summaryrefslogtreecommitdiff
path: root/usr.sbin/smtpd/table_ldap.c
diff options
context:
space:
mode:
authorEric Faurot <eric@cvs.openbsd.org>2013-07-20 09:06:47 +0000
committerEric Faurot <eric@cvs.openbsd.org>2013-07-20 09:06:47 +0000
commit423fb084212ae7bd9fb0bf673eaa82d7259e724f (patch)
treeeb70b490f97fcad2ce2d58da5fc61100c5094d98 /usr.sbin/smtpd/table_ldap.c
parentd7a4fe68373b71c4e4bec9c27af2d346d28920df (diff)
Update ldap and sqlite table backends and provide them as external backends.
Diffstat (limited to 'usr.sbin/smtpd/table_ldap.c')
-rw-r--r--usr.sbin/smtpd/table_ldap.c912
1 files changed, 405 insertions, 507 deletions
diff --git a/usr.sbin/smtpd/table_ldap.c b/usr.sbin/smtpd/table_ldap.c
index f3aff8b43a7..51d170144cb 100644
--- a/usr.sbin/smtpd/table_ldap.c
+++ b/usr.sbin/smtpd/table_ldap.c
@@ -1,7 +1,7 @@
-/* $OpenBSD: table_ldap.c,v 1.4 2013/05/24 17:03:14 eric Exp $ */
+/* $OpenBSD: table_ldap.c,v 1.5 2013/07/20 09:06:46 eric Exp $ */
/*
- * Copyright (c) 2010-2012 Gilles Chehade <gilles@poolp.org>
+ * Copyright (c) 2013 Eric Faurot <eric@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -17,237 +17,422 @@
*/
#include <sys/types.h>
-#include <sys/queue.h>
-#include <sys/tree.h>
-#include <sys/socket.h>
-
-#include <netinet/in.h>
-#include <arpa/inet.h>
#include <ctype.h>
-#include <err.h>
-#include <errno.h>
-#include <event.h>
-#include <fcntl.h>
-#include <imsg.h>
-#include <stdio.h>
+#include <getopt.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
-#include "smtpd.h"
-#include "aldap.h"
+#include "smtpd-defines.h"
+#include "smtpd-api.h"
#include "log.h"
+#include "aldap.h"
-#define MAX_LDAP_IDENTIFIER 32
-#define MAX_LDAP_URL 256
-#define MAX_LDAP_USERNAME 256
-#define MAX_LDAP_PASSWORD 256
-#define MAX_LDAP_BASELEN 128
-#define MAX_LDAP_FILTERLEN 1024
-#define MAX_LDAP_FIELDLEN 128
-
-static void *table_ldap_open(struct table *);
-static int table_ldap_update(struct table *);
-static int table_ldap_config(struct table *);
-static int table_ldap_lookup(void *, const char *, enum table_service, union lookup *);
-static int table_ldap_fetch(void *, enum table_service, union lookup *);
-static void table_ldap_close(void *);
-static struct aldap *ldap_client_connect(const char *);
-
-struct table_backend table_backend_ldap = {
- K_ALIAS|K_CREDENTIALS|K_DOMAIN|K_USERINFO, /* K_NETADDR|K_SOURCE,*/
- table_ldap_config,
- table_ldap_open,
- table_ldap_update,
- table_ldap_close,
- table_ldap_lookup,
- table_ldap_fetch
+#define MAX_LDAP_IDENTIFIER 32
+#define MAX_LDAP_URL 256
+#define MAX_LDAP_USERNAME 256
+#define MAX_LDAP_PASSWORD 256
+#define MAX_LDAP_BASELEN 128
+#define MAX_LDAP_FILTERLEN 1024
+#define MAX_LDAP_FIELDLEN 128
+
+
+enum {
+ LDAP_ALIAS = 0,
+ LDAP_DOMAIN,
+ LDAP_CREDENTIALS,
+ LDAP_NETADDR,
+ LDAP_USERINFO,
+ LDAP_SOURCE,
+ LDAP_MAILADDR,
+ LDAP_ADDRNAME,
+
+ LDAP_MAX
};
-struct table_ldap_handle {
- struct aldap *aldap;
- struct table *table;
+#define MAX_ATTRS 6
+
+struct query {
+ char *filter;
+ char *attrs[MAX_ATTRS];
+ int attrn;
};
-static int parse_attributes(char **, const char *, size_t);
-static int table_ldap_internal_query(struct aldap *, const char *,
- const char *, char **, char ***, size_t);
