]>
git.proxmox.com Git - pmg-api.git/blob - PMG/LDAPCache.pm
1 package PMG
::LDAPCache
;
9 use Net
::LDAP
::Control
::Paged
;
10 use Net
::LDAP
::Constant qw
(LDAP_CONTROL_PAGED
);
17 $DB_HASH->{'cachesize'} = 10000;
18 $DB_RECNO->{'cachesize'} = 10000;
19 $DB_BTREE->{'cachesize'} = 10000;
20 $DB_BTREE->{'flags'} = R_DUP
;
22 my $cachedir = '/var/lib/proxmox-mailgateway';
29 # users (hash): UID -> pmail, account, DN
30 # dnames (hash): DN -> UID
31 # accounts (hash): account -> UID
32 # mail (hash): mail -> UID
33 # groups (hash): group -> GID
34 # memberof (btree): UID -> GID
36 my @dbs = ('users', 'dnames', 'groups', 'mails', 'accounts', 'memberof');
39 my ($self, %args) = @_;
41 my $type = ref($self) || $self;
43 die "undefined ldap id" if !$args{id
};
47 if ($ldapcache->{$id}) {
48 $self = $ldapcache->{$id};
50 $ldapcache->{$id} = $self = bless {}, $type;
54 if (!$args{mailattr
}) {
55 $args{mailattr
} = "mail, userPrincipalName, proxyAddresses, othermailbox";
57 $args{mailattr
} =~ s/[\,\;]/ /g;
58 $args{mailattr
} =~ s/\s+/,/g;
60 if ($args{mode
} && ($args{mode
} eq 'ldap' || $args{mode
} eq 'ldaps')) {
61 $self->{mode
} = $args{mode
};
63 $self->{mode
} = 'ldap';
66 $self->{accountattr
} = $args{accountattr
} || 'sAMAccountName';
67 @{$self->{mailattr
}} = split(/,/, $args{mailattr
});
68 $self->{server1
} = $args{server1
};
69 $self->{server2
} = $args{server2
};
70 $self->{binddn
} = $args{binddn
};
71 $self->{bindpw
} = $args{bindpw
};
72 $self->{basedn
} = $args{basedn
};
73 $self->{port
} = $args{port
};
74 $self->{groupbasedn
} = $args{groupbasedn
};
75 $self->{filter
} = $args{filter
};
77 if ($args{syncmode
} == 1) {
78 # read local data only
84 return $self if !($args{server1
});
86 if ($args{syncmode
} == 2) {
99 my $dir = "$cachedir/ldapdb_$id";
100 my $scheme = LockFile
::Simple-
>make(
101 -warn => 0, -stale
=> 1, -autoclean
=> 1);
102 my $lock = $scheme->lock($dir);
108 my ($class, $id) = @_;
110 if (my $lock = lockdir
($id)) {
111 delete $ldapcache->{$id};
112 delete $last_atime->{$id};
113 my $dir = "$cachedir/ldapdb_$id";
117 syslog
('err' , "can't lock ldap database '$id'");
122 my ($self, $syncmode) = @_;
124 if ($syncmode == 1) {
125 # read local data only
126 $self->{errors
} = '';
128 } elsif ($syncmode == 2) {
137 my ($self, $ldap) = @_;
140 foreach my $attr (@{$self->{mailattr
}}) {
141 $filter .= "($attr=*)";
145 if ($self->{filter
}) {
146 my $tmp = $self->{filter
};
147 $tmp = "($tmp)" if $tmp !~ m/^\(.*\)$/;
149 $filter = "(&${filter}${tmp})";
152 my $page = Net
::LDAP
::Control
::Paged-
>new(size
=> 900);
155 base
=> $self->{basedn
},
158 control
=> [ $page ],
159 attrs
=> [ @{$self->{mailattr
}}, $self->{accountattr
}, 'memberOf' ]
166 my $mesg = $ldap->search(@args);
170 my $err = "ldap user search error: " . $mesg->error;
171 $self->{errors
} .= "$err\n";
176 #foreach my $entry ($mesg->entries) { $entry->dump; }
177 foreach my $entry ($mesg->entries) {
183 foreach my $attr (@{$self->{mailattr
}}) {
184 foreach my $mail ($entry->get_value($attr)) {
186 # Test if the Line starts with one of the following lines:
187 # proxyAddresses: [smtp|SMTP]:
188 # and also discard this starting string, so that $mail is only the
189 # address without any other characters...
