]>
git.proxmox.com Git - pmg-api.git/blob - PMG/LDAPCache.pm
1 package PMG
::LDAPCache
;
9 use Net
::LDAP
::Control
::Paged
;
10 use Net
::LDAP
::Constant qw
(LDAP_CONTROL_PAGED
);
14 use PVE
::Tools
qw(split_list);
19 $DB_HASH->{'cachesize'} = 10000;
20 $DB_RECNO->{'cachesize'} = 10000;
21 $DB_BTREE->{'cachesize'} = 10000;
22 $DB_BTREE->{'flags'} = R_DUP
;
24 my $cachedir = '/var/lib/pmg';
31 # users (hash): UID -> pmail, account, DN
32 # dnames (hash): DN -> UID
33 # accounts (hash): account -> UID
34 # mail (hash): mail -> UID
35 # groups (hash): group -> GID
36 # memberof (btree): UID -> GID
38 my @dbs = ('users', 'dnames', 'groups', 'mails', 'accounts', 'memberof');
41 my ($self, %args) = @_;
43 my $type = ref($self) || $self;
45 die "undefined ldap id" if !$args{id
};
49 if ($ldapcache->{$id}) {
50 $self = $ldapcache->{$id};
52 $ldapcache->{$id} = $self = bless {}, $type;
56 my $config_properties = PMG
::LDAPConfig
::properties
();
58 # set defaults for the fields that have one
59 foreach my $property (keys %$config_properties) {
60 my $d = $config_properties->{$property};
61 next if !defined($d->{default});
62 $self->{$property} = $args{$property} || $d->{default};
65 # split list returns an array not a reference
66 $self->{accountattr
} = [split_list
($self->{accountattr
})];
67 $self->{mailattr
} = [split_list
($self->{mailattr
})];
68 $self->{groupclass
} = [split_list
($self->{groupclass
})];
70 $self->{server1
} = $args{server1
};
71 $self->{server2
} = $args{server2
};
72 $self->{binddn
} = $args{binddn
};
73 $self->{bindpw
} = $args{bindpw
};
74 $self->{basedn
} = $args{basedn
};
75 $self->{port
} = $args{port
};
76 $self->{groupbasedn
} = $args{groupbasedn
};
77 $self->{filter
} = $args{filter
};
79 if ($args{syncmode
} == 1) {
80 # read local data only
86 return $self if !($args{server1
});
88 if ($args{syncmode
} == 2) {
101 my $dir = "$cachedir/ldapdb_$id";
102 my $scheme = LockFile
::Simple-
>make(
103 -warn => 0, -stale
=> 1, -autoclean
=> 1);
104 my $lock = $scheme->lock($dir);
110 my ($class, $id) = @_;
112 if (my $lock = lockdir
($id)) {
113 delete $ldapcache->{$id};
114 delete $last_atime->{$id};
115 my $dir = "$cachedir/ldapdb_$id";
119 syslog
('err' , "can't lock ldap database '$id'");
124 my ($self, $syncmode) = @_;
126 if ($syncmode == 1) {
127 # read local data only
128 $self->{errors
} = '';
130 } elsif ($syncmode == 2) {
139 my ($self, $ldap) = @_;
142 foreach my $attr (@{$self->{mailattr
}}) {
143 $filter .= "($attr=*)";
147 if ($self->{filter
}) {
148 my $tmp = $self->{filter
};
149 $tmp = "($tmp)" if $tmp !~ m/^\(.*\)$/;
151 $filter = "(&${filter}${tmp})";
154 my $page = Net
::LDAP
::Control
::Paged-
>new(size
=> 900);
157 base
=> $self->{basedn
},
160 control
=> [ $page ],
161 attrs
=> [ @{$self->{mailattr
}}, @{$self->{accountattr
}}, 'memberOf' ]
168 my $mesg = $ldap->search(@args);
172 my $err = "ldap user search error: " . $mesg->error;
173 $self->{errors
} .= "$err\n";
178 #foreach my $entry ($mesg->entries) { $entry->dump; }
179 foreach my $entry ($mesg->entries) {
185 foreach my $attr (@{$self->{mailattr
}}) {
186 foreach my $mail ($entry->get_value($attr)) {
188 # Test if the Line starts with one of the following lines:
189 # proxyAddresses: [smtp|SMTP]:
190 # and also discard this starting string, so that $mail is only the
191 # address without any other characters...
