vldap.c

相当优秀的 UNIX 进程管理工具

        snprintf(b, ret, "%s/%s", dom_dir, user);
    }

    dir = b;

    /* make an ldap connection (unless we already have one open) */
    if (ld == NULL ) {
        if (ldap_connect() != 0)
            return -99;
    }

    lm = (LDAPMod **)safe_malloc(sizeof(LDAPMod *) * (NUM_LDAP_FIELDS +1));

    for(i=0;i<NUM_LDAP_FIELDS;++i) {
        lm[i] = (LDAPMod *)safe_malloc(sizeof(LDAPMod));

        memset((LDAPMod *)lm[i], 0, sizeof(LDAPMod));
        lm[i]->mod_op = LDAP_MOD_ADD;
        lm[i]->mod_type = safe_strdup(ldap_fields[i]);
        lm[i]->mod_values = (char **)safe_malloc(sizeof(char *) * 2);
        lm[i]->mod_values[1] = NULL;
    }

    lm[NUM_LDAP_FIELDS] = NULL;

    /* lm[0] will store : uid / pw_name */
    lm[0]->mod_values[0] = safe_strdup(user);

    /* lm[1] will store : userPassword / pw_password */
    memset((char *)crypted, 0, 100);
    if ( password[0] == 0 ) {
        crypted[0] = 0;
    } else {
        mkpasswd3(password, crypted, 100);
    }

    lm[1]->mod_values[0] = (char *) safe_malloc(strlen(crypted) + 7 + 1);
#ifdef MD5_PASSWORDS

    snprintf(lm[1]->mod_values[0], strlen(crypted) + 7 + 1, "{MD5}%s", crypted);
#else

    snprintf(lm[1]->mod_values[0], strlen(crypted) + 7 + 1, "{crypt}%s", crypted);
#endif

    /* lm[2] will store : qmailUID / pw_uid */
    lm[2]->mod_values[0] = (char *) safe_malloc(10);
    if ( apop == USE_POP )
        sprintf(lm[2]->mod_values[0], "%d", 1 );
    else
        sprintf(lm[2]->mod_values[0], "%d", 2 );

    /* lm[3] will store : qmailGID / pw_gid */
    lm[3]->mod_values[0] = (char *) safe_malloc(10);
    sprintf(lm[3]->mod_values[0], "%d", 0);

    /* lm[4] will store : qmaildomain / pw_gecos */
    lm[4]->mod_values[0] = safe_strdup(gecos);

    /* lm[5] will store : mailMessageStore / pw_dir */
    lm[5]->mod_values[0] = safe_strdup(dir);

    /* lm[6] will store : mailQuota / pw_shell */
    lm[6]->mod_values[0] = safe_strdup("NOQUOTA");

    /* When running with clearpasswords enabled,
     * lm[7] will store : clearPassword / pw_clear_password
     */
#ifdef CLEAR_PASS
    /* with clear passwords,
     * lm[7] will store : clearPassword / pw_clear_password 
     * lm[8] will store : objectclass  
     */
    lm[7]->mod_values[0] = strdup(password);
    lm[8]->mod_values[0] = safe_strdup("qmailUser");
#else
    /* without clear passwords,
    * lm[7] will store : objectclass
    */
    lm[7]->mod_values[0] = safe_strdup("qmailUser");
#endif

    /* set dn_tmp to be of the format :
     *   ou=somedomain.com,o=vpopmail 
     */
    if (compose_dn(&dn_tmp,domain) != 0) {
        for(i=0;i<8;++i) {
            safe_free((void **) &lm[i]->mod_type);
            safe_free((void **) &lm[i]->mod_values[0]);
        }
        safe_free((void **) &lm);
        safe_free((void **) &dn);
        return -98;
    }

    /* set dn to be of the format :
     *   uid=someuser, ou=somedomain,o=vpopmail
     */
    len = 4 + strlen(user) + 2 + strlen(VLDAP_BASEDN) + 4 + strlen(domain) + 1;
    dn = (char *) safe_malloc(len);
    memset((char *)dn, 0, len);
    snprintf(dn, len, "uid=%s, %s", user, dn_tmp);
    safe_free((void **) &dn_tmp);