191 $mail =~ s/^(smtp|SMTP)[\:\$]//gs;
193 if ($mail !~ m/[\{\}\\\/]/ && $mail =~ m/^\S
+\
@\S+$/) {
194 $umails->{$mail} = 1;
195 $pmail = $mail if !$pmail;
199 my $addresses = [ keys %$umails ];
201 next if !$pmail; # account has no email addresses
204 $self->{dbstat
}->{dnames
}->{dbh
}->get($dn, $cuid);
206 $cuid = ++$self->{dbstat
}->{dnames
}->{idcount
};
207 $self->{dbstat
}->{dnames
}->{dbh
}->put($dn, $cuid);
210 my $account = $entry->get_value($self->{accountattr
});
211 if ($account && ($account =~ m/^\S+$/s)) {
212 $account = lc($account);
213 $self->{dbstat
}->{accounts
}->{dbh
}->put($account, $cuid);
218 my $data = pack('n/a* n/a* n/a*', $pmail, $account, $dn);
219 $self->{dbstat
}->{users
}->{dbh
}->put($cuid, $data);
221 foreach my $mail (@$addresses) {
222 $self->{dbstat
}->{mails
}->{dbh
}->put($mail, $cuid);
225 if (!$self->{groupbasedn
}) {
226 my @groups = $entry->get_value('memberOf');
227 foreach my $group (@groups) {
229 $self->{dbstat
}->{groups
}->{dbh
}->get($group, $cgid);
231 $cgid = ++$self->{dbstat
}->{groups
}->{idcount
};
232 $self->{dbstat
}->{groups
}->{dbh
}->put($group, $cgid);
234 $self->{dbstat
}->{memberof
}->{dbh
}->put($cuid, $cgid);
239 # Get cookie from paged control
240 my ($resp) = $mesg->control(LDAP_CONTROL_PAGED
) or last;
241 $cookie = $resp->cookie or last;
243 # Set cookie in paged control
244 $page->cookie($cookie);
249 # We had an abnormal exit, so let the server know we do not want any more
250 $page->cookie($cookie);
252 $ldap->search(@args);
253 my $err = "LDAP user query unsuccessful";
254 $self->{errors
} .= "$err\n";
260 my ($self, $ldap) = @_;
262 return undef if !$self->{groupbasedn
};
264 my $filter = "(objectclass=group)";
266 my $page = Net
::LDAP
::Control
::Paged-
>new(size
=> 100);
268 my @args = ( base
=> $self->{groupbasedn
},
271 control
=> [ $page ],
272 attrs
=> [ 'member' ]
278 my $mesg = $ldap->search(@args);
282 my $err = "ldap group search error: " . $mesg->error;
283 $self->{errors
} .= "$err\n";
288 foreach my $entry ( $mesg->entries ) {
289 my $group = $entry->dn;
290 my @members = $entry->get_value('member');
293 $self->{dbstat
}->{groups
}->{dbh
}->get($group, $cgid);
295 $cgid = ++$self->{dbstat
}->{groups
}->{idcount
};
296 $self->{dbstat
}->{groups
}->{dbh
}->put($group, $cgid);
299 foreach my $m (@members) {
302 $self->{dbstat
}->{dnames
}->{dbh
}->get($m, $cuid);
304 $cuid = ++$self->{dbstat
}->{dnames
}->{idcount
};
305 $self->{dbstat
}->{dnames
}->{dbh
}->put($m, $cuid);
308 $self->{dbstat
}->{memberof
}->{dbh
}->put($cuid, $cgid);
312 # Get cookie from paged control
313 my ($resp) = $mesg->control(LDAP_CONTROL_PAGED
) or last;
314 $cookie = $resp->cookie or last;
316 # Set cookie in paged control
317 $page->cookie($cookie);
321 # We had an abnormal exit, so let the server know we do not want any more
322 $page->cookie($cookie);
324 $ldap->search(@args);
325 my $err = "LDAP group query unsuccessful";
326 $self->{errors
} .= "$err\n";
334 my $mode = $self->{mode
};
336 $portstr = ':' . $self->{port
} if $self->{port
};
338 my $serverstr = "$mode://$self->{server1}${portstr}/";
339 my $ldap = Net
::LDAP-
>new($serverstr);
340 if(!$ldap && $self->{server2
} && $self->{server2
} ne '127.0.0.1') {
