diff --git a/bin/kolab_smtp_access_policy.py b/bin/kolab_smtp_access_policy.py index 3e11775..4299c98 100755 --- a/bin/kolab_smtp_access_policy.py +++ b/bin/kolab_smtp_access_policy.py @@ -1,1730 +1,1731 @@ #!/usr/bin/python # # Copyright 2010-2013 Kolab Systems AG (http://www.kolabsys.com) # # Jeroen van Meeuwen (Kolab Systems) # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program. If not, see . # +from six import string_types import datetime import os import sqlalchemy import sys import time from optparse import OptionParser try: from ConfigParser import SafeConfigParser except ImportError: from configparser import SafeConfigParser from sqlalchemy import Boolean from sqlalchemy import Column from sqlalchemy import Date from sqlalchemy import DateTime from sqlalchemy import Integer from sqlalchemy import MetaData from sqlalchemy import String from sqlalchemy import Table from sqlalchemy import Sequence from sqlalchemy import PickleType from sqlalchemy import create_engine from sqlalchemy.orm import mapper try: from sqlalchemy.orm import sessionmaker except: from sqlalchemy.orm import create_session from sqlalchemy.schema import Index from sqlalchemy.schema import UniqueConstraint import pykolab from pykolab import utils from pykolab.auth import Auth from pykolab.constants import * from pykolab.translate import _ cache = None sys.path = ['..', '.'] + sys.path # TODO: Figure out how to make our logger do some syslogging as well. log = pykolab.getLogger('pykolab.smtp_access_policy') # TODO: Removing the stdout handler would mean one can no longer test by # means of manual execution in debug mode. log.remove_stdout_handler() conf = pykolab.getConf() auth = None mydomains = None # # Caching routines using SQLAlchemy. # # If creating the cache fails, we continue without any caching, significantly # increasing the load on LDAP. # cache_expire = 86400 try: metadata = MetaData() except: cache = False session = None policy_result_table = Table( 'policy_result', metadata, Column('id', Integer, Sequence('seq_id_result'), primary_key=True), Column('key', String(16), nullable=False), Column('value', Boolean, nullable=False), Column('sender', String(254), nullable=True), Column('recipient', String(254), nullable=False), Column('sasl_username', String(64)), Column('sasl_sender', String(64)), Column('created', Integer, nullable=False), Column('data', PickleType, nullable=True), mysql_charset='utf8', ) Index( 'fsrss', policy_result_table.c.key, policy_result_table.c.sender, policy_result_table.c.recipient, policy_result_table.c.sasl_username, policy_result_table.c.sasl_sender, unique=True ) class PolicyResult(object): def __init__( self, key=None, value=None, sender=None, recipient=None, sasl_username=None, sasl_sender=None, data=None ): self.key = key self.value = value self.sender = sender self.sasl_username = sasl_username self.sasl_sender = sasl_sender self.recipient = recipient self.created = (int)(time.time()) self.data = data mapper(PolicyResult, policy_result_table) statistic_table = Table( 'statistic', metadata, Column('id', Integer, Sequence('seq_id_statistic'), primary_key=True), Column('sender', String(254), nullable=False), Column('recipient', String(254), nullable=False), Column('date', Date, nullable=False), Column('count', Integer, nullable=False), mysql_charset='utf8', ) Index( 'srd', statistic_table.c.sender, statistic_table.c.recipient, statistic_table.c.date, unique=True ) class Statistic(object): def __init__(self, sender, recipient, date=datetime.date.today(), count=0): self.sender = sender self.recipient = recipient self.date = date self.count = count mapper(Statistic, statistic_table) class PolicyRequest(object): email_address_keys = ['sender', 'recipient'] recipients = [] auth = None sasl_domain = None sasl_user = None sender_domain = None sender_user = None sasl_user_uses_alias = False sasl_user_is_delegate = False def __init__(self, policy_request={}): """ Creates a new policy request object. Pass it a policy_request dictionary as described in the Postfix documentation on: http://www.postfix.org/SMTPD_POLICY_README.html """ for key in policy_request: # Normalize email addresses (they may contain recipient delimiters) if key in self.email_address_keys: policy_request[key] = normalize_address(policy_request[key]) if not key == 'recipient': if policy_request[key] == '': setattr(self, key, None) else: setattr(self, key, policy_request[key]) else: if not policy_request['recipient'].strip() == '': self.recipients = list( set(self.recipients + [policy_request['recipient']]) ) def add_request(self, policy_request={}): """ Add subsequent policy requests to the existing policy request. All data in the request should be the same as the initial policy request, but for the recipient - with destination limits set over 1, Postfix may attempt to deliver messages to more then one recipient during a single delivery attempt, and during submission, the policy will receive one policy request per recipient. """ # Check instance. Not sure what to do if the instance is not the same. if hasattr(self, 'instance'): if not policy_request['instance'] == self.instance: # TODO: We need to empty our pockets pass log.debug( _("Adding policy request to instance %s") % (self.instance), level=8 ) # Normalize email addresses (they may contain recipient delimiters) if 'recipient' in policy_request: policy_request['recipient'] = normalize_address(policy_request['recipient']) if not policy_request['recipient'].strip() == '': self.recipients = list( set(self.recipients + [policy_request['recipient']]) ) def parse_ldap_dn(self, dn): """ See if parameter 'dn' is a basestring LDAP dn, and if so, return the results we can obtain from said DN. Return a list of relevant attribute values. If not a DN, return None. """ values = [] try: import ldap.dn ldap_dn = ldap.dn.explode_dn(dn) except ldap.DECODING_ERROR: # This is not a DN. return None if len(ldap_dn) > 0: search_attrs = conf.get_list('kolab_smtp_access_policy', 'address_search_attrs') rule_subject = self.auth.get_user_attributes( self.sasl_domain, {'dn': dn}, search_attrs + ['objectclass'] ) for search_attr in search_attrs: if search_attr in rule_subject: - if isinstance(rule_subject[search_attr], basestring): + if isinstance(rule_subject[search_attr], string_types): values.append(rule_subject[search_attr]) else: values.extend(rule_subject[search_attr]) return values else: # ldap.dn.explode_dn didn't error out, but it also didn't split # the DN properly. return None def parse_ldap_uri(self, uri): values = [] parsed_uri = utils.parse_ldap_uri(uri) if parsed_uri is None: return None (_protocol, _server, _port, _base_dn, _attrs, _scope, _filter) = parsed_uri if len(_attrs) == 0: search_attrs = conf.get_list('kolab_smtp_access_policy', 'address_search_attrs') else: search_attrs = [_attrs] self.auth._auth._bind() _users = self.auth._auth._search( _base_dn, scope=LDAP_SCOPE[_scope], filterstr=_filter, attrlist=search_attrs + ['objectclass'], override_search="_regular_search" ) for _user in _users: for search_attr in search_attrs: values.extend(_user[1][search_attr]) return values def parse_policy(self, _subject, _object, policy): """ Parse policy to apply on _subject, for object _object. The policy is a list of rules. The _subject is a sender for kolabAllowSMTPRecipient checks, and a recipient for kolabAllowSMTPSender checks. The _object is a recipient for kolabAllowSMTPRecipient checks, and a sender for kolabAllowSMTPSender checks. """ special_rule_values = { '$mydomains': expand_mydomains } rules = {'allow': [], 'deny': []} - if isinstance(policy, basestring): + if isinstance(policy, string_types): policy = [policy] for rule in policy: # Find rules that are actually special values, simply by # mapping the rule onto a key in "special_rule_values", a # dictionary with the corresponding value set to a function to # execute. if rule in special_rule_values: special_rules = special_rule_values[rule]() if rule.startswith("-"): rules['deny'].extend(special_rules) else: rules['allow'].extend(special_rules) continue # Lower-case the rule rule = rule.lower() # Also note the '-' cannot be passed on to the functions that # follow, so store the rule separately from the prefix that is # prepended to deny rules. if rule.startswith("-"): _prefix = '-' _rule = rule[1:] else: _prefix = '' _rule = rule # See if the value is an LDAP DN ldap_dn = self.parse_ldap_dn(_rule) if ldap_dn is not None and len(ldap_dn) > 0: if _prefix == '-': rules['deny'].extend(ldap_dn) else: rules['allow'].extend(ldap_dn) else: ldap_uri = self.parse_ldap_uri(_rule) if ldap_uri is not None and len(ldap_uri) > 0: if _prefix == '-': rules['deny'].extend(ldap_uri) else: rules['allow'].extend(ldap_uri) else: if rule.startswith("-"): rules['deny'].append(rule[1:]) else: rules['allow'].append(rule) allowed = False for rule in rules['allow']: deny_override = False if _object is not None and _object.endswith(rule): for deny_rule in rules['deny']: if deny_rule.endswith(rule): deny_override = True if not deny_override: allowed = True denied = False for rule in rules['deny']: allow_override = False if _object is not None and _object.endswith(rule): if not allowed: denied = True continue else: for allow_rule in rules['allow']: if allow_rule.endswith(rule): allow_override = True if not allow_override: denied = True if not denied: allowed = True return allowed def verify_alias(self): """ Verify whether the user authenticated for this policy request is using an alias of its primary authentication ID / attribute. John.Doe@example.org (mail) for example could be sending with envelope sender jdoe@example.org (mailAlternateAddress, alias). """ search_attrs = conf.get_list(self.sasl_domain, 'address_search_attrs') if search_attrs is None or \ (isinstance(search_attrs, list) and len(search_attrs) == 0): search_attrs = conf.get_list(self.sasl_domain, 'mail_attributes') if search_attrs is None or \ (isinstance(search_attrs, list) and len(search_attrs) == 0): search_attrs = conf.get_list('kolab_smtp_access_policy', 'address_search_attrs') if search_attrs is None or \ (isinstance(search_attrs, list) and len(search_attrs) == 0): search_attrs = conf.get_list( conf.get('kolab', 'auth_mechanism'), 'mail_attributes' ) want_attrs = [] for search_attr in search_attrs: if search_attr not in self.sasl_user: want_attrs.append(search_attr) if len(want_attrs) > 0: self.sasl_user.update( self.auth.get_user_attributes( self.sasl_domain, self.sasl_user, want_attrs ) ) # Catch a user using one of its own alias addresses. for search_attr in search_attrs: if search_attr in self.sasl_user: if isinstance(self.sasl_user[search_attr], list): if self.sender.lower() in [x.lower() for x in self.sasl_user[search_attr]]: return True elif self.sasl_user[search_attr].lower() == self.sender.lower(): return True return False def verify_authenticity(self): """ Verify that the SASL username or lack thereof corresponds with allowing or disallowing authenticated users. If an SASL username is supplied, use it to obtain the authentication database user object including all attributes we may find ourselves interested in. """ if self.sasl_username is None: if not conf.allow_unauthenticated: reject(_("Unauthorized access not allowed")) else: # If unauthenticated is allowed, I have nothing to do here. return True sasl_username = self.sasl_username # If we have an sasl_username, find the user object in the # authentication database, along with the attributes we are # interested in. if self.sasl_domain is None: if len(self.sasl_username.split('@')) > 1: self.sasl_domain = self.sasl_username.split('@')[1] else: self.sasl_domain = conf.get('kolab', 'primary_domain') sasl_username = "%s@%s" % ( self.sasl_username, self.sasl_domain ) if self.auth is None: self.auth = Auth(self.sasl_domain) elif not self.auth.domain == self.sasl_domain: self.auth = Auth(self.sasl_domain) sasl_users = self.auth.find_recipient(sasl_username, domain=self.sasl_domain) if isinstance(sasl_users, list): if len(sasl_users) == 0: log.error(_("Could not find recipient")) return False else: self.sasl_user = {'dn': sasl_users[0]} - elif isinstance(sasl_users, basestring): + elif isinstance(sasl_users, string_types): self.sasl_user = {'dn': sasl_users} if not self.sasl_user['dn']: # Got a final answer here, do the caching thing. cache_update( function='verify_sender', sender=self.sender, recipients=self.recipients, result=(int)(False), sasl_username=self.sasl_username, sasl_sender=self.sasl_sender ) reject( _("Could not find envelope sender user %s (511)") % ( self.sasl_username ) ) attrs = conf.get_list(self.sasl_domain, 'auth_attributes') if attrs is None or (isinstance(attrs, list) and len(attrs) == 0): attrs = conf.get_list( conf.get('kolab', 'auth_mechanism'), 'auth_attributes' ) mail_attrs = conf.get_list(self.sasl_domain, 'mail_attributes') if mail_attrs is None or \ (isinstance(mail_attrs, list) and len(mail_attrs) == 0): mail_attrs = conf.get_list( conf.get('kolab', 'auth_mechanism'), 'mail_attributes' ) if mail_attrs is not None: attrs.extend(mail_attrs) attrs.extend( [ 'kolabAllowSMTPRecipient', 'kolabAllowSMTPSender' ] ) attrs = list(set(attrs)) user_attrs = self.auth.get_user_attributes( self.sasl_domain, self.sasl_user, attrs ) user_attrs['dn'] = self.sasl_user['dn'] self.sasl_user = utils.normalize(user_attrs) log.debug( _("Obtained authenticated user details for %r: %r") % ( self.sasl_user['dn'], self.sasl_user.keys() ), level=8 ) def verify_delegate(self): """ Verify whether the authenticated user is a delegate of the envelope sender. """ sender_is_delegate = False if self.sender_domain is None: if len(self.sender.split('@')) > 1: self.sender_domain = self.sender.split('@')[1] else: self.sender_domain = conf.get('kolab', 'primary_domain') if self.sender == self.sasl_username: return True search_attrs = conf.get_list(self.sender_domain, 'mail_attributes') if search_attrs is None: search_attrs = conf.get_list( conf.get('kolab', 'auth_mechanism'), 'mail_attributes' ) sender_users = self.auth.find_recipient( self.sender, domain=self.sender_domain ) if isinstance(sender_users, list): if len(sender_users) > 1: # More then one sender user with this recipient address. # TODO: check each of the sender users found. self.sender_user = {'dn': sender_users[0]} elif len(sender_users) == 1: self.sender_user = {'dn': sender_users} else: self.sender_user = {'dn': False} - elif isinstance(sender_users, basestring): + elif isinstance(sender_users, string_types): self.sender_user = {'dn': sender_users} if not self.sender_user['dn']: cache_update( function='verify_sender', sender=self.sender, recipients=self.recipients, result=(int)(False), sasl_username=self.sasl_username, sasl_sender=self.sasl_sender ) reject(_("Could not find envelope sender user %s") % (self.sender)) attrs = search_attrs attrs.extend( [ 'kolabAllowSMTPRecipient', 'kolabAllowSMTPSender', 'kolabDelegate' ] ) user_attrs = self.auth.get_user_attributes( self.sender_domain, self.sender_user, attrs ) user_attrs['dn'] = self.sender_user['dn'] self.sender_user = utils.normalize(user_attrs) if 'kolabdelegate' not in self.sender_user: # Got a final answer here, do the caching thing. if cache is not False: cache_update( function='verify_sender', sender=self.sender, recipients=self.recipients, result=(int)(False), sasl_username=self.sasl_username, sasl_sender=self.sasl_sender ) reject( _("%s is unauthorized to send on behalf of %s") % ( self.sasl_user['dn'], self.sender_user['dn'] ) ) elif self.sender_user['kolabdelegate'] is None: # No delegates for this sender could be found. The user is # definitely NOT a delegate of the sender. log.warning( _("User %s attempted to use envelope sender address %s without authorization") % ( policy_request["sasl_username"], policy_request["sender"] ) ) # Got a final answer here, do the caching thing. if cache is not False: cache_update( function='verify_sender', sender=self.sender, recipients=self.recipients, result=(int)(False), sasl_username=self.sasl_username, sasl_sender=self.sasl_sender ) reject( _("%s is unauthorized to send on behalf of %s") % ( self.sasl_user['dn'], self.sender_user['dn'] ) ) else: # See if we can match the value of the envelope sender delegates to # the actual sender sasl_username if self.sasl_user is None: sasl_users = self.auth.find_recipient( self.sasl_username, domain=self.sasl_domain ) if isinstance(sasl_users, list): if len(sasl_users) == 0: log.error(_("Could not find recipient")) return False else: self.sasl_user = {'dn': sasl_users[0]} - elif isinstance(sasl_users, basestring): + elif isinstance(sasl_users, string_types): self.sasl_user = {'dn': sasl_users} # Possible values for the kolabDelegate attribute are: # a 'uid', a 'dn'. if 'uid' not in self.sasl_user: self.sasl_user['uid'] = self.auth.get_user_attribute( self.sasl_domain, self.sasl_user, 'uid' ) sender_delegates = self.sender_user['kolabdelegate'] if not type(sender_delegates) == list: sender_delegates = [sender_delegates] for sender_delegate in sender_delegates: if self.sasl_user['dn'] == sender_delegate: log.debug( _("Found user %s to be a delegate user of %s") % ( policy_request["sasl_username"], policy_request["sender"] ), level=8 ) sender_is_delegate = True elif self.sasl_user['uid'] == sender_delegate: log.debug( _("Found user %s to be a delegate user of %s") % ( policy_request["sasl_username"], policy_request["sender"] ), level=8 ) sender_is_delegate = True return sender_is_delegate def verify_recipient(self, recipient): """ Verify whether the sender is allowed send to this recipient, using the recipient's kolabAllowSMTPSender. """ self.recipient = recipient if not self.sasl_username == '' and self.sasl_username is not None: log.debug( _("Verifying authenticated sender '%(sender)s' with sasl_username '%(sasl_username)s' for recipient '%(recipient)s'") % ( self.