Changeset View
Changeset View
Standalone View
Standalone View
bin/kolab_smtp_access_policy.py
| Show All 11 Lines | |||||
| # This program is distributed in the hope that it will be useful, | # This program is distributed in the hope that it will be useful, | ||||
| # but WITHOUT ANY WARRANTY; without even the implied warranty of | # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||||
| # GNU General Public License for more details. | # GNU General Public License for more details. | ||||
| # You should have received a copy of the GNU General Public License | # You should have received a copy of the GNU General Public License | ||||
| # along with this program. If not, see <http://www.gnu.org/licenses/>. | # along with this program. If not, see <http://www.gnu.org/licenses/>. | ||||
| # | # | ||||
| from six import string_types | |||||
| import datetime | import datetime | ||||
| import os | import os | ||||
| import sqlalchemy | import sqlalchemy | ||||
| import sys | import sys | ||||
| import time | import time | ||||
| from optparse import OptionParser | from optparse import OptionParser | ||||
| ▲ Show 20 Lines • Show All 233 Lines • ▼ Show 20 Lines | def parse_ldap_dn(self, dn): | ||||
| rule_subject = self.auth.get_user_attributes( | rule_subject = self.auth.get_user_attributes( | ||||
| self.sasl_domain, | self.sasl_domain, | ||||
| {'dn': dn}, | {'dn': dn}, | ||||
| search_attrs + ['objectclass'] | search_attrs + ['objectclass'] | ||||
| ) | ) | ||||
| for search_attr in search_attrs: | for search_attr in search_attrs: | ||||
| if search_attr in rule_subject: | if search_attr in rule_subject: | ||||
| if isinstance(rule_subject[search_attr], basestring): | if isinstance(rule_subject[search_attr], string_types): | ||||
| values.append(rule_subject[search_attr]) | values.append(rule_subject[search_attr]) | ||||
| else: | else: | ||||
| values.extend(rule_subject[search_attr]) | values.extend(rule_subject[search_attr]) | ||||
| return values | return values | ||||
| else: | else: | ||||
| # ldap.dn.explode_dn didn't error out, but it also didn't split | # ldap.dn.explode_dn didn't error out, but it also didn't split | ||||
| ▲ Show 20 Lines • Show All 45 Lines • ▼ Show 20 Lines | def parse_policy(self, _subject, _object, policy): | ||||
| """ | """ | ||||
| special_rule_values = { | special_rule_values = { | ||||
| '$mydomains': expand_mydomains | '$mydomains': expand_mydomains | ||||
| } | } | ||||
| rules = {'allow': [], 'deny': []} | rules = {'allow': [], 'deny': []} | ||||
| if isinstance(policy, basestring): | if isinstance(policy, string_types): | ||||
| policy = [policy] | policy = [policy] | ||||
| for rule in policy: | for rule in policy: | ||||
| # Find rules that are actually special values, simply by | # Find rules that are actually special values, simply by | ||||
| # mapping the rule onto a key in "special_rule_values", a | # mapping the rule onto a key in "special_rule_values", a | ||||
| # dictionary with the corresponding value set to a function to | # dictionary with the corresponding value set to a function to | ||||
| # execute. | # execute. | ||||
| if rule in special_rule_values: | if rule in special_rule_values: | ||||
| ▲ Show 20 Lines • Show All 168 Lines • ▼ Show 20 Lines | def verify_authenticity(self): | ||||
| sasl_users = self.auth.find_recipient(sasl_username, domain=self.sasl_domain) | sasl_users = self.auth.find_recipient(sasl_username, domain=self.sasl_domain) | ||||
| if isinstance(sasl_users, list): | if isinstance(sasl_users, list): | ||||
| if len(sasl_users) == 0: | if len(sasl_users) == 0: | ||||
| log.error(_("Could not find recipient")) | log.error(_("Could not find recipient")) | ||||
| return False | return False | ||||
| else: | else: | ||||
| self.sasl_user = {'dn': sasl_users[0]} | self.sasl_user = {'dn': sasl_users[0]} | ||||
| elif isinstance(sasl_users, basestring): | elif isinstance(sasl_users, string_types): | ||||
| self.sasl_user = {'dn': sasl_users} | self.sasl_user = {'dn': sasl_users} | ||||
