, ludp->lud_scope, ludp->lud_filter,
ludp->lud_attrs, 0);
msgid = ldap_search(lcp->ld, ludp->lud_dn, ludp->lud_scope, ludp->lud_filter,
ludp->lud_attrs, 0);
then we get two entries, one for A and one for B.
Here we just count the values per entry */
then we get two entries, one for A and one for B.
Here we just count the values per entry */
else for (uschar * attr = US ldap_first_attribute(lcp->ld, e, &ber);
attr; attr = US ldap_next_attribute(lcp->ld, e, ber))
{
else for (uschar * attr = US ldap_first_attribute(lcp->ld, e, &ber);
attr; attr = US ldap_next_attribute(lcp->ld, e, ber))
{
/* In case of attrs_requested == 1 we just count the values, in all other cases
(0, >1) we count the values per attribute */
/* In case of attrs_requested == 1 we just count the values, in all other cases
(0, >1) we count the values per attribute */
/* In case we requested one attribute only but got several times
into that attr loop, we need to append the additional values.
/* In case we requested one attribute only but got several times
into that attr loop, we need to append the additional values.
#if defined LDAP_LIB_SOLARIS || defined LDAP_LIB_OPENLDAP2
ldap_get_option(lcp->ld, LDAP_OPT_ERROR_NUMBER, &err);
#if defined LDAP_LIB_SOLARIS || defined LDAP_LIB_OPENLDAP2
ldap_get_option(lcp->ld, LDAP_OPT_ERROR_NUMBER, &err);
ldap_rc = rc;
ldap_parse_rc = ldap_parse_result(lcp->ld, result, &rc, CSS &matched,
CSS &error2, NULL, NULL, 0);
ldap_rc = rc;
ldap_parse_rc = ldap_parse_result(lcp->ld, result, &rc, CSS &matched,
CSS &error2, NULL, NULL, 0);
rc, ldap_err2string(rc));
if (rc != LDAP_SUCCESS && rc != LDAP_SIZELIMIT_EXCEEDED
rc, ldap_err2string(rc));
if (rc != LDAP_SUCCESS && rc != LDAP_SIZELIMIT_EXCEEDED
while (strncmpic(url, US"ldap", 4) != 0)
{
const uschar *name = url;
while (strncmpic(url, US"ldap", 4) != 0)
{
const uschar *name = url;
{
*errmsg = string_sprintf("LDAP_OP_DEREF not defined in this LDAP "
"library - cannot use \"dereference\"");
{
*errmsg = string_sprintf("LDAP_OP_DEREF not defined in this LDAP "
"library - cannot use \"dereference\"");
- *errmsg = string_sprintf("LDAP option REFERRALS is not \"follow\" "
- "or \"nofollow\"");
- DEBUG(D_lookup) debug_printf("%s\n", *errmsg);
+ *errmsg = US"LDAP option REFERRALS is not \"follow\" or \"nofollow\"";
+ DEBUG(D_lookup) debug_printf_indent("%s\n", *errmsg);
{
*errmsg = string_sprintf("LDAP_OP_REFERRALS not defined in this LDAP "
"library - cannot use \"referrals\"");
{
*errmsg = string_sprintf("LDAP_OP_REFERRALS not defined in this LDAP "
"library - cannot use \"referrals\"");
"dereference=%d referrals=%s\n", user, password, sizelimit, timelimit,
"dereference=%d referrals=%s\n", user, password, sizelimit, timelimit,
/* If the request is just to check authentication, some credentials must
be given. The password must not be empty because LDAP binds with an empty
/* If the request is just to check authentication, some credentials must
be given. The password must not be empty because LDAP binds with an empty
{
*errmsg = string_sprintf("LDAP URL does not start with \"ldap://\", "
"\"ldaps://\", or \"ldapi://\" (it starts with \"%.16s...\")", url);
{
*errmsg = string_sprintf("LDAP URL does not start with \"ldap://\", "
"\"ldaps://\", or \"ldapi://\" (it starts with \"%.16s...\")", url);
return perform_ldap_search(url, NULL, 0, search_type, res, errmsg,
&defer_break, user, password, sizelimit, timelimit, tcplimit, dereference,
referrals);
return perform_ldap_search(url, NULL, 0, search_type, res, errmsg,
&defer_break, user, password, sizelimit, timelimit, tcplimit, dereference,
referrals);
/* Loop through the default servers until OK or FAIL. Use local_servers list
* if defined in the lookup, otherwise use the global default list */
/* Loop through the default servers until OK or FAIL. Use local_servers list
* if defined in the lookup, otherwise use the global default list */
-list = (local_servers == NULL) ? eldap_default_servers : local_servers;
-while ((server = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) != NULL)
+list = !local_servers ? eldap_default_servers : local_servers;
+while ((server = string_nextinlist(&list, &sep, buffer, sizeof(buffer))))
t += 3; /* fall through to check URL */
}
if (Ustrchr(URL_NONQUOTE, c) == NULL) /* e.g. ] => %5D */
t += 3; /* fall through to check URL */
}
if (Ustrchr(URL_NONQUOTE, c) == NULL) /* e.g. ] => %5D */