__dict__ ), level=8 ) else: log.debug( _( "Verifying unauthenticated sender '%(sender)s' for recipient '%(recipient)s'" ) % ( self.__dict__ ), level=8 ) recipient_verified = False if cache is not False: records = cache_select( function='verify_recipient', sender=self.sender, recipient=recipient, sasl_username=self.sasl_username, sasl_sender=self.sasl_sender, ) if records is not None and len(records) == 1: log.info( _("Reproducing verify_recipient(%s, %s) from cache") % ( self.sender, recipient ) ) return records[0].value # TODO: Under some conditions, the recipient may not be fully qualified. # We'll cross that bridge when we get there, though. if len(recipient.split('@')) > 1: sasl_domain = recipient.split('@')[1] else: sasl_domain = conf.get('kolab', 'primary_domain') recipient = "%s@%s" % (recipient, sasl_domain) if not verify_domain(sasl_domain): if cache is not False: cache_update( function='verify_recipient', sender=self.sender, recipient=recipient, result=(int)(True), sasl_username=self.sasl_username, sasl_sender=self.sasl_sender ) return True if self.auth is None: self.auth = Auth(sasl_domain) elif not self.auth.domain == sasl_domain: self.auth = Auth(sasl_domain) if verify_domain(sasl_domain): if self.auth.domains is not None and sasl_domain in self.auth.domains: log.debug( _("Using authentication domain %s instead of %s") % ( self.auth.domains[sasl_domain], sasl_domain ), level=8 ) sasl_domain = self.auth.domains[sasl_domain] else: log.debug( _("Domain %s is a primary domain") % (sasl_domain), level=8 ) else: log.warning( _("Checking the recipient for domain %s that is not ours.") % (sasl_domain) ) return True recipients = self.auth.find_recipient( normalize_address(recipient), domain=sasl_domain, ) if isinstance(recipients, list): if len(recipients) > 1: log.info( _("This recipient address is related to multiple object entries and the SMTP Access Policy can therefore not restrict message flow") ) cache_update( function='verify_recipient', sender=self.sender, recipient=normalize_address(recipient), result=(int)(True), sasl_username=self.sasl_username, sasl_sender=self.sasl_sender ) return True elif len(recipients) == 1: _recipient = {'dn': recipients[0]} else: log.debug( _("Recipient address %r not found. Allowing since the MTA was configured to accept the recipient.") % ( normalize_address(recipient) ), level=3 ) cache_update( function='verify_recipient', sender=self.sender, recipient=normalize_address(recipient), result=(int)(True), sasl_username=self.sasl_username, sasl_sender=self.sasl_sender ) return True - elif isinstance(recipients, basestring): + elif isinstance(recipients, string_types): _recipient = {'dn': recipients} # We have gotten an invalid recipient. We need to catch this case, # because testing can input invalid recipients, and so can faulty # applications, or misconfigured servers. if not _recipient['dn']: if not conf.allow_unauthenticated: cache_update( function='verify_recipient', sender=self.sender, recipient=normalize_address(recipient), result=(int)(False), sasl_username=self.sasl_username, sasl_sender=self.sasl_sender ) reject(_("Invalid recipient")) else: cache_update( function='verify_recipient', sender=self.sender, recipient=normalize_address(recipient), result=(int)(True), sasl_username=self.sasl_username, sasl_sender=self.sasl_sender ) log.debug(_("Could not find this user, accepting"), level=8) return True if _recipient['dn'] is not False: recipient_policy = self.auth.get_entry_attribute( sasl_domain, _recipient['dn'], 'kolabAllowSMTPSender' ) # If no such attribute has been specified, allow if recipient_policy is None: cache_update( function='verify_recipient', sender=self.sender, recipient=normalize_address(recipient), result=(int)(True), sasl_username=self.sasl_username, sasl_sender=self.sasl_sender ) recipient_verified = True # Otherwise, parse the policy obtained with the subject of the policy # being the recipient, and the object to apply the policy to being the # sender. else: recipient_verified = self.parse_policy( recipient, self.sender, recipient_policy ) cache_update( function='verify_recipient', sender=self.sender, recipient=normalize_address(recipient), result=(int)(recipient_verified), sasl_username=self.sasl_username, sasl_sender=self.sasl_sender ) return recipient_verified def verify_recipients(self): """ Verify whether the sender is allowed send to the recipients in this policy request, using each recipient's kolabAllowSMTPSender. Note there may be multiple recipients in this policy request, and therefor self.recipients is a list - walk through that list. """ recipients_verified = True if cache is not False: records = cache_select( function='verify_recipient', sender=self.sender, recipients=self.recipients, sasl_username=self.sasl_username, sasl_sender=self.sasl_sender, ) if records is not None and len(records) == len(self.recipients): log.debug("Euh, what am I doing here?") for record in records: recipient_found = False for recipient in self.recipients: if recipient == record.recipient: recipient_found = True if not recipient_found: reject( _("Sender %s is not allowed to send to recipient %s") % ( self.sender, recipient ) ) for recipient in self.recipients: recipient_verified = self.verify_recipient(recipient) if not recipient_verified: recipients_verified = False return recipients_verified def verify_sender(self): """ Verify the sender's access policy. 1) Verify whether the sasl_username is allowed to send using the envelope sender address, with the kolabDelegate attribute associated with the LDAP object that has the envelope sender address. 2) Verify whether the sender is allowed to send to recipient(s) listed on the sender's object. A third potential action could be to check the recipient object to see if the sender is allowed to send to the recipient by the recipient's kolabAllowSMTPSender, but this is done in verify_recipients(). """ sender_verified = False if self.sender is None: # Trusted host? if not hasattr(self, 'client_address') or \ self.client_address == "" or \ self.client_address is None: # Nothing to compare to. return False try: import netaddr networks = conf.get_list( 'kolab_smtp_access_policy', 'empty_sender_hosts' ) for network in networks: if netaddr.IPNetwork(self.client_address) in netaddr.IPNetwork(network): return True except ImportError as errmsg: return False if cache is not False: records = cache_select( sender=self.sender, recipients=self.recipients, sasl_username=self.sasl_username, sasl_sender=self.sasl_sender, function='verify_sender' ) if records is not None and len(records) == len(self.recipients): log.info( _("Reproducing verify_sender(%r) from cache") % (self.__dict__) ) for record in records: recipient_found = False for recipient in self.recipients: if recipient == record.recipient: recipient_found = True if recipient_found: if not record.value: reject( _("Sender %s is not allowed to send to recipient %s") % ( self.sender, recipient ) ) if record.data is not None: self.__dict__.update(record.data) return True if self.verify_authenticity() is False: reject(_("Unverifiable sender.")) if self.sasl_user is not None: self.sasl_user_uses_alias = self.verify_alias() if not self.sasl_user_uses_alias: log.debug(_("Sender is not using an alias"), level=8) self.sasl_user_is_delegate = self.verify_delegate() # If the authenticated user is using delegate functionality, apply the # recipient policy attribute for the envelope sender. if self.sasl_user_is_delegate is False: if self.sasl_user_uses_alias is False: if not conf.allow_unauthenticated: reject(_("Sender uses unauthorized envelope sender address")) if self.sasl_user_is_delegate: # Apply the recipient policy for the sender using the envelope # sender user object. recipient_policy_domain = self.sender_domain recipient_policy_sender = self.sender recipient_policy_user = self.sender_user elif self.sasl_user is not None: # Apply the recipient policy from the authenticated user. recipient_policy_domain = self.sasl_domain recipient_policy_sender = self.sasl_username recipient_policy_user = self.sasl_user else: if not conf.allow_unauthenticated: reject(_("Could not verify sender")) else: recipient_policy_domain = self.sender_domain recipient_policy_sender = self.sender recipient_policy_user = self.sender_user log.debug( _("Verifying whether sender is allowed to send to recipient using sender policy"), level=8 ) if 'kolaballowsmtprecipient' in recipient_policy_user: recipient_policy = recipient_policy_user['kolaballowsmtprecipient'] else: recipient_policy = self.auth.get_user_attribute( recipient_policy_domain, recipient_policy_user, 'kolabAllowSMTPRecipient' ) log.debug(_("Result is %r") % (recipient_policy), level=8) # If no such attribute has been specified, allow if recipient_policy is None: log.debug( _("No recipient policy restrictions exist for this sender"), level=8 ) sender_verified = True # Otherwise,parse the policy obtained. else: log.debug( _("Found a recipient policy to apply for this sender."), level=8 ) recipient_allowed = None for recipient in self.recipients: recipient_allowed = self.parse_policy( recipient_policy_sender, recipient, recipient_policy ) if not recipient_allowed: reject( _("Sender %s not allowed to send to recipient %s") % ( recipient_policy_user['dn'], recipient ) ) sender_verified = True if cache is not False: data = { 'sasl_user_uses_alias': self.sasl_user_uses_alias, 'sasl_user_is_delegate': self.sasl_user_is_delegate, 'sender_domain': self.sender_domain, } cache_update( function='verify_sender', sender=self.sender, recipients=self.recipients, result=(int)(sender_verified), sasl_username=self.sasl_username, sasl_sender=self.sasl_sender, data=data ) return sender_verified def cache_cleanup(): if cache is not True: return log.debug(_("Cleaning up the cache"), level=8) session.query(PolicyResult).filter( PolicyResult.created < ((int)(time.time()) - cache_expire) ).delete() session.commit() def cache_init(): global cache, cache_expire, session if conf.has_section('kolab_smtp_access_policy'): if conf.has_option('kolab_smtp_access_policy', 'cache_uri'): cache_uri = conf.get('kolab_smtp_access_policy', 'cache_uri') cache = True if conf.has_option('kolab_smtp_access_policy', 'retention'): cache_expire = (int)( conf.get( 'kolab_smtp_access_policy', 'retention' ) ) else: return False else: return False if conf.debuglevel > 8: engine = create_engine(cache_uri, echo=True) else: engine = create_engine(cache_uri, echo=False) if conf.drop_tables: log.info(_("Dropping caching tables from database")) policy_result_table.drop(engine, checkfirst=True) statistic_table.drop(engine, checkfirst=True) return False try: metadata.create_all(engine) except sqlalchemy.exc.OperationalError as e: log.error(_("Operational Error in caching: %s" % (e))) return False Session = sessionmaker(bind=engine) session = Session() cache_cleanup() return cache def cache_select( function, sender, recipient='', recipients=[], sasl_username='', sasl_sender=''): if cache is not True: return None if not recipient == '' and recipients == []: recipients = [recipient] return session.query( PolicyResult ).filter_by( key=function, sender=sender, sasl_username=sasl_username, sasl_sender=sasl_sender ).filter( PolicyResult.recipient.in_(recipients) ).filter( PolicyResult.created >= ((int)(time.time()) - cache_expire) ).all() def cache_insert( function, sender, recipient='', recipients=[], result=None, sasl_username='', sasl_sender='', data=None): if cache is not True: return [] log.debug( _("Caching the policy result with timestamp %d") % ( (int)(time.time()) ), level=8 ) if not recipient == '' and recipients == []: recipients = [recipient] for recipient in recipients: session.add( PolicyResult( key=function, value=result, sender=sender, recipient=recipient, sasl_username=sasl_username, sasl_sender=sasl_sender, data=data ) ) session.commit() def cache_update( function, sender, recipient='', recipients=[], result=None, sasl_username='', sasl_sender='', data=None): """ Insert an updated set of rows into the cache depending on the necessity """ if cache is not True: return records = [] _records = cache_select( function, sender, recipient, recipients, sasl_username, sasl_sender ) for record in _records: if record.value == (int)(result): records.append(record) if not recipient == '' and recipients == []: recipients = [recipient] for recipient in recipients: recipient_found = False for record in records: if record.recipient == recipient: recipient_found = True if not recipient_found: cache_insert( function=function, sender=sender, recipient=recipient, result=result, sasl_username=sasl_username, sasl_sender=sasl_sender, data=data ) def defer_if_permit(message, policy_request=None): log.info(_("Returning action DEFER_IF_PERMIT: %s") % (message)) print("action=DEFER_IF_PERMIT %s\n\n" % (message)) sys.exit(0) def dunno(message, policy_request=None): log.info(_("Returning action DUNNO: %s") % (message)) print("action=DUNNO %s\n\n" % (message)) sys.exit(0) def hold(message, policy_request=None): log.info(_("Returning action HOLD: %s") % (message)) print("action=HOLD %s\n\n" % (message)) sys.exit(0) def permit(message, policy_request=None): log.info(_("Returning action PERMIT: %s") % (message)) # If we have no policy request, we have been called for a reason, # and everything relevant has been figured out already. if policy_request is None: print("action=PERMIT\n\n") sys.exit(0) # If the user is not authenticated, there's no reason to do # extra checks here -- to have been performed already. if not hasattr(policy_request, 'sasl_username'): print("action=PERMIT\n\n") sys.exit(0) # Same here. if policy_request.sasl_username is None: print("action=PERMIT\n\n") sys.exit(0) delegate_sender_header = None alias_sender_header = None # If the sender is a delegate of the envelope sender address, take into # account the preferred domain policy for appending the Sender and/or # X-Sender headers. # # Note that a delegatee by very definition is not using an alias. # if policy_request.sasl_user_is_delegate: # Domain-specific setting? if policy_request.sender_domain is not None: delegate_sender_header = conf.get(policy_request.sender_domain, 'delegate_sender_header') # Global setting? if delegate_sender_header is None: delegate_sender_header = conf.get('kolab_smtp_access_policy', 'delegate_sender_header') # Default if delegate_sender_header is None: delegate_sender_header = True # If the sender is using an alias as the envelope sender address, take # into account the preferred domain policy for appending the Sender # and/or X-Sender headers. elif policy_request.sasl_user_uses_alias: # Domain-specific setting? if policy_request.sender_domain is not None: alias_sender_header = conf.get(policy_request.sender_domain, 'alias_sender_header') # Global setting? if alias_sender_header is None: alias_sender_header = conf.get('kolab_smtp_access_policy', 'alias_sender_header') # Default if alias_sender_header is None: alias_sender_header = True # Make the values booleans delegate_sender_header = utils.true_or_false(delegate_sender_header) alias_sender_header = utils.true_or_false(alias_sender_header) # Do we use a (simple) encryption key to obscure the headers' contents? # Note that using an encryption key voids the actual use of proper Sender # and X-Sender headers such as they could be interpreted by a client # application. enc_key = None if policy_request.sender_domain is not None: enc_key = conf.get(policy_request.sender_domain, 'sender_header_enc_key') if enc_key is None: enc_key = conf.get('kolab_smtp_access_policy', 'sender_header_enc_key') sender_header = None xsender_header = None if delegate_sender_header or alias_sender_header: # Domain specific? sender_header = conf.get(policy_request.sender_domain, 'sender_header') # Global setting? if