PMG/RuleDB/LDAP.pm: imported from private repository

diff --git a/Makefile b/Makefile
index b6853de22dfc4c66a225d0ec59a38087600ff6f3..413cec00d23597454598c318bcfb5574dcbe6f02 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -79,6 +79,7 @@ LIBSOURCES =                          \
        PMG/RuleDB/Receiver.pm          \
        PMG/RuleDB/Domain.pm            \
        PMG/RuleDB/ReceiverDomain.pm    \
+       PMG/RuleDB/LDAP.pm              \
        PMG/RuleDB/LDAPUser.pm          \
        PMG/RuleDB/TimeFrame.pm         \
        PMG/RuleDB/MatchField.pm        \

diff --git a/PMG/RuleDB.pm b/PMG/RuleDB.pm
index e064ef825e1176d337974e466cb1e6a2cbfb9ddd..542fd4a21f8164f552d6e2149b42a4a85c108194 100644 (file)
--- a/PMG/RuleDB.pm
+++ b/PMG/RuleDB.pm
@@ -23,8 +23,7 @@ use PMG::RuleDB::IPAddress;
 use PMG::RuleDB::IPNet;
 use PMG::RuleDB::Domain;
 use PMG::RuleDB::ReceiverDomain;
-# fixme:
-#use Proxmox::RuleDB::LDAP;
+use PMG::RuleDB::LDAP;
 use PMG::RuleDB::LDAPUser;
 use PMG::RuleDB::TimeFrame;
 use PMG::RuleDB::Spam;
@@ -316,10 +315,9 @@ sub get_object {
     elsif ($otype == PMG::RuleDB::IPNet::otype) {
        $obj = PMG::RuleDB::IPNet->new();
     }
-# fixme
-#    elsif ($otype == Proxmox::RuleDB::LDAP::otype) {
-#      $obj = Proxmox::RuleDB::LDAP->new();
-#    }
+    elsif ($otype == PMG::RuleDB::LDAP::otype) {
+       $obj = PMG::RuleDB::LDAP->new();
+    }
     elsif ($otype == PMG::RuleDB::LDAPUser::otype) {
        $obj = PMG::RuleDB::LDAPUser->new();
     }

diff --git a/PMG/RuleDB/LDAP.pm b/PMG/RuleDB/LDAP.pm
new file mode 100644 (file)
index 0000000..dd4b64b
--- /dev/null
+++ b/PMG/RuleDB/LDAP.pm
@@ -0,0 +1,138 @@
+package PMG::RuleDB::LDAP;
+
+use strict;
+use warnings;
+use DBI;
+
+use PMG::Utils;
+use PMG::RuleDB::Object;
+use PMG::LDAPCache;
+use PMG::LDAPSet;
+
+use base qw(PMG::RuleDB::Object);
+
+sub otype {
+    return 1005;
+}
+
+sub oclass {
+    return 'who';
+}
+
+sub otype_text {
+    return 'LDAP Group';
+}
+
+sub oicon {
+    return 'group.gif';
+}
+
+sub new {
+    my ($type, $ldapgroup, $profile, $ogroup) = @_;
+
+    my $class = ref($type) || $type;
+
+    my $self = $class->SUPER::new($class->otype(), $ogroup);
+
+    $self->{ldapgroup} = $ldapgroup // '';
+    $self->{profile} = $profile // '';
+
+    return $self;
+}
+
+sub load_attr {
+    my ($type, $ruledb, $id, $ogroup, $value) = @_;
+
+    my $class = ref($type) || $type;
+
+    defined($value) || die "undefined value: ERROR";
+
+    my $obj;
+    if ($value =~ m/^([^:]*):(.*)$/) {
+       $obj = $class->new($2, $1, $ogroup);
+       $obj->{digest} = Digest::SHA::sha1_hex ($id, $2, $1, $ogroup);
+    } else {
+       $obj = $class->new ($value, '', $ogroup);
+       $obj->{digest} = Digest::SHA::sha1_hex ($id, $value, '#', $ogroup);
+    }
+
+    $obj->{id} = $id;
+
+    return $obj;
+}
+
+sub save {
+    my ($self, $ruledb) = @_;
+
+    defined($self->{ogroup}) || die "undefined ogroup: ERROR";
+    defined($self->{ldapgroup}) || die "undefined ldap group: ERROR";
+    defined($self->{profile}) || die "undefined ldap profile: ERROR";
+
+    my $grp = $self->{ldapgroup};
+    my $profile = $self->{profile};
+
+    my $confdata = "$profile:$grp";
+
+    if (defined ($self->{id})) {
+       # update
+
+       $ruledb->{dbh}->do(
+           "UPDATE Object SET Value = ? WHERE ID = ?",
+           undef, $confdata, $self->{id});
+
+    } else {
+       # insert
+
+       my $sth = $ruledb->{dbh}->prepare(
+           "INSERT INTO Object (Objectgroup_ID, ObjectType, Value) " .
+           "VALUES (?, ?, ?);");
+
+       $sth->execute($self->{ogroup}, $self->otype, $confdata);
+
+       $self->{id} = PMG::Utils::lastid($ruledb->{dbh}, 'object_id_seq');
+    }
+
+    return $self->{id};
+}
+
+sub test_ldap {
+    my ($ldap, $addr, $group, $profile) = @_;
+
+    if ($group eq '') {
+       return $ldap->mail_exists($addr, $profile);
+    } elsif ($group eq '-') {
+       return !$ldap->mail_exists($addr, $profile);
+    } else {
+       return $ldap->user_in_group ($addr, $group, $profile);
+    }
+}
+
+sub who_match {
+    my ($self, $addr, $ip, $ldap) = @_;
+
+    return 0 if !$ldap;
+
+    return test_ldap($ldap, $addr, $self->{ldapgroup}, $self->{profile});
+}
+
+1;
+
+__END__
+
+=head1 PMG::RuleDB::LDAP
+
+A WHO object to check LDAP groups
+
+=head2 Attribues
+
+=head3 ldapgroup
+
+An LDAP group (ignore case).
+
+=head3 profile
+
+The LDAP profile name
+
+=head2 Examples
+
+    $obj = PMG::RuleDB::LDAP>new ('groupname', 'profile_name');