/*
* Create an ARCHIVE_MATCH object.
*/
struct archive *
archive_match_new(void)
{
struct archive_match *a;
a = (struct archive_match *)calloc(1, sizeof(*a));
if (a == NULL)
return (NULL);
a->archive.magic = ARCHIVE_MATCH_MAGIC;
a->archive.state = ARCHIVE_STATE_NEW;
match_list_init(&(a->inclusions));
match_list_init(&(a->exclusions));
__archive_rb_tree_init(&(a->exclusion_tree), &rb_ops_mbs);
entry_list_init(&(a->exclusion_entry_list));
match_list_init(&(a->inclusion_unames));
match_list_init(&(a->inclusion_gnames));
time(&a->now);
return (&(a->archive));
}
DICT *dict_ldap_open(const char *ldapsource, int dummy, int dict_flags)
{
char *myname = "dict_ldap_open";
DICT_LDAP *dict_ldap;
VSTRING *url_list;
char *s;
char *h;
char *server_host;
char *domainlist;
char *scope;
char *attr;
int tmp;
if (msg_verbose)
msg_info("%s: Using LDAP source %s", myname, ldapsource);
dict_ldap = (DICT_LDAP *) dict_alloc(DICT_TYPE_LDAP, ldapsource,
sizeof(*dict_ldap));
dict_ldap->dict.lookup = dict_ldap_lookup;
dict_ldap->dict.close = dict_ldap_close;
dict_ldap->dict.flags = dict_flags | DICT_FLAG_FIXED;
dict_ldap->ld = NULL;
dict_ldap->parser = cfg_parser_alloc(ldapsource);
dict_ldap->ldapsource = mystrdup(ldapsource);
server_host = cfg_get_str(dict_ldap->parser, "server_host",
"localhost", 1, 0);
/*
* get configured value of "server_port"; default to LDAP_PORT (389)
*/
dict_ldap->server_port =
cfg_get_int(dict_ldap->parser, "server_port", LDAP_PORT, 0, 0);
/*
* Define LDAP Version.
*/
dict_ldap->version = cfg_get_int(dict_ldap->parser, "version", 2, 2, 0);
switch (dict_ldap->version) {
case 2:
dict_ldap->version = LDAP_VERSION2;
break;
case 3:
dict_ldap->version = LDAP_VERSION3;
break;
default:
msg_warn("%s: %s Unknown version %d.", myname, ldapsource,
dict_ldap->version);
dict_ldap->version = LDAP_VERSION2;
}
#if defined(LDAP_API_FEATURE_X_OPENLDAP)
dict_ldap->ldap_ssl = 0;
#endif
url_list = vstring_alloc(32);
s = server_host;
while ((h = mystrtok(&s, " \t\n\r,")) != NULL) {
#if defined(LDAP_API_FEATURE_X_OPENLDAP)
/*
* Convert (host, port) pairs to LDAP URLs
*/
if (ldap_is_ldap_url(h)) {
LDAPURLDesc *url_desc;
int rc;
if ((rc = ldap_url_parse(h, &url_desc)) != 0) {
msg_error("%s: error parsing URL %s: %d: %s; skipping", myname,
h, rc, ldap_err2string(rc));
continue;
}
if (strcasecmp(url_desc->lud_scheme, "ldap") != 0 &&
dict_ldap->version != LDAP_VERSION3) {
msg_warn("%s: URL scheme %s requires protocol version 3", myname,
url_desc->lud_scheme);
dict_ldap->version = LDAP_VERSION3;
}
if (strcasecmp(url_desc->lud_scheme, "ldaps") == 0)
dict_ldap->ldap_ssl = 1;
ldap_free_urldesc(url_desc);
vstring_sprintf_append(url_list, " %s", h);
} else {
if (strrchr(h, ':'))
vstring_sprintf_append(url_list, " ldap://%s", h);
else
vstring_sprintf_append(url_list, " ldap://%s:%d", h,
dict_ldap->server_port);
}
#else
vstring_sprintf_append(url_list, " %s", h);
#endif
}
dict_ldap->server_host =
mystrdup(VSTRING_LEN(url_list) > 0 ? vstring_str(url_list) + 1 : "");
#if defined(LDAP_API_FEATURE_X_OPENLDAP)
/*
* With URL scheme, clear port to normalize connection cache key
*/
dict_ldap->server_port = LDAP_PORT;
if (msg_verbose)
msg_info("%s: %s server_host URL is %s", myname, ldapsource,
dict_ldap->server_host);
#endif
myfree(server_host);
vstring_free(url_list);
/*
* Scope handling thanks to Carsten Hoeger of SuSE.
*/
scope = cfg_get_str(dict_ldap->parser, "scope", "sub", 1, 0);
if (strcasecmp(scope, "one") == 0) {
dict_ldap->scope = LDAP_SCOPE_ONELEVEL;
} else if (strcasecmp(scope, "base") == 0) {
dict_ldap->scope = LDAP_SCOPE_BASE;
} else if (strcasecmp(scope, "sub") == 0) {
dict_ldap->scope = LDAP_SCOPE_SUBTREE;
} else {
msg_warn("%s: %s: Unrecognized value %s specified for scope; using sub",
myname, ldapsource, scope);
dict_ldap->scope = LDAP_SCOPE_SUBTREE;
}
myfree(scope);
dict_ldap->search_base = cfg_get_str(dict_ldap->parser, "search_base",
"", 0, 0);
domainlist = cfg_get_str(dict_ldap->parser, "domain", "", 0, 0);
if (*domainlist) {
#ifdef MATCH_FLAG_NONE
dict_ldap->domain = match_list_init(MATCH_FLAG_NONE,
domainlist, 1, match_string);
#else
dict_ldap->domain = match_list_init(domainlist, 1, match_string);
#endif
if (dict_ldap->domain == NULL)
msg_warn("%s: domain match list creation using \"%s\" failed, will continue without it",
myname, domainlist);
if (msg_verbose)
msg_info("%s: domain list created using \"%s\"", myname,
domainlist);
} else {
dict_ldap->domain = NULL;
}
myfree(domainlist);
/*
* get configured value of "timeout"; default to 10 seconds
*
* Thanks to Manuel Guesdon for spotting that this wasn't really getting
* set.
*/
dict_ldap->timeout = cfg_get_int(dict_ldap->parser, "timeout",
10, 0, 0);
dict_ldap->query_filter =
cfg_get_str(dict_ldap->parser, "query_filter",
"(mailacceptinggeneralid=%s)", 0, 0);
dict_ldap->result_filter =
cfg_get_str(dict_ldap->parser, "result_filter", "%s", 0, 0);
if (strcmp(dict_ldap->result_filter, "%s") == 0) {
myfree(dict_ldap->result_filter);
dict_ldap->result_filter = NULL;
}
attr = cfg_get_str(dict_ldap->parser, "result_attribute",
"maildrop", 0, 0);
dict_ldap->result_attributes = argv_split(attr, " ,\t\r\n");
dict_ldap->num_attributes = dict_ldap->result_attributes->argc;
myfree(attr);
attr = cfg_get_str(dict_ldap->parser, "special_result_attribute",
"", 0, 0);
if (*attr) {
argv_split_append(dict_ldap->result_attributes, attr, " ,\t\r\n");
}
myfree(attr);
/*
* get configured value of "bind"; default to true
*/
dict_ldap->bind = cfg_get_bool(dict_ldap->parser, "bind", 1);
/*
* get configured value of "bind_dn"; default to ""
*/
dict_ldap->bind_dn = cfg_get_str(dict_ldap->parser, "bind_dn", "", 0, 0);
/*
* get configured value of "bind_pw"; default to ""
*/
dict_ldap->bind_pw = cfg_get_str(dict_ldap->parser, "bind_pw", "", 0, 0);
/*
* get configured value of "cache"; default to false
*/
tmp = cfg_get_bool(dict_ldap->parser, "cache", 0);
if (tmp)
msg_warn("%s: %s ignoring cache", myname, ldapsource);
/*
* get configured value of "cache_expiry"; default to 30 seconds
*/
tmp = cfg_get_int(dict_ldap->parser, "cache_expiry", -1, 0, 0);
if (tmp >= 0)
msg_warn("%s: %s ignoring cache_expiry", myname, ldapsource);
/*
* get configured value of "cache_size"; default to 32k
*/
tmp = cfg_get_int(dict_ldap->parser, "cache_size", -1, 0, 0);
if (tmp >= 0)
msg_warn("%s: %s ignoring cache_size", myname, ldapsource);
/*
* get configured value of "recursion_limit"; default to 1000
*/
dict_ldap->recursion_limit = cfg_get_int(dict_ldap->parser,
"recursion_limit", 1000, 1, 0);
/*
* get configured value of "expansion_limit"; default to 0
*/
dict_ldap->expansion_limit = cfg_get_int(dict_ldap->parser,
"expansion_limit", 0, 0, 0);
/*
* get configured value of "size_limit"; default to expansion_limit
*/
dict_ldap->size_limit = cfg_get_int(dict_ldap->parser, "size_limit",
dict_ldap->expansion_limit,
0, 0);
/*
* Alias dereferencing suggested by Mike Mattice.