sender_header is None: sender_header = conf.get('kolab_smtp_access_policy', 'sender_header') # Default if sender_header is None: sender_header = True # Domain specific? xsender_header = conf.get(policy_request.sender_domain, 'xsender_header') # Global setting? if xsender_header is None: xsender_header = conf.get('kolab_smtp_access_policy', 'xsender_header') # Default if xsender_header is None: xsender_header = True # Note that if the user is not a delegatee, and not using an alias, the sender # address is the envelope sender address, and the defaults for sender_header # and xsender_header being None, ultimately evaluating to False seems # appropriate. # Make the values booleans sender_header = utils.true_or_false(sender_header) xsender_header = utils.true_or_false(xsender_header) if sender_header or xsender_header: # Do the encoding, if any if enc_key is not None: header = 'X-Authenticated-As' xheader = None sender = utils.encode(enc_key, policy_request.sasl_username) else: header = 'Sender' xheader = 'X-Sender' sender = policy_request.sasl_username if sender_header: print("action=PREPEND %s: %s" % (header, sender)) if xsender_header and xheader is not None: print("action=PREPEND %s: %s" % (xheader, sender)) print("action=PERMIT\n\n") sys.exit(0) def reject(message, policy_request=None): log.info(_("Returning action REJECT: %s") % (message)) print("action=REJECT %s\n\n" % (message)) sys.exit(0) def expand_mydomains(): """ Return a list of my domains. """ global auth, mydomains if mydomains is not None: return mydomains auth.connect() mydomains = auth.list_domains() return mydomains.keys() def normalize_address(email_address): """ Parse an address; Strip off anything after a recipient delimiter. """ # TODO: Recipient delimiter is configurable. if len(email_address.split("+")) > 1: # Take the first part split by recipient delimiter and the last part # split by '@'. return "%s@%s" % ( email_address.split("+")[0].lower(), # TODO: Under some conditions, the recipient may not be fully # qualified. We'll cross that bridge when we get there, though. email_address.split('@')[1].lower() ) else: return email_address.lower() def read_request_input(): """ Read a single policy request from sys.stdin, and return a dictionary containing the request. """ start_time = time.time() log.debug(_("Starting to loop for new request")) policy_request = {} end_of_request = False while not end_of_request: if (time.time() - start_time) >= conf.timeout: log.warning(_("Timeout for policy request reading exceeded")) sys.exit(0) request_line = sys.stdin.readline() if request_line.strip() == '': if 'request' in policy_request: log.debug(_("End of current request"), level=8) end_of_request = True else: request_line = request_line.strip() log.debug(_("Getting line: %s") % (request_line), level=8) policy_request[request_line.split('=')[0]] = \ '='.join(request_line.split('=')[1:]).lower() log.debug(_("Returning request")) return policy_request def verify_domain(domain): """ Verify whether the domain is internal (mine) or external. """ global auth, mydomains if mydomains is not None: return domain in mydomains auth.connect() domain_verified = False mydomains = auth.list_domains() if mydomains is not None and domain in mydomains: domain_verified = True else: domain_verified = False return domain_verified if __name__ == "__main__": access_policy_group = conf.add_cli_parser_option_group( _("Access Policy Options") ) access_policy_group.add_option( "--drop-tables", dest="drop_tables", action="store_true", default=False, help=_("Drop the caching tables from the database and exit.") ) access_policy_group.add_option( "--timeout", dest="timeout", action="store", default=10, help=_("SMTP Policy request timeout.") ) access_policy_group.add_option( "--verify-recipient", dest="verify_recipient", action="store_true", default=False, help=_("Verify the recipient access policy.") ) access_policy_group.add_option( "--verify-sender", dest="verify_sender", action="store_true", default=False, help=_("Verify the sender access policy.") ) access_policy_group.add_option( "--allow-unauthenticated", dest="allow_unauthenticated", action="store_true", default=False, help=_("Allow unauthenticated senders.") ) conf.finalize_conf() auth = Auth() cache = cache_init() policy_requests = {} if conf.drop_tables: sys.exit(0) # Start the work while True: policy_request = read_request_input() instance = policy_request['instance'] log.debug(_("Got request instance %s") % (instance)) if instance in policy_requests: policy_requests[instance].add_request(policy_request) else: policy_requests[instance] = PolicyRequest(policy_request) protocol_state = policy_request['protocol_state'].strip().lower() log.debug( _("Request instance %s is in state %s") % ( instance, protocol_state ) ) if not protocol_state == 'data': print("action=DUNNO\n\n") sys.stdout.flush() # We can recognize being in the DATA part by the recipient_count being # set to a non-zero value and the protocol_state being set to 'data'. # Note that the input we're getting is a string, not an integer. else: sender_allowed = False recipient_allowed = False try: if conf.verify_sender: sender_allowed = policy_requests[instance].verify_sender() else: sender_allowed = True if conf.verify_recipient: recipient_allowed = policy_requests[instance].verify_recipients() else: recipient_allowed = True except Exception as errmsg: import traceback log.error(_("Unhandled exception caught: %r") % (errmsg)) log.error(traceback.format_exc()) if not sender_allowed: reject(_("Sender access denied")) elif not recipient_allowed: reject(_("Recipient access denied")) else: permit(_("No objections"), policy_requests[instance]) diff --git a/pykolab/cli/cmd_add_alias.py b/pykolab/cli/cmd_add_alias.py index 16fa590..81ca005 100644 --- a/pykolab/cli/cmd_add_alias.py +++ b/pykolab/cli/cmd_add_alias.py @@ -1,131 +1,132 @@ # -*- coding: utf-8 -*- # Copyright 2010-2013 Kolab Systems AG (http://www.kolabsys.com) # # Jeroen van Meeuwen (Kolab Systems) # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program. If not, see . # from __future__ import print_function +from six import string_types import sys import commands import pykolab from pykolab.auth import Auth from pykolab.translate import _ log = pykolab.getLogger('pykolab.cli') conf = pykolab.getConf() def __init__(): commands.register('add_alias', execute, description="Add alias.") def execute(*args, **kw): try: primary_rcpt_address = conf.cli_args.pop(0) try: secondary_rcpt_address = conf.cli_args.pop(0) except: print(_("Specify the (new) alias address"), file=sys.stderr) sys.exit(1) except: print(_("Specify the existing recipient address"), file=sys.stderr) sys.exit(1) if len(primary_rcpt_address.split('@')) > 1: primary_rcpt_domain = primary_rcpt_address.split('@')[-1] else: primary_rcpt_domain = conf.get('kolab', 'primary_domain') auth = Auth(domain=primary_rcpt_domain) domains = auth.list_domains() #print domains if len(secondary_rcpt_address.split('@')) > 1: secondary_rcpt_domain = secondary_rcpt_address.split('@')[-1] else: secondary_rcpt_domain = conf.get('kolab', 'primary_domain') # Check if either is in fact a domain if not primary_rcpt_domain.lower() in domains: print(_("Domain %r is not a local domain") % (primary_rcpt_domain), file=sys.stderr) sys.exit(1) if not secondary_rcpt_domain.lower() in domains: print(_("Domain %r is not a local domain") % (secondary_rcpt_domain), file=sys.stderr) sys.exit(1) if not primary_rcpt_domain == secondary_rcpt_domain: if not domains[primary_rcpt_domain] == domains[secondary_rcpt_domain]: print(_("Primary and secondary domain do not have the same parent domain"), file=sys.stderr) sys.exit(1) primary_recipient_dn = auth.find_recipient(primary_rcpt_address) if primary_recipient_dn == [] or len(primary_recipient_dn) == 0: print(_("No such recipient %r") % (primary_rcpt_address), file=sys.stderr) sys.exit(1) secondary_recipient_dn = auth.find_recipient(secondary_rcpt_address) if not secondary_recipient_dn == [] and not len(secondary_recipient_dn) == 0: print(_("Recipient for alias %r already exists") % (secondary_rcpt_address), file=sys.stderr) sys.exit(1) rcpt_attrs = conf.get_list('ldap', 'mail_attributes') primary_rcpt_attr = rcpt_attrs[0] if len(rcpt_attrs) >= 2: secondary_rcpt_attr = rcpt_attrs[1] else: print(_("Environment is not configured for " + \ "users to hold secondary mail attributes"), file=sys.stderr) sys.exit(1) primary_recipient = auth.get_entry_attributes(primary_rcpt_domain, primary_recipient_dn, rcpt_attrs) if primary_rcpt_attr not in primary_recipient: print(_("Recipient %r is not the primary recipient for address %r") % (primary_recipient, primary_rcpt_address), file=sys.stderr) sys.exit(1) if secondary_rcpt_attr not in primary_recipient: auth.set_entry_attributes(primary_rcpt_domain, primary_recipient_dn, {secondary_rcpt_attr: [ secondary_rcpt_address ] }) else: - if isinstance(primary_recipient[secondary_rcpt_attr], basestring): + if isinstance(primary_recipient[secondary_rcpt_attr], string_types): new_secondary_rcpt_attrs = [ primary_recipient[secondary_rcpt_attr], secondary_rcpt_address ] else: new_secondary_rcpt_attrs = \ primary_recipient[secondary_rcpt_attr] + \ [ secondary_rcpt_address ] auth.set_entry_attributes( primary_rcpt_domain, primary_recipient_dn, { secondary_rcpt_attr: new_secondary_rcpt_attrs } ) diff --git a/pykolab/cli/cmd_remove_mailaddress.py b/pykolab/cli/cmd_remove_mailaddress.py index 10d9a19..120c2d9 100644 --- a/pykolab/cli/cmd_remove_mailaddress.py +++ b/pykolab/cli/cmd_remove_mailaddress.py @@ -1,95 +1,96 @@ # -*- coding: utf-8 -*- # Copyright 2010-2013 Kolab Systems AG (http://www.kolabsys.com) # # Jeroen van Meeuwen (Kolab Systems) # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program. If not, see . # from __future__ import print_function +from six import string_types import sys import commands import pykolab from pykolab.auth import Auth from pykolab import utils from pykolab.translate import _ log = pykolab.getLogger('pykolab.cli') conf = pykolab.getConf() def __init__(): commands.register('remove_mail', execute, description=description()) def description(): return """Remove a recipient's mail address.""" def execute(*args, **kw): try: email_address = conf.cli_args.pop(0) except IndexError: email_address = utils.ask_question("Email address to remove") # Get the domain from the email address if len(email_address.split('@')) > 1: domain = email_address.split('@')[1] else: log.error(_("Invalid or unqualified email address.")) sys.exit(1) auth = Auth() auth.connect(domain=domain) recipients = auth.find_recipient(email_address) if len(recipients) == 0: log.error(_("No recipient found for email address %r") % (email_address)) sys.exit(1) log.debug(_("Found the following recipient(s): %r") % (recipients), level=8) mail_attributes = conf.get_list(domain, 'mail_attributes') if mail_attributes == None or len(mail_attributes) < 1: mail_attributes = conf.get_list(conf.get('kolab', 'auth_mechanism'), 'mail_attributes') log.debug(_("Using the following mail attributes: %r") % (mail_attributes), level=8) - if isinstance(recipients, basestring): + if isinstance(recipients, string_types): recipient = recipients # Only a single recipient found, remove the address attributes = auth.get_entry_attributes(domain, recipient, mail_attributes) # See which attribute holds the value we're trying to remove for attribute in attributes: if isinstance(attributes[attribute], list): if email_address in attributes[attribute]: attributes[attribute].pop(attributes[attribute].index(email_address)) replace_attributes = { attribute: attributes[attribute] } auth.set_entry_attributes(domain, recipient, replace_attributes) else: if email_address == attributes[attribute]: auth.set_entry_attributes(domain, recipient, {attribute: None}) pass else: print(_("Found the following recipients:"), file=sys.stderr) for recipient in recipients: print(recipient) diff --git a/pykolab/cli/commands.py b/pykolab/cli/commands.py index a1e9b0c..29e327d 100644 --- a/pykolab/cli/commands.py +++ b/pykolab/cli/commands.py @@ -1,201 +1,202 @@ # -*- coding: utf-8 -*- # Copyright 2010-2013 Kolab Systems AG (http://www.kolabsys.com) # # Jeroen van Meeuwen (Kolab Systems) # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program. If not, see . # +from six import string_types import os import sys import pykolab from pykolab.translate import _ log = pykolab.getLogger('pykolab.cli') conf = pykolab.getConf() commands = {} command_groups = {} def __init__(): # We only want the base path commands_base_path = os.path.dirname(__file__) for commands_path, dirnames, filenames in os.walk(commands_base_path): if not commands_path == commands_base_path: continue for filename in filenames: if filename.startswith('cmd_') and filename.endswith('.py'): module_name = filename.replace('.py','') cmd_name = module_name.replace('cmd_', '') #print "exec(\"from %s import __init__ as %s_register\"" % (module_name,cmd_name) try: exec("from %s import __init__ as %s_register" % (module_name,cmd_name)) except ImportError: pass exec("%s_register()" % (cmd_name)) for dirname in dirnames: register_group(commands_path, dirname) register('help', list_commands) register('delete_user', not_yet_implemented, description="Not yet implemented") register('list_groups', not_yet_implemented, description="Not yet implemented") register('add_group', not_yet_implemented, description="Not yet implemented") register('delete_group', not_yet_implemented, description="Not yet implemented") def list_commands(*args, **kw): """ List commands """ __commands = {} for command in commands: if isinstance(command, tuple): command_group, command = command __commands[command_group] = { command: commands[(command_group,command)] } else: __commands[command] = commands[command] _commands = __commands.keys() _commands.sort() for _command in _commands: if 'group' in __commands[_command]: continue if 'function' in __commands[_command]: # This is a top-level command if not __commands[_command]['description'] == None: print("%-25s - %s" % (_command.replace('_','-'),__commands[_command]['description'])) else: print("%-25s" % (_command.replace('_','-'))) for _command in _commands: if 'function' not in __commands[_command]: # This is a nested command print("\n" + _("Command Group: %s") % (_command) + "\n") ___commands = __commands[_command].keys() ___commands.sort() for __command in ___commands: if not __commands[_command][__command]['description'] == None: print("%-4s%-21s - %s" % ('',__command.replace('_','-'),__commands[_command][__command]['description'])) else: print("%-4s%-21s" % ('',__command.replace('_','-'))) def execute(cmd_name, *args, **kw): if cmd_name == "": execute("help") sys.exit(0) if cmd_name not in commands: log.error(_("No such command.")) sys.exit(1) if 'function' not in commands[cmd_name] and \ 'group' not in commands[cmd_name]: log.error(_("No such command.")) sys.exit(1) if 'group' in commands[cmd_name]: group = commands[cmd_name]['group'] command_name = commands[cmd_name]['cmd_name'] try: exec("from %s.cmd_%s import cli_options as %s_%s_cli_options" % (group,command_name,group,command_name)) exec("%s_%s_cli_options()" % (group,command_name)) except ImportError: pass else: command_name = commands[cmd_name]['cmd_name'] try: exec("from cmd_%s import cli_options as %s_cli_options" % (command_name,command_name)) exec("%s_cli_options()" % (command_name)) except ImportError: pass conf.finalize_conf() commands[cmd_name]['function'](conf.cli_args, kw) def register_group(dirname, module): commands_base_path = os.path.join(os.path.dirname(__file__), module) commands[module] = {} for commands_path, dirnames, filenames in os.walk(commands_base_path): if not commands_path == commands_base_path: continue for filename in filenames: if filename.startswith('cmd_') and filename.endswith('.py'): module_name = filename.replace('.py','') cmd_name = module_name.replace('cmd_', '') #print "exec(\"from %s.%s import __init__ as %s_%s_register\"" % (module,module_name,module,cmd_name) exec("from %s.