Hi,
first of all: I have never done Perl programming, so all you see might be very
ugly. But please forgive me, I do my best :-)
I really would like to have some SASL support for LDAP in amavisd. I uses
SASL/EXTERNAL for example. I had a look at amavisd and this is my first patch
for the pre12. The code is not tested. It is just a question to Perl geeks, if
they might like to help me:
--- amavisd 2011-01-19 10:38:11.000000000 +0100
+++ amavisd-sasl 2011-01-20 22:47:42.000000000 +0100
@@ -16516,6 +16516,7 @@
use re 'taint';
use warnings FATAL => 'utf8';
no warnings 'uninitialized';
+use Authen::SASL;
BEGIN {
require Exporter;
@@ -16532,6 +16533,13 @@
version => 3,
timeout => 120,
tls => 0,
+ verify => 'none',
+ sslversion => 'tlsv1',
+ clientcert => undef,
+ clientkey => undef,
+ cafile => undef,
+ sasl => 0,
+ sasl_mech => undef,
bind_dn => undef,
bind_password => undef,
deref => 'find',
@@ -16544,7 +16552,8 @@
undef $self->{ldap};
$self->{incarnation} = 1;
$ldap_sys_default->{port} = 636 if $default->{hostname} =~ /^ldaps/i;
- for (qw(hostname port timeout tls base scope bind_dn bind_password deref)) {
+ for (qw(hostname port timeout tls verify clientcert clientkey cafile
+ base scope sasl sasl_mech bind_dn bind_password deref)) {
# replace undefined attributes with user values or defaults
$self->{$_} = $default->{$_} unless defined($self->{$_});
$self->{$_} = $ldap_sys_default->{$_} unless defined($self->{$_});
@@ -16589,7 +16598,13 @@
} else {
do_log(3,"connect_to_ldap: connected to %s", $hostlist);
if ($self->{tls}) { # TLS required
- my($mesg) = $ldap->start_tls(verify=>'none');
+ # FIXME: What to do, if one of these paraameters is missing?
+ my($mesg) = $ldap->start_tls(verify=>$self->{verify},
+ sslversion=$self->{sslversion},
+ clientcert=$self->{clientcert},
+ clientkey=$self->{clientkey},
+ cafile=$self->{cafile},
+ );
if ($mesg->code) { # start TLS failed
my($err) = $mesg->error_name;
do_log(-1,"connect_to_ldap: start TLS failed: %s", $err);
@@ -16611,6 +16626,18 @@
do_log(3,"connect_to_ldap: bind %s succeeded", $self->{bind_dn});
}
}
+ if ($self->{sasl}) { # Using SASL to authenticate
+ my($sasl) = Authen::SASL->new(mechanism => $self->{sasl_mech});
+ my($mesg) = $ldap->bind($self->{bind_dn}, sasl => $sasl);
+ if ($mesg->code) { # bind failed
+ my($err) = $mesg->error_name;
+ do_log(-1,"connect_to_ldap: bind failed: %s", $err);
+ $self->ldap(undef);
+ $bind_err = 1;
+ } else { # bind succeeded
+ do_log(3,"connect_to_ldap: bind %s succeeded", $self->{bind_dn});
+ }
+ }
}
$self->ldap($ldap); $self->{incarnation}++;
$ldap or die "connect_to_ldap: unable to connect";
I really have no clue how to do this. Is the main idea right or does someone
else like to help me implementing this? I normally do Python and C/C++, so I do
not know the Perl tricks.
Thanks in advance
Christian
------------------------------------------------------------------------------
Protect Your Site and Customers from Malware Attacks
Learn about various malware tactics and how to avoid them. Understand
malware threats, the impact they can have on your business, and how you
can protect your company and customers by using code signing.
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
Please visit http://www.ijs.si/software/amavisd/ regularly
For administrativa requests please send email to rainer at openantivirus dot
org
