Hi I have some smal patches for the table-ldap. These are based on the getaddrinfo patch from Olmar (and the two fixups from me).
The remove free in aldap_pares was already mention in the getaddrinfo discussion. The "netaddr and mailaddrmap support" is mainly for mailaddrmap, but I have also add netaddr because the most of it was already there and adding config option for it doesn't harm. Maybe someone find it usefull. Philipp
From f07636d343bb3c4c9e610191ea1abbef52e10ca3 Mon Sep 17 00:00:00 2001 From: Philipp Takacs <phil...@bureaucracy.de> Date: Tue, 23 Jan 2024 10:38:32 +0100 Subject: [PATCH 1/4] add gitignore --- .gitignore | 27 +++++++++++++++++++ extras/queues/queue-null/.gitignore | 1 + extras/queues/queue-python/.gitignore | 1 + extras/queues/queue-ram/.gitignore | 1 + extras/queues/queue-stub/.gitignore | 1 + extras/schedulers/scheduler-python/.gitignore | 1 + extras/schedulers/scheduler-ram/.gitignore | 1 + extras/schedulers/scheduler-stub/.gitignore | 1 + extras/tables/table-ldap/.gitignore | 1 + extras/tables/table-mysql/.gitignore | 1 + extras/tables/table-passwd/.gitignore | 1 + extras/tables/table-postgres/.gitignore | 1 + extras/tables/table-python/.gitignore | 1 + extras/tables/table-redis/.gitignore | 1 + extras/tables/table-socketmap/.gitignore | 1 + extras/tables/table-sqlite/.gitignore | 1 + extras/tables/table-stub/.gitignore | 1 + 17 files changed, 43 insertions(+) create mode 100644 .gitignore create mode 100644 extras/queues/queue-null/.gitignore create mode 100644 extras/queues/queue-python/.gitignore create mode 100644 extras/queues/queue-ram/.gitignore create mode 100644 extras/queues/queue-stub/.gitignore create mode 100644 extras/schedulers/scheduler-python/.gitignore create mode 100644 extras/schedulers/scheduler-ram/.gitignore create mode 100644 extras/schedulers/scheduler-stub/.gitignore create mode 100644 extras/tables/table-ldap/.gitignore create mode 100644 extras/tables/table-mysql/.gitignore create mode 100644 extras/tables/table-passwd/.gitignore create mode 100644 extras/tables/table-postgres/.gitignore create mode 100644 extras/tables/table-python/.gitignore create mode 100644 extras/tables/table-redis/.gitignore create mode 100644 extras/tables/table-socketmap/.gitignore create mode 100644 extras/tables/table-sqlite/.gitignore create mode 100644 extras/tables/table-stub/.gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f73196e --- /dev/null +++ b/.gitignore @@ -0,0 +1,27 @@ +*.o +*.a +Makefile +Makefile.in +aclocal.m4 +.dirstamp +autom4te.cache/ +compile +config.guess +config.h +config.h.in +config.log +config.status +config.sub +configure +configure~ +install-sh +libtool +ltmain.sh +m4/libtool.m4 +m4/ltoptions.m4 +m4/ltsugar.m4 +m4/ltversion.m4 +m4/lt~obsolete.m4 +missing +stamp-h1 + diff --git a/extras/queues/queue-null/.gitignore b/extras/queues/queue-null/.gitignore new file mode 100644 index 0000000..5b1038f --- /dev/null +++ b/extras/queues/queue-null/.gitignore @@ -0,0 +1 @@ +queue-null diff --git a/extras/queues/queue-python/.gitignore b/extras/queues/queue-python/.gitignore new file mode 100644 index 0000000..affa627 --- /dev/null +++ b/extras/queues/queue-python/.gitignore @@ -0,0 +1 @@ +queue-python diff --git a/extras/queues/queue-ram/.gitignore b/extras/queues/queue-ram/.gitignore new file mode 100644 index 0000000..f207fb9 --- /dev/null +++ b/extras/queues/queue-ram/.gitignore @@ -0,0 +1 @@ +queue-ram diff --git a/extras/queues/queue-stub/.gitignore b/extras/queues/queue-stub/.gitignore new file mode 100644 index 0000000..8c2ec1e --- /dev/null +++ b/extras/queues/queue-stub/.gitignore @@ -0,0 +1 @@ +queue-stub diff --git a/extras/schedulers/scheduler-python/.gitignore b/extras/schedulers/scheduler-python/.gitignore new file mode 100644 index 0000000..df68907 --- /dev/null +++ b/extras/schedulers/scheduler-python/.gitignore @@ -0,0 +1 @@ +scheduler-python diff --git a/extras/schedulers/scheduler-ram/.gitignore b/extras/schedulers/scheduler-ram/.gitignore new file mode 100644 index 0000000..72a9e2a --- /dev/null +++ b/extras/schedulers/scheduler-ram/.gitignore @@ -0,0 +1 @@ +scheduler-ram diff --git a/extras/schedulers/scheduler-stub/.gitignore b/extras/schedulers/scheduler-stub/.gitignore new file mode 100644 index 0000000..4317d63 --- /dev/null +++ b/extras/schedulers/scheduler-stub/.gitignore @@ -0,0 +1 @@ +scheduler-stub diff --git a/extras/tables/table-ldap/.gitignore b/extras/tables/table-ldap/.gitignore new file mode 100644 index 0000000..00243b9 --- /dev/null +++ b/extras/tables/table-ldap/.gitignore @@ -0,0 +1 @@ +table-ldap diff --git a/extras/tables/table-mysql/.gitignore b/extras/tables/table-mysql/.gitignore new file mode 100644 index 0000000..db94267 --- /dev/null +++ b/extras/tables/table-mysql/.gitignore @@ -0,0 +1 @@ +table-myslq diff --git a/extras/tables/table-passwd/.gitignore b/extras/tables/table-passwd/.gitignore new file mode 100644 index 0000000..3a98586 --- /dev/null +++ b/extras/tables/table-passwd/.gitignore @@ -0,0 +1 @@ +table-passwd diff --git a/extras/tables/table-postgres/.gitignore b/extras/tables/table-postgres/.gitignore new file mode 100644 index 0000000..6b94472 --- /dev/null +++ b/extras/tables/table-postgres/.gitignore @@ -0,0 +1 @@ +table-postgres diff --git a/extras/tables/table-python/.gitignore b/extras/tables/table-python/.gitignore new file mode 100644 index 0000000..68e8cd0 --- /dev/null +++ b/extras/tables/table-python/.gitignore @@ -0,0 +1 @@ +table-python diff --git a/extras/tables/table-redis/.gitignore b/extras/tables/table-redis/.gitignore new file mode 100644 index 0000000..0820d87 --- /dev/null +++ b/extras/tables/table-redis/.gitignore @@ -0,0 +1 @@ +table-redis diff --git a/extras/tables/table-socketmap/.gitignore b/extras/tables/table-socketmap/.gitignore new file mode 100644 index 0000000..7b40ed7 --- /dev/null +++ b/extras/tables/table-socketmap/.gitignore @@ -0,0 +1 @@ +table-socketmap diff --git a/extras/tables/table-sqlite/.gitignore b/extras/tables/table-sqlite/.gitignore new file mode 100644 index 0000000..b6705f9 --- /dev/null +++ b/extras/tables/table-sqlite/.gitignore @@ -0,0 +1 @@ +table-sqlite diff --git a/extras/tables/table-stub/.gitignore b/extras/tables/table-stub/.gitignore new file mode 100644 index 0000000..2f09205 --- /dev/null +++ b/extras/tables/table-stub/.gitignore @@ -0,0 +1 @@ +table-stub -- 2.39.2
From 2eb39fe99dd4bb800b1790760d6f43a97e15942d Mon Sep 17 00:00:00 2001 From: Philipp Takacs <phil...@bureaucracy.de> Date: Tue, 23 Jan 2024 22:04:14 +0100 Subject: [PATCH 2/4] table-ldap don't free addr in aldap_parse_url aldap_parse_url() already copy the url to work on. --- extras/tables/table-ldap/aldap.c | 3 +-- extras/tables/table-ldap/aldap.h | 2 +- extras/tables/table-ldap/table_ldap.c | 8 +------- 3 files changed, 3 insertions(+), 10 deletions(-) diff --git a/extras/tables/table-ldap/aldap.c b/extras/tables/table-ldap/aldap.c index 011a820..8367615 100644 --- a/extras/tables/table-ldap/aldap.c +++ b/extras/tables/table-ldap/aldap.c @@ -563,7 +563,7 @@ aldap_free_url(struct aldap_url *lu) } int -aldap_parse_url(char *url, struct aldap_url *lu) +aldap_parse_url(const char *url, struct aldap_url *lu) { char *p, *forward, *forward2; const char *errstr = NULL; @@ -660,7 +660,6 @@ aldap_parse_url(char *url, struct aldap_url *lu) if (p) lu->filter = p; done: - free(url); return (1); fail: free(lu->buffer); diff --git a/extras/tables/table-ldap/aldap.h b/extras/tables/table-ldap/aldap.h index 7217634..34810bc 100644 --- a/extras/tables/table-ldap/aldap.h +++ b/extras/tables/table-ldap/aldap.h @@ -201,7 +201,7 @@ char *aldap_get_dn(struct aldap_message *); char *aldap_get_diagmsg(struct aldap_message *); char **aldap_get_references(struct aldap_message *); void aldap_free_references(char **values); -int aldap_parse_url(char *, struct aldap_url *); +int aldap_parse_url(const char *, struct aldap_url *); void aldap_free_url(struct aldap_url *); #if 0 int aldap_search_url(struct aldap *, char *, int, int, int); diff --git a/extras/tables/table-ldap/table_ldap.c b/extras/tables/table-ldap/table_ldap.c index 0f25c60..0631e6a 100644 --- a/extras/tables/table-ldap/table_ldap.c +++ b/extras/tables/table-ldap/table_ldap.c @@ -85,16 +85,10 @@ ldap_connect(const char *addr) { struct aldap_url lu; struct addrinfo hints, *res0, *res; - char *buf; int error, fd = -1; - if ((buf = strdup(addr)) == NULL) - return NULL; - - /* aldap_parse_url frees buf on success */ - if (aldap_parse_url(buf, &lu) != 1) { + if (aldap_parse_url(addr, &lu) != 1) { log_warnx("warn: ldap_parse_url fail"); - free(buf); return NULL; } -- 2.39.2
From 140c574a7c122646d5782f95d082aaf1f6bbc3ab Mon Sep 17 00:00:00 2001 From: Philipp Takacs <phil...@bureaucracy.de> Date: Tue, 23 Jan 2024 09:07:30 +0100 Subject: [PATCH 3/4] add netaddr and mailaddrmap support --- .../tables/table-ldap/table-ldap.conf.example | 48 +++++++++++++++++++ extras/tables/table-ldap/table_ldap.c | 17 +++++++ 2 files changed, 65 insertions(+) create mode 100644 extras/tables/table-ldap/table-ldap.conf.example diff --git a/extras/tables/table-ldap/table-ldap.conf.example b/extras/tables/table-ldap/table-ldap.conf.example new file mode 100644 index 0000000..f786527 --- /dev/null +++ b/extras/tables/table-ldap/table-ldap.conf.example @@ -0,0 +1,48 @@ +# basic ldap config: url username password basedn +url: ldap://ldap.example.com +username: cn=smtpd,cn=sysaccounts,cn=etc,dc=example,dc=com +password: totalsecure +basedn: cn=users,cn=accounts,dc=example,dc=com + +# filter/atributes for alias / virtual table usage +# key will be the user / mailaddr +# attributes is the destintion. in this example a user, but can also be an other mailaddress +alias_filter: (&(objectclass=person)(mail=%s)) +alias_attributes: uid + +# key is the username (supplide by the client) +# attributes are the username and the hashed password +# problem with this is, it needs to be able to read the hashed password +credentials_filter: (&(objectclass=posixaccount)(uid=%s)) +credentials_attributes: uid, authPassword + +# domain table (list) +# used in match for domain <ldap> +# atribute not realy intresting but need to be set +domain_filter: (&(objectclass=dnsdomain)(cn=%s)) +domain_attributes: cn + +# userinfo +# for extra userinfo +# search for a username +# attributes uid gid homedir +userinfo_filter: (&(objectclass=posixaccount)(uid=%s)) +userinfo_attributes: uidNumber, gidNumber, homedir + +# mailaddr info +# list of mailaddresses for a match statement +# attribute will be ignored, but needed for ldap +mailaddr_filter: (&(objectclass=posixaccount)(mail=%s)) +mailaddr_attributes: mail + +# mailaddrmap +# used for listen on ... sender <senders> +# maps