Reconnect to LDAP backend after network issue, version bump to 1.0.2

LICENSE

@@ -0,0 +1,30 @@
+Copyright (C) 2020, yo000 <johan@nosd.in>
+
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+- Redistributions of source code must retain the above copyright notice,
+  this list of conditions and the following disclaimer.
+- Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+- Neither the name of the Mumble Developers nor the names of its
+  contributors may be used to endorse or promote products derived from this
+  software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+`AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR
+CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+

mynettcptable.conf.sample

@@ -5,3 +5,5 @@ ldapUser cn=mynettcptable,ou=services,dc=example,dc=org
 ldapPass here_lies_the_password
 # networks cache refresh interval
 refresh 300
+# Inactive connection timeout
+timeout 30

mynettcptable.go

@@ -7,26 +7,26 @@
 package main
 
 import (
-	"os"
 	"fmt"
 	"net"
+	"os"
 	//	"log"
+	"errors"
 	"flag"
+	"log/syslog"
+	"strings"
 	"sync"
 	"time"
-	"errors"
-	"strings"
-	"log/syslog"
 
-	"github.com/tabalt/pidfile"
 	"github.com/go-ldap/ldap/v3"
 	"github.com/peterbourgon/ff"
 	"github.com/sirupsen/logrus"
 	lSyslog "github.com/sirupsen/logrus/hooks/syslog"
+	"github.com/tabalt/pidfile"
 )
 
 const (
-	version = "1.0.0-rc"
+	version = "1.0.2"
 )
 
 var (
@@ -95,7 +95,6 @@ func unsetNetCachePresentFlag() {
 	}
 }
 
-
 func buildNetCacheFromIPNetwork(conLdap *ldap.Conn) error {
 	attribute := "ipNetworkNumber"
 
@@ -117,10 +116,6 @@ func buildNetCacheFromIPNetwork(conLdap *ldap.Conn) error {
 			logstream.Info(fmt.Sprintf("Error searching into LDAP: Attribute %s not found for entry %s\n", attribute, r))
 			continue
 		} else {
-			// Explode the network to individual IPs
-			// 1: Verify format : Either CIDR, or netmask is in ipNetworkMask (do we want to support this?)
-			// 2: n := iplib.NewNet4(net.ParseIP("192.168.0.0"), 16)
-			//    n.Enumerate(
 			_, ipnet, err := net.ParseCIDR(r.Attributes[0].Values[0])
 			if err != nil {
 				logstream.Info(err.Error())
@@ -143,7 +138,6 @@ func buildNetCacheFromIPNetwork(conLdap *ldap.Conn) error {
 	return nil
 }
 
-
 func isIPContainedInNetCache(string_ip string) (bool, error) {
 	ip := net.ParseIP(string_ip)
 	if ip == nil {
@@ -183,8 +177,6 @@ func handleConnection(connClt net.Conn, conLdap *ldap.Conn) {
 			if err.Error() != "EOF" && !strings.HasSuffix(err.Error(), "i/o timeout") {
 				logstream.Errorf("Error reading connection: %v\n", err.Error())
 			}
-			//sendResponse(connClt, err.Error(), 500)
-			//continue
 			return
 		}
 
@@ -235,7 +227,12 @@ func handleConnection(connClt net.Conn, conLdap *ldap.Conn) {
 		// First query netCache built with ipNetworkNumber
 		res, err := isIPContainedInNetCache(ip)
 		if err != nil {
+			if strings.EqualFold(err.Error(), fmt.Sprintf("Invalid IP: %s", ip)) {
+				// We don't want those msg to pollute logs
+				logstream.Info(err.Error())
+			} else {
 				logstream.Error(err.Error())
+			}
 			sendResponse(connClt, err.Error(), 500)
 			continue
 		}
@@ -284,10 +281,14 @@ func searchLdap(searchReq *ldap.SearchRequest, attempt int) (*ldap.SearchResult,
 	result, err := conLdap.Search(searchReq)
 	mutex.Unlock()
 	// Let's just manage connection errors here
-	if err != nil && strings.HasSuffix(err.Error(), "ldap: connection closed") {
+	if (err != nil && (strings.HasSuffix(err.Error(), "ldap: connection closed")|| strings.HasSuffix(err.Error(), "ldap: conn is nil, expected net.Conn"))) {
 		logstream.Error("LDAP connection closed, retrying")
 		mutex.Lock()
+		// 16/01/2023: panic: runtime error: invalid memory address or nil pointer dereference
+		// probably bc connection is already closed
+		if conLdap != nil {
 			conLdap.Close()
+		}
 		conLdap, err = connectLdap()
 		mutex.Unlock()
 		if err != nil {
@@ -305,12 +306,12 @@ func connectLdap() (*ldap.Conn, error) {
 	conLdap, err = ldap.DialURL(*ldapURL)
 	if err != nil {
 		logstream.Errorf("Error dialing LDAP on %s: %v\n", *ldapURL, err)
-		return conLdap, err
+		return nil, err
 	}
 	err = conLdap.Bind(*ldapUser, *ldapPass)
 	if err != nil {
-		logstream.Errorf("Error binding LDAP: ", err)
-		return conLdap, err
+		logstream.Errorf("Error binding LDAP: %s", err)
+		return nil, err
 	}
 	return conLdap, err
 }
@@ -357,7 +358,7 @@ func main() {
 	ldapBaseDN = fs.String("ldapDN", "", "LDAP base DN (also via LDAPDN env var)")
 	ldapUser = fs.String("ldapUser", "", "LDAP user DN (also via LDAPUSER env var)")
 	ldapPass = fs.String("ldapPass", "", "LDAP user password (also via LDAPPASS env var)")
-	pidFilePath = fs.String("pidfile", "/var/run/mynettcptable/mynettcptable.pid", "PID File (also via PIDFILE env var)")
+	pidFilePath = fs.String("pidfile", "", "PID File (also via PIDFILE env var). Creates pidfile only if defined")
 	refreshInterval = fs.Int("refresh", 300, "Net cache update interval in seconds")
 	timeout = fs.Int("timeout", 5, "timeout in seconds")
 	_ = fs.String("config", "", "config file (optional)")
@@ -374,7 +375,7 @@ func main() {
 		return
 	}
 
-	fmt.Printf("MyNetTCPTable v.%s\n", version)
+	fmt.Printf("%s: MyNetTCPTable v.%s starting\n", time.Now().Format(time.RFC3339), version)
 
 	logstream = logrus.New()
 	level, err := logrus.ParseLevel(*logLevel)
@@ -391,7 +392,7 @@ func main() {
 	if strings.EqualFold(*logTo, "syslog") {
 		// level != priority
 		prio := syslog.LOG_MAIL
-		switch (*logLevel) {
+		switch *logLevel {
 		case "fatal":
 			prio += syslog.LOG_CRIT
 		case "error":
@@ -411,15 +412,14 @@ func main() {
 		logstream.Hooks.Add(hook)
 	}
 
+	if len(*pidFilePath) > 0 {
 		if pid, err := pidfile.Create(*pidFilePath); err != nil {
 			logstream.Fatal(err)
 		} else {
 			defer pid.Clear()
 		}
-
-	//defer logstream.Close()
+	}
 
 	logstream.Infof("Start listening for incoming connections on %s\n", *listen)
 	run()
 }
-