UNPKG

haraka-plugin-ldap

Version:

Haraka plugin for LDAP

github.com/haraka/haraka-plugin-ldap

haraka/haraka-plugin-ldap

112 lines (92 loc) 3.43 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
'use strict'; const util = require('util'); const authn = require('./authn'); const aliases = require('./aliases'); const rcpt_to = require('./rcpt_to'); const authz = require('./authz'); const LdapPool = require('./pool').LdapPool; const AUTH_COMMAND = 'AUTH'; const AUTH_METHOD_PLAIN = 'PLAIN'; const AUTH_METHOD_LOGIN = 'LOGIN'; exports.handle_authn = function (next, connection, params) { // we use this as hook so we can ignore auth calls with disabled auth plugin // see: auth/auth_base.js, exports.hook_unrecognized_command if (!connection.server.notes.ldappool.config.authn) return next(); if (params[0].toUpperCase() === AUTH_COMMAND && params[1]) { return this.select_auth_method(next, connection, params.slice(1).join(' ')); } if (!connection.notes.authenticating) return next(); switch (connection.notes.auth_method) { case AUTH_METHOD_LOGIN: this.auth_login(next, connection, params); break; case AUTH_METHOD_PLAIN: this.auth_plain(next, connection, params); break; default: next(); } }; exports.hook_capabilities = (next, connection) => { // default: don't offer AUTH unless session is encrypted if (connection.using_tls) { const methods = ['PLAIN', 'LOGIN']; connection.capabilities.push(`AUTH ${methods.join(' ')}`); connection.notes.allowed_auth_methods = methods; } next(); }; exports.check_plain_passwd = function () { authn.check_plain_passwd(...arguments); }; exports.aliases = function (next, connection, params) { if (!connection.server.notes.ldappool.config.aliases) return next(); aliases.aliases(...arguments); }; exports.check_rcpt = function (next, connection, params) { if (!connection.server.notes.ldappool.config.rcpt_to) return next(); rcpt_to.check_rcpt.apply(rcpt_to, arguments); }; exports.check_authz = function (next, connection, params) { if (!connection.server.notes.ldappool.config.authz) return next(); authz.check_authz.apply(authz, arguments); }; exports.register = function () { this.inherits('auth/auth_base'); this.register_hook('init_master', '_init_ldappool'); this.register_hook('init_child', '_init_ldappool'); this.register_hook('rcpt', 'aliases'); this.register_hook('rcpt', 'check_rcpt'); this.register_hook('mail', 'check_authz'); this.register_hook('unrecognized_command', 'handle_authn'); this._load_ldap_ini(); }; exports._load_ldap_ini = function () { this.loginfo('loading ldap.ini'); const cfg = this.config.get('ldap.ini', () => { this._load_ldap_ini(); }); if (this._pool) { this._pool._set_config(cfg); this.logdebug(`Current config: ${util.inspect(this._pool.config)}`); } else { this._tmp_pool_config = cfg; } }; exports._init_ldappool = function (next, server) { if (!server.notes.ldappool) { server.notes.ldappool = new LdapPool(); if (this._tmp_pool_config) { server.notes.ldappool._set_config(this._tmp_pool_config); this._tmp_pool_config = undefined; this.logdebug( `Current config: ${util.inspect(server.notes.ldappool.config)}`, ); } } this._pool = server.notes.ldappool; next(); }; exports.shutdown = function (next) { if (this._pool) this._pool.close(next || function () {}); };