    /* add object to ldap
     *   dn is the DN of the entry to add
     *   lm is the attributes of the entry to add
     */
    ret = ldap_add_s(ld, dn, lm);
    safe_free((void **) &dn);

    for(i=0;i<NUM_LDAP_FIELDS;++i) {
        safe_free((void **) &lm[i]->mod_type);
        safe_free((void **) &lm[i]->mod_values[0]);
    }

    safe_free((void **) &lm);

    if (ret != LDAP_SUCCESS) {
        ldap_perror(ld,"Error");
        if (ret == LDAP_ALREADY_EXISTS)
            return VA_USERNAME_EXISTS;
        return -99;
    }
    return VA_SUCCESS;
}

/***************************************************************************/

int vauth_adddomain( char *domain ) {
    int ret = 0;
    char *dn = NULL;
    LDAPMod **lm = NULL;

    /* make a connection to the ldap server, if we are not already connected */
    if (ld == NULL ) {
        ret = ldap_connect();
        if (ret != 0) {
            return -99;
            /* Attention I am not quite shure, when we return NULL or -99, see above */
        }
    }

    lm = (LDAPMod **)safe_malloc(sizeof(LDAPMod *) * 2);

    lm[0] = (LDAPMod *)safe_malloc(sizeof(LDAPMod));

    lm[1] = (LDAPMod *)safe_malloc(sizeof(LDAPMod));
    lm[2] = NULL;

    memset((LDAPMod *)lm[0], 0, sizeof(LDAPMod));
    memset((LDAPMod *)lm[1], 0, sizeof(LDAPMod));

    lm[0]->mod_op = LDAP_MOD_ADD;
    lm[1]->mod_op = LDAP_MOD_ADD;

    lm[0]->mod_type = safe_strdup("ou");
    lm[1]->mod_type = safe_strdup("objectclass");

    lm[0]->mod_values = (char **)safe_malloc(sizeof(char *) * 2);
    lm[1]->mod_values = (char **)safe_malloc(sizeof(char *) * 2);

    lm[0]->mod_values[1] = NULL;
    lm[1]->mod_values[1] = NULL;

    lm[0]->mod_values[0] = safe_strdup(domain);
    lm[1]->mod_values[0] = safe_strdup("organizationalUnit");

    /* set dn to be of the format :
     *   ou=somedomain.com,o=vpopmail 
     */
    if (compose_dn(&dn,domain) != 0 ) {
        safe_free((void **) &lm[0]->mod_type);
        safe_free((void **) &lm[1]->mod_type);
        safe_free((void **) &lm[0]->mod_values[0]);
        safe_free((void **) &lm[1]->mod_values[0]);
        safe_free((void **) &lm[1]);
        safe_free((void **) &lm[0]);
        safe_free((void **) &lm);
        return -98;
    }

    /* dn will be ou=somedomain.com,o=vpopmail
     * lm will be the ldap propoerties of somedomain.com
     */
    ret = ldap_add_s(ld, dn, lm);

    if (ret != LDAP_SUCCESS) {
        ldap_perror(ld,"Error");
        return -99;
    }

    safe_free((void **) &dn);
    safe_free((void **) &lm[0]->mod_type);
    safe_free((void **) &lm[1]->mod_type);
    safe_free((void **) &lm[0]->mod_values[0]);
    safe_free((void **) &lm[1]->mod_values[0]);
    safe_free((void **) &lm[2]);
    safe_free((void **) &lm[1]);
    safe_free((void **) &lm[0]);
    safe_free((void **) &lm);

    if (ret != LDAP_SUCCESS) {
        if (ret == LDAP_ALREADY_EXISTS)
            return VA_USERNAME_EXISTS;
        return -99;
    }

    return VA_SUCCESS;
}

/***************************************************************************/

int vauth_deldomain( char *domain ) {
    int ret = 0;
    size_t len = 0;
    char *dn = NULL;
    struct vqpasswd *pw = NULL;

    /* make a connection to the ldap server, if we dont have one already */
    if (ld == NULL ) {
        if (ldap_connect() != 0)
            return -99;
    }

    len = strlen(domain) + strlen(VLDAP_BASEDN) + 4 + 1;

