forked from tasansga/haraka-ldap
-
Notifications
You must be signed in to change notification settings - Fork 4
/
index.js
111 lines (92 loc) · 3.35 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
'use strict';
const util = require('util');
const authn = require('./authn');
const aliases = require('./aliases');
const rcpt_to = require('./rcpt_to');
const authz = require('./authz');
const LdapPool = require('./pool').LdapPool;
const AUTH_COMMAND = 'AUTH';
const AUTH_METHOD_PLAIN = 'PLAIN';
const AUTH_METHOD_LOGIN = 'LOGIN';
exports.handle_authn = function (next, connection, params) {
// we use this as hook so we can ignore auth calls with disabled auth plugin
// see: auth/auth_base.js, exports.hook_unrecognized_command
if (!connection.server.notes.ldappool.config.authn) return next();
if (params[0].toUpperCase() === AUTH_COMMAND && params[1]) {
return this.select_auth_method(next, connection, params.slice(1).join(' '));
}
if (!connection.notes.authenticating) return next();
switch (connection.notes.auth_method) {
case AUTH_METHOD_LOGIN:
this.auth_login(next, connection, params);
break;
case AUTH_METHOD_PLAIN:
this.auth_plain(next, connection, params);
break;
default:
next();
}
};
exports.hook_capabilities = (next, connection) => {
// default: don't offer AUTH unless session is encrypted
if (connection.using_tls) {
const methods = ['PLAIN', 'LOGIN'];
connection.capabilities.push(`AUTH ${methods.join(' ')}`);
connection.notes.allowed_auth_methods = methods;
}
next();
};
exports.check_plain_passwd = function () {
authn.check_plain_passwd(...arguments);
};
exports.aliases = function (next, connection, params) {
if (!connection.server.notes.ldappool.config.aliases) return next();
aliases.aliases(...arguments);
};
exports.check_rcpt = function (next, connection, params) {
if (!connection.server.notes.ldappool.config.rcpt_to) return next();
rcpt_to.check_rcpt.apply(rcpt_to, arguments);
};
exports.check_authz = function (next, connection, params) {
if (!connection.server.notes.ldappool.config.authz) return next();
authz.check_authz.apply(authz, arguments);
};
exports.register = function () {
this.inherits('auth/auth_base');
this.register_hook('init_master', '_init_ldappool');
this.register_hook('init_child', '_init_ldappool');
this.register_hook('rcpt', 'aliases');
this.register_hook('rcpt', 'check_rcpt');
this.register_hook('mail', 'check_authz');
this.register_hook('unrecognized_command', 'handle_authn');
this._load_ldap_ini();
};
exports._load_ldap_ini = function () {
this.loginfo('loading ldap.ini');
const cfg = this.config.get('ldap.ini', () => {
this._load_ldap_ini();
});
if (this._pool) {
this._pool._set_config(cfg);
this.logdebug(`Current config: ${util.inspect(this._pool.config)}`);
} else {
this._tmp_pool_config = cfg;
}
};
exports._init_ldappool = function (next, server) {
if (!server.notes.ldappool) {
server.notes.ldappool = new LdapPool();
if (this._tmp_pool_config) {
server.notes.ldappool._set_config(this._tmp_pool_config);
this._tmp_pool_config = undefined;
this.logdebug(
`Current config: ${util.inspect(server.notes.ldappool.config)}`,
);
}
}
this._pool = server.notes.ldappool;
next();
};
exports.shutdown = function (next) {
if (this._pool) this._pool.close(next || function () {});
};