the auth user to allowed mail addresses +mailaddrmap_filter: (&(objectclass=posixaccount)(uid=%s)) +mailaddrmap_attributes: mail + +# netaddr info +# used for "match from src <ldap> +# propaly not that usefull because the key is the ip address and cidr mapping is not done +netaddr_filter: (&(objectclass=host)(ipaddr=%s)) +netaddr_attributes: ipaddr diff --git a/extras/tables/table-ldap/table_ldap.c b/extras/tables/table-ldap/table_ldap.c index 0631e6a..5a11e72 100644 --- a/extras/tables/table-ldap/table_ldap.c +++ b/extras/tables/table-ldap/table_ldap.c @@ -48,6 +48,7 @@ enum { LDAP_USERINFO, LDAP_SOURCE, LDAP_MAILADDR, + LDAP_MAILADDRMAP, LDAP_ADDRNAME, LDAP_MAX @@ -248,6 +249,16 @@ ldap_config(void) else if (!strcmp(key, "mailaddr_attributes")) { ldap_parse_attributes(&queries[LDAP_MAILADDR], key, value, 1); + } else if (!strcmp(key, "mailaddrmap_filter")) + read_value(&queries[LDAP_MAILADDRMAP].filter, key, value); + else if (!strcmp(key, "mailaddrmap_attributes")) { + ldap_parse_attributes(&queries[LDAP_MAILADDRMAP], + key, value, 1); + } else if (!strcmp(key, "netaddr_filter")) + read_value(&queries[LDAP_NETADDR].filter, key, value); + else if (!strcmp(key, "netaddr_attributes")) { + ldap_parse_attributes(&queries[LDAP_NETADDR], + key, value, 1); } else log_warnx("warn: bogus entry \"%s\"", key); } @@ -319,6 +330,8 @@ table_ldap_lookup(int service, struct dict *params, const char *key, char *dst, case K_CREDENTIALS: case K_USERINFO: case K_MAILADDR: + case K_MAILADDRMAP: + case K_NETADDR: if ((ret = ldap_run_query(service, key, dst, sz)) > 0) { return ret; } @@ -409,6 +422,7 @@ ldap_run_query(int type, const char *key, char *dst, size_t sz) case K_USERINFO: q = &queries[LDAP_USERINFO]; break; case K_SOURCE: q = &queries[LDAP_SOURCE]; break; case K_MAILADDR: q = &queries[LDAP_MAILADDR]; break; + case K_MAILADDRMAP: q = &queries[LDAP_MAILADDRMAP]; break; case K_ADDRNAME: q = &queries[LDAP_ADDRNAME]; break; default: return -1; @@ -442,6 +456,7 @@ ldap_run_query(int type, const char *key, char *dst, size_t sz) break; case K_DOMAIN: case K_MAILADDR: + case K_MAILADDRMAP: if (strlcpy(dst, res[0][0], sz) >= sz) ret = -1; break; @@ -481,6 +496,8 @@ table_ldap_check(int service, struct dict *params, const char *key) case K_CREDENTIALS: case K_USERINFO: case K_MAILADDR: + case K_MAILADDRMAP: + case K_NETADDR: if ((ret = ldap_run_query(service, key, NULL, 0)) >= 0) { return ret; } -- 2.39.2
From f2afd4e6d901c42a4b583c3155ce1c697e1412f7 Mon Sep 17 00:00:00 2001 From: Philipp Takacs <phil...@bureaucracy.de> Date: Tue, 23 Jan 2024 09:59:46 +0100 Subject: [PATCH 4/4] table-ldap fix reconnecting logic --- extras/tables/table-ldap/table_ldap.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/extras/tables/table-ldap/table_ldap.c b/extras/tables/table-ldap/table_ldap.c index 5a11e72..3650743 100644 --- a/extras/tables/table-ldap/table_ldap.c +++ b/extras/tables/table-ldap/table_ldap.c @@ -338,7 +338,7 @@ table_ldap_lookup(int service, struct dict *params, const char *key, char *dst, log_debug("debug: table-ldap: reconnecting"); if (!(ret = ldap_open())) { log_warnx("warn: table-ldap: failed to connect"); - return ret; + return -1; } return ldap_run_query(service, key, dst, sz); default: @@ -504,8 +504,9 @@ table_ldap_check(int service, struct dict *params, const char *key) log_debug("debug: table-ldap: reconnecting"); if (!(ret = ldap_open())) { log_warnx("warn: table-ldap: failed to connect"); + return -1; } - return ret; + return ldap_run_query(service, key, NULL, 0); default: return -1; } -- 2.39.2