+static int table_ldap_update(void);
+static int table_ldap_check(int, const char *);
+static int table_ldap_lookup(int, const char *, char *, size_t);
+static int table_ldap_fetch(int, char *, size_t);
-static int table_ldap_alias(struct table_ldap_handle *, const char *, union lookup *);
-static int table_ldap_credentials(struct table_ldap_handle *, const char *, union lookup *);
-static int table_ldap_domain(struct table_ldap_handle *, const char *, union lookup *);
-static int table_ldap_userinfo(struct table_ldap_handle *, const char *, union lookup *);
+static int ldap_config(void);
+static int ldap_open(void);
+static int ldap_query(const char *, char **, char ***, size_t);
+static int ldap_parse_attributes(char **, const char *, const char *, size_t);
+static int ldap_run_query(int type, const char *, char *, size_t);
+static char *config;
-static int
-table_ldap_config(struct table *table)
+static char *url;
+static char *username;
+static char *password;
+static char *basedn;
+
+static struct aldap *aldap;
+static struct query queries[LDAP_MAX];
+
+int
+main(int argc, char **argv)
{
- struct table *cfg = NULL;
+ int ch;
- /* no config ? broken */
- if (table->t_config[0] == '\0')
- return 0;
+ log_init(1);
+ log_verbose(~0);
- cfg = table_create("static", table->t_name, "conf", table->t_config);
- if (!table_config(cfg))
- goto err;
+ while ((ch = getopt(argc, argv, "")) != -1) {
+ switch (ch) {
+ default:
+ log_warnx("warn: table-ldap: bad option");
+ return (1);
+ /* NOTREACHED */
+ }
+ }
+ argc -= optind;
+ argv += optind;
- /* sanity checks */
- if (table_get(cfg, "url") == NULL) {
- log_warnx("table_ldap: missing 'url' configuration");
- goto err;
+ if (argc != 1) {
+ log_warnx("warn: table-ldap: bogus argument(s)");
+ return (1);
}
- if (table_get(cfg, "basedn") == NULL) {
- log_warnx("table_ldap: missing 'basedn' configuration");
- goto err;
+ config = argv[0];
+
+ if (!ldap_config()) {
+ log_warnx("warn: table-ldap: could not parse config");
+ return (1);
}
- return 1;
+ log_debug("debug: table-ldap: done reading config");
-err:
- table_destroy(cfg);
- return 0;
+ if (!ldap_open()) {
+ log_warnx("warn: table-ldap: failed to connect");
+ return (1);
+ }
+
+ log_debug("debug: table-ldap: connected");
+ table_api_on_update(table_ldap_update);
+ table_api_on_check(table_ldap_check);
+ table_api_on_lookup(table_ldap_lookup);
+ table_api_on_fetch(table_ldap_fetch);
+ table_api_dispatch();
+
+ return (0);
}
static int
-table_ldap_update(struct table *table)
+table_ldap_update(void)
{
- return 1;
+ return (1);
}
-static void *
-table_ldap_open(struct table *table)
+static int
+table_ldap_check(int service, const char *key)
{
- struct table *cfg = NULL;
- struct table_ldap_handle *tlh = NULL;
- struct aldap_message *message = NULL;
- char *url = NULL;
- char *username = NULL;
- char *password = NULL;
-
- cfg = table_find(table->t_name, "conf");
- if (table_get(cfg, "url") == NULL ||
- table_get(cfg, "username") == NULL ||
- table_get(cfg, "password") == NULL)
- goto err;
-
- url = xstrdup(table_get(cfg, "url"), "table_ldap_open");
- username = xstrdup(table_get(cfg, "username"), "table_ldap_open");