%s import __init__ as %s_%s_register" % (module,module_name,module,cmd_name)) exec("%s_%s_register()" % (module,cmd_name)) def register(cmd_name, func, group=None, description=None, aliases=[]): if not group == None: command = "%s_%s" % (group,cmd_name) else: command = cmd_name - if isinstance(aliases, basestring): + if isinstance(aliases, string_types): aliases = [aliases] if command in commands: log.fatal(_("Command '%s' already registered") % (command)) sys.exit(1) if callable(func): if group == None: commands[cmd_name] = { 'cmd_name': cmd_name, 'function': func, 'description': description } else: commands[group][cmd_name] = { 'cmd_name': cmd_name, 'function': func, 'description': description } commands[command] = commands[group][cmd_name] commands[command]['group'] = group commands[command]['cmd_name'] = cmd_name for alias in aliases: commands[alias] = { 'cmd_name': cmd_name, 'function': func, 'description': _("Alias for %s") % (cmd_name.replace('_','-')) } ## ## Commands not yet implemented ## def not_yet_implemented(*args, **kw): print(_("Not yet implemented")) sys.exit(1) diff --git a/pykolab/cli/sieve/cmd_refresh.py b/pykolab/cli/sieve/cmd_refresh.py index ec0ac65..abb93ae 100644 --- a/pykolab/cli/sieve/cmd_refresh.py +++ b/pykolab/cli/sieve/cmd_refresh.py @@ -1,423 +1,424 @@ # -*- coding: utf-8 -*- # Copyright 2010-2013 Kolab Systems AG (http://www.kolabsys.com) # # Jeroen van Meeuwen (Kolab Systems) # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program. If not, see . # +from six import string_types import pykolab from pykolab import utils from pykolab.auth import Auth from pykolab.cli import commands from pykolab.translate import _ log = pykolab.getLogger('pykolab.cli') conf = pykolab.getConf() import sys import time try: from urlparse import urlparse except ImportError: from urllib.parse import urlparse def __init__(): commands.register('refresh', execute, group='sieve', description=description()) def description(): return """Refresh a user's managed and contributed sieve scripts.""" def execute(*args, **kw): try: address = conf.cli_args.pop(0) except: address = utils.ask_question(_("Email Address")) auth = Auth() auth.connect() user = auth.find_recipient(address) # Get the main, default backend backend = conf.get('kolab', 'imap_backend') if len(address.split('@')) > 1: domain = address.split('@')[1] else: domain = conf.get('kolab', 'primary_domain') if conf.has_section(domain) and conf.has_option(domain, 'imap_backend'): backend = conf.get(domain, 'imap_backend') if conf.has_section(domain) and conf.has_option(domain, 'imap_uri'): uri = conf.get(domain, 'imap_uri') else: uri = conf.get(backend, 'uri') hostname = None port = None result = urlparse(uri) if hasattr(result, 'hostname'): hostname = result.hostname else: scheme = uri.split(':')[0] (hostname, port) = uri.split('/')[2].split(':') port = 4190 # Get the credentials admin_login = conf.get(backend, 'admin_login') admin_password = conf.get(backend, 'admin_password') import sievelib.managesieve sieveclient = sievelib.managesieve.Client(hostname, port, conf.debuglevel > 8) sieveclient.connect(None, None, True) sieveclient._plain_authentication(admin_login, admin_password, address) sieveclient.authenticated = True result = sieveclient.listscripts() if result == None: active = None scripts = [] else: active, scripts = result log.debug(_("Found the following scripts for user %s: %s") % (address, ','.join(scripts)), level=8) log.debug(_("And the following script is active for user %s: %s") % (address, active), level=8) mgmt_required_extensions = [] mgmt_script = """# # MANAGEMENT # """ user = auth.get_entry_attributes(domain, user, ['*']) # # Vacation settings (a.k.a. Out of Office) # vacation_active = None vacation_text = None vacation_uce = None vacation_noreact_domains = None vacation_react_domains = None vacation_active_attr = conf.get('sieve', 'vacation_active_attr') vacation_text_attr = conf.get('sieve', 'vacation_text_attr') vacation_uce_attr = conf.get('sieve', 'vacation_uce_attr') vacation_noreact_domains_attr = conf.get('sieve', 'vacation_noreact_domains_attr') vacation_react_domains_attr = conf.get('sieve', 'vacation_react_domains_attr') if not vacation_text_attr == None: if vacation_active_attr in user: vacation_active = utils.true_or_false(user[vacation_active_attr]) else: vacation_active = False if vacation_text_attr in user: vacation_text = user[vacation_text_attr] else: vacation_active = False if vacation_uce_attr in user: vacation_uce = utils.true_or_false(user[vacation_uce_attr]) else: vacation_uce = False if vacation_react_domains_attr in user: if isinstance(user[vacation_react_domains_attr], list): vacation_react_domains = user[vacation_react_domains_attr] else: vacation_react_domains = [ user[vacation_react_domains_attr] ] else: if vacation_noreact_domains_attr in user: if isinstance(user[vacation_noreact_domains_attr], list): vacation_noreact_domains = user[vacation_noreact_domains_attr] else: vacation_noreact_domains = [ user[vacation_noreact_domains_attr] ] else: vacation_noreact_domains = [] # # Delivery to Folder # dtf_active_attr = conf.get('sieve', 'deliver_to_folder_active') if not dtf_active_attr == None: if dtf_active_attr in user: dtf_active = utils.true_or_false(user[dtf_active_attr]) else: dtf_active = False else: # TODO: Not necessarily de-activated, the *Active attributes are # not supposed to charge this - check the deliver_to_folder_attr # attribute value for a value. dtf_active = False if dtf_active: dtf_folder_name_attr = conf.get('sieve', 'deliver_to_folder_attr') if not dtf_folder_name_attr == None: if dtf_folder_name_attr in user: dtf_folder = user[dtf_folder_name_attr] else: log.warning(_("Delivery to folder active, but no folder name attribute available for user %r") % (user)) dtf_active = False else: log.error(_("Delivery to folder active, but no folder name attribute configured")) dtf_active = False # # Folder name to delivery spam to. # # Global or local. # sdf_filter = True sdf = conf.get('sieve', 'spam_global_folder') if sdf == None: sdf = conf.get('sieve', 'spam_personal_folder') if sdf == None: sdf_filter = False # # Mail forwarding # forward_active = None forward_addresses = [] forward_keepcopy = None forward_uce = None forward_active_attr = conf.get('sieve', 'forward_address_active') if not forward_active_attr == None: if forward_active_attr in user: forward_active = utils.true_or_false(user[forward_active_attr]) else: forward_active = False if not forward_active == False: forward_address_attr = conf.get('sieve', 'forward_address_attr') if forward_address_attr in user: - if isinstance(user[forward_address_attr], basestring): + if isinstance(user[forward_address_attr], string_types): forward_addresses = [ user[forward_address_attr] ] elif isinstance(user[forward_address_attr], str): forward_addresses = [ user[forward_address_attr] ] else: forward_addresses = user[forward_address_attr] if len(forward_addresses) == 0: forward_active = False forward_keepcopy_attr = conf.get('sieve', 'forward_keepcopy_active') if not forward_keepcopy_attr == None: if forward_keepcopy_attr in user: forward_keepcopy = utils.true_or_false(user[forward_keepcopy_attr]) else: forward_keepcopy = False forward_uce_attr = conf.get('sieve', 'forward_uce_active') if not forward_uce_attr == None: if forward_uce_attr in user: forward_uce = utils.true_or_false(user[forward_uce_attr]) else: forward_uce = False if vacation_active: mgmt_required_extensions.append('vacation') mgmt_required_extensions.append('envelope') if dtf_active: mgmt_required_extensions.append('fileinto') if forward_active and (len(forward_addresses) > 1 or forward_keepcopy): mgmt_required_extensions.append('copy') if sdf_filter: mgmt_required_extensions.append('fileinto') import sievelib.factory mgmt_script = sievelib.factory.FiltersSet("MANAGEMENT") for required_extension in mgmt_required_extensions: mgmt_script.require(required_extension) mgmt_script.require('fileinto') if vacation_active: if not vacation_react_domains == None and len(vacation_react_domains) > 0: mgmt_script.addfilter( 'vacation', [('envelope', ':domain', ":is", "from", vacation_react_domains)], [ ( "vacation", ":days", 1, ":subject", "Out of Office", # ":handle", see http://tools.ietf.org/html/rfc5230#page-4 # ":mime", to indicate the reason is in fact MIME vacation_text ) ] ) elif not vacation_noreact_domains == None and len(vacation_noreact_domains) > 0: mgmt_script.addfilter( 'vacation', [('not', ('envelope', ':domain', ":is", "from", vacation_noreact_domains))], [ ( "vacation", ":days", 1, ":subject", "Out of Office", # ":handle", see http://tools.ietf.org/html/rfc5230#page-4 # ":mime", to indicate the reason is in fact MIME vacation_text ) ] ) else: mgmt_script.addfilter( 'vacation', [('true',)], [ ( "vacation", ":days", 1, ":subject", "Out of Office", # ":handle", see http://tools.ietf.org/html/rfc5230#page-4 # ":mime", to indicate the reason is in fact MIME vacation_text ) ] ) if forward_active: forward_rules = [] # Principle can be demonstrated by: # # python -c "print ','.join(['a','b','c'][:-1])" # for forward_copy in forward_addresses[:-1]: forward_rules.append(("redirect", ":copy", forward_copy)) if forward_keepcopy: # Principle can be demonstrated by: # # python -c "print ','.join(['a','b','c'][-1])" # if forward_uce: rule_name = 'forward-uce-keepcopy' else: rule_name = 'forward-keepcopy' forward_rules.append(("redirect", ":copy", forward_addresses[-1])) else: if forward_uce: rule_name = 'forward-uce' else: rule_name = 'forward' forward_rules.append(("redirect", forward_addresses[-1])) forward_rules.append(("stop")) if forward_uce: mgmt_script.addfilter(rule_name, ['true'], forward_rules) else: # NOTE: Messages with no X-Spam-Status header need to be matched # too, and this does exactly that. mgmt_script.addfilter(rule_name, [("not", ("X-Spam-Status", ":matches", "Yes,*"))], forward_rules) if sdf_filter: mgmt_script.addfilter('spam_delivery_folder', [("X-Spam-Status", ":matches", "Yes,*")], [("fileinto", "INBOX/Spam"), ("stop")]) if dtf_active: mgmt_script.addfilter('delivery_to_folder', ['true'], [("fileinto", dtf_folder)]) mgmt_script = mgmt_script.__str__() log.debug(_("MANAGEMENT script for user %s contents: %r") % (address,mgmt_script), level=8) result = sieveclient.putscript("MANAGEMENT", mgmt_script) if not result: log.error(_("Uploading script MANAGEMENT failed for user %s") % (address)) else: log.debug(_("Uploading script MANAGEMENT for user %s succeeded") % (address), level=8) user_script = """# # User # require ["include"]; """ for script in scripts: if not script in [ "MASTER", "MANAGEMENT", "USER" ]: log.debug(_("Including script %s in USER (for user %s)") % (script,address) ,level=8) user_script = """%s include :personal "%s"; """ % (user_script, script) result = sieveclient.putscript("USER", user_script) if not result: log.error(_("Uploading script USER failed for user %s") % (address)) else: log.debug(_("Uploading script USER for user %s succeeded") % (address), level=8) result = sieveclient.putscript("MASTER", """# # MASTER # # This file is authoritative for your system and MUST BE KEPT ACTIVE. # # Altering it is likely to render your account dysfunctional and may # be violating your organizational or corporate policies. # # For more information on the mechanism and the conventions behind # this script, see http://wiki.kolab.org/KEP:14 # require ["include"]; # OPTIONAL: Includes for all or a group of users # include :global "all-users"; # include :global "this-group-of-users"; # The script maintained by the general management system include :personal "MANAGEMENT"; # The script(s) maintained by one or more editors available to the user include :personal "USER"; """) if not result: log.error(_("Uploading script MASTER failed for user %s") % (address)) else: log.debug(_("Uploading script MASTER for user %s succeeded") % (address), level=8) sieveclient.setactive("MASTER") diff --git a/pykolab/imap/__init__.py b/pykolab/imap/__init__.py index 9cea0d9..e5ecfa8 100644 --- a/pykolab/imap/__init__.py +++ b/pykolab/imap/__init__.py @@ -1,1261 +1,1261 @@ # -*- coding: utf-8 -*- # Copyright 2010-2013 Kolab Systems AG (http://www.kolabsys.com) # # Jeroen van Meeuwen (Kolab Systems) # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program. If not, see . # - +from six import string_types import logging import re import time import socket import sys try: from urlparse import urlparse except ImportError: from urllib.parse import urlparse import pykolab from pykolab import utils from pykolab.translate import _ log = pykolab.getLogger('pykolab.imap') conf = pykolab.getConf() class IMAP(object): def __init__(self): # Pool of named IMAP connections, by hostname self._imap = {} # Place holder for the current IMAP connection self.imap = None def cleanup_acls(self, aci_subject): log.info( _("Cleaning up ACL entries for %s across all folders") % ( aci_subject ) ) lm_suffix = "" if len(aci_subject.split('@')) > 1: lm_suffix = "@%s" % (aci_subject.split('@')[1]) shared_folders = self.imap.lm("shared/*%s" % (lm_suffix)) user_folders = self.imap.lm("user/*%s" % (lm_suffix)) # For all folders (shared and user), ... folders = user_folders + shared_folders log.debug(_("Iterating over %d folders") % (len(folders)), level=5) # ... loop through them and ... for folder in folders: try: # ... list the ACL entries acls = self.imap.lam(folder) # For each ACL entry, see if we think it is a current, valid # entry for acl_entry in acls: # If the key 'acl_entry' does not exist in the dictionary # of valid ACL entries, this ACL entry has got to go. if acl_entry == aci_subject: # Set the ACL to '' (effectively deleting the ACL # entry) log.debug( _( "Removing acl %r for subject %r from folder %r" ) % ( acls[acl_entry], acl_entry, folder ), level=8 ) self.set_acl(folder, acl_entry, '') except Exception as errmsg: log.error( _("Failed to read/set ACL on folder %s: %r") % ( folder, errmsg ) ) def connect(self, uri=None, server=None, domain=None, login=True): """ Connect to the appropriate IMAP backend. Supply a domain (name space) configured in the configuration file as a section, with a setting 'imap_uri' to connect to a domain specific IMAP server, or specify an URI to connect to that particular IMAP server (in that order). Routines sitting behind this will take into account Cyrus IMAP Murder capabilities, brokering actions to take place against the correct server (such as a 'xfer' which needs to happen against the source backend). """ # TODO: We are currently compatible with one IMAP backend technology per # deployment. backend = conf.get('kolab', 'imap_backend') if domain is not None: self.domain = domain if conf.has_section(domain) and conf.has_option(domain, 'imap_backend'): backend = conf.get(domain, 'imap_backend') if uri is None: if conf.has_section(domain) and conf.has_option(domain, 'imap_uri'): uri = conf.get(domain, 'imap_uri') else: self.domain = None scheme = None hostname = None port = None if uri is None: uri = conf.get(backend, 'uri') result = urlparse(uri) if hasattr(result, 'netloc'): scheme = result.scheme if len(result.netloc.split(':')) > 1: hostname = result.netloc.split(':')[0] port = result.netloc.split(':')[1] else: hostname = result.netloc elif hasattr(result, 'hostname'): hostname = result.hostname else: scheme = uri.split(':')[0] (hostname, port) = uri.split('/')[2].split(':') if server is not None: hostname = server if scheme is None or scheme == "": scheme = 'imaps' if port is None: if scheme == "imaps": port = 993 elif scheme == "imap": port = 143 else: port = 993 uri = '%s://%s:%s' % (scheme, hostname, port) # Get the credentials admin_login = conf.get(backend, 'admin_login') admin_password = conf.get(backend, 'admin_password') if admin_password is None or admin_password == '': log.error(_("No administrator password is available.")) if hostname not in self._imap: if backend == 'cyrus-imap': import cyrus self._imap[hostname] = cyrus.Cyrus(uri) # Actually connect if login: log.debug(_("Logging on to Cyrus IMAP server %s") % (hostname), level=8) self._imap[hostname].login(admin_login, admin_password) self._imap[hostname].logged_in = True elif backend == 'dovecot': import dovecot self._imap[hostname] = dovecot.Dovecot(uri) # Actually connect if login: log.debug(_("Logging on to Dovecot IMAP server %s") % (hostname), level=8) self._imap[hostname].login(admin_login, admin_password) self._imap[hostname].logged_in = True else: import imaplib self._imap[hostname] = imaplib.IMAP4(hostname, port) # Actually connect if login: log.debug(_("Logging on to generic IMAP server %s") % (hostname), level=8) self._imap[hostname].login(admin_login, admin_password) self._imap[hostname].logged_in = True else: if not login: self.disconnect(hostname) self.connect(uri=uri, login=False) elif login and not hasattr(self._imap[hostname], 'logged_in'): self.disconnect(hostname) self.connect(uri=uri) else: try: if hasattr(self._imap[hostname], 'm'): self._imap[hostname].m.noop() elif hasattr(self._imap[hostname], 'noop') \ and callable(self._imap[hostname].noop): self._imap[hostname].noop() log.debug( _("Reusing existing IMAP server connection to %s") % (hostname), level=8 ) except Exception: log.debug(_("Reconnecting to IMAP server %s") % (hostname), level=8) self.disconnect(hostname) self.connect() # Set the newly created technology specific IMAP library as the current # IMAP connection to be used. self.imap = self._imap[hostname] if hasattr(self.imap, 'm') and hasattr(self.imap.m, 'sock'): self._set_socket_keepalive(self.imap.m.sock) elif hasattr(self.imap, 