Changeset View
Changeset View
Standalone View
Standalone View
bin/kolab_smtp_access_policy.py
Show All 11 Lines | |||||
# This program is distributed in the hope that it will be useful, | # This program is distributed in the hope that it will be useful, | ||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of | # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||||
# GNU General Public License for more details. | # GNU General Public License for more details. | ||||
# You should have received a copy of the GNU General Public License | # You should have received a copy of the GNU General Public License | ||||
# along with this program. If not, see <http://www.gnu.org/licenses/>. | # along with this program. If not, see <http://www.gnu.org/licenses/>. | ||||
# | # | ||||
from six import string_types | |||||
import datetime | import datetime | ||||
import os | import os | ||||
import sqlalchemy | import sqlalchemy | ||||
import sys | import sys | ||||
import time | import time | ||||
from optparse import OptionParser | from optparse import OptionParser | ||||
▲ Show 20 Lines • Show All 233 Lines • ▼ Show 20 Lines | def parse_ldap_dn(self, dn): | ||||
rule_subject = self.auth.get_user_attributes( | rule_subject = self.auth.get_user_attributes( | ||||
self.sasl_domain, | self.sasl_domain, | ||||
{'dn': dn}, | {'dn': dn}, | ||||
search_attrs + ['objectclass'] | search_attrs + ['objectclass'] | ||||
) | ) | ||||
for search_attr in search_attrs: | for search_attr in search_attrs: | ||||
if search_attr in rule_subject: | if search_attr in rule_subject: | ||||
if isinstance(rule_subject[search_attr], basestring): | if isinstance(rule_subject[search_attr], string_types): | ||||
values.append(rule_subject[search_attr]) | values.append(rule_subject[search_attr]) | ||||
else: | else: | ||||
values.extend(rule_subject[search_attr]) | values.extend(rule_subject[search_attr]) | ||||
return values | return values | ||||
else: | else: | ||||
# ldap.dn.explode_dn didn't error out, but it also didn't split | # ldap.dn.explode_dn didn't error out, but it also didn't split | ||||
▲ Show 20 Lines • Show All 45 Lines • ▼ Show 20 Lines | def parse_policy(self, _subject, _object, policy): | ||||
""" | """ | ||||
special_rule_values = { | special_rule_values = { | ||||
'$mydomains': expand_mydomains | '$mydomains': expand_mydomains | ||||
} | } | ||||
rules = {'allow': [], 'deny': []} | rules = {'allow': [], 'deny': []} | ||||
if isinstance(policy, basestring): | if isinstance(policy, string_types): | ||||
policy = [policy] | policy = [policy] | ||||
for rule in policy: | for rule in policy: | ||||
# Find rules that are actually special values, simply by | # Find rules that are actually special values, simply by | ||||
# mapping the rule onto a key in "special_rule_values", a | # mapping the rule onto a key in "special_rule_values", a | ||||
# dictionary with the corresponding value set to a function to | # dictionary with the corresponding value set to a function to | ||||
# execute. | # execute. | ||||
if rule in special_rule_values: | if rule in special_rule_values: | ||||
▲ Show 20 Lines • Show All 168 Lines • ▼ Show 20 Lines | def verify_authenticity(self): | ||||
sasl_users = self.auth.find_recipient(sasl_username, domain=self.sasl_domain) | sasl_users = self.auth.find_recipient(sasl_username, domain=self.sasl_domain) | ||||
if isinstance(sasl_users, list): | if isinstance(sasl_users, list): | ||||
if len(sasl_users) == 0: | if len(sasl_users) == 0: | ||||
log.error(_("Could not find recipient")) | log.error(_("Could not find recipient")) | ||||
return False | return False | ||||
else: | else: | ||||
self.sasl_user = {'dn': sasl_users[0]} | self.sasl_user = {'dn': sasl_users[0]} | ||||
elif isinstance(sasl_users, basestring): | elif isinstance(sasl_users, string_types): | ||||
self.sasl_user = {'dn': sasl_users} | self.sasl_user = {'dn': sasl_users} | ||||