- password = xstrdup(table_get(cfg, "password"), "table_ldap_open");
-
- tlh = xcalloc(1, sizeof(*tlh), "table_ldap_open");
- tlh->table = table;
- tlh->aldap = ldap_client_connect(url);
- if (tlh->aldap == NULL) {
- log_warnx("table_ldap_open: ldap_client_connect error");
- goto err;
+ switch(service) {
+ case K_ALIAS:
+ case K_DOMAIN:
+ case K_CREDENTIALS:
+ case K_USERINFO:
+ return ldap_run_query(service, key, NULL, 0);
+ default:
+ return (-1);
}
+}
- if (aldap_bind(tlh->aldap, username, password) == -1) {
- log_warnx("table_ldap_open: aldap_bind error");
- goto err;
+static int
+table_ldap_lookup(int service, const char *key, char *dst, size_t sz)
+{
+ switch(service) {
+ case K_ALIAS:
+ case K_DOMAIN:
+ case K_CREDENTIALS:
+ case K_USERINFO:
+ return ldap_run_query(service, key, dst, sz);
+ default:
+ return (-1);
}
+}
- if ((message = aldap_parse(tlh->aldap)) == NULL) {
- log_warnx("table_ldap_open: aldap_parse");
- goto err;
+static int
+table_ldap_fetch(int service, char *dst, size_t sz)
+{
+ return (-1);
+}
+
+static struct aldap *
+ldap_connect(const char *addr)
+{
+ struct aldap_url lu;
+ struct addrinfo hints, *res0, *res;
+ char *buf;
+ int error, fd = -1;
+
+ if ((buf = strdup(addr)) == NULL)
+ return (NULL);
+
+ /* XXX buf leak */
+
+ if (aldap_parse_url(buf, &lu) != 1) {
+ log_warnx("warn: table-ldap: ldap_parse_url fail");
+ return (NULL);
}
- switch (aldap_get_resultcode(message)) {
- case LDAP_SUCCESS:
- log_warnx("table_ldap_open: ldap server accepted credentials");
- break;
- case LDAP_INVALID_CREDENTIALS:
- log_warnx("table_ldap_open: ldap server refused credentials");
- goto err;
- default:
- log_warnx("table_ldap_open: failed to bind, result #%d", aldap_get_resultcode(message));
- goto err;
+ bzero(&hints, sizeof(hints));
+ hints.ai_family = PF_UNSPEC;
+ hints.ai_socktype = SOCK_STREAM; /* DUMMY */
+ error = getaddrinfo(lu.host, NULL, &hints, &res0);
+ if (error == EAI_AGAIN || error == EAI_NODATA || error == EAI_NONAME)
+ return (NULL);
+ if (error) {
+ log_warnx("warn: table-ldap: could not parse \"%s\": %s",
+ lu.host, gai_strerror(error));
+ return (NULL);
}
- return tlh;
+ for (res = res0; res; res = res->ai_next) {
+ if (res->ai_family != AF_INET && res->ai_family != AF_INET6)
+ continue;
+
+ fd = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+ if (fd == -1)
+ continue;
-err:
- if (tlh) {
- if (tlh->aldap != NULL)
- aldap_close(tlh->aldap);
- free(tlh);
+ if (res->ai_family == AF_INET) {
+ struct sockaddr_in sin4 = *(struct sockaddr_in *)res->ai_addr;
+ sin4.sin_port = htons(lu.port);
+ if (connect(fd, (struct sockaddr *)&sin4, res->ai_addrlen) == 0)
+ return aldap_init(fd);
+ }
+ else if (res->ai_family == AF_INET6) {
+ struct sockaddr_in6 sin6 = *(struct sockaddr_in6 *)res->ai_addr;
+ sin6.sin6_port = htons(lu.port);
+ if (connect(fd, (struct sockaddr *)&sin6, res->ai_addrlen) == 0)
+ return aldap_init(fd);
+ }
+
+ close(fd);
+ fd = -1;
}
- if (message != NULL)
- aldap_freemsg(message);
- return NULL;
+
+ return (NULL);
}
-static void
-table_ldap_close(void *hdl)
+static int
+read_value(char **store, const char *key, const char *value)
{
- struct table_ldap_handle *tlh = hdl;
+ log_debug("debug: table-ldap: reading key \"%s\" -> \"%s\"",
