LdapACL


1   /*
2    * 
3    * Jsmtpd, Java SMTP daemon
4    * Copyright (C) 2005  Jean-Francois POUX, jf.poux@laposte.net
5    *
6    * This program is free software; you can redistribute it and/or
7    * modify it under the terms of the GNU General Public License
8    * as published by the Free Software Foundation; either version 2
9    * of the License, or (at your option) any later version.
10   *
11   * This program is distributed in the hope that it will be useful,
12   * but WITHOUT ANY WARRANTY; without even the implied warranty of
13   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14   * GNU General Public License for more details.
15   *
16   * You should have received a copy of the GNU General Public License
17   * along with this program; if not, write to the Free Software
18   * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
19   *
20   */
21  package org.jsmtpd.plugins.acls;
22  
23  import java.net.Inet4Address  ;
24  import java.net.InetAddress  ;
25  import java.net.UnknownHostException  ;
26  import java.util.HashSet  ;
27  import java.util.Hashtable  ;
28  import java.util.Set  ;
29  
30  import javax.naming.Context  ;
31  import javax.naming.InitialContext  ;
32  import javax.naming.NamingEnumeration  ;
33  import javax.naming.NamingException  ;
34  import javax.naming.directory.Attribute  ;
35  import javax.naming.directory.Attributes  ;
36  import javax.naming.directory.DirContext  ;
37  import javax.naming.directory.SearchControls  ;
38  import javax.naming.directory.SearchResult  ;
39  
40  import org.apache.commons.logging.Log;
41  import org.apache.commons.logging.LogFactory;
42  import org.jsmtpd.core.common.PluginInitException;
43  import org.jsmtpd.core.common.acl.ExtendedInet4Address;
44  import org.jsmtpd.core.common.acl.IACL;
45  import org.jsmtpd.core.mail.EmailAddress;
46  /**
47   * 1/04/06 : Change to query primary mail by fixed attribute, not by uid (for multiple domains and outgoing)
48   * TODO: Cache results with ex date
49   * @author jf poux
50   *
51   */
52  public class LdapACL implements IACL {
53  
54      private String   adminBindDn; // ex cn=administrator,dc=jsmtpd,dc=org
55      private String   adminBindPassword;
56      private String   ldapUrl; // ex ldap://172.16.0.200/
57      
58      // How to query the user db
59      private String   ldapUserProvider; // Branch containing user objects, like ou=people,dc=jsmtpd,dc=org
60      private String   ldapUserAliasAttribute="rfc822MailAlias"; // Attribute of mail aliases
61      private String   ldapUserPrimaryMail="mail"; // Attribute of primary mail address.
62  
63      
64      private String   ldapNetworkProvider; // A branch containing network objects (class ipNetwork by example) : ou=networks,dc=jsmtpd,dc=org
65      private String   ldapNetworkClass="ipNetwork"; 
66      private String   ldapNetworkAddressAttribute="ipNetworkNumber"; // Atribute of network ip
67      private String   ldapNetworkMaskAttribute="ipNetmaskNumber"; // attribut of network mask
68      
69      private Hashtable  <String  ,String  > environnement;
70      private static Log log = LogFactory.getLog(LdapACL.class);
71      
72      public void initPlugin() throws PluginInitException {
73          environnement = new Hashtable  <String  ,String  >();
74          environnement.put(Context.SECURITY_PRINCIPAL,adminBindDn);
75          environnement.put(Context.SECURITY_CREDENTIALS,adminBindPassword);
76      }
77  
78      public boolean isValidAddress(EmailAddress e) {
79          if (isValidAddressWildCard(e))
80              return true;
81          else
82              return isValidAddressStandardUser(e);
83      }
84  
85      public boolean isValidAddressStandardUser(EmailAddress e) {
86          InitialContext   initialContext=null;
87          NamingEnumeration  <SearchResult  > namingEnumeration=null;
88          DirContext   ctx=null;
89          try {
90              initialContext = new InitialContext  (environnement);
91              ctx = (DirContext  ) initialContext.lookup(ldapUrl);
92              SearchControls   searchControl = new SearchControls  ();
93              
94              // Will look for primary mail field.