| if not self.sasl_user['dn']: | if not self.sasl_user['dn']: | ||||
| # Got a final answer here, do the caching thing. | # Got a final answer here, do the caching thing. | ||||
| cache_update( | cache_update( | ||||
| function='verify_sender', | function='verify_sender', | ||||
| sender=self.sender, | sender=self.sender, | ||||
| recipients=self.recipients, | recipients=self.recipients, | ||||
| ▲ Show 20 Lines • Show All 86 Lines • ▼ Show 20 Lines | def verify_delegate(self): | ||||
| # More then one sender user with this recipient address. | # More then one sender user with this recipient address. | ||||
| # TODO: check each of the sender users found. | # TODO: check each of the sender users found. | ||||
| self.sender_user = {'dn': sender_users[0]} | self.sender_user = {'dn': sender_users[0]} | ||||
| elif len(sender_users) == 1: | elif len(sender_users) == 1: | ||||
| self.sender_user = {'dn': sender_users} | self.sender_user = {'dn': sender_users} | ||||
| else: | else: | ||||
| self.sender_user = {'dn': False} | self.sender_user = {'dn': False} | ||||
| elif isinstance(sender_users, basestring): | elif isinstance(sender_users, string_types): | ||||
| self.sender_user = {'dn': sender_users} | self.sender_user = {'dn': sender_users} | ||||
| if not self.sender_user['dn']: | if not self.sender_user['dn']: | ||||
| cache_update( | cache_update( | ||||
| function='verify_sender', | function='verify_sender', | ||||
| sender=self.sender, | sender=self.sender, | ||||
| recipients=self.recipients, | recipients=self.recipients, | ||||
| result=(int)(False), | result=(int)(False), | ||||
| ▲ Show 20 Lines • Show All 78 Lines • ▼ Show 20 Lines | def verify_delegate(self): | ||||
| ) | ) | ||||
| if isinstance(sasl_users, list): | if isinstance(sasl_users, list): | ||||
| if len(sasl_users) == 0: | if len(sasl_users) == 0: | ||||
| log.error(_("Could not find recipient")) | log.error(_("Could not find recipient")) | ||||
| return False | return False | ||||
| else: | else: | ||||
| self.sasl_user = {'dn': sasl_users[0]} | self.sasl_user = {'dn': sasl_users[0]} | ||||
| elif isinstance(sasl_users, basestring): | elif isinstance(sasl_users, string_types): | ||||
| self.sasl_user = {'dn': sasl_users} | self.sasl_user = {'dn': sasl_users} | ||||
| # Possible values for the kolabDelegate attribute are: | # Possible values for the kolabDelegate attribute are: | ||||
| # a 'uid', a 'dn'. | # a 'uid', a 'dn'. | ||||
| if 'uid' not in self.sasl_user: | if 'uid' not in self.sasl_user: | ||||
| self.sasl_user['uid'] = self.auth.get_user_attribute( | self.sasl_user['uid'] = self.auth.get_user_attribute( | ||||
| self.sasl_domain, | self.sasl_domain, | ||||
| self.sasl_user, | self.sasl_user, | ||||
| ▲ Show 20 Lines • Show All 164 Lines • ▼ Show 20 Lines | def verify_recipient(self, recipient): | ||||
| recipient=normalize_address(recipient), | recipient=normalize_address(recipient), | ||||
| result=(int)(True), | result=(int)(True), | ||||
| sasl_username=self.sasl_username, | sasl_username=self.sasl_username, | ||||
| sasl_sender=self.sasl_sender | sasl_sender=self.sasl_sender | ||||
| ) | ) | ||||
| return True | return True | ||||
| elif isinstance(recipients, basestring): | elif isinstance(recipients, string_types): | ||||
| _recipient = {'dn': recipients} | _recipient = {'dn': recipients} | ||||
| # We have gotten an invalid recipient. We need to catch this case, | # We have gotten an invalid recipient. We need to catch this case, | ||||
| # because testing can input invalid recipients, and so can faulty | # because testing can input invalid recipients, and so can faulty | ||||
| # applications, or misconfigured servers. | # applications, or misconfigured servers. | ||||
| if not _recipient['dn']: | if not _recipient['dn']: | ||||
| if not conf.allow_unauthenticated: | if not conf.allow_unauthenticated: | ||||
| cache_update( | cache_update( | ||||
| ▲ Show 20 Lines • Show All 827 Lines • Show Last 20 Lines | |||||