'sock'): self._set_socket_keepalive(self.imap.sock) def disconnect(self, server=None): if server is None: # No server specified, but make sure self.imap is None anyways if hasattr(self, 'imap'): del self.imap # Empty out self._imap as well for key in list(self._imap): del self._imap[key] else: if server in self._imap: del self._imap[server] else: log.warning( _("Called imap.disconnect() on a server that we had no connection to.") ) def create_folder(self, folder_path, server=None, partition=None): folder_path = self.folder_utf7(folder_path) if server is not None: self.connect(server=server) try: self._imap[server].cm(folder_path, partition=partition) return True except Exception as excpt: log.error( _("Could not create folder %r on server %r: %r") % (folder_path, server, excpt) ) else: try: self.imap.cm(folder_path, partition=partition) return True except Exception as excpt: log.error(_("Could not create folder %r: %r") % (folder_path, excpt)) return False def __getattr__(self, name): if hasattr(self.imap, name): return getattr(self.imap, name) if hasattr(self.imap, 'm'): if hasattr(self.imap.m, name): return getattr(self.imap.m, name) raise AttributeError(_("%r has no attribute %s") % (self, name)) def append(self, folder, message): return self.imap.m.append(self.folder_utf7(folder), None, None, message) def folder_utf7(self, folder): from pykolab import imap_utf7 return imap_utf7.encode(folder) def folder_utf8(self, folder): from pykolab import imap_utf7 return imap_utf7.decode(folder) def folder_quote(self, folder): return u'"' + str(folder).strip('"') + '"' def get_metadata(self, folder): """ Obtain all metadata entries on a folder """ metadata = {} _metadata = self.imap.getannotation(self.folder_utf7(folder), '*') for (k, v) in _metadata.items(): metadata[self.folder_utf8(k)] = v return metadata def get_separator(self): if not hasattr(self, 'imap') or self.imap is None: self.connect() if hasattr(self.imap, 'separator'): return self.imap.separator elif hasattr(self.imap, 'm') and hasattr(self.imap.m, 'separator'): return self.imap.m.separator else: return '/' def imap_murder(self): if hasattr(self.imap, 'murder') and self.imap.murder: return True else: return False def namespaces(self): """ Obtain the namespaces. Returns a tuple of: (str(personal) [, str(other users) [, list(shared)]]) """ _personal = None _other_users = None _shared = None (_response, _namespaces) = self.imap.m.namespace() if len(_namespaces) == 1: _namespaces = _namespaces[0] _namespaces = re.split(r"\)\)\s\(\(", _namespaces) if len(_namespaces) >= 3: _shared = [] _shared.append(' '.join(_namespaces[2].replace('((', '').replace('))', '').split()[:-1]).replace('"', '')) if len(_namespaces) >= 2: _other_users = ' '.join(_namespaces[1].replace('((', '').replace('))', '').split()[:-1]).replace('"', '') if len(_namespaces) >= 1: _personal = _namespaces[0].replace('((', '').replace('))', '').split()[0].replace('"', '') return (_personal, _other_users, _shared) def set_acl(self, folder, identifier, acl): """ Set an ACL entry on a folder. """ _acl = '' short_rights = { 'all': 'lrsedntxakcpiw', 'append': 'wip', 'full': 'lrswipkxtecdn', 'read': 'lrs', 'read-only': 'lrs', 'read-write': 'lrswitedn', 'post': 'p', 'semi-full': 'lrswit', 'write': 'lrswite', } if acl in short_rights: acl = short_rights[acl] else: for char in acl: if char in "-+": continue if not char in short_rights['all']: log.error(_("Invalid access identifier %r for subject %r") % (acl, identifier)) return False # Special treatment for '-' and '+' characters if '+' in acl or '-' in acl: acl_map = { 'set': '', 'subtract': '', 'add': '' } mode = 'set' for char in acl: if char == '-': mode = 'subtract' continue if char == '+': mode = 'add' continue acl_map[mode] += char current_acls = self.imap.lam(self.folder_utf7(folder)) for current_acl in current_acls: if current_acl == identifier: _acl = current_acls[current_acl] break _acl = _acl + acl_map['set'] + acl_map['add'] _acl = [x for x in _acl.split() if x not in acl_map['subtract'].split()] acl = ''.join(list(set(_acl))) try: self.imap.sam(self.folder_utf7(folder), identifier, acl) except Exception as errmsg: log.error( _("Could not set ACL for %s on folder %s: %r") % ( identifier, folder, errmsg ) ) def set_metadata(self, folder, metadata_path, metadata_value, shared=True): """ Set a metadata entry on a folder """ if metadata_path.startswith('/shared/'): shared = True metadata_path = metadata_path.replace('/shared/', '/') elif metadata_path.startswith('/private/'): shared = False metadata_path = metadata_path.replace('/private/', '/') self.imap._setannotation(self.folder_utf7(folder), metadata_path, metadata_value, shared) def shared_folder_create(self, folder_path, server=None): """ Create a shared folder. """ folder_name = "shared%s%s" % (self.get_separator(), folder_path) # Correct folder_path being supplied with "shared/shared/" for example if folder_name.startswith("shared%s" % (self.get_separator()) * 2): folder_name = folder_name[7:] log.info(_("Creating new shared folder %s") % (folder_name)) self.create_folder(folder_name, server) def shared_folder_exists(self, folder_path): """ Check if a shared mailbox exists. """ folder_name = 'shared%s%s' % (self.get_separator(), folder_path) # Correct folder_path being supplied with "shared/shared/" for example if folder_name.startswith("shared%s" % (self.get_separator()) * 2): folder_name = folder_name[7:] return self.has_folder(folder_name) def shared_folder_rename(self, old, new): if not self.has_folder(old): log.error("Shared Folder rename error: Folder %s does not exist" % (old)) return if self.has_folder(new): log.error("Shared Folder rename error: Folder %s already exists" % (new)) return self.imap._rename(old, new) def shared_folder_set_type(self, folder_path, folder_type): folder_name = 'shared%s%s' % (self.get_separator(), folder_path) # Correct folder_path being supplied with "shared/shared/" for example if folder_name.startswith("shared%s" % (self.get_separator()) * 2): folder_name = folder_name[7:] self.set_metadata(folder_name, '/shared/vendor/kolab/folder-type', folder_type) def shared_mailbox_create(self, mailbox_base_name, server=None): """ Create a shared folder. """ self.connect() folder_name = "shared%s%s" % (self.get_separator(), mailbox_base_name) # Correct folder_path being supplied with "shared/shared/" for example if folder_name.startswith("shared%s" % (self.get_separator()) * 2): folder_name = folder_name[7:] log.info(_("Creating new shared folder %s") %(mailbox_base_name)) self.create_folder(folder_name, server) def shared_mailbox_exists(self, mailbox_base_name): """ Check if a shared mailbox exists. """ self.connect() folder_name = "shared%s%s" % (self.get_separator(), mailbox_base_name) # Correct folder_path being supplied with "shared/shared/" for example if folder_name.startswith("shared%s" % (self.get_separator()) * 2): folder_name = folder_name[7:] return self.has_folder(folder_name) def user_mailbox_create(self, mailbox_base_name, server=None): """ Create a user mailbox. Returns the full path to the new mailbox folder. """ # TODO: Whether or not to lowercase the mailbox name is really up to the # IMAP server setting username_tolower (normalize_uid, lmtp_downcase_rcpt). self.connect() if not mailbox_base_name == mailbox_base_name.lower(): log.warning(_("Downcasing mailbox name %r") % (mailbox_base_name)) mailbox_base_name = mailbox_base_name.lower() folder_name = "user%s%s" % (self.get_separator(), mailbox_base_name) log.info(_("Creating new mailbox for user %s") %(mailbox_base_name)) success = self._create_folder_waiting(folder_name, server) if not success: log.error(_("Could not create the mailbox for user %s, aborting." % (mailbox_base_name))) return False _additional_folders = None if not hasattr(self, 'domain'): self.domain = None if self.domain is None and len(mailbox_base_name.split('@')) > 1: self.domain = mailbox_base_name.split('@')[1] if not self.domain is None: if conf.has_option(self.domain, "autocreate_folders"): _additional_folders = conf.get_raw( self.domain, "autocreate_folders" ) else: from pykolab.auth import Auth auth = Auth() auth.connect() domains = auth.list_domains(self.domain) auth.disconnect() if len(domains) > 0: if self.domain in domains: primary = domains[self.domain] if conf.has_option(primary, "autocreate_folders"): _additional_folders = conf.get_raw( primary, "autocreate_folders" ) if _additional_folders is None: if conf.has_option('kolab', "autocreate_folders"): _additional_folders = conf.get_raw( 'kolab', "autocreate_folders" ) additional_folders = conf.plugins.exec_hook( "create_user_folders", kw={ 'folder': folder_name, 'additional_folders': _additional_folders } ) if additional_folders is not None: self.user_mailbox_create_additional_folders( mailbox_base_name, additional_folders ) if not self.domain is None: if conf.has_option(self.domain, "sieve_mgmt"): sieve_mgmt_enabled = conf.get(self.domain, 'sieve_mgmt') if utils.true_or_false(sieve_mgmt_enabled): conf.plugins.exec_hook( 'sieve_mgmt_refresh', kw={ 'user': mailbox_base_name } ) return folder_name def user_mailbox_create_additional_folders(self, user, additional_folders): log.debug( _("Creating additional folders for user %s") % (user), level=8 ) backend = conf.get('kolab', 'imap_backend') admin_login = conf.get(backend, 'admin_login') admin_password = conf.get(backend, 'admin_password') folder = 'user%s%s' % (self.get_separator(), user) if self.imap_murder(): server = self.user_mailbox_server(folder) else: server = None success = False last_log = time.time() while not success: try: self.disconnect() self.connect(login=False, server=server) self.login_plain(admin_login, admin_password, user) (personal, other, shared) = self.namespaces() success = True except Exception as errmsg: if time.time() - last_log > 5 and self.imap_murder(): log.debug(_("Waiting for the Cyrus murder to settle... %r") % (errmsg)) last_log = time.time() if conf.debuglevel > 8: import traceback traceback.print_exc() time.sleep(0.5) for additional_folder in additional_folders: _add_folder = {} folder_name = additional_folder if not folder_name.startswith(personal): log.error(_("Correcting additional folder name from %r to %r") % (folder_name, "%s%s" % (personal, folder_name))) folder_name = "%s%s" % (personal, folder_name) success = self._create_folder_waiting(folder_name) if not success: log.warning(_("Failed to create folder: %s") % (folder_name)) continue if "annotations" in additional_folders[additional_folder]: for annotation in additional_folders[additional_folder]["annotations"]: self.set_metadata( folder_name, "%s" % (annotation), "%s" % (additional_folders[additional_folder]["annotations"][annotation]) ) if "acls" in additional_folders[additional_folder]: for acl in additional_folders[additional_folder]["acls"]: self.set_acl( folder_name, "%s" % (acl), "%s" % (additional_folders[additional_folder]["acls"][acl]) ) if len(user.split('@')) > 1: localpart = user.split('@')[0] domain = user.split('@')[1] domain_suffix = "@%s" % (domain) else: localpart = user domain = None domain_suffix = "" if domain is not None: if conf.has_section(domain) and conf.has_option(domain, 'imap_backend'): backend = conf.get(domain, 'imap_backend') if conf.has_section(domain) and conf.has_option(domain, 'imap_uri'): uri = conf.get(domain, 'imap_uri') else: uri = None log.debug(_("Subscribing user to the additional folders"), level=8) _tests = [] # Subscribe only to personal folders (personal, other, shared) = self.namespaces() if other is not None: _tests.append(other) if shared is not None: for _shared in shared: _tests.append(_shared) log.debug(_("Using the following tests for folder subscriptions:"), level=8) for _test in _tests: log.debug(_(" %r") % (_test), level=8) for _folder in self.lm(): log.debug(_("Folder %s") % (_folder), level=8) _subscribe = True for _test in _tests: if not _subscribe: continue if _folder.startswith(_test): _subscribe = False if _subscribe: log.debug(_("Subscribing %s to folder %s") % (user, _folder), level=8) try: self.subscribe(_folder) except Exception as errmsg: log.error(_("Subscribing %s to folder %s failed: %r") % (user, _folder, errmsg)) self.logout() self.connect(domain=self.domain) for additional_folder in additional_folders: if additional_folder.startswith(personal) and not personal == '': folder_name = additional_folder.replace(personal, '') else: folder_name = additional_folder folder_name = "user%s%s%s%s%s" % ( self.get_separator(), localpart, self.get_separator(), folder_name, domain_suffix ) if "quota" in additional_folders[additional_folder]: try: self.imap.sq( folder_name, additional_folders[additional_folder]['quota'] ) except Exception as errmsg: log.error(_("Could not set quota on %s") % (additional_folder)) if "partition" in additional_folders[additional_folder]: partition = additional_folders[additional_folder]["partition"] try: self.imap._rename(folder_name, folder_name, partition) except: log.error(_("Could not rename %s to reside on partition %s") % (folder_name, partition)) def _create_folder_waiting(self, folder_name, server=None): """ Create a folder and wait to make sure it exists """ created = False try: max_tries = 10 while not created and max_tries > 0: created = self.create_folder(folder_name, server) if not created: self.disconnect() max_tries -= 1 time.sleep(1) self.connect() # In a Cyrus IMAP Murder topology, wait for the murder to have settled if created and self.imap_murder(): success = False last_log = time.time() reconnect_counter = 0 while not success: success = self.has_folder(folder_name) if not success: if time.time() - last_log > 5: reconnect_counter += 1 log.info(_("Waiting for the Cyrus IMAP Murder to settle...")) if reconnect_counter == 6: log.warning(_("Waited for 15 seconds, going to reconnect")) reconnect_counter = 0 self.disconnect() self.connect() last_log = time.time() time.sleep(0.5) except: if conf.debuglevel > 8: import traceback traceback.print_exc() return created def user_mailbox_delete(self, mailbox_base_name): """ Delete a user mailbox. """ self.connect() folder = "user%s%s" %(self.get_separator(), mailbox_base_name) self.delete_mailfolder(folder) self.cleanup_acls(mailbox_base_name) def user_mailbox_exists(self, mailbox_base_name): """ Check if a user mailbox exists. """ self.connect() if not mailbox_base_name == mailbox_base_name.lower(): log.warning(_("Downcasing mailbox name %r") % (mailbox_base_name)) mailbox_base_name = mailbox_base_name.lower() return self.has_folder('user%s%s' %(self.get_separator(), mailbox_base_name)) def user_mailbox_quota(self, mailbox_quota): pass def user_mailbox_rename(self, old_name, new_name, partition=None): self.connect() old_name = "user%s%s" % (self.get_separator(), old_name) new_name = "user%s%s" % (self.get_separator(), new_name) if old_name == new_name and partition is None: return if not self.has_folder(old_name): log.error(_("INBOX folder to rename (%s) does not exist") % (old_name)) if not self.has_folder(new_name) or not partition is None: log.info(_("Renaming INBOX from %s to %s") % (old_name, new_name)) try: self.imap.rename(old_name, new_name, partition) except: log.error(_("Could not rename INBOX folder %s to %s") % (old_name, new_name)) else: log.warning(_("Moving INBOX folder %s won't succeed as target folder %s already exists") % (old_name, new_name)) def user_mailbox_server(self, mailbox): server = self.imap.find_mailfolder_server(mailbox.lower()).lower() log.debug(_("Server for mailbox %r is %r") % (mailbox, server), level=8) return server def has_folder(self, folder): """ Check if the environment has a folder named folder. """ folders = self.imap.lm(self.folder_utf7(folder)) log.debug(_("Looking for folder '%s', we found folders: %r") % (folder, [self.folder_utf8(x) for x in folders]), level=8) # Greater then one, this folder may have subfolders. if len(folders) > 0: return True else: return False def _set_socket_keepalive(self, sock): sock.setsockopt(socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1) with open('/proc/sys/net/ipv4/tcp_keepalive_time', 'r') as f: sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_KEEPIDLE, (int)(f.read())) with open('/proc/sys/net/ipv4/tcp_keepalive_intvl', 'r') as f: sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_KEEPINTVL, (int)(f.read())) with open('/proc/sys/net/ipv4/tcp_keepalive_probes', 'r') as f: sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_KEEPCNT, (int)(f.read())) def _set_kolab_mailfolder_acls(self, acls, folder=None, update=False): # special case, folder has no ACLs assigned and update was requested, # remove all existing ACL entries if update is True and isinstance(acls, list) and len(acls) == 0: acls = self.list_acls(folder) for subject in acls: log.debug( _("Removing ACL rights %s for subject %s