+ key, value);
+
+ if (*store) {
+ log_warnx("warn: table-ldap: duplicate key %s", key);
+ return (0);
+ }
+
+ if ((*store = strdup(value)) == NULL) {
+ log_warn("warn: table-ldap: strdup");
+ return (0);
+ }
- aldap_close(tlh->aldap);
- free(tlh);
+ return (1);
}
static int
-table_ldap_lookup(void *hdl, const char *key, enum table_service service,
- union lookup *lk)
+ldap_parse_attributes(char **attributes, const char *key, const char *line,
+ size_t expect)
{
- struct table_ldap_handle *tlh = hdl;
-
- switch (service) {
- case K_ALIAS:
- return table_ldap_alias(tlh, key, lk);
-
- case K_CREDENTIALS:
- return table_ldap_credentials(tlh, key, lk);
+ char buffer[1024];
+ char *p;
+ size_t m, n;
- case K_DOMAIN:
- return table_ldap_domain(tlh, key, lk);
+ log_debug("debug: table-ldap: parsing attribute \"%s\" (%zu) -> \"%s\"",
+ key, expect, line);
- case K_USERINFO:
- return table_ldap_userinfo(tlh, key, lk);
+ if (strlcpy(buffer, line, sizeof buffer) >= sizeof buffer)
+ return (0);
- default:
- break;
+ m = 1;
+ for (p = buffer; *p; ++p) {
+ if (*p == ',') {
+ *p = 0;
+ m++;
+ }
}
+ if (expect != m)
+ return (0);
- return 0;
+ p = buffer;
+ for (n = 0; n < expect; ++n)
+ attributes[n] = NULL;
+ for (n = 0; n < m; ++n) {
+ attributes[n] = strdup(p);
+ if (attributes[n] == NULL) {
+ log_warnx("warn: table-ldap: strdup");
+ return (0); /* XXX cleanup */
+ }
+ p += strlen(p) + 1;
+ }
+ return (1);
}
static int
-table_ldap_fetch(void *hdl, enum table_service service, union lookup *lk)
+ldap_config(void)
{
- /* fetch not support for LDAP at this point */
- return -1;
+ size_t flen;
+ FILE *fp;
+ char *key, *value, *buf, *lbuf;
+
+ fp = fopen(config, "r");
+ if (fp == NULL)
+ return (0);
+
+ lbuf = NULL;
+ while ((buf = fgetln(fp, &flen))) {
+ if (buf[flen - 1] == '\n')
+ buf[flen - 1] = '\0';
+ else {
+ lbuf = malloc(flen + 1);
+ if (lbuf == NULL) {
+ log_warn("warn: table-ldap: malloc");
+ return (0);
+ }
+ memcpy(lbuf, buf, flen);
+ lbuf[flen] = '\0';
+ buf = lbuf;
+ }
+
+ key = buf;
+ while (isspace((int)*key))
+ ++key;
+ if (*key == '\0' || *key == '#')
+ continue;
+ value = key;
+ strsep(&value, " \t:");
+ if (value) {
+ while (*value) {
+ if (!isspace(*value) &&
+ !(*value == ':' && isspace(*(value + 1))))
+ break;
+ ++value;
+ }
+ if (*value == '\0')
+ value = NULL;
+ }
+
+ if (value == NULL) {
+ log_warnx("warn: table-ldap: missing value for key %s", key);
+ continue;
+ }
+
+ if (!strcmp(key, "url"))
+ read_value(&url, key, value);
+ else if (!strcmp(key, "username"))
+ read_value(&username, key, value);
+ else if (!strcmp(key, "password"))
+ read_value(&password, key, value);
+ else if (!strcmp(key, "basedn"))
+ read_value(&basedn, key, value);
+
+ else if (!strcmp(key, "alias_filter"))
+ read_value(&queries[LDAP_ALIAS].filter, key, value);
+ else if (!strcmp(key, "alias_attributes"))
+ ldap_parse_attributes(queries[LDAP_ALIAS].attrs,
+ key, value, 1);
+
+ else if (!strcmp(key, "credentials_filter"))
+ read_value(&queries[LDAP_CREDENTIALS].filter, key, value);
+ else if (!strcmp(key, "credentials_attributes"))
+ ldap_parse_attributes(queries[LDAP_CREDENTIALS].attrs,
+ key, value, 2);
+
+ else if (!strcmp(key, "domain_filter"))