341 $serverstr = "$mode://$self->{server2}${portstr}/";
342 $ldap = Net
::LDAP-
>new($serverstr);
351 my $dir = "ldapdb_" . $self->{id
};
352 mkdir "$cachedir/$dir";
354 # open ldap connection
356 syslog
('info', "syncing ldap database '$self->{id}'");
358 my $ldap = $self->ldap_connect();
361 my $err = "Can't bind to ldap server '$self->{id}': $!";
362 $self->{errors
} .= "$err\n";
369 if ($self->{binddn
}) {
370 $mesg = $ldap->bind($self->{binddn
}, password
=> $self->{bindpw
});
372 $mesg = $ldap->bind(); # anonymous bind
376 my $err = "ldap bind failed: " . $mesg->error;
377 $self->{errors
} .= "$err\n";
382 if (!$self->{basedn
}) {
383 my $root = $ldap->root_dse(attrs
=> [ 'defaultNamingContext' ]);
384 $self->{basedn
} = $root->get_value('defaultNamingContext');
387 # open temporary database files
391 foreach my $db (@dbs) {
392 $self->{dbstat
}->{$db}->{tmpfilename
} = "$cachedir/$dir/${db}_tmp$$.db";
393 $olddbh->{$db} = $self->{dbstat
}->{$db}->{dbh
};
397 foreach my $db (@dbs) {
398 my $filename = $self->{dbstat
}->{$db}->{tmpfilename
};
399 $self->{dbstat
}->{$db}->{idcount
} = 0;
402 if ($db eq 'memberof') {
403 $self->{dbstat
}->{$db}->{dbh
} =
404 tie
(my %h, 'DB_File', $filename,
405 O_CREAT
|O_RDWR
, 0666, $DB_BTREE);
407 $self->{dbstat
}->{$db}->{dbh
} =
408 tie
(my %h, 'DB_File', $filename,
409 O_CREAT
|O_RDWR
, 0666, $DB_HASH);
412 die "unable to open database file '$filename': $!\n"
413 if !$self->{dbstat
}->{$db}->{dbh
};
420 # close and delete all files
421 foreach my $db (@dbs) {
422 undef $self->{dbstat
}->{$db}->{dbh
};
423 unlink $self->{dbstat
}->{$db}->{tmpfilename
};
424 $self->{dbstat
}->{$db}->{dbh
} = $olddbh->{$db};
426 $self->{errors
} .= $err;
432 $self->querygroups ($ldap) if $self->{groupbasedn
};
434 if (!$self->{errors
}) {
435 $self->queryusers($ldap);
440 if ($self->{errors
}) {
441 # close and delete all files
442 foreach my $db (@dbs) {
443 undef $self->{dbstat
}->{$db}->{dbh
};
444 unlink $self->{dbstat
}->{$db}->{tmpfilename
};
445 $self->{dbstat
}->{$db}->{dbh
} = $olddbh->{$db};
449 my $lock = lockdir
($self->{id
});
452 my $err = "unable to get database lock for ldap database '$self->{id}'";
453 $self->{errors
} .= "$err\n";
456 # close and delete all files
457 foreach my $db (@dbs) {
458 undef $self->{dbstat
}->{$db}->{dbh
};
459 unlink $self->{dbstat
}->{$db}->{tmpfilename
};
460 $self->{dbstat
}->{$db}->{dbh
} = $olddbh->{$db};
463 foreach my $db (@dbs) {
464 my $filename = $self->{dbstat
}->{$db}->{filename
} =
465 "$cachedir/$dir/${db}.db";
466 $self->{dbstat
}->{$db}->{dbh
}->sync(); # flush everything
467 rename $self->{dbstat
}->{$db}->{tmpfilename
}, $filename;
472 $last_atime->{$self->{id
}} = time();
474 $self->{gcount
} = $self->{dbstat
}->{groups
}->{idcount
};
475 $self->{ucount
} = __count_entries
($self->{dbstat
}->{accounts
}->{dbh
});
476 $self->{mcount
} = __count_entries
($self->{dbstat
}->{mails
}->{dbh
});
481 sub __count_entries
{
489 my $status = $dbh->seq($key, $value, R_FIRST
());
491 while ($status == 0) {
493 $status = $dbh->seq($key, $value, R_NEXT
());
500 my ($self, $try) = @_;
502 my $dir = "ldapdb_" . $self->{id
};
503 mkdir "$cachedir/$dir";
505 my $filename = "$cachedir/$dir/mails.db";
507 return if $last_atime->{$self->{id
}} &&