on folder " + \ "%s") % (acls[subject], subject, folder), level=8) self.set_acl(folder, subject, '') return - if isinstance(acls, basestring): + if isinstance(acls, string_types): acls = [ acls ] old_acls = None for acl in acls: exec("acl = %s" % (acl)) subject = acl[0] rights = acl[1] if len(acl) == 3: epoch = acl[2] else: epoch = (int)(time.time()) + 3600 # update mode, check existing entries if update is True: if old_acls is None: old_acls = self.list_acls(folder) for old_subject in old_acls: old_acls[old_subject] = old_acls[old_subject] if subject in old_acls: old_acls[subject] = None if epoch > (int)(time.time()): log.debug( _("Setting ACL rights %s for subject %s on folder " + \ "%s") % (rights, subject, folder), level=8) self.set_acl( folder, "%s" % (subject), "%s" % (rights) ) else: log.debug( _("Removing ACL rights %s for subject %s on folder " + \ "%s") % (rights, subject, folder), level=8) self.set_acl( folder, "%s" % (subject), "" ) # update mode, unset removed ACL entries if old_acls is not None: for subject in old_acls: if old_acls[subject] is not None: log.debug( _("Removing ACL rights %s for subject %s on folder " + \ "%s") % (old_acls[subject], subject, folder), level=8) self.set_acl(folder, subject, '') pass """ Blah functions """ def move_user_folders(self, users=[], domain=None): for user in users: if type(user) == dict: if 'old_mail' in user: inbox = "user/%s" % (user['mail']) old_inbox = "user/%s" % (user['old_mail']) if self.has_folder(old_inbox): log.debug(_("Found old INBOX folder %s") % (old_inbox), level=8) if not self.has_folder(inbox): log.info(_("Renaming INBOX from %s to %s") % (old_inbox, inbox)) self.imap.rename(old_inbox, inbox) self.inbox_folders.append(inbox) else: log.warning(_("Moving INBOX folder %s won't succeed as target folder %s already exists") % (old_inbox, inbox)) else: log.debug(_("Did not find old folder user/%s to rename") % (user['old_mail']), level=8) else: log.debug(_("Value for user is not a dictionary"), level=8) def set_quota(self, folder, quota): i = 0 while i < 10: try: self.imap._setquota(folder, quota) i = 10 except: self.disconnect() self.connect() i += 1 def set_user_folder_quota(self, users=[], primary_domain=None, secondary_domain=[], folders=[]): """ Sets the quota in IMAP using the authentication and authorization database 'quota' attribute for the users listed in parameter 'users' """ if conf.has_option(primary_domain, 'quota_attribute'): _quota_attr = conf.get(primary_domain, 'quota_attribute') else: auth_mechanism = conf.get('kolab', 'auth_mechanism') _quota_attr = conf.get(auth_mechanism, 'quota_attribute') _inbox_folder_attr = conf.get('cyrus-sasl', 'result_attribute') default_quota = auth.domain_default_quota(primary_domain) if default_quota == "" or default_quota is None: default_quota = 0 if len(users) == 0: users = auth.list_users(primary_domain) for user in users: quota = None if type(user) == dict: if _quota_attr in user: if type(user[_quota_attr]) == list: quota = user[_quota_attr].pop(0) elif type(user[_quota_attr]) == str: quota = user[_quota_attr] else: _quota = auth.get_user_attribute(primary_domain, user, _quota_attr) if _quota is None: quota = 0 else: quota = _quota if _inbox_folder_attr not in user: continue else: if type(user[_inbox_folder_attr]) == list: folder = "user/%s" % user[_inbox_folder_attr].pop(0) elif type(user[_inbox_folder_attr]) == str: folder = "user/%s" % user[_inbox_folder_attr] elif type(user) == str: quota = auth.get_user_attribute(user, _quota_attr) folder = "user/%s" % (user) folder = folder.lower() try: (used, current_quota) = self.imap.lq(folder) except: # TODO: Go in fact correct the quota. log.warning(_("Cannot get current IMAP quota for folder %s") % (folder)) used = 0 current_quota = 0 new_quota = conf.plugins.exec_hook("set_user_folder_quota", kw={ 'used': used, 'current_quota': current_quota, 'new_quota': (int)(quota), 'default_quota': (int)(default_quota), 'user': user } ) log.debug(_("Quota for %s currently is %s") % (folder, current_quota), level=7) if new_quota is None: continue if not int(new_quota) == int(quota): log.info(_("Adjusting authentication database quota for folder %s to %d") % (folder, int(new_quota))) quota = int(new_quota) auth.set_user_attribute(primary_domain, user, _quota_attr, new_quota) if not int(current_quota) == int(quota): log.info(_("Correcting quota for %s to %s (currently %s)") % (folder, quota, current_quota)) self.imap._setquota(folder, quota) def set_user_mailhost(self, users=[], primary_domain=None, secondary_domain=[], folders=[]): if conf.has_option(primary_domain, 'mailserver_attribute'): _mailserver_attr = conf.get(primary_domain, 'mailserver_attribute') else: auth_mechanism = conf.get('kolab', 'auth_mechanism') _mailserver_attr = conf.get(auth_mechanism, 'mailserver_attribute') _inbox_folder_attr = conf.get('cyrus-sasl', 'result_attribute') if len(users) == 0: users = auth.list_users(primary_domain) for user in users: mailhost = None if type(user) == dict: if _mailserver_attr in user: if type(user[_mailserver_attr]) == list: _mailserver = user[_mailserver_attr].pop(0) elif type(user[_mailserver_attr]) == str: _mailserver = user[_mailserver_attr] else: _mailserver = auth.get_user_attribute(primary_domain, user, _mailserver_attr) if _inbox_folder_attr not in user: continue else: if type(user[_inbox_folder_attr]) == list: folder = "user/%s" % user[_inbox_folder_attr].pop(0) elif type(user[_inbox_folder_attr]) == str: folder = "user/%s" % user[_inbox_folder_attr] elif type(user) == str: _mailserver = auth.get_user_attribute(user, _mailserver_attr) folder = "user/%s" % (user) folder = folder.lower() _current_mailserver = self.imap.find_mailfolder_server(folder) if _mailserver is not None: # TODO: if not _current_mailserver == _mailserver: self.imap._xfer(folder, _current_mailserver, _mailserver) else: auth.set_user_attribute(primary_domain, user, _mailserver_attr, _current_mailserver) def parse_mailfolder(self, mailfolder): return self.imap.parse_mailfolder(mailfolder) def expunge_user_folders(self, inbox_folders=None): """ Delete folders that have no equivalent user qualifier in the list of users passed to this function, ... TODO: Explain the domain parameter, and actually get it to work properly. This also relates to threading for multi-domain deployments. Parameters: users A list of users. Can be a list of user qualifiers, e.g. [ 'user1', 'user2' ] or a list of user attribute dictionaries, e.g. [ { 'user1': { 'attr': 'value' } } ] primary_domain, secondary_domains """ if inbox_folders is None: inbox_folders = [] folders = self.list_user_folders() for folder in folders: log.debug(_("Checking folder: %s") % (folder), level=1) try: if inbox_folders.index(folder) > -1: continue else: log.info(_("Folder has no corresponding user (1): %s") % (folder)) self.delete_mailfolder("user/%s" % (folder)) except: log.info(_("Folder has no corresponding user (2): %s") % (folder)) try: self.delete_mailfolder("user/%s" % (folder)) except: pass def delete_mailfolder(self, mailfolder_path): """ Deletes a mail folder described by mailfolder_path. """ mbox_parts = self.parse_mailfolder(mailfolder_path) if mbox_parts is None: # We got user identifier only log.error(_("Please don't give us just a user identifier")) return log.info(_("Deleting folder %s") % (mailfolder_path)) self.imap.dm(self.folder_utf7(mailfolder_path)) def get_quota(self, mailfolder_path): try: return self.lq(self.folder_utf7(mailfolder_path)) except: return def get_quota_root(self, mailfolder_path): return self.lqr(self.folder_utf7(mailfolder_path)) def list_acls(self, folder): """ List the ACL entries on a folder """ return self.imap.lam(self.folder_utf7(folder)) def list_folders(self, pattern): return [self.folder_utf8(x) for x in self.lm(self.folder_utf7(pattern))] def list_user_folders(self, primary_domain=None, secondary_domains=[]): """ List the INBOX folders in the IMAP backend. Returns a list of unique base folder names. """ _folders = self.imap.lm("user/%") # TODO: Replace the .* below with a regex representing acceptable DNS # domain names. domain_re = ".*\.?%s$" acceptable_domain_name_res = [] if primary_domain is not None: for domain in [ primary_domain ] + secondary_domains: acceptable_domain_name_res.append(domain_re % (domain)) folders = [] for folder in _folders: folder_name = None if len(folder.split('@')) > 1: # TODO: acceptable domain name spaces #acceptable = False #for domain_name_re in acceptable_domain_name_res: #prog = re.compile(domain_name_re) #if prog.match(folder.split('@')[1]): #print "Acceptable indeed" #acceptable = True #if not acceptable: #print "%s is not acceptable against %s yet using %s" % (folder.split('@')[1], folder, domain_name_re) #if acceptable: #folder_name = "%s@%s" % (folder.split(self.separator)[1].split('@')[0], folder.split('@')[1]) folder_name = "%s@%s" % (folder.split(self.get_separator())[1].split('@')[0], folder.split('@')[1]) else: folder_name = "%s" % (folder.split(self.get_separator())[1]) if folder_name is not None: if not folder_name in folders: folders.append(folder_name) return folders def lm(self, *args, **kw): return self.imap.lm(*args, **kw) def lq(self, *args, **kw): return self.imap.lq(*args, **kw) def lqr(self, *args, **kw): try: return self.imap.lqr(*args, **kw) except: return (None, None, None) def undelete_mailfolder(self, *args, **kw): self.imap.undelete_mailfolder(*args, **kw) diff --git a/pykolab/plugins/sievemgmt/__init__.py b/pykolab/plugins/sievemgmt/__init__.py index 02f5daa..772165d 100644 --- a/pykolab/plugins/sievemgmt/__init__.py +++ b/pykolab/plugins/sievemgmt/__init__.py @@ -1,434 +1,435 @@ # -*- coding: utf-8 -*- # Copyright 2010-2013 Kolab Systems AG (http://www.kolabsys.com) # # Jeroen van Meeuwen (Kolab Systems) # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program. If not, see . # +from six import string_types import pykolab from pykolab import utils from pykolab.auth import Auth from pykolab.translate import _ conf = pykolab.getConf() log = pykolab.getLogger('pykolab.plugin_sievemgmt') import sys import time try: from urlparse import urlparse except ImportError: from urllib.parse import urlparse class KolabSievemgmt(object): """ Plugin to manage Sieve scripts according to KEP #14. """ def __init__(self): pass def add_options(self, *args, **kw): pass def sieve_mgmt_refresh(self, *args, **kw): """ The arguments passed to the 'sieve_mgmt_refresh' hook: user - the user identifier """ if not len(kw) == 1 or 'user' not in kw: log.error(_("Wrong number of arguments for sieve management plugin")) return else: address = kw['user'] auth = Auth() auth.connect() user = auth.find_recipient(address) log.info("User for address %r: %r" % (address, user)) # Get the main, default backend backend = conf.get('kolab', 'imap_backend') if len(address.split('@')) > 1: domain = address.split('@')[1] else: domain = conf.get('kolab', 'primary_domain') if conf.has_section(domain) and conf.has_option(domain, 'imap_backend'): backend = conf.get(domain, 'imap_backend') if conf.has_section(domain) and conf.has_option(domain, 'imap_uri'): uri = conf.get(domain, 'imap_uri') else: uri = conf.get(backend, 'uri') hostname = None port = None result = urlparse(uri) if hasattr(result, 'hostname'): hostname = result.hostname else: scheme = uri.split(':')[0] (hostname, port) = uri.split('/')[2].split(':') port = 4190 # Get the credentials admin_login = conf.get(backend, 'admin_login') admin_password = conf.get(backend, 'admin_password') import sievelib.managesieve sieveclient = sievelib.managesieve.Client(hostname, port, conf.debuglevel > 8) sieveclient.connect(None, None, True) sieveclient._plain_authentication(admin_login, admin_password, address) sieveclient.authenticated = True result = sieveclient.listscripts() if result == None: active = None scripts = [] else: active, scripts = result log.debug(_("Found the following scripts for user %s: %s") % (address, ','.join(scripts)), level=8) log.debug(_("And the following script is active for user %s: %s") % (address, active), level=8) mgmt_required_extensions = [] mgmt_script = """# # MANAGEMENT # """ user = auth.get_entry_attributes(domain, user, ['*']) # # Vacation settings (a.k.a. Out of Office) # vacation_active = None vacation_text = None vacation_uce = None vacation_noreact_domains = None vacation_react_domains = None vacation_active_attr = conf.get('sieve', 'vacation_active_attr') vacation_text_attr = conf.get('sieve', 'vacation_text_attr') vacation_uce_attr = conf.get('sieve', 'vacation_uce_attr') vacation_noreact_domains_attr = conf.get('sieve', 'vacation_noreact_domains_attr') vacation_react_domains_attr = conf.get('sieve', 'vacation_react_domains_attr') if not vacation_text_attr == None: if vacation_active_attr in user: vacation_active = utils.true_or_false(user[vacation_active_attr]) else: vacation_active = False if vacation_text_attr in user: vacation_text = user[vacation_text_attr] else: vacation_active = False if vacation_uce_attr in user: vacation_uce = utils.true_or_false(user[vacation_uce_attr]) else: vacation_uce = False if vacation_react_domains_attr in user: if isinstance(user[vacation_react_domains_attr], list): vacation_react_domains = user[vacation_react_domains_attr] else: vacation_react_domains = [ user[vacation_react_domains_attr] ] else: if vacation_noreact_domains_attr in user: if isinstance(user[vacation_noreact_domains_attr], list): vacation_noreact_domains = user[vacation_noreact_domains_attr] else: vacation_noreact_domains = [ user[vacation_noreact_domains_attr] ] else: vacation_noreact_domains = [] # # Delivery to Folder # dtf_active_attr = conf.get('sieve', 'deliver_to_folder_active') if not dtf_active_attr == None: if dtf_active_attr in user: dtf_active = utils.true_or_false(user[dtf_active_attr]) else: dtf_active = False else: # TODO: Not necessarily de-activated, the *Active attributes are # not supposed to charge this - check the deliver_to_folder_attr # attribute value for a value. dtf_active = False if dtf_active: dtf_folder_name_attr = conf.get('sieve', 'deliver_to_folder_attr') if not dtf_folder_name_attr == None: if dtf_folder_name_attr in user: dtf_folder = user[dtf_folder_name_attr] else: log.warning(_("Delivery to folder active, but no folder name attribute available for user %r") % (user)) dtf_active = False else: log.error(_("Delivery to folder active, but no folder name attribute configured")) dtf_active = False # # Folder name to delivery spam to. # # Global or local. # sdf_filter = True sdf = conf.get('sieve', 'spam_global_folder') if sdf == None: sdf = conf.get('sieve', 'spam_personal_folder') if sdf == None: sdf_filter = False # # Mail forwarding # forward_active = None forward_addresses = [] forward_keepcopy = None forward_uce = None forward_active_attr = conf.get('sieve', 'forward_address_active') if not forward_active_attr == None: if forward_active_attr in user: forward_active = utils.true_or_false(user[forward_active_attr]) else: forward_active = False if not forward_active == False: forward_address_attr = conf.get('sieve', 'forward_address_attr') if forward_address_attr in user: - if isinstance(user[forward_address_attr], basestring): + if isinstance(user[forward_address_attr], string_types): forward_addresses = [ user[forward_address_attr] ] elif isinstance(user[forward_address_attr], str): forward_addresses = [ user[forward_address_attr] ] else: forward_addresses = user[forward_address_attr] if len(forward_addresses) == 0: forward_active = False forward_keepcopy_attr = conf.get('sieve', 'forward_keepcopy_active') if not forward_keepcopy_attr == None: if forward_keepcopy_attr in user: forward_keepcopy = utils.true_or_false(user[forward_keepcopy_attr]) else: forward_keepcopy = False forward_uce_attr = conf.get('sieve', 'forward_uce_active') if not forward_uce_attr == None: if forward_uce_attr in user: forward_uce = utils.true_or_false(user[forward_uce_attr]) else: forward_uce = False if vacation_active: mgmt_required_extensions.append('vacation') mgmt_required_extensions.append('envelope') if dtf_active: mgmt_required_extensions.append('fileinto') if forward_active and (len(forward_addresses) > 1 or forward_keepcopy): mgmt_required_extensions.append('copy') if sdf_filter: mgmt_required_extensions.append('fileinto') import sievelib.factory mgmt_script = sievelib.factory.FiltersSet("MANAGEMENT") for required_extension in mgmt_required_extensions: mgmt_script.require(required_extension) mgmt_script.require('fileinto') if vacation_active: if not vacation_react_domains == None and len(vacation_react_domains) > 0: mgmt_script.addfilter( 'vacation', [('envelope', ':domain', ":is", "from", vacation_react_domains)], [ ( "vacation", ":days", 1, ":subject", "Out of Office", # ":handle", see http://tools.ietf.org/html/rfc5230#page-4 # ":mime", to indicate the reason is in fact MIME vacation_text ) ] ) elif not vacation_noreact_domains == None and len(vacation_noreact_domains) > 0: mgmt_script.addfilter( 'vacation', [('not', ('envelope', ':domain', ":is", "from", vacation_noreact_domains))], [ ( "vacation", ":days", 1, ":subject", "Out of Office", # ":handle", see http://tools.ietf.org/html/rfc5230#page-4 # ":mime", to indicate the reason is in fact MIME vacation_text ) ] ) else: mgmt_script.addfilter( 'vacation', [('true',)], [ ( "vacation", ":days", 1, ":subject", "Out of Office", # ":handle", see http://tools.ietf.org/html/rfc5230#page-4 # ":mime", to indicate the reason is in fact MIME vacation_text ) ] ) if forward_active: forward_rules = [] # Principle can be demonstrated by: # # python -c "print ','.join(['a','b','c'][:-1])" # for forward_copy in forward_addresses[:-1]: forward_rules.append(("redirect", ":copy", forward_copy)) if forward_keepcopy: # Principle can be demonstrated by: # # python -c "print ','.join(['a','b','c'][-1])" # if forward_uce: rule_name = 'forward-uce-keepcopy' else: rule_name = 'forward-keepcopy' forward_rules.append(("redirect", ":copy", forward_addresses[-1])) else: if forward_uce: rule_name = 'forward-uce' else: rule_name = 'forward' forward_rules.append(("redirect", forward_addresses[-1])) forward_rules.append(("stop")) if forward_uce: mgmt_script.addfilter(rule_name, ['true'], forward_rules) else: # NOTE: Messages with no X-Spam-Status header need to be matched # too, and this does exactly that. mgmt_script.addfilter(rule_name, [("not", ("X-Spam-Status", ":matches", "Yes,*"))], forward_rules) if sdf_filter: mgmt_script.addfilter('spam_delivery_folder', [("X-Spam-Status", ":matches", "Yes,*")], [("fileinto", "INBOX/Spam"), ("stop")]) if dtf_active: mgmt_script.addfilter('delivery_to_folder', ['true'], [("fileinto", dtf_folder)]) mgmt_script = mgmt_script.