+ read_value(&queries[LDAP_DOMAIN].filter, key, value);
+ else if (!strcmp(key, "domain_attributes"))
+ ldap_parse_attributes(queries[LDAP_DOMAIN].attrs,
+ key, value, 1);
+
+ else if (!strcmp(key, "userinfo_filter"))
+ read_value(&queries[LDAP_USERINFO].filter, key, value);
+ else if (!strcmp(key, "userinfo_attributes"))
+ ldap_parse_attributes(queries[LDAP_USERINFO].attrs,
+ key, value, 4);
+ else
+ log_warnx("warn: table-ldap: bogus entry \"%s\"", key);
+ }
+
+ free(lbuf);
+ fclose(fp);
+ return (1);
}
static int
-filter_expand(char **expfilter, const char *filter, const char *key)
+ldap_open(void)
{
- if (asprintf(expfilter, filter, key) < 0)
- return 0;
- return 1;
+ struct aldap_message *amsg = NULL;
+
+ aldap = ldap_connect(url);
+ if (aldap == NULL) {
+ log_warnx("warn: table-ldap: ldap_connect error");
+ goto err;
+ }
+
+ if (aldap_bind(aldap, username, password) == -1) {
+ log_warnx("warn: table-ldap: aldap_bind error");
+ goto err;
+ }
+
+ if ((amsg = aldap_parse(aldap)) == NULL) {
+ log_warnx("warn: table-ldap: aldap_parse");
+ goto err;
+ }
+
+ switch (aldap_get_resultcode(amsg)) {
+ case LDAP_SUCCESS:
+ log_debug("debug: table-ldap: ldap server accepted credentials");
+ break;
+ case LDAP_INVALID_CREDENTIALS:
+ log_warnx("warn: table-ldap: ldap server refused credentials");
+ goto err;
+ default:
+ log_warnx("warn: table-ldap: failed to bind, result #%d",
+ aldap_get_resultcode(amsg));
+ goto err;
+ }
+
+ if (amsg)
+ aldap_freemsg(amsg);
+ return (1);
+
+err:
+ if (aldap)
+ aldap_close(aldap);
+ if (amsg)
+ aldap_freemsg(amsg);
+ return (0);
}
static int
-table_ldap_internal_query(struct aldap *aldap, const char *basedn,
- const char *filter, char **attributes, char ***outp, size_t n)
+ldap_query(const char *filter, char **attributes, char ***outp, size_t n)
{
- struct aldap_message *m = NULL;
- struct aldap_page_control *pg = NULL;
- int ret;
- int found;
- size_t i;
- char basedn__[MAX_LDAP_BASELEN];
- char filter__[MAX_LDAP_FILTERLEN];
-
- if (strlcpy(basedn__, basedn, sizeof basedn__)
- >= sizeof basedn__)
+ struct aldap_message *m = NULL;
+ struct aldap_page_control *pg = NULL;
+ int ret, found;
+ size_t i;
+ char basedn__[MAX_LDAP_BASELEN];
+ char filter__[MAX_LDAP_FILTERLEN];
+
+ if (strlcpy(basedn__, basedn, sizeof basedn__) >= sizeof basedn__)
return -1;
- if (strlcpy(filter__, filter, sizeof filter__)
- >= sizeof filter__)
+ if (strlcpy(filter__, filter, sizeof filter__) >= sizeof filter__)
return -1;
found = 0;
do {
@@ -296,360 +481,73 @@ end:
return ret;
}
-
-static int
-table_ldap_credentials(struct table_ldap_handle *tlh, const char *key, union lookup *lk)
-{
- struct aldap *aldap = tlh->aldap;
- struct table *cfg = table_find(tlh->table->t_name, "conf");
- const char *filter = NULL;
- const char *basedn = NULL;
- char *expfilter = NULL;
- char *attributes[4];
- char **ret_attr[4];
- const char *attr;
- char line[1024];
- int ret = -1;
- size_t i;
-
- bzero(&attributes, sizeof attributes);
- bzero(&ret_attr, sizeof ret_attr);
-
- basedn = table_get(cfg, "basedn");
- if ((filter = table_get(cfg, "credentials_filter")) == NULL) {
- log_warnx("table_ldap: lookup: no filter configured for credentials");
- goto end;
- }
-
