On Thu, May 24, 2018 at 11:45:40AM -0700, Paul B. Henson wrote:
> > From: Gilles Chehade
> > Sent: Wednesday, May 23, 2018 1:20 PM
> >
> > That's bad but could easily be fixed if you want to help us
>
> So I dropped in the latest table-ldap from git, and it still failed
> authentications after an LDAP server outage. It looks like the check is only
> in the table_ldap_check function? I'm not sure what that's for, but it
> doesn't seem to be called at all when doing authentication. I added a
> similar check into the table_ldap_lookup function, and also had to reorder
> the functions in the file a bit due to errors like this:
>
> table_ldap.c:92:15: warning: implicit declaration of function 'ldap_open' is
> invalid in C99
> [-Wimplicit-function-declaration]
>
> Afterwards, opensmtpd successfully reconnected to LDAP and performed
> authentication after an LDAP outage :).
>
> users[14726]: debug: table_ldap: ldap_query:
> filter=(&(objectClass=uidObject)(uid=henson)), ret=0
> users[14726]: debug: table-ldap: reconnecting
> users[14726]: info: table-ldap: closed previous connection
> users[14726]: debug: ldap server accepted credentials
> users[14726]: debug: table_ldap: ldap_query:
> filter=(&(objectClass=uidObject)(uid=henson)), ret=1
>
>
> Here's what my changes currently are. I can submit a pull request on github
> if you'd like. Thanks.
>
please do so we have more people able to test
I'll review shortly
> diff --git a/extras/tables/table-ldap/table_ldap.c
> b/extras/tables/table-ldap/table_ldap.c
> index 88c9ffd..9d20526 100644
> --- a/extras/tables/table-ldap/table_ldap.c
> +++ b/extras/tables/table-ldap/table_ldap.c
> @@ -74,45 +74,6 @@ table_ldap_update(void)
> return 1;
> }
>
> -static int
> -table_ldap_check(int service, struct dict *params, const char *key)
> -{
> - int ret;
> -
> - switch(service) {
> - case K_ALIAS:
> - case K_DOMAIN:
> - case K_CREDENTIALS:
> - case K_USERINFO:
> - case K_MAILADDR:
> - if ((ret = ldap_run_query(service, key, NULL, 0)) >= 0) {
> - return ret;
> - }
> - log_debug("debug: table-ldap: reconnecting");
> - if (!(ret = ldap_open())) {
> - log_warnx("warn: table-ldap: failed to connect");
> - }
> - return ret;
> - default:
> - return -1;
> - }
> -}
> -
> -static int
> -table_ldap_lookup(int service, struct dict *params, const char *key, char
> *dst, size_t sz)
> -{
> - switch(service) {
> - case K_ALIAS:
> - case K_DOMAIN:
> - case K_CREDENTIALS:
> - case K_USERINFO:
> - case K_MAILADDR:
> - return ldap_run_query(service, key, dst, sz);
> - default:
> - return -1;
> - }
> -}
> -
> static int
> table_ldap_fetch(int service, struct dict *params, char *dst, size_t sz)
> {
> @@ -361,6 +322,32 @@ err:
> return 0;
> }
>
> +static int
> +table_ldap_lookup(int service, struct dict *params, const char *key, char
> *dst, size_t sz)
> +{
> + int ret;
> +
> + switch(service) {
> + case K_ALIAS:
> + case K_DOMAIN:
> + case K_CREDENTIALS:
> + case K_USERINFO:
> + case K_MAILADDR:
> + if ((ret = ldap_run_query(service, key, dst, sz)) > 0) {
> + return ret;
> + }
> + log_debug("debug: table-ldap: reconnecting");
> + if (!(ret = ldap_open())) {
> + log_warnx("warn: table-ldap: failed to connect");
> + return ret;
> + }
> + return ldap_run_query(service, key, dst, sz);
> + default:
> + return -1;
> + }
> +}
> +
> +
> static int
> ldap_query(const char *filter, char **attributes, char ***outp, size_t n)
> {
> @@ -498,6 +485,31 @@ end:
> return ret;
> }
>
> +static int
> +table_ldap_check(int service, struct dict *params, const char *key)
> +{
> + int ret;
> +
> + switch(service) {
> + case K_ALIAS:
> + case K_DOMAIN:
> + case K_CREDENTIALS:
> + case K_USERINFO:
> + case K_MAILADDR:
> + if ((ret = ldap_run_query(service, key, NULL, 0)) >= 0) {
> + return ret;
> + }
> + log_debug("debug: table-ldap: reconnecting");
> + if (!(ret = ldap_open())) {
> + log_warnx("warn: table-ldap: failed to connect");
> + }
> + return ret;
> + default:
> + return -1;
> + }
> +}
> +
> +
> int
> main(int argc, char **argv)
> {
>
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