__str__() result = sieveclient.putscript("MANAGEMENT", mgmt_script) if not result: log.error(_("Uploading script MANAGEMENT failed for user %s") % (address)) else: log.debug(_("Uploading script MANAGEMENT for user %s succeeded") % (address), level=8) user_script = """# # User # require ["include"]; """ for script in scripts: if not script in [ "MASTER", "MANAGEMENT", "USER" ]: log.debug(_("Including script %s in USER (for user %s)") % (script,address) ,level=8) user_script = """%s include :personal "%s"; """ % (user_script, script) result = sieveclient.putscript("USER", user_script) if not result: log.error(_("Uploading script USER failed for user %s") % (address)) else: log.debug(_("Uploading script USER for user %s succeeded") % (address), level=8) result = sieveclient.putscript("MASTER", """# # MASTER # # This file is authoritative for your system and MUST BE KEPT ACTIVE. # # Altering it is likely to render your account dysfunctional and may # be violating your organizational or corporate policies. # # For more information on the mechanism and the conventions behind # this script, see http://wiki.kolab.org/KEP:14 # require ["include"]; # OPTIONAL: Includes for all or a group of users # include :global "all-users"; # include :global "this-group-of-users"; # The script maintained by the general management system include :personal "MANAGEMENT"; # The script(s) maintained by one or more editors available to the user include :personal "USER"; """) if not result: log.error(_("Uploading script MASTER failed for user %s") % (address)) else: log.debug(_("Uploading script MASTER for user %s succeeded") % (address), level=8) sieveclient.setactive("MASTER") diff --git a/pykolab/setup/components.py b/pykolab/setup/components.py index 49a4f65..e865015 100644 --- a/pykolab/setup/components.py +++ b/pykolab/setup/components.py @@ -1,266 +1,267 @@ # -*- coding: utf-8 -*- # # Copyright 2010-2013 Kolab Systems AG (http://www.kolabsys.com) # # Jeroen van Meeuwen (Kolab Systems) # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program. If not, see . # +from six import string_types import os import pykolab from pykolab.constants import * from pykolab.translate import _ log = pykolab.getLogger('pykolab.setup') conf = pykolab.getConf() components = {} component_groups = {} executed_components = [] components_included_in_cli = [] finalize_conf_ok = None def __init__(): # We only want the base path components_base_path = os.path.dirname(__file__) for components_path, dirnames, filenames in os.walk(components_base_path): if not components_path == components_base_path: continue for filename in filenames: if filename.startswith('setup_') and filename.endswith('.py'): module_name = filename.replace('.py','') component_name = module_name.replace('setup_', '') #print "exec(\"from %s import __init__ as %s_register\"" % (module_name,component_name) exec("from %s import __init__ as %s_register" % (module_name,component_name)) exec("%s_register()" % (component_name)) for dirname in dirnames: register_group(components_path, dirname) register('help', list_components, description=_("Display this help.")) def list_components(*args, **kw): """ List components """ __components = {} for component in components: if isinstance(component, tuple): component_group, component = component __components[component_group] = { component: components[(component_group,component)] } else: __components[component] = components[component] _components = __components.keys() _components.sort() for _component in _components: if 'function' in __components[_component]: # This is a top-level component if not __components[_component]['description'] == None: print("%-25s - %s" % (_component.replace('_','-'),__components[_component]['description'])) else: print("%-25s" % (_component.replace('_','-'))) for _component in _components: if 'function' not in __components[_component]: # This is a nested component print("\n" + _("Command Group: %s") % (_component) + "\n") ___components = __components[_component].keys() ___components.sort() for __component in ___components: if not __components[_component][__component]['description'] == None: print("%-4s%-21s - %s" % ('',__component.replace('_','-'),__components[_component][__component]['description'])) else: print("%-4s%-21s" % ('',__component.replace('_','-'))) def _list_components(*args, **kw): """ List components and return API compatible, parseable lists and dictionaries. """ __components = {} for component in components: if isinstance(component, tuple): component_group, component = component __components[component_group] = { component: components[(component_group,component)] } else: __components[component] = components[component] _components = __components.keys() _components.sort() return _components def cli_options_from_component(component_name, *args, **kw): global components_included_in_cli if component_name in components_included_in_cli: return if 'group' in components[component_name]: group = components[component_name]['group'] component_name = components[component_name]['component_name'] try: exec("from %s.setup_%s import cli_options as %s_%s_cli_options" % (group,component_name,group,component_name)) exec("%s_%s_cli_options()" % (group,component_name)) except ImportError: pass else: try: exec("from setup_%s import cli_options as %s_cli_options" % (component_name,component_name)) exec("%s_cli_options()" % (component_name)) except ImportError: pass components_included_in_cli.append(component_name) def execute(component_name, *args, **kw): if component_name == '': log.debug( _("No component selected, continuing for all components"), level=8 ) while 1: for component in _list_components(): execute_this = True if component in executed_components: execute_this = False if component == "help": execute_this = False if execute_this: if 'after' in components[component]: for _component in components[component]['after']: if not _component in executed_components: execute_this = False if execute_this: execute(component) executed_components.append(component) executed_all = True for component in _list_components(): if not component in executed_components and not component == "help": executed_all = False if executed_all: break return else: for component in _list_components(): cli_options_from_component(component) if component_name not in components: log.error(_("No such component.")) sys.exit(1) if 'function' not in components[component_name] and \ 'group' not in components[component_name]: log.error(_("No such component.")) sys.exit(1) conf.finalize_conf() if len(conf.cli_args) >= 1: _component_name = conf.cli_args.pop(0) else: _component_name = component_name components[component_name]['function'](conf.cli_args, kw) def register_group(dirname, module): components_base_path = os.path.join(os.path.dirname(__file__), module) components[module] = {} for components_path, dirnames, filenames in os.walk(components_base_path): if not components_path == components_base_path: continue for filename in filenames: if filename.startswith('setup_') and filename.endswith('.py'): module_name = filename.replace('.py','') component_name = module_name.replace('setup_', '') #print "exec(\"from %s.%s import __init__ as %s_%s_register\"" % (module,module_name,module,component_name) exec("from %s.%s import __init__ as %s_%s_register" % (module,module_name,module,component_name)) exec("%s_%s_register()" % (module,component_name)) def register(component_name, func, group=None, description=None, aliases=[], after=[], before=[]): if not group == None: component = "%s_%s" % (group,component_name) else: component = component_name - if isinstance(aliases, basestring): + if isinstance(aliases, string_types): aliases = [aliases] if component in components: log.fatal(_("Command '%s' already registered") % (component)) sys.exit(1) if callable(func): if group == None: components[component_name] = { 'function': func, 'description': description, 'after': after, 'before': before, } else: components[group][component_name] = { 'function': func, 'description': description, 'after': after, 'before': before, } components[component] = components[group][component_name] components[component]['group'] = group components[component]['component_name'] = component_name for alias in aliases: components[alias] = { 'function': func, 'description': _("Alias for %s") % (component_name) } ## ## Commands not yet implemented ## def not_yet_implemented(*args, **kw): print(_("Not yet implemented")) sys.exit(1) diff --git a/pykolab/xml/contact.py b/pykolab/xml/contact.py index 7b0a2a7..9a6fd99 100644 --- a/pykolab/xml/contact.py +++ b/pykolab/xml/contact.py @@ -1,336 +1,338 @@ +from six import string_types + import kolabformat import datetime import pytz import base64 from pykolab.xml import utils as xmlutils from pykolab.xml.utils import ustr def contact_from_vcard(string): # TODO: implement this pass def contact_from_string(string): _xml = kolabformat.readContact(string, False) return Contact(_xml) def contact_from_message(message): contact = None if message.is_multipart(): for part in message.walk(): if part.get_content_type() == "application/vcard+xml": payload = part.get_payload(decode=True) contact = contact_from_string(payload) # append attachment parts to Contact object elif contact and 'Content-ID' in part: contact._attachment_parts.append(part) return contact class Contact(kolabformat.Contact): type = 'contact' related_map = { 'manager': kolabformat.Related.Manager, 'assistant': kolabformat.Related.Assistant, 'spouse': kolabformat.Related.Spouse, 'children': kolabformat.Related.Child, None: kolabformat.Related.NoRelation, } addresstype_map = { 'home': kolabformat.Address.Home, 'work': kolabformat.Address.Work, } phonetype_map = { 'home': kolabformat.Telephone.Home, 'work': kolabformat.Telephone.Work, 'text': kolabformat.Telephone.Text, 'main': kolabformat.Telephone.Voice, 'homefax': kolabformat.Telephone.Fax, 'workfax': kolabformat.Telephone.Fax, 'mobile': kolabformat.Telephone.Cell, 'video': kolabformat.Telephone.Video, 'pager': kolabformat.Telephone.Pager, 'car': kolabformat.Telephone.Car, 'other': kolabformat.Telephone.Textphone, } emailtype_map = { 'home': kolabformat.Email.Home, 'work': kolabformat.Email.Work, 'other': kolabformat.Email.Work, } urltype_map = { 'homepage': kolabformat.Url.NoType, 'blog': kolabformat.Url.Blog, } keytype_map = { 'pgp': kolabformat.Key.PGP, 'pkcs7': kolabformat.Key.PKCS7_MIME, None: kolabformat.Key.Invalid, } gender_map = { 'female': kolabformat.Contact.Female, 'male': kolabformat.Contact.Male, None: kolabformat.Contact.NotSet, } properties_map = { 'uid': 'get_uid', 'lastmodified-date': 'get_lastmodified', 'fn': 'name', 'nickname': 'nickNames', 'title': 'titles', 'email': 'emailAddresses', 'tel': 'telephones', 'url': 'urls', 'im': 'imAddresses', 'address': 'addresses', 'note': 'note', 'freebusyurl': 'freeBusyUrl', 'birthday': 'bDay', 'anniversary': 'anniversary', 'categories': 'categories', 'lang': 'languages', 'gender': 'get_gender', 'gpspos': 'gpsPos', 'key': 'keys', } def __init__(self, *args, **kw): self._attachment_parts = [] kolabformat.Contact.__init__(self, *args, **kw) def get_uid(self): uid = self.uid() if not uid == '': return uid else: self.__str__() return kolabformat.getSerializedUID() def get_lastmodified(self): try: _datetime = self.lastModified() if _datetime == None or not _datetime.isValid(): self.__str__() except: return datetime.datetime.now(pytz.utc) return xmlutils.from_cdatetime(self.lastModified(), True) def get_email(self, preferred=True): if preferred: return self.emailAddresses()[self.emailAddressPreferredIndex()] else: return [x for x in self.emailAddresses()] def set_email(self, email, preferred_index=0): - if isinstance(email, basestring): + if isinstance(email, string_types): self.setEmailAddresses([email], preferred_index) else: self.setEmailAddresses(email, preferred_index) def add_email(self, email): - if isinstance(email, basestring): + if isinstance(email, string_types): self.add_emails([email]) elif isinstance(email, list): self.add_emails(email) def add_emails(self, emails): preferred_email = self.get_email() emails = [x for x in set(self.get_email(preferred=False) + emails)] preferred_email_index = emails.index(preferred_email) self.setEmailAddresses(emails, preferred_email_index) def set_name(self, name): self.setName(ustr(name)) def get_gender(self, translated=True): _gender = self.gender() if translated: return self._translate_value(_gender, self.gender_map) return _gender def _translate_value(self, val, map): name_map = dict([(v, k) for (k, v) in map.items()]) return name_map[val] if val in name_map else 'UNKNOWN' def to_dict(self): if not self.isValid(): return None data = self._names2dict(self.nameComponents()) for p, getter in self.properties_map.items(): val = None if hasattr(self, getter): val = getattr(self, getter)() if isinstance(val, kolabformat.cDateTime): val = xmlutils.from_cdatetime(val, True) elif isinstance(val, kolabformat.vectori): val = [int(x) for x in val] elif isinstance(val, kolabformat.vectors): val = [str(x) for x in val] elif isinstance(val, kolabformat.vectortelephone): val = [self._struct2dict(x, 'number', self.phonetype_map) for x in val] elif isinstance(val, kolabformat.vectoremail): val = [self._struct2dict(x, 'address', self.emailtype_map) for x in val] elif isinstance(val, kolabformat.vectorurl): val = [self._struct2dict(x, 'url', self.urltype_map) for x in val] elif isinstance(val, kolabformat.vectorkey): val = [self._struct2dict(x, 'key', self.keytype_map) for x in val] elif isinstance(val, kolabformat.vectoraddress): val = [self._address2dict(x) for x in val] elif isinstance(val, kolabformat.vectorgeo): val = [[x.latitude, x.longitude] for x in val] if val is not None: data[p] = val affiliations = self.affiliations() if len(affiliations) > 0: _affiliation = self._affiliation2dict(affiliations[0]) if 'address' in _affiliation: data['address'].extend(_affiliation['address']) _affiliation.pop('address', None) data.update(_affiliation) data.update(self._relateds2dict(self.relateds())) if self.photoMimetype(): data['photo'] = dict(mimetype=self.photoMimetype(), base64=base64.b64encode(self.photo())) elif self.photo(): data['photo'] = dict(uri=self.photo()) return data def _names2dict(self, namecomp): names_map = { 'surname': 'surnames', 'given': 'given', 'additional': 'additional', 'prefix': 'prefixes', 'suffix': 'suffixes', } data = dict() for p, getter in names_map.items(): val = None if hasattr(namecomp, getter): val = getattr(namecomp, getter)() if isinstance(val, kolabformat.vectors): val = [str(x) for x in val][0] if len(val) > 0 else None if val is not None: data[p] = val return data def _affiliation2dict(self, affiliation): props_map = { 'organization': 'organisation', 'department': 'organisationalUnits', 'role': 'roles', } data = dict() for p, getter in props_map.items(): val = None if hasattr(affiliation, getter): val = getattr(affiliation, getter)() if isinstance(val, kolabformat.vectors): val = [str(x) for x in val][0] if len(val) > 0 else None if val is not None: data[p] = val data.update(self._relateds2dict(affiliation.relateds(), True)) addresses = affiliation.addresses() if len(addresses): data['address'] = [self._address2dict(adr, 'office') for adr in addresses] return data def _address2dict(self, adr, adrtype=None): props_map = { 'label': 'label', 'street': 'street', 'locality': 'locality', 'region': 'region', 'code': 'code', 'country': 'country', } addresstype_map = dict([(v, k) for (k, v) in self.addresstype_map.items()]) data = dict() if adrtype is None: adrtype = addresstype_map.get(adr.types(), None) if adrtype is not None: data['type'] = adrtype for p, getter in props_map.items(): val = None if hasattr(adr, getter): val = getattr(adr, getter)() if isinstance(val, kolabformat.vectors): val = [str(x) for x in val][0] if len(val) > 0 else None if val is not None: data[p] = val return data def _relateds2dict(self, relateds, aslist=True): data = dict() related_map = dict([(v, k) for (k, v) in self.related_map.items()]) for rel in relateds: reltype = related_map.get(rel.relationTypes(), None) val = rel.uri() if rel.type() == kolabformat.Related.Uid else rel.text() if reltype and val is not None: if aslist: if reltype not in data: data[reltype] = [] data[reltype].append(val) else: data[reltype] = val return data def _struct2dict(self, struct, propname, map): type_map = dict([(v, k) for (k, v) in map.items()]) result = dict() if hasattr(struct, 'types'): result['type'] = type_map.get(struct.types(), None) elif hasattr(struct, 'type'): result['type'] = type_map.get(struct.type(), None) if hasattr(struct, propname): result[propname] = getattr(struct, propname)() return result def __str__(self): xml = kolabformat.writeContact(self) error = kolabformat.error() if error == None or not error: return xml else: raise ContactIntegrityError(kolabformat.errorMessage()) class ContactIntegrityError(Exception): def __init__(self, message): Exception.