193 $mail =~ s/^(smtp|SMTP)[\:\$]//gs;
195 if ($mail !~ m/[\{\}\\\/]/ && $mail =~ m/^\S
+\
@\S+$/) {
196 $umails->{$mail} = 1;
197 $pmail = $mail if !$pmail;
201 my $addresses = [ keys %$umails ];
203 next if !$pmail; # account has no email addresses
206 $self->{dbstat
}->{dnames
}->{dbh
}->get($dn, $cuid);
208 $cuid = ++$self->{dbstat
}->{dnames
}->{idcount
};
209 $self->{dbstat
}->{dnames
}->{dbh
}->put($dn, $cuid);
212 foreach my $attr (@{$self->{accountattr
}}) {
213 my $account = $entry->get_value($attr);
214 if ($account && ($account =~ m/^\S+$/s)) {
215 $account = lc($account);
216 $self->{dbstat
}->{accounts
}->{dbh
}->put($account, $cuid);
217 my $data = pack('n/a* n/a* n/a*', $pmail, $account, $dn);
218 $self->{dbstat
}->{users
}->{dbh
}->put($cuid, $data);
222 foreach my $mail (@$addresses) {
223 $self->{dbstat
}->{mails
}->{dbh
}->put($mail, $cuid);
226 if (!$self->{groupbasedn
}) {
227 my @groups = $entry->get_value('memberOf');
228 foreach my $group (@groups) {
230 $self->{dbstat
}->{groups
}->{dbh
}->get($group, $cgid);
232 $cgid = ++$self->{dbstat
}->{groups
}->{idcount
};
233 $self->{dbstat
}->{groups
}->{dbh
}->put($group, $cgid);
235 $self->{dbstat
}->{memberof
}->{dbh
}->put($cuid, $cgid);
240 # Get cookie from paged control
241 my ($resp) = $mesg->control(LDAP_CONTROL_PAGED
) or last;
242 $cookie = $resp->cookie or last;
244 # Set cookie in paged control
245 $page->cookie($cookie);
250 # We had an abnormal exit, so let the server know we do not want any more
251 $page->cookie($cookie);
253 $ldap->search(@args);
254 my $err = "LDAP user query unsuccessful";
255 $self->{errors
} .= "$err\n";
261 my ($self, $ldap) = @_;
263 return undef if !$self->{groupbasedn
};
267 for my $class (@{$self->{groupclass
}}) {
268 $filter .= "(objectclass=$class)";
273 my $page = Net
::LDAP
::Control
::Paged-
>new(size
=> 100);
275 my @args = ( base
=> $self->{groupbasedn
},
278 control
=> [ $page ],
279 attrs
=> [ 'member', 'uniqueMember' ],
285 my $mesg = $ldap->search(@args);
289 my $err = "ldap group search error: " . $mesg->error;
290 $self->{errors
} .= "$err\n";
295 foreach my $entry ( $mesg->entries ) {
296 my $group = $entry->dn;
297 my @members = $entry->get_value('member');
298 if (!scalar(@members)) {
299 @members = $entry->get_value('uniqueMember');
302 $self->{dbstat
}->{groups
}->{dbh
}->get($group, $cgid);
304 $cgid = ++$self->{dbstat
}->{groups
}->{idcount
};
305 $self->{dbstat
}->{groups
}->{dbh
}->put($group, $cgid);
308 foreach my $m (@members) {
311 $self->{dbstat
}->{dnames
}->{dbh
}->get($m, $cuid);
313 $cuid = ++$self->{dbstat
}->{dnames
}->{idcount
};
314 $self->{dbstat
}->{dnames
}->{dbh
}->put($m, $cuid);
317 $self->{dbstat
}->{memberof
}->{dbh
}->put($cuid, $cgid);
321 # Get cookie from paged control
322 my ($resp) = $mesg->control(LDAP_CONTROL_PAGED
) or last;
323 $cookie = $resp->cookie or last;
325 # Set cookie in paged control
326 $page->cookie($cookie);
330 # We had an abnormal exit, so let the server know we do not want any more
331 $page->cookie($cookie);
333 $ldap->search(@args);
334 my $err = "LDAP group query unsuccessful";
335 $self->{errors
} .= "$err\n";
343 my $hosts = [ $self->{server1
} ];
345 push @$hosts, $self->{server2
} if $self->{server2
};
347 my $opts = { timeout
=> 10, onerror
=> 'die' };
349 $opts->{port
} = $self->{port
} if $self->{port
};
350 $opts->{schema
} = $self->{mode
};
352 return Net
::LDAP-
>new($hosts, %$opts);
355 sub ldap_connect_and_bind
{
358 my $ldap = $self->ldap_connect() ||