- if ((attr = table_get(cfg, "credentials_attributes")) == NULL) {
- log_warnx("table_ldap: lookup: no attributes configured for credentials");
- goto end;
- }
-
- if (! filter_expand(&expfilter, filter, key)) {
- log_warnx("table_ldap: lookup: couldn't expand filter");
- goto end;
- }
-
- if (! parse_attributes(attributes, attr, 2)) {
- log_warnx("table_ldap: lookup: failed to parse attributes");
- goto end;
- }
-
- if ((ret = table_ldap_internal_query(aldap, basedn, expfilter, attributes,
- ret_attr, nitems(attributes))) <= 0)
- goto end;
-
- if (lk == NULL)
- goto end;
-
- if (! bsnprintf(line, sizeof line, "%s:%s", ret_attr[0][0], ret_attr[0][1])) {
- ret = -1;
- goto end;
- }
-
- bzero(&lk->creds, sizeof(lk->creds));
- if (! text_to_credentials(&lk->creds, line))
- ret = -1;
-
-end:
- for (i = 0; i < nitems(attributes); ++i) {
- free(attributes[i]);
- if (ret_attr[i])
- aldap_free_attr(ret_attr[i]);
- }
-
- free(expfilter);
- log_debug("debug: table_ldap_credentials: ret=%d", ret);
- return ret;
-}
-
static int
-table_ldap_domain(struct table_ldap_handle *tlh, const char *key, union lookup *lk)
+ldap_run_query(int type, const char *key, char *dst, size_t sz)
{
- struct aldap *aldap = tlh->aldap;
- struct table *cfg = table_find(tlh->table->t_name, "conf");
- const char *filter = NULL;
- const char *basedn = NULL;
- char *expfilter = NULL;
- char *attributes[1];
- char **ret_attr[1];
- const char *attr;
- int ret = -1;
- size_t i;
-
- bzero(&attributes, sizeof attributes);
- bzero(&ret_attr, sizeof ret_attr);
-
- log_debug("domain: %s", key);
- basedn = table_get(cfg, "basedn");
- if ((filter = table_get(cfg, "domain_filter")) == NULL) {
- log_warnx("table_ldap: lookup: no filter configured for domain");
- goto end;
- }
-
- if ((attr = table_get(cfg, "domain_attributes")) == NULL) {
- log_warnx("table_ldap: lookup: no attributes configured for domain");
- goto end;
- }
-
- if (! filter_expand(&expfilter, filter, key)) {
- log_warnx("table_ldap: lookup: couldn't expand filter");
- goto end;
- }
-
- if (! parse_attributes(attributes, attr, 1)) {
- log_warnx("table_ldap: lookup: failed to parse attributes");
- goto end;
- }
-
- if ((ret = table_ldap_internal_query(aldap, basedn, expfilter, attributes,
- ret_attr, nitems(attributes))) <= 0)
- goto end;
-
- if (lk == NULL)
- goto end;
-
- bzero(&lk->domain, sizeof(lk->domain));
- if (strlcpy(lk->domain.name, ret_attr[0][0], sizeof(lk->domain.name))
- >= sizeof(lk->domain.name))
- ret = -1;
-
-end:
- for (i = 0; i < nitems(attributes); ++i) {
- free(attributes[i]);
- if (ret_attr[i])
- aldap_free_attr(ret_attr[i]);
- }
- free(expfilter);
- log_debug("debug: table_ldap_domain: ret=%d", ret);
- return ret;
-}
-
-static int
-table_ldap_userinfo(struct table_ldap_handle *tlh, const char *key, union lookup *lk)
-{
- struct aldap *aldap = tlh->aldap;
- struct table *cfg = table_find(tlh->table->t_name, "conf");
- const char *filter = NULL;
- const char *basedn = NULL;
- char *expfilter = NULL;
- char *attributes[4];
- char **ret_attr[4];
- const char *attr;
- char line[1024];
- int ret = -1;
- size_t i;
-
- bzero(&attributes, sizeof attributes);
- bzero(&ret_attr, sizeof ret_attr);
-
- basedn = table_get(cfg, "basedn");