    /* dn will be of the format :
     *   ou=somedomain.com,o=vpopmail
     */
    if (compose_dn(&dn,domain) != 0)
        return -98;

    /* loop through all the users in the domain, deleting each one */
    for (pw = vauth_getall(domain, 1, 0); pw; pw = vauth_getall(domain, 0, 0))
        vauth_deluser(pw->pw_name, domain);

    /* next, delete the actual domain */
    ret = ldap_delete_s(ld, dn);
    safe_free((void **) &dn);

    if (ret != LDAP_SUCCESS ) {
        ldap_perror(ld,"Error");
        return -99;
    }

    return VA_SUCCESS;
}

/***************************************************************************/

int vauth_vpasswd( char *user, char *domain, char *crypted, int apop ) {
    int ret = 0;
    struct vqpasswd *pw = NULL;

    pw = vauth_getpw(user, domain);
    if (pw == NULL)
        return VA_USER_DOES_NOT_EXIST;

    pw->pw_passwd = safe_strdup(crypted);

    ret = vauth_setpw(pw, domain);

    return ret;
}

/***************************************************************************/

int vauth_deluser( char *user, char *domain ) {
    int ret = 0;
    size_t len = 0;
    char *dn = NULL;
    char *dn_tmp = NULL;

    /* make a connection to the ldap server if we dont have one already */
    if (ld == NULL ) {
        if (ldap_connect() != 0)
            return -99;
    }

    len = 4 + strlen(user) + 2 + strlen(VLDAP_BASEDN) + 4 + strlen(domain) + 1;

    /* make dn_tmp to be of the format
     *  ou=somedomain.com,o=vpopmail 
     */
    if (compose_dn(&dn_tmp,domain) != 0)
        return -98;

    dn = (char *)safe_malloc(len);
    memset((char *)dn, 0, len);

    /* make dn to be of the format
     *   uid=someuser, ou=somedomain.com,o=vpopmail
     */
    snprintf(dn, len, "uid=%s, %s", user, dn_tmp);
    safe_free((void **) &dn_tmp);

    /* delete the user */
    ret = ldap_delete_s(ld, dn);

    safe_free((void **) &dn);

    if (ret != LDAP_SUCCESS) {
        ldap_perror(ld,"Error");
        return -99;
    }

    return VA_SUCCESS;
}

/***************************************************************************/

int vauth_setquota( char *username, char *domain, char *quota) {
    int ret = 0;
    struct vqpasswd *pw = NULL;

    if ( strlen(username) > MAX_PW_NAME )
        return(VA_USER_NAME_TOO_LONG);
#ifdef USERS_BIG_DIR

    if ( strlen(username) == 1 )
        return(VA_ILLEGAL_USERNAME);
#endif

    if ( strlen(domain) > MAX_PW_DOMAIN )
        return(VA_DOMAIN_NAME_TOO_LONG);
    if ( strlen(quota) > MAX_PW_QUOTA )
        return(VA_QUOTA_TOO_LONG);

    pw = vauth_getpw(username, domain);
    if ( (pw == NULL) && (verrori != 0))
        return verrori;
    else if ( pw == NULL )
        return VA_USER_DOES_NOT_EXIST;

    pw->pw_shell = safe_strdup(quota);

    ret = vauth_setpw(pw, domain);

    return ret;
}

/***************************************************************************/

int vauth_setpw( struct vqpasswd *inpw, char *domain ) {
    int ret = 0;
    size_t len = 0;
    char *dn = NULL;
    char *dn_tmp = NULL;
    LDAPMod **lm = NULL;
    int i;
#ifdef SQWEBMAIL_PASS

    uid_t uid;
    gid_t gid;
#endif

    ret = vcheck_vqpw(inpw, domain);
    if ( ret != 0 ) {
        return(ret);
    }

    if (ld == NULL ) {
        if (ldap_connect() != 0)
            return -99;
    }