359 die "Can't bind to ldap server '$self->{id}': $!\n";
363 if ($self->{binddn
}) {
364 $mesg = $ldap->bind($self->{binddn
}, password
=> $self->{bindpw
});
366 $mesg = $ldap->bind(); # anonymous bind
369 die "ldap bind failed: " . $mesg->error . "\n" if $mesg->code;
371 if (!$self->{basedn
}) {
372 my $root = $ldap->root_dse(attrs
=> [ 'defaultNamingContext' ]);
373 $self->{basedn
} = $root->get_value('defaultNamingContext');
382 my $dir = "ldapdb_" . $self->{id
};
383 mkdir "$cachedir/$dir";
385 # open ldap connection
389 eval { $ldap = $self->ldap_connect_and_bind(); };
391 $self->{errors
} .= "$err\n";
396 # open temporary database files
400 foreach my $db (@dbs) {
401 $self->{dbstat
}->{$db}->{tmpfilename
} = "$cachedir/$dir/${db}_tmp$$.db";
402 $olddbh->{$db} = $self->{dbstat
}->{$db}->{dbh
};
405 my $error_cleanup = sub {
406 # close and delete all files
407 foreach my $db (@dbs) {
408 undef $self->{dbstat
}->{$db}->{dbh
};
409 unlink $self->{dbstat
}->{$db}->{tmpfilename
};
410 $self->{dbstat
}->{$db}->{dbh
} = $olddbh->{$db};
415 foreach my $db (@dbs) {
416 my $filename = $self->{dbstat
}->{$db}->{tmpfilename
};
417 $self->{dbstat
}->{$db}->{idcount
} = 0;
420 if ($db eq 'memberof') {
421 $self->{dbstat
}->{$db}->{dbh
} =
422 tie
(my %h, 'DB_File', $filename,
423 O_CREAT
|O_RDWR
, 0666, $DB_BTREE);
425 $self->{dbstat
}->{$db}->{dbh
} =
426 tie
(my %h, 'DB_File', $filename,
427 O_CREAT
|O_RDWR
, 0666, $DB_HASH);
430 die "unable to open database file '$filename': $!\n"
431 if !$self->{dbstat
}->{$db}->{dbh
};
436 $self->{errors
} .= $err;
441 $self->querygroups ($ldap) if $self->{groupbasedn
};
443 $self->queryusers($ldap) if !$self->{errors
};
447 if ($self->{errors
}) {
452 my $lock = lockdir
($self->{id
});
455 my $err = "unable to get database lock for ldap database '$self->{id}'";
456 $self->{errors
} .= "$err\n";
462 foreach my $db (@dbs) {
463 my $filename = $self->{dbstat
}->{$db}->{filename
} =
464 "$cachedir/$dir/${db}.db";
465 $self->{dbstat
}->{$db}->{dbh
}->sync(); # flush everything
466 rename $self->{dbstat
}->{$db}->{tmpfilename
}, $filename;
471 $last_atime->{$self->{id
}} = time();
473 $self->{gcount
} = $self->{dbstat
}->{groups
}->{idcount
};
474 $self->{ucount
} = __count_entries
($self->{dbstat
}->{accounts
}->{dbh
});
475 $self->{mcount
} = __count_entries
($self->{dbstat
}->{mails
}->{dbh
});
478 sub __count_entries
{
486 my $status = $dbh->seq($key, $value, R_FIRST
());
488 while ($status == 0) {
490 $status = $dbh->seq($key, $value, R_NEXT
());
497 my ($self, $try) = @_;
499 my $dir = "ldapdb_" . $self->{id
};
500 mkdir "$cachedir/$dir";
502 my $filename = "$cachedir/$dir/mails.db";
504 return if $last_atime->{$self->{id
}} &&
505 PMG
::Utils
::file_older_than
($filename, $last_atime->{$self->{id
}});
508 foreach my $db (@dbs) {
509 my $filename = $self->{dbstat
}->{$db}->{filename
} =
510 "$cachedir/$dir/${db}.db";
511 $self->{dbstat
}->{$db}->{idcount
} = 0;
512 if ($db eq 'memberof') {
513 $self->{dbstat
}->{$db}->{dbh
} =
514 tie
(my %h, 'DB_File', $filename,
515 O_RDONLY
, 0666, $DB_BTREE);
517 $self->{dbstat
}->{$db}->{dbh
} =
518 tie
(my %h, 'DB_File', $filename,
519 O_RDONLY
, 0666, $DB_HASH);
522 if (!$self->{dbstat
}->{$db}->{dbh
} && !$try) {
523 my $err = "ldap error - unable to open database file '$filename': $!";
524 $self->{errors
} .= "$err\n";
525 syslog
('err', $err) if !$self->{dbstat
}->{$db}->{dbh
};
530 $last_atime->{$self->{id
}} = time();
532 $self->{gcount
} = __count_entries
($self->{dbstat
}->{groups