- if ((filter = table_get(cfg, "userinfo_filter")) == NULL) {
- log_warnx("table_ldap: lookup: no filter configured for userinfo");
- goto end;
- }
-
- if ((attr = table_get(cfg, "userinfo_attributes")) == NULL) {
- log_warnx("table_ldap: lookup: no attributes configured for userinfo");
- goto end;
- }
-
- if (! filter_expand(&expfilter, filter, key)) {
- log_warnx("table_ldap: lookup: couldn't expand filter");
- goto end;
- }
-
- if (! parse_attributes(attributes, attr, 4)) {
- log_warnx("table_ldap: lookup: failed to parse attributes");
- goto end;
- }
-
- if ((ret = table_ldap_internal_query(aldap, basedn, expfilter, attributes,
- ret_attr, nitems(attributes))) <= 0)
- goto end;
-
- if (lk == NULL)
- goto end;
-
- if (! bsnprintf(line, sizeof line, "%s:%s:%s:%s",
- ret_attr[0][0], ret_attr[1][0], ret_attr[2][0], ret_attr[3][0])) {
- ret = -1;
- goto end;
- }
-
- bzero(&lk->userinfo, sizeof(lk->userinfo));
- if (!text_to_userinfo(&(lk->userinfo), line))
- ret = -1;
-
-end:
- for (i = 0; i < nitems(attributes); ++i) {
- free(attributes[i]);
- if (ret_attr[i])
- aldap_free_attr(ret_attr[i]);
- }
- free(expfilter);
- log_debug("debug: table_ldap_userinfo: ret=%d", ret);
- return ret;
-}
-
-static int
-table_ldap_alias(struct table_ldap_handle *tlh, const char *key, union lookup *lk)
-{
- struct aldap *aldap = tlh->aldap;
- struct table *cfg = table_find(tlh->table->t_name, "conf");
- const char *filter = NULL;
- const char *basedn = NULL;
- char *expfilter = NULL;
- char *attributes[1];
- char **ret_attr[1];
- const char *attr;
- int ret = -1;
- size_t i;
-
- bzero(&attributes, sizeof attributes);
- bzero(&ret_attr, sizeof ret_attr);
- if (lk)
- lk->expand = NULL;
-
- basedn = table_get(cfg, "basedn");
- if ((filter = table_get(cfg, "alias_filter")) == NULL) {
- log_warnx("table_ldap: lookup: no filter configured for alias");
- goto end;
- }
-
- if ((attr = table_get(cfg, "alias_attributes")) == NULL) {
- log_warnx("table_ldap: lookup: no attributes configured for alias");
- goto end;
- }
-
- if (! filter_expand(&expfilter, filter, key)) {
- log_warnx("table_ldap: lookup: couldn't expand filter");
- goto end;
+ struct query *q;
+ char **res[4], filter[MAX_LDAP_FILTERLEN];
+ int ret, i;
+
+ switch (type) {
+ case K_ALIAS: q = &queries[LDAP_ALIAS]; break;
+ case K_DOMAIN: q = &queries[LDAP_DOMAIN]; break;
+ case K_CREDENTIALS: q = &queries[LDAP_CREDENTIALS]; break;
+ case K_NETADDR: q = &queries[LDAP_NETADDR]; break;
+ case K_USERINFO: q = &queries[LDAP_USERINFO]; break;
+ case K_SOURCE: q = &queries[LDAP_SOURCE]; break;
+ case K_MAILADDR: q = &queries[LDAP_MAILADDR]; break;
+ case K_ADDRNAME: q = &queries[LDAP_ADDRNAME]; break;
+ default:
+ return (-1);
}
- if (! parse_attributes(attributes, attr, 1)) {
- log_warnx("table_ldap: lookup: failed to parse attributes");
- goto end;
+ if (snprintf(filter, sizeof(filter), q->filter, key)
+ >= (int)sizeof(filter)) {
+ log_warnx("warn: table-ldap: filter too large");
+ return (-1);
}
- if ((ret = table_ldap_internal_query(aldap, basedn, expfilter, attributes,
- ret_attr, nitems(attributes))) <= 0)
+ bzero(res, sizeof(res));
+ ret = ldap_query(filter, q->attrs, res, q->attrn);
+ if (ret <= 0 || dst == NULL)
