1 | #!/usr/bin/perl |
---|
2 | |
---|
3 | # Versao 5, ldapS |
---|
4 | |
---|
5 | #use strict; |
---|
6 | use warnings; |
---|
7 | use Fcntl; |
---|
8 | #use Net::LDAP qw(:all); |
---|
9 | use Net::LDAP; |
---|
10 | use Sys::Syslog qw(:DEFAULT setlogsock); |
---|
11 | |
---|
12 | my $ldap_host = "127.0.0.1"; |
---|
13 | my $base_dn = "LDAP_DN"; |
---|
14 | |
---|
15 | #my $ldap_host = "ldaps://LDAP_SERVER:636"; |
---|
16 | #my $base_dn = "BASE_DN"; |
---|
17 | |
---|
18 | my $syslog_socktype = 'unix'; # inet, unix, stream, console |
---|
19 | my $syslog_facility="mail"; |
---|
20 | my $syslog_options="pid"; |
---|
21 | my $syslog_priority="info"; |
---|
22 | |
---|
23 | setlogsock $syslog_socktype; |
---|
24 | openlog $0, $syslog_options, $syslog_facility; |
---|
25 | |
---|
26 | select((select(STDOUT), $| = 1)[0]); |
---|
27 | |
---|
28 | sub fatal_exit { |
---|
29 | my($first) = shift(@_); |
---|
30 | syslog "err", "fatal: $first", @_; |
---|
31 | exit 1; |
---|
32 | } |
---|
33 | |
---|
34 | # |
---|
35 | # Receive a bunch of attributes, evaluate the policy, send the result. |
---|
36 | # |
---|
37 | while (<STDIN>) { |
---|
38 | |
---|
39 | if (/([^=]+)=(.*)\n/) { |
---|
40 | $attr{substr($1, 0, 512)} = substr($2, 0, 512); |
---|
41 | } |
---|
42 | elsif ($_ eq "\n") |
---|
43 | { |
---|
44 | #for (keys %attr) { |
---|
45 | # syslog $syslog_priority, "Attribute: %s=%s", $_, $attr{$_}; |
---|
46 | #} |
---|
47 | |
---|
48 | fatal_exit "unrecognized request type: '%s'", $attr{request} |
---|
49 | unless $attr{"request"} eq "smtpd_access_policy"; |
---|
50 | |
---|
51 | |
---|
52 | my $ldap = Net::LDAP->new($ldap_host, version => 3); |
---|
53 | my $mesg = $ldap->bind ; # an anonymous bind |
---|
54 | #my $mesg = $ldap->bind ( 'cn=admin,dc=expresso,dc=com,dc=br', password=>'SENHA'); |
---|
55 | |
---|
56 | my $filter = "(|(\&(mail=$attr{recipient})(mailSenderAddress=$attr{sender})(phpgwAccountType=l))(\&(mail=$attr{recipient})(participantCanSendMail=TRUE)(mailForwardingAddress=$attr{sender})(phpgwAccountType=l)))"; |
---|
57 | |
---|
58 | my $search = $ldap->search(filter=>"$filter", |
---|
59 | base=>"$base_dn", |
---|
60 | attrs=> ['uid'] ); |
---|
61 | |
---|
62 | if ( $search->code ) |
---|
63 | { |
---|
64 | syslog $syslog_priority, "Erro na conexao com ldap."; |
---|
65 | print STDOUT "action=reject\n\n"; |
---|
66 | exit 0; |
---|
67 | } |
---|
68 | |
---|
69 | if ($search->count) |
---|
70 | { |
---|
71 | syslog $syslog_priority, "Lista Restrita: DUNNO: %s->%s", $attr{sender}, $attr{recipient}, $filter; |
---|
72 | print STDOUT "action=DUNNO\n\n"; |
---|
73 | } |
---|
74 | else |
---|
75 | { |
---|
76 | syslog $syslog_priority, "Lista Restrita: Denied: %s->%s", $attr{sender}, $attr{recipient}, $filter; |
---|
77 | print STDOUT "action=reject\n\n"; |
---|
78 | } |
---|
79 | |
---|
80 | %attr = (); |
---|
81 | $ldap->disconnect(); |
---|
82 | } |
---|
83 | else |
---|
84 | { |
---|
85 | chop; |
---|
86 | syslog $syslog_priority, "warning: ignoring garbage: %.100s", $_; |
---|
87 | } |
---|
88 | } |
---|