}->{dbh
});
533 $self->{ucount
} = __count_entries
($self->{dbstat
}->{accounts
}->{dbh
});
534 $self->{mcount
} = __count_entries
($self->{dbstat
}->{mails
}->{dbh
});
538 my ($self, $force) = @_;
540 $self->{errors
} = '';
543 # only sync if file is older than 1 hour
545 my $dir = "ldapdb_" . $self->{id
};
546 mkdir "$cachedir/$dir";
547 my $filename = "$cachedir/$dir/mails.db";
550 !PMG
::Utils
::file_older_than
($filename, time() - 3600)) {
556 $self->sync_database();
558 if ($self->{errors
}) {
568 my $dbh = $self->{dbstat
}->{groups
}->{dbh
};
570 return $res if !$dbh;
574 my $status = $dbh->seq($key, $value, R_FIRST
());
577 while ($status == 0) {
581 $status = $dbh->seq($key, $value, R_NEXT
());
592 my $dbh = $self->{dbstat
}->{users
}->{dbh
};
594 return $res if !$dbh;
598 my $status = $dbh->seq($key, $value, R_FIRST
());
601 while ($status == 0) {
602 my ($pmail, $account, $dn) = unpack('n/a* n/a* n/a*', $value);
608 $status = $dbh->seq($key, $value, R_NEXT
());
615 my ($self, $mail) = @_;
617 my $dbhmails = $self->{dbstat
}->{mails
}->{dbh
};
618 my $dbhusers = $self->{dbstat
}->{users
}->{dbh
};
620 return undef if !$dbhmails || !$dbhusers;
627 $dbhmails->get($mail, $cuid);
628 return undef if !$cuid;
631 $dbhusers->get($cuid, $rdata);
632 return undef if !$rdata;
634 my ($pmail, $account, $dn) = unpack('n/a* n/a* n/a*', $rdata);
636 push @$res, { primary
=> 1, email
=> $pmail };
640 my $status = $dbhmails->seq($key, $value, R_FIRST
());
642 while ($status == 0) {
643 if ($value == $cuid && $key ne $pmail) {
644 push @$res, { primary
=> 0, email
=> $key };
646 $status = $dbhmails->seq($key, $value, R_NEXT
());
653 my ($self, $mail) = @_;
655 my $dbh = $self->{dbstat
}->{mails
}->{dbh
};
661 $dbh->get($mail, $res);
666 my ($self, $account) = @_;
668 my $dbh = $self->{dbstat
}->{accounts
}->{dbh
};
671 $account = lc($account);
674 $dbh->get($account, $res);
679 my ($self, $group) = @_;
681 my $dbh = $self->{dbstat
}->{groups
}->{dbh
};
685 $dbh->get($group, $res);
689 sub account_has_address
{
690 my ($self, $account, $mail) = @_;
692 my $dbhmails = $self->{dbstat
}->{mails
}->{dbh
};
693 my $dbhaccounts = $self->{dbstat
}->{accounts
}->{dbh
};
694 return 0 if !$dbhmails || !$dbhaccounts;
696 $account = lc($account);
700 $dbhaccounts->get($account, $accid);
704 $dbhmails->get($mail, $mailid);
705 return 0 if !$mailid;
707 return ($accid == $mailid);
711 my ($self, $mail, $group) = @_;
713 my $dbhmails = $self->{dbstat
}->{mails
}->{dbh
};
714 my $dbhgroups = $self->{dbstat
}->{groups
}->{dbh
};
715 my $dbhmemberof = $self->{dbstat
}->{memberof
}->{dbh
};
717 return 0 if !$dbhmails || !$dbhgroups || !$dbhmemberof;
722 $dbhmails->get($mail, $cuid);
726 $dbhgroups->get($group, $groupid);
727 return 0 if !$groupid;
729 my @gida = $dbhmemberof->get_dup($cuid);
731 return grep { $_ eq $groupid } @gida;
735 my ($self, $mail, $scan) = @_;
737 my $dbhmails = $self->{dbstat
}->{mails
}->{dbh
};
738 my $dbhusers = $self->{dbstat
}->{users
}->{dbh
};
740 return undef if !$dbhmails || !$dbhusers;
747 $dbhmails->get($mail, $cuid);
748 return undef if !$cuid;
751 $dbhusers->get($cuid, $rdata);
752 return undef if !$rdata;
754 my ($pmail, $account, $dn) = unpack('n/a* n/a* n/a*', $rdata);
757 $res->{account
} = $account;
758 $res->{pmail
} = $pmail;
763 my $status = $dbhmails->seq($key, $value, R_FIRST
());
766 while ($status == 0) {
767 push @$mails, $key if $value == $cuid;
768 $status = $dbhmails->seq($key, $value, R_NEXT
());
770 $res->{mails
} = $mails;