steffen: server/kolabd/kolabd kolab_smtpdpolicy,1.2,1.3

cvs at intevation.de cvs at intevation.de
Fri Jan 14 16:58:27 CET 2005


Author: steffen

Update of /kolabrepository/server/kolabd/kolabd
In directory doto:/tmp/cvs-serv28041/kolabd

Modified Files:
	kolab_smtpdpolicy 
Log Message:
Fix for Issue616 (policy...)

Index: kolab_smtpdpolicy
===================================================================
RCS file: /kolabrepository/server/kolabd/kolabd/kolab_smtpdpolicy,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- kolab_smtpdpolicy	14 Jan 2005 04:41:13 -0000	1.2
+++ kolab_smtpdpolicy	14 Jan 2005 15:58:25 -0000	1.3
@@ -22,7 +22,7 @@
 use Fcntl;
 use Sys::Syslog qw(:DEFAULT setlogsock);
 use URI;
-use Net::LDAP;
+use Net::LDAP qw(LDAP_NO_SUCH_OBJECT);
 use Net::LDAP::Entry;
 use Net::hostent;
 use Socket;
@@ -101,6 +101,8 @@
 $syslog_options="pid";
 $syslog_priority="info";
 
+$ldap_max_tries = 5;
+
 sub mylog {
   my $prio = shift;
   my $fmt = shift;
@@ -118,6 +120,20 @@
   return 0;
 }
 
+sub ldap_connect {
+    my $ldapuri = URI->new($conf_ldapuri) || fatal_exit("error: could not parse given uri");
+    $ldap = Net::LDAP->new($conf_ldapuri) || fatal_exit("could not connect ldap server");
+    if ($ldap) {
+	if( $conf_binddn ) {
+	    $ldap->bind( $conf_binddn, password => $conf_bindpw ) || fatal_exit( "could not bind as $conf_binddn" );
+	} else {
+	    $ldap->bind || fatal_exit("could not bind");
+	}
+    } else {
+	fatal_exit( "Could not contact LDAP server" );
+    }
+}
+
 #
 # SMTPD access policy routine. The result is an action just like
 # it would be specified on the right-hand side of a Postfix access
@@ -150,6 +166,8 @@
   }
 
   # Translate uid to mail:
+  my $tries = 0;
+ LOOKUPUID:
   my $mesg = $ldap->search( base=> $conf_basedn,
 			    scope=> 'sub',
 			    filter=> "(&(objectClass=kolabinetorgperson)(|(mail=$username)(uid=$username)))");
@@ -158,8 +176,18 @@
       my $ldapobject = $mesg->entry(0);
       $username = lc($ldapobject->get_value('mail'));
       mylog($syslog_priority, "Translated username to $username") if $verbose;
+  } elsif( $mesg->code != LDAP_NO_SUCH_OBJECT ) {
+      if( $tries++ <= $ldap_max_tries ) {
+	  mylog($syslog_priority, "LDAP Connection error: ".$mesg->error.". trying to reconnect" );
+	  ldap_connect;
+	  goto LOOKUPUID;
+      } else {
+	  mylog($syslog_priority, "LDAP Connection error: ".$mesg->error.", giving up!" );
+	  return "DEFER_IF_PERMIT LDAP Error: ".$mesg->error;
+      }
   }
   # Check for allowed sender
+  $tries = 0;
  CHECKSENDER:
 
   $mesg = $ldap->search( base=> $conf_basedn,
@@ -179,9 +207,15 @@
       }
     }
   } else {
-    # LDAP error?
-    mylog($syslog_priority, "Query returned error: ".$mesg->error ) if $verbose;	
-    return "DEFER_IF_PERMIT Temporary LDAP error: ".$mesg->error;
+      # LDAP error?
+      if( $mesg->code != LDAP_NO_SUCH_OBJECT && $tries++ <= $ldap_max_tries ) {
+	  mylog($syslog_priority, "LDAP Connection error: ".$mesg->error.", trying to reconnect" );
+	  ldap_connect;
+	  goto CHECKSENDER;
+      } else {
+	  mylog($syslog_priority, "Query returned error: ".$mesg->error ) if $verbose;	
+	  return "DEFER_IF_PERMIT Temporary LDAP error: ".$mesg->error;
+      }
   }
   if( $conf_allowunauth && !$username ) {
     # Dont reject mail from other domains
@@ -199,6 +233,7 @@
   return "REJECT Invalid sender";
   
   # Check for valid access to restricted distribution lists
+  $tries = 0;
  CHECKDISTLIST:
   if( !$username or $username eq '' ) {
     $recip =~ /(.*)@(.*)/;
@@ -211,7 +246,11 @@
 	# Ups, recipient is a restricted list, reject
 	mylog( $syslog_priority, "Attempt from $sender to access restricted list $recip" ) if $verbose;	
 	return "REJECT Access denied";
-      } elsif( $mesg->code ) {
+      } elsif( $mesg->code != LDAP_NO_SUCH_OBJECT && $tries++ <= $ldap_max_tries ) {
+	  mylog($syslog_priority, "LDAP Connection error: ".$mesg->error.", trying to reconnect" );
+	  ldap_connect;
+	  goto CHECKDISTLIST;
+      } else {
 	mylog( $syslog_priority, "LDAP Error: ".$mesg->error ) if $verbose;
 	return "DEFER_IF_PERMIT Temporary LDAP error: ".$mesg->error;
       }
@@ -298,23 +337,11 @@
   mylog( $syslog_priority, "ldap=$conf_ldapuri, basedn=$conf_basedn, binddn=$conf_binddn");
 }
 
+ldap_connect;
+
 #
 # Receive a bunch of attributes, evaluate the policy, send the result.
 #
-my $ldapuri = URI->new($conf_ldapuri) || fatal_exit("error: could not parse given uri");
-$ldap = Net::LDAP->new($conf_ldapuri) || fatal_exit("could not connect ldap server");
-if ($ldap) {
-  # $ldap->bind($Kolab::config{'bind_dn'}, password=> $Kolab::config{'bind_pw'}) 
-  #   || warn "could not bind to ldap";
-  if( $conf_binddn ) {
-    $ldap->bind( $conf_binddn, password => $conf_bindpw ) || fatal_exit( "could not bind as $conf_binddn" );
-  } else {
-    $ldap->bind || fatal_exit("could not bind");
-  }
-} else {
-  fatal_exit( "Could not contact LDAP server" );
-}
-
 while (<STDIN>) {
     if (/([^=]+)=(.*)\n/) {
 	$attr{substr($1, 0, 512)} = substr($2, 0, 512);





More information about the commits mailing list