goto end;
- if (lk == NULL)
- goto end;
-
- lk->expand = xcalloc(1, sizeof(*lk->expand), "table_ldap_alias");
- for (i = 0; ret_attr[0][i]; ++i) {
- if (! expand_line(lk->expand, ret_attr[0][i], 1)) {
- ret = -1;
- goto end;
- }
- }
+ switch (type) {
-end:
- for (i = 0; i < nitems(attributes); ++i) {
- free(attributes[i]);
- if (ret_attr[i])
- aldap_free_attr(ret_attr[i]);
- }
- if (ret != 1 && lk && lk->expand)
- expand_free(lk->expand);
-
- free(expfilter);
- log_debug("debug: table_ldap_alias: ret=%d", ret);
- return ret;
-}
-
-static struct aldap *
-ldap_client_connect(const char *addr)
-{
- struct aldap_url lu;
- struct addrinfo hints, *res0, *res;
- int error;
-
- char *url;
- int fd = -1;
-
- if ((url = strdup(addr)) == NULL)
- err(1, NULL);
-
- if (aldap_parse_url(url, &lu) != 1) {
- warnx("aldap_parse_url fail");
- goto err;
- }
- url = NULL;
-
- bzero(&hints, sizeof(hints));
- hints.ai_family = PF_UNSPEC;
- hints.ai_socktype = SOCK_STREAM; /* DUMMY */
- error = getaddrinfo(lu.host, NULL, &hints, &res0);
- if (error == EAI_AGAIN || error == EAI_NODATA || error == EAI_NONAME)
- goto err;
- if (error) {
- log_warnx("ldap_client_connect: could not parse \"%s\": %s", lu.host,
- gai_strerror(error));
- goto err;
- }
-
- for (res = res0; res; res = res->ai_next) {
- if (res->ai_family != AF_INET && res->ai_family != AF_INET6)
- continue;
-
- fd = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
- if (fd == -1)
- continue;
-
- if (res->ai_family == AF_INET) {
- struct sockaddr_in sin4 = *(struct sockaddr_in *)res->ai_addr;
- sin4.sin_port = htons(lu.port);
- if (connect(fd, (struct sockaddr *)&sin4, res->ai_addrlen) == 0)
- return aldap_init(fd);
- }
- else if (res->ai_family == AF_INET6) {
- struct sockaddr_in6 sin6 = *(struct sockaddr_in6 *)res->ai_addr;
- sin6.sin6_port = htons(lu.port);
- if (connect(fd, (struct sockaddr *)&sin6, res->ai_addrlen) == 0)
- return aldap_init(fd);
+ case K_ALIAS:
+ for (i = 0; res[0][i]; i++) {
+ if (i && strlcat(dst, ", ", sz) >= sz) {
+ ret = -1;
+ break;
+ }
+ if (strlcat(dst, res[0][i], sz) >= sz) {
+ ret = -1;
+ break;
+ }
}
-
- close(fd);
- fd = -1;
+ break;
+ case K_DOMAIN:
+ if (strlcpy(dst, res[0][0], sz) >= sz)
+ ret = -1;
+ break;
+ case K_CREDENTIALS:
+ if (snprintf(dst, sz, "%s:%s", res[0][0], res[0][1]) >= (int)sz)
+ ret = -1;
+ break;
+ case K_USERINFO:
+ if (snprintf(dst, sz, "%s:%s:%s:%s", res[0][0], res[1][0],
+ res[2][0], res[3][0]) >= (int)sz)
+ ret = -1;
+ break;
}
-err:
- free(url);
- return NULL;
-}
-
-static int
-parse_attributes(char **attributes, const char *line, size_t expect)
-{
- char buffer[1024];
- char *p;
- size_t m, n;
-
- if (strlcpy(buffer, line, sizeof buffer)
- >= sizeof buffer)
- return 0;
+ if (ret == -1)
+ log_warnx("warn: table-ldap: could not format result");
- m = 1;
- for (p = buffer; *p; ++p) {
- if (*p == ',') {
- *p = 0;
- m++;
- }
- }
- if (expect != m)
- return 0;
+end:
+ for (i = 0; i < q->attrn; ++i)
+ if (res[i])
+ aldap_free_attr(res[i]);
- p = buffer;
- for (n = 0; n < expect; ++n)
- attributes[n] = NULL;
- for (n = 0; n < m; ++n) {
- attributes[n] = xstrdup(p, "parse_attributes");
- p += strlen(p) + 1;
- }
- return 1;
+ return (ret);
}