508 PMG
::Utils
::file_older_than
($filename, $last_atime->{$self->{id
}});
511 foreach my $db (@dbs) {
512 my $filename = $self->{dbstat
}->{$db}->{filename
} =
513 "$cachedir/$dir/${db}.db";
514 $self->{dbstat
}->{$db}->{idcount
} = 0;
515 if ($db eq 'memberof') {
516 $self->{dbstat
}->{$db}->{dbh
} =
517 tie
(my %h, 'DB_File', $filename,
518 O_RDONLY
, 0666, $DB_BTREE);
520 $self->{dbstat
}->{$db}->{dbh
} =
521 tie
(my %h, 'DB_File', $filename,
522 O_RDONLY
, 0666, $DB_HASH);
525 if (!$self->{dbstat
}->{$db}->{dbh
} && !$try) {
526 my $err = "ldap error - unable to open database file '$filename': $!";
527 $self->{errors
} .= "$err\n";
528 syslog
('err', $err) if !$self->{dbstat
}->{$db}->{dbh
};
533 $last_atime->{$self->{id
}} = time();
535 $self->{gcount
} = __count_entries
($self->{dbstat
}->{groups
}->{dbh
});
536 $self->{ucount
} = __count_entries
($self->{dbstat
}->{accounts
}->{dbh
});
537 $self->{mcount
} = __count_entries
($self->{dbstat
}->{mails
}->{dbh
});
541 my ($self, $force) = @_;
543 $self->{errors
} = '';
546 # only sync if file is older than 1 hour
548 my $dir = "ldapdb_" . $self->{id
};
549 mkdir "$cachedir/$dir";
550 my $filename = "$cachedir/$dir/mails.db";
553 !PMG
::Utils
::file_older_than
($filename, time() - 3600)) {
559 $self->sync_database();
561 if ($self->{errors
}) {
569 my $dbh = $self->{dbstat
}->{groups
}->{dbh
};
574 my $status = $dbh->seq($key, $value, R_FIRST
());
577 while ($status == 0) {
579 $status = $dbh->seq($key, $value, R_NEXT
());
586 my ($self, $mail) = @_;
588 my $dbh = $self->{dbstat
}->{mails
}->{dbh
};
594 $dbh->get($mail, $res);
599 my ($self, $account) = @_;
601 my $dbh = $self->{dbstat
}->{accounts
}->{dbh
};
604 $account = lc($account);
607 $dbh->get($account, $res);
611 sub account_has_address
{
612 my ($self, $account, $mail) = @_;
614 my $dbhmails = $self->{dbstat
}->{mails
}->{dbh
};
615 my $dbhaccounts = $self->{dbstat
}->{accounts
}->{dbh
};
616 return 0 if !$dbhmails || !$dbhaccounts;
618 $account = lc($account);
622 $dbhaccounts->get($account, $accid);
626 $dbhmails->get($mail, $mailid);
627 return 0 if !$mailid;
629 return ($accid == $mailid);
633 my ($self, $mail, $group) = @_;
635 my $dbhmails = $self->{dbstat
}->{mails
}->{dbh
};
636 my $dbhgroups = $self->{dbstat
}->{groups
}->{dbh
};
637 my $dbhmemberof = $self->{dbstat
}->{memberof
}->{dbh
};
639 return 0 if !$dbhmails || !$dbhgroups || !$dbhmemberof;
644 $dbhmails->get($mail, $cuid);
648 $dbhgroups->get($group, $groupid);
649 return 0 if !$groupid;
651 my @gida = $dbhmemberof->get_dup($cuid);
653 return grep { $_ eq $groupid } @gida;
657 my ($self, $mail, $scan) = @_;
659 my $dbhmails = $self->{dbstat
}->{mails
}->{dbh
};
660 my $dbhusers = $self->{dbstat
}->{users
}->{dbh
};
662 return undef if !$dbhmails || !$dbhusers;
669 $dbhmails->get($mail, $cuid);
670 return undef if !$cuid;
673 $dbhusers->get($cuid, $rdata);
674 return undef if !$rdata;
676 my ($pmail, $account, $dn) = unpack('n/a* n/a* n/a*', $rdata);
679 $res->{account
} = $account;
680 $res->{pmail
} = $pmail;
685 my $status = $dbhmails->seq($key, $value, R_FIRST
());
688 while ($status == 0) {
689 push @$mails, $key if $value == $cuid;
690 $status = $dbhmails->seq($key, $value, R_NEXT
());
692 $res->{mails
} = $mails;