95              String   ldapQuery ="("+ldapUserPrimaryMail+"="+e.toString()+")";
96              namingEnumeration = ctx.search(ldapUserProvider,ldapQuery,searchControl);
97              boolean found = namingEnumeration.hasMore();
98              namingEnumeration.close();
99              if (found) {
100                 log.debug("User "+e.toString()+" found in directory");
101                 return true;
102             } 
103                         
104             // Lookup alias
105             ldapQuery="("+ldapUserAliasAttribute+"="+e.toString()+")";
106             namingEnumeration = ctx.search(ldapUserProvider,ldapQuery,searchControl);
107             found = namingEnumeration.hasMore();
108             namingEnumeration.close();
109             if (found) {
110                 log.debug("Alias "+e.toString()+" found in directory");
111                 return true;
112             }
113             
114         } catch (NamingException   e1) {
115             log.error("Failed to query server",e1);
116         } finally {
117             try {
118                 if (namingEnumeration!=null)
119                     namingEnumeration.close();
120                 if (ctx!=null)
121                     ctx.close();
122                 if (initialContext!=null)
123                     initialContext.close();
124             } catch (NamingException   e1) {
125                 log.error(e1);
126             }
127         }
128         return false;
129     }
130 
131     public boolean isValidAddressWildCard(EmailAddress e) {
132         InitialContext   initialContext=null;
133         DirContext   ctx=null;
134         NamingEnumeration  <SearchResult  > namingEnumeration=null;
135         try {
136             initialContext = new InitialContext  (environnement);
137             ctx = (DirContext  ) initialContext.lookup(ldapUrl);
138             SearchControls   searchControl = new SearchControls  ();
139             
140             // see if there are users with *@domain.com wildcard aliases
141             String   query = "("+ldapUserAliasAttribute+"=@"+e.getHost()+")";
142             namingEnumeration = ctx.search(ldapUserProvider,query,searchControl);
143             boolean found = namingEnumeration.hasMore();
144             namingEnumeration.close();
145             if (found) {
146                 log.debug("Wildcard alias "+e.toString()+" found in directory");
147                 return true;
148             }
149         
150         } catch (NamingException   e1) {
151             log.error("Failed to query server",e1);
152         } finally {
153             try {
154                 if (namingEnumeration!=null)
155                     namingEnumeration.close();
156                 if (ctx!=null)
157                     ctx.close();
158                 if (initialContext!=null)
159                     ctx.close();
160             } catch (NamingException   e1) {
161                 log.error(e1);
162             }
163         }
164         return false;
165     }
166 
167     public void shutdownPlugin() {
168         
169     }
170 
171 
172     public boolean isValidRelay(String   hostIP) {
173         
174         InitialContext   initialContext=null;
175         DirContext   ctx=null;
176         NamingEnumeration  <SearchResult  > namingEnumeration=null;
177         // This set is rebuilt for each query. Can be cached with expiraton time
178         Set  <ExtendedInet4Address> ldapNetworks=new HashSet  <ExtendedInet4Address>();
179         Inet4Address   ag;
180         try {
181             initialContext = new InitialContext  (environnement);
182             ctx = (DirContext  ) initialContext.lookup(ldapUrl);
183             SearchControls   searchControl = new SearchControls  ();
184             namingEnumeration = ctx.search(ldapNetworkProvider,"(objectclass="+ldapNetworkClass+")",searchControl);
185             while (namingEnumeration.hasMore()) {
186                 SearchResult   result = namingEnumeration.next();
187                 Attributes   attributes = result.getAttributes();
188                 Attribute   ip = attributes.get(ldapNetworkAddressAttribute);
189                 Attribute   mask = attributes.get(ldapNetworkMaskAttribute);
190                 
191                 if ((ip==null)||(mask==null)) 
192                     throw new NamingException  ("Can't fing ip or netmask");
193                 
194                 Inet4Address   ipInet = (Inet4Address  ) InetAddress.getByName( (String  )ip.get());
195                 Inet4Address   maskInet = (Inet4Address  ) InetAddress.getByName( (String  )mask.get());
196                 ExtendedInet4Address ad = new ExtendedInet4Address (ipInet,maskInet);
197                 ldapNetworks.add(ad);
198             }
199             ag = (Inet4Address  ) InetAddress.getByName(hostIP);
200             for (ExtendedInet4Address address : ldapNetworks) {
201                 if (address.isEqualorInMask(ag))
202                     return true;
203             }
204         } catch (NamingException   e) {
205             log.error("Can't query server for relays",e);
206         } catch (UnknownHostException   e) {
207             log.error("Conversion of ip failed ",e);
208         } finally {
209             try {
210                 if (namingEnumeration!=null)
211                     namingEnumeration.close();
212                 if (ctx!=null)
213                     ctx.close();
214                 if (initialContext!=null)
215                     ctx.close();
216             } catch (NamingException   e1) {
217                 log.error(e1);
218             }
219         }
220         return false;
221     }
222 
223     public String   getPluginName() {
224         return "Simple LDAP ACL provider for jsmtpd";
225     }
226 
227     
228     public void setAdminBindDn(String   adminBindDn) {
229         this.adminBindDn = adminBindDn;
230     }
231 
232     
233     public void setAdminBindPassword(String   adminBindPassword) {
234         this.adminBindPassword = adminBindPassword;
235     }
236 
237     
238     public void setLdapNetworkAddressAttribute(String   ldapNetworkAddressAttribute) {
239         this.ldapNetworkAddressAttribute = ldapNetworkAddressAttribute;
240     }
241 
242     
243     public void setLdapNetworkClass(String   ldapNetworkClass) {
244         this.ldapNetworkClass = ldapNetworkClass;
245     }
246 
247     
248     public void setLdapNetworkMaskAttribute(String   ldapNetworkMaskAttribute) {
249         this.ldapNetworkMaskAttribute = ldapNetworkMaskAttribute;
250     }
251 
252     
253     public void setLdapNetworkProvider(String   ldapNetworkProvider) {
254         this.ldapNetworkProvider = ldapNetworkProvider;
255     }
256 
257     
258     public void setLdapUrl(String   ldapUrl) {
259         this.ldapUrl = ldapUrl;
260     }
261 
262     
263     public void setLdapUserAliasAttribute(String   ldapUserAliasAttribute) {
264         this.ldapUserAliasAttribute = ldapUserAliasAttribute;
265     }
266         
267     public void setLdapUserPrimaryMail(String   ldapUserPrimaryMail) {
268         this.ldapUserPrimaryMail = ldapUserPrimaryMail;
269     }
270 
271     public void setLdapUserProvider(String   ldapUserProvider) {
272         this.ldapUserProvider = ldapUserProvider;
273     }
274 
275 
276 }
277
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags