1 21 package org.jsmtpd.plugins.acls; 22 23 import java.net.Inet4Address ; 24 import java.net.InetAddress ; 25 import java.net.UnknownHostException ; 26 import java.util.HashSet ; 27 import java.util.Hashtable ; 28 import java.util.Set ; 29 30 import javax.naming.Context ; 31 import javax.naming.InitialContext ; 32 import javax.naming.NamingEnumeration ; 33 import javax.naming.NamingException ; 34 import javax.naming.directory.Attribute ; 35 import javax.naming.directory.Attributes ; 36 import javax.naming.directory.DirContext ; 37 import javax.naming.directory.SearchControls ; 38 import javax.naming.directory.SearchResult ; 39 40 import org.apache.commons.logging.Log; 41 import org.apache.commons.logging.LogFactory; 42 import org.jsmtpd.core.common.PluginInitException; 43 import org.jsmtpd.core.common.acl.ExtendedInet4Address; 44 import org.jsmtpd.core.common.acl.IACL; 45 import org.jsmtpd.core.mail.EmailAddress; 46 52 public class LdapACL implements IACL { 53 54 private String adminBindDn; private String adminBindPassword; 56 private String ldapUrl; 58 private String ldapUserProvider; private String ldapUserAliasAttribute="rfc822MailAlias"; private String ldapUserPrimaryMail="mail"; 63 64 private String ldapNetworkProvider; private String ldapNetworkClass="ipNetwork"; 66 private String ldapNetworkAddressAttribute="ipNetworkNumber"; private String ldapNetworkMaskAttribute="ipNetmaskNumber"; 69 private Hashtable <String ,String > environnement; 70 private static Log log = LogFactory.getLog(LdapACL.class); 71 72 public void initPlugin() throws PluginInitException { 73 environnement = new Hashtable <String ,String >(); 74 environnement.put(Context.SECURITY_PRINCIPAL,adminBindDn); 75 environnement.put(Context.SECURITY_CREDENTIALS,adminBindPassword); 76 } 77 78 public boolean isValidAddress(EmailAddress e) { 79 if (isValidAddressWildCard(e)) 80 return true; 81 else 82 return isValidAddressStandardUser(e); 83 } 84 85 public boolean isValidAddressStandardUser(EmailAddress e) { 86 InitialContext initialContext=null; 87 NamingEnumeration <SearchResult > namingEnumeration=null; 88 DirContext ctx=null; 89 try { 90 initialContext = new InitialContext (environnement); 91 ctx = (DirContext ) initialContext.lookup(ldapUrl); 92 SearchControls searchControl = new SearchControls (); 93 94 String ldapQuery ="("+ldapUserPrimaryMail+"="+e.toString()+")"; 96 namingEnumeration = ctx.search(ldapUserProvider,ldapQuery,searchControl); 97 boolean found = namingEnumeration.hasMore(); 98 namingEnumeration.close(); 99 if (found) { 100 log.debug("User "+e.toString()+" found in directory"); 101 return true; 102 } 103 104 ldapQuery="("+ldapUserAliasAttribute+"="+e.toString()+")"; 106 namingEnumeration = ctx.search(ldapUserProvider,ldapQuery,searchControl); 107 found = namingEnumeration.hasMore(); 108 namingEnumeration.close(); 109 if (found) { 110 log.debug("Alias "+e.toString()+" found in directory"); 111 return true; 112 } 113 114 } catch (NamingException e1) { 115 log.error("Failed to query server",e1); 116 } finally { 117 try { 118 if (namingEnumeration!=null) 119 namingEnumeration.close(); 120 if (ctx!=null) 121 ctx.close(); 122 if (initialContext!=null) 123 initialContext.close(); 124 } catch (NamingException e1) { 125 log.error(e1); 126 } 127 } 128 return false; 129 } 130 131 public boolean isValidAddressWildCard(EmailAddress e) { 132 InitialContext initialContext=null; 133 DirContext ctx=null; 134 NamingEnumeration <SearchResult > namingEnumeration=null; 135 try { 136 initialContext = new InitialContext (environnement); 137 ctx = (DirContext ) initialContext.lookup(ldapUrl); 138 SearchControls searchControl = new SearchControls (); 139 140 String query = "("+ldapUserAliasAttribute+"=@"+e.getHost()+")"; 142 namingEnumeration = ctx.search(ldapUserProvider,query,searchControl); 143 boolean found = namingEnumeration.hasMore(); 144 namingEnumeration.close(); 145 if (found) { 146 log.debug("Wildcard alias "+e.toString()+" found in directory"); 147 return true; 148 } 149 150 } catch (NamingException e1) { 151 log.error("Failed to query server",e1); 152 } finally { 153 try { 154 if (namingEnumeration!