if not self.sasl_user['dn']: | if not self.sasl_user['dn']: | ||||
# Got a final answer here, do the caching thing. | # Got a final answer here, do the caching thing. | ||||
cache_update( | cache_update( | ||||
function='verify_sender', | function='verify_sender', | ||||
sender=self.sender, | sender=self.sender, | ||||
recipients=self.recipients, | recipients=self.recipients, | ||||
▲ Show 20 Lines • Show All 86 Lines • ▼ Show 20 Lines | def verify_delegate(self): | ||||
# More then one sender user with this recipient address. | # More then one sender user with this recipient address. | ||||
# TODO: check each of the sender users found. | # TODO: check each of the sender users found. | ||||
self.sender_user = {'dn': sender_users[0]} | self.sender_user = {'dn': sender_users[0]} | ||||
elif len(sender_users) == 1: | elif len(sender_users) == 1: | ||||
self.sender_user = {'dn': sender_users} | self.sender_user = {'dn': sender_users} | ||||
else: | else: | ||||
self.sender_user = {'dn': False} | self.sender_user = {'dn': False} | ||||
elif isinstance(sender_users, basestring): | elif isinstance(sender_users, string_types): | ||||
self.sender_user = {'dn': sender_users} | self.sender_user = {'dn': sender_users} | ||||
if not self.sender_user['dn']: | if not self.sender_user['dn']: | ||||
cache_update( | cache_update( | ||||
function='verify_sender', | function='verify_sender', | ||||
sender=self.sender, | sender=self.sender, | ||||
recipients=self.recipients, | recipients=self.recipients, | ||||
result=(int)(False), | result=(int)(False), | ||||
▲ Show 20 Lines • Show All 78 Lines • ▼ Show 20 Lines | def verify_delegate(self): | ||||
) | ) | ||||
if isinstance(sasl_users, list): | if isinstance(sasl_users, list): | ||||
if len(sasl_users) == 0: | if len(sasl_users) == 0: | ||||
log.error(_("Could not find recipient")) | log.error(_("Could not find recipient")) | ||||
return False | return False | ||||
else: | else: | ||||
self.sasl_user = {'dn': sasl_users[0]} | self.sasl_user = {'dn': sasl_users[0]} | ||||
elif isinstance(sasl_users, basestring): | elif isinstance(sasl_users, string_types): | ||||
self.sasl_user = {'dn': sasl_users} | self.sasl_user = {'dn': sasl_users} | ||||
# Possible values for the kolabDelegate attribute are: | # Possible values for the kolabDelegate attribute are: | ||||
# a 'uid', a 'dn'. | # a 'uid', a 'dn'. | ||||
if 'uid' not in self.sasl_user: | if 'uid' not in self.sasl_user: | ||||
self.sasl_user['uid'] = self.auth.get_user_attribute( | self.sasl_user['uid'] = self.auth.get_user_attribute( | ||||
self.sasl_domain, | self.sasl_domain, | ||||
self.sasl_user, | self.sasl_user, | ||||
▲ Show 20 Lines • Show All 164 Lines • ▼ Show 20 Lines | def verify_recipient(self, recipient): | ||||
recipient=normalize_address(recipient), | recipient=normalize_address(recipient), | ||||
result=(int)(True), | result=(int)(True), | ||||
sasl_username=self.sasl_username, | sasl_username=self.sasl_username, | ||||
sasl_sender=self.sasl_sender | sasl_sender=self.sasl_sender | ||||
) | ) | ||||
return True | return True | ||||
elif isinstance(recipients, basestring): | elif isinstance(recipients, string_types): | ||||
_recipient = {'dn': recipients} | _recipient = {'dn': recipients} | ||||
# We have gotten an invalid recipient. We need to catch this case, | # We have gotten an invalid recipient. We need to catch this case, | ||||
# because testing can input invalid recipients, and so can faulty | # because testing can input invalid recipients, and so can faulty | ||||
# applications, or misconfigured servers. | # applications, or misconfigured servers. | ||||
if not _recipient['dn']: | if not _recipient['dn']: | ||||
if not conf.allow_unauthenticated: | if not conf.allow_unauthenticated: | ||||
cache_update( | cache_update( | ||||
▲ Show 20 Lines • Show All 827 Lines • Show Last 20 Lines |