*/
dict_ldap->dereference = cfg_get_int(dict_ldap->parser, "dereference",
0, 0, 0);
if (dict_ldap->dereference < 0 || dict_ldap->dereference > 3) {
msg_warn("%s: %s Unrecognized value %d specified for dereference; using 0",
myname, ldapsource, dict_ldap->dereference);
dict_ldap->dereference = 0;
}
/* Referral chasing */
dict_ldap->chase_referrals = cfg_get_bool(dict_ldap->parser,
"chase_referrals", 0);
#ifdef LDAP_API_FEATURE_X_OPENLDAP
/*
* TLS options
*/
/* get configured value of "start_tls"; default to no */
dict_ldap->start_tls = cfg_get_bool(dict_ldap->parser, "start_tls", 0);
if (dict_ldap->start_tls && dict_ldap->version < LDAP_VERSION3) {
msg_warn("%s: %s start_tls requires protocol version 3",
myname, ldapsource);
dict_ldap->version = LDAP_VERSION3;
}
/* get configured value of "tls_require_cert"; default to no */
dict_ldap->tls_require_cert = cfg_get_bool(dict_ldap->parser,
"tls_require_cert", 0);
/* get configured value of "tls_ca_cert_file"; default "" */
dict_ldap->tls_ca_cert_file = cfg_get_str(dict_ldap->parser,
"tls_ca_cert_file", "", 0, 0);
/* get configured value of "tls_ca_cert_dir"; default "" */
dict_ldap->tls_ca_cert_dir = cfg_get_str(dict_ldap->parser,
"tls_ca_cert_dir", "", 0, 0);
/* get configured value of "tls_cert"; default "" */
dict_ldap->tls_cert = cfg_get_str(dict_ldap->parser, "tls_cert",
"", 0, 0);
/* get configured value of "tls_key"; default "" */
dict_ldap->tls_key = cfg_get_str(dict_ldap->parser, "tls_key",
"", 0, 0);
/* get configured value of "tls_random_file"; default "" */
dict_ldap->tls_random_file = cfg_get_str(dict_ldap->parser,
"tls_random_file", "", 0, 0);
/* get configured value of "tls_cipher_suite"; default "" */
dict_ldap->tls_cipher_suite = cfg_get_str(dict_ldap->parser,
"tls_cipher_suite", "", 0, 0);
#endif
/*
* Debug level.
*/
#if defined(LDAP_OPT_DEBUG_LEVEL) && defined(LBER_OPT_LOG_PRINT_FN)
dict_ldap->debuglevel = cfg_get_int(dict_ldap->parser, "debuglevel",
0, 0, 0);
#endif
/*
* Find or allocate shared LDAP connection container.
*/
dict_ldap_conn_find(dict_ldap);
/*
* Return the new dict_ldap structure.
*/
return (DICT_DEBUG (&dict_ldap->dict));
}