=null) 155 namingEnumeration.close(); 156 if (ctx!=null) 157 ctx.close(); 158 if (initialContext!=null) 159 ctx.close(); 160 } catch (NamingException e1) { 161 log.error(e1); 162 } 163 } 164 return false; 165 } 166 167 public void shutdownPlugin() { 168 169 } 170 171 172 public boolean isValidRelay(String hostIP) { 173 174 InitialContext initialContext=null; 175 DirContext ctx=null; 176 NamingEnumeration <SearchResult > namingEnumeration=null; 177 Set <ExtendedInet4Address> ldapNetworks=new HashSet <ExtendedInet4Address>(); 179 Inet4Address ag; 180 try { 181 initialContext = new InitialContext (environnement); 182 ctx = (DirContext ) initialContext.lookup(ldapUrl); 183 SearchControls searchControl = new SearchControls (); 184 namingEnumeration = ctx.search(ldapNetworkProvider,"(objectclass="+ldapNetworkClass+")",searchControl); 185 while (namingEnumeration.hasMore()) { 186 SearchResult result = namingEnumeration.next(); 187 Attributes attributes = result.getAttributes(); 188 Attribute ip = attributes.get(ldapNetworkAddressAttribute); 189 Attribute mask = attributes.get(ldapNetworkMaskAttribute); 190 191 if ((ip==null)||(mask==null)) 192 throw new NamingException ("Can't fing ip or netmask"); 193 194 Inet4Address ipInet = (Inet4Address ) InetAddress.getByName( (String )ip.get()); 195 Inet4Address maskInet = (Inet4Address ) InetAddress.getByName( (String )mask.get()); 196 ExtendedInet4Address ad = new ExtendedInet4Address (ipInet,maskInet); 197 ldapNetworks.add(ad); 198 } 199 ag = (Inet4Address ) InetAddress.getByName(hostIP); 200 for (ExtendedInet4Address address : ldapNetworks) { 201 if (address.isEqualorInMask(ag)) 202 return true; 203 } 204 } catch (NamingException e) { 205 log.error("Can't query server for relays",e); 206 } catch (UnknownHostException e) { 207 log.error("Conversion of ip failed ",e); 208 } finally { 209 try { 210 if (namingEnumeration!=null) 211 namingEnumeration.close(); 212 if (ctx!=null) 213 ctx.close(); 214 if (initialContext!=null) 215 ctx.close(); 216 } catch (NamingException e1) { 217 log.error(e1); 218 } 219 } 220 return false; 221 } 222 223 public String getPluginName() { 224 return "Simple LDAP ACL provider for jsmtpd"; 225 } 226 227 228 public void setAdminBindDn(String adminBindDn) { 229 this.adminBindDn = adminBindDn; 230 } 231 232 233 public void setAdminBindPassword(String adminBindPassword) { 234 this.adminBindPassword = adminBindPassword; 235 } 236 237 238 public void setLdapNetworkAddressAttribute(String ldapNetworkAddressAttribute) { 239 this.ldapNetworkAddressAttribute = ldapNetworkAddressAttribute; 240 } 241 242 243 public void setLdapNetworkClass(String ldapNetworkClass) { 244 this.ldapNetworkClass = ldapNetworkClass; 245 } 246 247 248 public void setLdapNetworkMaskAttribute(String ldapNetworkMaskAttribute) { 249 this.ldapNetworkMaskAttribute = ldapNetworkMaskAttribute; 250 } 251 252 253 public void setLdapNetworkProvider(String ldapNetworkProvider) { 254 this.ldapNetworkProvider = ldapNetworkProvider; 255 } 256 257 258 public void setLdapUrl(String ldapUrl) { 259 this.ldapUrl = ldapUrl; 260 } 261 262 263 public void setLdapUserAliasAttribute(String ldapUserAliasAttribute) { 264 this.ldapUserAliasAttribute = ldapUserAliasAttribute; 265 } 266 267 public void setLdapUserPrimaryMail(String ldapUserPrimaryMail) { 268 this.ldapUserPrimaryMail = ldapUserPrimaryMail; 269 } 270 271 public void setLdapUserProvider(String ldapUserProvider) { 272 this.ldapUserProvider = ldapUserProvider; 273 } 274 275 276 } 277 | Popular Tags |