    lm = (LDAPMod **)malloc(sizeof(LDAPMod *) * NUM_LDAP_FIELDS + 1);
    for(i=0;i<NUM_LDAP_FIELDS;++i) {
        lm[i] = (LDAPMod *)safe_malloc(sizeof(LDAPMod));
        memset((LDAPMod *)lm[i], 0, sizeof(LDAPMod));
        lm[i]->mod_op = LDAP_MOD_REPLACE;
        lm[i]->mod_values = (char **)safe_malloc(sizeof(char *) * 2);
        lm[i]->mod_values[1] = NULL;
        lm[i]->mod_type = safe_strdup(ldap_fields[i]);
    }
    lm[NUM_LDAP_FIELDS] = NULL;

    lm[0]->mod_values[0] = safe_strdup(inpw->pw_name);

    lm[1]->mod_values[0] = safe_malloc(strlen(inpw->pw_passwd) + 7 + 1);
#ifdef MD5_PASSWORDS

    snprintf(lm[1]->mod_values[0], strlen(inpw->pw_passwd) + 7 + 1, "{MD5}%s", inpw->pw_passwd);
#else

    snprintf(lm[1]->mod_values[0], strlen(inpw->pw_passwd) + 7 + 1, "{crypt}%s", inpw->pw_passwd);
#endif

    lm[2]->mod_values[0] = (char *)safe_malloc(10);
    sprintf(lm[2]->mod_values[0], "%d", inpw->pw_uid);

    lm[3]->mod_values[0] = (char *) safe_malloc(10);
    sprintf(lm[3]->mod_values[0], "%d", inpw->pw_gid);

    if ( inpw->pw_gecos == NULL) {
        lm[4]->mod_values[0] = safe_strdup("");
    } else {
        lm[4]->mod_values[0] = safe_strdup(inpw->pw_gecos);
    }
    lm[5]->mod_values[0] = safe_strdup(inpw->pw_dir);
    lm[6]->mod_values[0] = safe_strdup(inpw->pw_shell);
#ifdef CLEAR_PASS

    lm[7]->mod_values[0] = safe_strdup(inpw->pw_clear_passwd);
#endif

    lm[NUM_LDAP_FIELDS-1]->mod_values[0] = strdup("qmailUser");


    if (compose_dn(&dn_tmp,domain) != 0 ) {
        safe_free((void **) &lm);
        return -98;
    }

    len = 4 + strlen(inpw->pw_name) + 2 + strlen(VLDAP_BASEDN) + 4 + strlen(domain) + 1;
    dn = (char *) safe_malloc (len);
    memset((char *)dn, 0, len);

    snprintf(dn, len, "uid=%s, %s", inpw->pw_name, dn_tmp);

    ret = ldap_modify_s(ld, dn, lm);
    safe_free((void **) &dn);

    for(i=0;i<NUM_LDAP_FIELDS;++i)
        safe_free((void **) &lm);

    if (ret != LDAP_SUCCESS) {
        ldap_perror(ld,"Error");
        return -99;
    }
    /* MARK */
#ifdef SQWEBMAIL_PASS
    vget_assign(domain, NULL, 0, &uid, &gid );
    vsqwebmail_pass( inpw->pw_dir, inpw->pw_passwd, uid, gid);
#endif

    return VA_SUCCESS;
}

/***************************************************************************/

void vclose(void) {
    if (ld) {
        ldap_unbind_s(ld);
        ld = NULL;
    }
}

/***************************************************************************/

char *dc_filename(char *domain, uid_t uid, gid_t gid)
{
 static char dir_control_file[MAX_DIR_NAME];
 struct passwd *pw;

    /* if we are lucky the domain is in the assign file */
    if ( vget_assign(domain,dir_control_file,MAX_DIR_NAME,NULL,NULL)!=NULL ) {
        strncat(dir_control_file, "/.dir-control", MAX_DIR_NAME);

    /* it isn't in the assign file so we have to get it from /etc/passwd */
    } else {

        /* save some time if this is the vpopmail user */
        if ( uid == VPOPMAILUID ) {
            strncpy(dir_control_file, VPOPMAILDIR, MAX_DIR_NAME);

        /* for other users, look them up in /etc/passwd */
        } else if ( (pw=getpwuid(uid))!=NULL ) {