steffen: server/kolabd/kolabd kolab_smtpdpolicy,1.2,1.3
cvs at intevation.de
cvs at intevation.de
Fri Jan 14 16:58:27 CET 2005
Author: steffen
Update of /kolabrepository/server/kolabd/kolabd
In directory doto:/tmp/cvs-serv28041/kolabd
Modified Files:
kolab_smtpdpolicy
Log Message:
Fix for Issue616 (policy...)
Index: kolab_smtpdpolicy
===================================================================
RCS file: /kolabrepository/server/kolabd/kolabd/kolab_smtpdpolicy,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- kolab_smtpdpolicy 14 Jan 2005 04:41:13 -0000 1.2
+++ kolab_smtpdpolicy 14 Jan 2005 15:58:25 -0000 1.3
@@ -22,7 +22,7 @@
use Fcntl;
use Sys::Syslog qw(:DEFAULT setlogsock);
use URI;
-use Net::LDAP;
+use Net::LDAP qw(LDAP_NO_SUCH_OBJECT);
use Net::LDAP::Entry;
use Net::hostent;
use Socket;
@@ -101,6 +101,8 @@
$syslog_options="pid";
$syslog_priority="info";
+$ldap_max_tries = 5;
+
sub mylog {
my $prio = shift;
my $fmt = shift;
@@ -118,6 +120,20 @@
return 0;
}
+sub ldap_connect {
+ my $ldapuri = URI->new($conf_ldapuri) || fatal_exit("error: could not parse given uri");
+ $ldap = Net::LDAP->new($conf_ldapuri) || fatal_exit("could not connect ldap server");
+ if ($ldap) {
+ if( $conf_binddn ) {
+ $ldap->bind( $conf_binddn, password => $conf_bindpw ) || fatal_exit( "could not bind as $conf_binddn" );
+ } else {
+ $ldap->bind || fatal_exit("could not bind");
+ }
+ } else {
+ fatal_exit( "Could not contact LDAP server" );
+ }
+}
+
#
# SMTPD access policy routine. The result is an action just like
# it would be specified on the right-hand side of a Postfix access
@@ -150,6 +166,8 @@
}
# Translate uid to mail:
+ my $tries = 0;
+ LOOKUPUID:
my $mesg = $ldap->search( base=> $conf_basedn,
scope=> 'sub',
filter=> "(&(objectClass=kolabinetorgperson)(|(mail=$username)(uid=$username)))");
@@ -158,8 +176,18 @@
my $ldapobject = $mesg->entry(0);
$username = lc($ldapobject->get_value('mail'));
mylog($syslog_priority, "Translated username to $username") if $verbose;
+ } elsif( $mesg->code != LDAP_NO_SUCH_OBJECT ) {
+ if( $tries++ <= $ldap_max_tries ) {
+ mylog($syslog_priority, "LDAP Connection error: ".$mesg->error.". trying to reconnect" );
+ ldap_connect;
+ goto LOOKUPUID;
+ } else {
+ mylog($syslog_priority, "LDAP Connection error: ".$mesg->error.", giving up!" );
+ return "DEFER_IF_PERMIT LDAP Error: ".$mesg->error;
+ }
}
# Check for allowed sender
+ $tries = 0;
CHECKSENDER:
$mesg = $ldap->search( base=> $conf_basedn,
@@ -179,9 +207,15 @@
}
}
} else {
- # LDAP error?
- mylog($syslog_priority, "Query returned error: ".$mesg->error ) if $verbose;
- return "DEFER_IF_PERMIT Temporary LDAP error: ".$mesg->error;
+ # LDAP error?
+ if( $mesg->code != LDAP_NO_SUCH_OBJECT && $tries++ <= $ldap_max_tries ) {
+ mylog($syslog_priority, "LDAP Connection error: ".$mesg->error.", trying to reconnect" );
+ ldap_connect;
+ goto CHECKSENDER;
+ } else {
+ mylog($syslog_priority, "Query returned error: ".$mesg->error ) if $verbose;
+ return "DEFER_IF_PERMIT Temporary LDAP error: ".$mesg->error;
+ }
}
if( $conf_allowunauth && !$username ) {
# Dont reject mail from other domains
@@ -199,6 +233,7 @@
return "REJECT Invalid sender";
# Check for valid access to restricted distribution lists
+ $tries = 0;
CHECKDISTLIST:
if( !$username or $username eq '' ) {
$recip =~ /(.*)@(.*)/;
@@ -211,7 +246,11 @@
# Ups, recipient is a restricted list, reject
mylog( $syslog_priority, "Attempt from $sender to access restricted list $recip" ) if $verbose;
return "REJECT Access denied";
- } elsif( $mesg->code ) {
+ } elsif( $mesg->code != LDAP_NO_SUCH_OBJECT && $tries++ <= $ldap_max_tries ) {
+ mylog($syslog_priority, "LDAP Connection error: ".$mesg->error.", trying to reconnect" );
+ ldap_connect;
+ goto CHECKDISTLIST;
+ } else {
mylog( $syslog_priority, "LDAP Error: ".$mesg->error ) if $verbose;
return "DEFER_IF_PERMIT Temporary LDAP error: ".$mesg->error;
}
@@ -298,23 +337,11 @@
mylog( $syslog_priority, "ldap=$conf_ldapuri, basedn=$conf_basedn, binddn=$conf_binddn");
}
+ldap_connect;
+
#
# Receive a bunch of attributes, evaluate the policy, send the result.
#
-my $ldapuri = URI->new($conf_ldapuri) || fatal_exit("error: could not parse given uri");
-$ldap = Net::LDAP->new($conf_ldapuri) || fatal_exit("could not connect ldap server");
-if ($ldap) {
- # $ldap->bind($Kolab::config{'bind_dn'}, password=> $Kolab::config{'bind_pw'})
- # || warn "could not bind to ldap";
- if( $conf_binddn ) {
- $ldap->bind( $conf_binddn, password => $conf_bindpw ) || fatal_exit( "could not bind as $conf_binddn" );
- } else {
- $ldap->bind || fatal_exit("could not bind");
- }
-} else {
- fatal_exit( "Could not contact LDAP server" );
-}
-
while (<STDIN>) {
if (/([^=]+)=(.*)\n/) {
$attr{substr($1, 0, 512)} = substr($2, 0, 512);
More information about the commits
mailing list