__init__(self, message) diff --git a/pykolab/xml/event.py b/pykolab/xml/event.py index a80fe20..3b4fb29 100644 --- a/pykolab/xml/event.py +++ b/pykolab/xml/event.py @@ -1,1511 +1,1513 @@ +from six import string_types + import datetime import icalendar import kolabformat import pytz import time import uuid import base64 import re import pykolab from pykolab import constants from pykolab import utils from pykolab.xml import utils as xmlutils from pykolab.xml import participant_status_label from pykolab.xml.utils import ustr from pykolab.translate import _ from os import path from attendee import Attendee from contact_reference import ContactReference from recurrence_rule import RecurrenceRule from collections import OrderedDict log = pykolab.getLogger('pykolab.xml_event') def event_from_ical(ical, string=None): return Event(from_ical=ical, from_string=string) def event_from_string(string): return Event(from_string=string) def event_from_message(message): event = None if message.is_multipart(): for part in message.walk(): if part.get_content_type() == "application/calendar+xml": payload = part.get_payload(decode=True) event = event_from_string(payload) # append attachment parts to Event object elif event and 'Content-ID' in part: event._attachment_parts.append(part) return event class Event(object): type = 'event' thisandfuture = False status_map = { None: kolabformat.StatusUndefined, "TENTATIVE": kolabformat.StatusTentative, "CONFIRMED": kolabformat.StatusConfirmed, "CANCELLED": kolabformat.StatusCancelled, "COMPLETED": kolabformat.StatusCompleted, "IN-PROCESS": kolabformat.StatusInProcess, "NEEDS-ACTION": kolabformat.StatusNeedsAction, } classification_map = { "PUBLIC": kolabformat.ClassPublic, "PRIVATE": kolabformat.ClassPrivate, "CONFIDENTIAL": kolabformat.ClassConfidential, } alarm_type_map = { 'EMAIL': kolabformat.Alarm.EMailAlarm, 'DISPLAY': kolabformat.Alarm.DisplayAlarm, 'AUDIO': kolabformat.Alarm.AudioAlarm } related_map = { 'START': kolabformat.Start, 'END': kolabformat.End } properties_map = { # property: getter "uid": "get_uid", "created": "get_created", "lastmodified-date": "get_lastmodified", "sequence": "sequence", "classification": "get_classification", "categories": "categories", "start": "get_start", "end": "get_end", "duration": "get_duration", "transparency": "transparency", "rrule": "recurrenceRule", "rdate": "recurrenceDates", "exdate": "exceptionDates", "recurrence-id": "recurrenceID", "summary": "summary", "description": "description", "priority": "priority", "status": "get_ical_status", "location": "location", "organizer": "organizer", "attendee": "get_attendees", "attach": "attachments", "url": "url", "alarm": "alarms", "x-custom": "customProperties", # TODO: add to_dict() support for these # "exception": "exceptions", } def __init__(self, from_ical="", from_string=""): self._attendees = [] self._categories = [] self._exceptions = [] self._attachment_parts = [] if isinstance(from_ical, str) and from_ical == "": if from_string == "": self.event = kolabformat.Event() else: self.event = kolabformat.readEvent(from_string, False) self._load_attendees() self._load_exceptions() else: self.from_ical(from_ical, from_string) self.set_created(self.get_created()) self.uid = self.get_uid() def _load_attendees(self): for a in self.event.attendees(): att = Attendee(a.contact().email()) att.copy_from(a) self._attendees.append(att) def _load_exceptions(self): for ex in self.event.exceptions(): exception = Event() exception.uid = ex.uid() exception.event = ex exception._load_attendees() self._exceptions.append(exception) def add_attendee(self, email_or_attendee, name=None, rsvp=False, role=None, participant_status=None, cutype="INDIVIDUAL", params=None): if isinstance(email_or_attendee, Attendee): attendee = email_or_attendee else: attendee = Attendee(email_or_attendee, name, rsvp, role, participant_status, cutype, params) # apply update to self and all exceptions self.update_attendees([attendee], True) def add_category(self, category): self._categories.append(ustr(category)) self.event.setCategories(self._categories) def add_recurrence_date(self, _datetime): valid_datetime = False if isinstance(_datetime, datetime.date): valid_datetime = True if isinstance(_datetime, datetime.datetime): # If no timezone information is passed on, make it UTC if _datetime.tzinfo is None: _datetime = _datetime.replace(tzinfo=pytz.utc) valid_datetime = True if not valid_datetime: raise InvalidEventDateError(_("Rdate needs datetime.date or datetime.datetime instance, got %r") % (type(_datetime))) self.event.addRecurrenceDate(xmlutils.to_cdatetime(_datetime, True)) def add_exception_date(self, _datetime): valid_datetime = False if isinstance(_datetime, datetime.date): valid_datetime = True if isinstance(_datetime, datetime.datetime): # If no timezone information is passed on, make it UTC if _datetime.tzinfo == None: _datetime = _datetime.replace(tzinfo=pytz.utc) valid_datetime = True if not valid_datetime: raise InvalidEventDateError(_("Exdate needs datetime.date or datetime.datetime instance, got %r") % (type(_datetime))) self.event.addExceptionDate(xmlutils.to_cdatetime(_datetime, True)) def add_exception(self, exception): recurrence_id = exception.get_recurrence_id() if recurrence_id is None: raise EventIntegrityError("Recurrence exceptions require a Recurrence-ID property") # check if an exception with the given recurrence-id already exists append = True vexceptions = self.event.exceptions() for i, ex in enumerate(self._exceptions): if ex.get_recurrence_id() == recurrence_id and ex.thisandfuture == exception.thisandfuture: # update the existing exception vexceptions[i] = exception.event self._exceptions[i] = exception append = False # check if main event matches the given recurrence-id if append and self.get_recurrence_id() == recurrence_id: self.event = exception.event self._load_attendees() self._load_exceptions() append = False if append: vexceptions.append(exception.event) self._exceptions.append(exception) self.event.setExceptions(vexceptions) def del_exception(self, exception): recurrence_id = exception.get_recurrence_id() if recurrence_id is None: raise EventIntegrityError("Recurrence exceptions require a Recurrence-ID property") updated = False vexceptions = self.event.exceptions() for i, ex in enumerate(self._exceptions): if ex.get_recurrence_id() == recurrence_id and ex.thisandfuture == exception.thisandfuture: del vexceptions[i] del self._exceptions[i] updated = True if updated: self.event.setExceptions(vexceptions) def as_string_itip(self, method="REQUEST"): cal = icalendar.Calendar() cal.add( 'prodid', '-//pykolab-%s-%s//kolab.org//' % ( constants.__version__, constants.__release__ ) ) cal.add('version', '2.0') # TODO: Really? cal.add('calscale', 'GREGORIAN') # TODO: Not always a request... cal.add('method', method) # TODO: Add timezone information using icalendar.?() # Not sure if there is a class for it. cal.add_component(self.to_ical()) # add recurrence exceptions if len(self._exceptions) > 0 and not method == 'REPLY': for exception in self._exceptions: cal.add_component(exception.to_ical()) if hasattr(cal, 'to_ical'): return cal.to_ical() elif hasattr(cal, 'as_string'): return cal.as_string() def to_ical(self): event = icalendar.Event() # Required event['uid'] = self.get_uid() # NOTE: Make sure to list(set()) or duplicates may arise for attr in list(set(event.singletons)): _attr = attr.lower().replace('-', '') ical_getter = 'get_ical_%s' % (_attr) default_getter = 'get_%s' % (_attr) retval = None if hasattr(self, ical_getter): retval = getattr(self, ical_getter)() if not retval == None and not retval == "": event.add(attr.lower(), retval) elif hasattr(self, default_getter): retval = getattr(self, default_getter)() if not retval == None and not retval == "": event.add(attr.lower(), retval, encode=0) # NOTE: Make sure to list(set()) or duplicates may arise for attr in list(set(event.multiple)): _attr = attr.lower().replace('-', '') ical_getter = 'get_ical_%s' % (_attr) default_getter = 'get_%s' % (_attr) retval = None if hasattr(self, ical_getter): retval = getattr(self, ical_getter)() elif hasattr(self, default_getter): retval = getattr(self, default_getter)() if isinstance(retval, list) and not len(retval) == 0: for _retval in retval: event.add(attr.lower(), _retval, encode=0) # copy custom properties to iCal for cs in self.event.customProperties(): event.add(cs.identifier, cs.value) return event def delegate(self, delegators, delegatees, names=None): if not isinstance(delegators, list): delegators = [delegators] if not isinstance(delegatees, list): delegatees = [delegatees] if not isinstance(names, list): names = [names] _delegators = [] for delegator in delegators: _delegators.append(self.get_attendee(delegator)) _delegatees = [] for i,delegatee in enumerate(delegatees): try: _delegatees.append(self.get_attendee(delegatee)) except: # TODO: An iTip needs to be sent out to the new attendee self.add_attendee(delegatee, names[i] if i < len(names) else None) _delegatees.append(self.get_attendee(delegatee)) for delegator in _delegators: delegator.delegate_to(_delegatees) for delegatee in _delegatees: delegatee.delegate_from(_delegators) self.event.setAttendees(self._attendees) def from_ical(self, ical, raw=None): if isinstance(ical, icalendar.Event) or isinstance(ical, icalendar.Calendar): ical_event = ical elif hasattr(icalendar.Event, 'from_ical'): ical_event = icalendar.Event.from_ical(ical) elif hasattr(icalendar.Event, 'from_string'): ical_event = icalendar.Event.from_string(ical) # VCALENDAR block was given, find the first VEVENT item if isinstance(ical_event, icalendar.Calendar): for c in ical_event.walk(): if c.name == 'VEVENT': ical_event = c break # use the libkolab calendaring bindings to load the full iCal data if 'RRULE' in ical_event or 'ATTACH' in ical_event \ or [part for part in ical_event.walk() if part.name == 'VALARM']: if raw is None or raw == "": raw = ical if isinstance(ical, str) else ical.to_ical() self._xml_from_ical(raw) else: self.event = kolabformat.Event() # TODO: Clause the timestamps for zulu suffix causing datetime.datetime # to fail substitution. for attr in list(set(ical_event.required)): if attr in ical_event: self.set_from_ical(attr.lower(), ical_event[attr]) # NOTE: Make sure to list(set()) or duplicates may arise # NOTE: Keep the original order e.g. to read DTSTART before RECURRENCE-ID for attr in list(OrderedDict.fromkeys(ical_event.singletons)): if attr in ical_event: if isinstance(ical_event[attr], list): ical_event[attr] = ical_event[attr][0]; self.set_from_ical(attr.lower(), ical_event[attr]) # NOTE: Make sure to list(set()) or duplicates may arise for attr in list(set(ical_event.multiple)): if attr in ical_event: self.set_from_ical(attr.lower(), ical_event[attr]) def _xml_from_ical(self, ical): if not "BEGIN:VCALENDAR" in ical: ical = "BEGIN:VCALENDAR\nVERSION:2.0\n" + ical + "\nEND:VCALENDAR" from kolab.calendaring import EventCal self.event = EventCal() success = self.event.fromICal(ical) if success: self._load_exceptions() return success def get_attendee_participant_status(self, attendee): return attendee.get_participant_status() def get_attendee(self, attendee): - if isinstance(attendee, basestring): + if isinstance(attendee, string_types): if attendee in [x.get_email() for x in self.get_attendees()]: attendee = self.get_attendee_by_email(attendee) elif attendee in [x.get_name() for x in self.get_attendees()]: attendee = self.get_attendee_by_name(attendee) else: raise ValueError(_("No attendee with email or name %r") %(attendee)) return attendee elif isinstance(attendee, Attendee): return attendee else: raise ValueError(_("Invalid argument value attendee %r, must be basestring or Attendee") % (attendee)) def find_attendee(self, attendee): try: return self.get_attendee(attendee) except: return None def get_attendee_by_email(self, email): if email in [x.get_email() for x in self.get_attendees()]: return [x for x in self.get_attendees() if x.get_email() == email][0] raise ValueError(_("No attendee with email %r") %(email)) def get_attendee_by_name(self, name): if name in [x.get_name() for x in self.get_attendees()]: return [x for x in self.get_attendees() if x.get_name() == name][0] raise ValueError(_("No attendee with name %r") %(name)) def get_attendees(self): return self._attendees def get_categories(self): return [str(c) for c in self.event.categories()] def get_classification(self): return self.event.classification() def get_created(self): try: return xmlutils.from_cdatetime(self.event.created(), True) except ValueError: return datetime.datetime.now() def get_description(self): return self.event.description() def get_comment(self): if hasattr(self.event, 'comment'): return self.event.comment() else: return None def get_duration(self): duration = self.event.duration() if duration and duration.isValid(): dtd = datetime.timedelta( days=duration.days(), seconds=duration.seconds(), minutes=duration.minutes(), hours=duration.hours(), weeks=duration.weeks() ) return dtd return None def get_end(self): dt = xmlutils.from_cdatetime(self.event.end(), True) if not dt: duration = self.get_duration() if duration is not None: dt = self.get_start() + duration return dt def get_date_text(self, date_format=None, time_format=None): if date_format is None: date_format = _("%Y-%m-%d") if time_format is None: time_format = _("%H:%M (%Z)") start = self.get_start() end = self.get_end() all_day = not hasattr(start, 'date') start_date = start.date() if not all_day else start end_date = end.date() if not all_day else end if start_date == end_date: end_format = time_format else: end_format = date_format + " " + time_format if all_day: time_format = '' if start_date == end_date: return start.strftime(date_format) return "%s - %s" % (start.strftime(date_format + " " + time_format), end.strftime(end_format)) def get_recurrence_dates(self): return map(lambda _: xmlutils.from_cdatetime(_, True), self.event.recurrenceDates()) def get_exception_dates(self): return map(lambda _: xmlutils.from_cdatetime(_, True), self.event.exceptionDates()) def get_exceptions(self): return self._exceptions def has_exceptions(self): return len(self._exceptions) > 0 def get_attachments(self): return self.event.attachments() def get_attachment_data(self, i): vattach = self.event.attachments() if i < len(vattach): attachment = vattach[i] uri = attachment.uri() if uri and uri[0:4] == 'cid:': # get data from MIME part with matching content-id cid = '<' + uri[4:] + '>' for p in self._attachment_parts: if p['Content-ID'] == cid: return p.get_payload(decode=True) else: return attachment.data() return None def get_alarms(self): return self.event.alarms() def get_ical_attendee(self): # TODO: Formatting, aye? See also the example snippet: # # ATTENDEE;RSVP=TRUE;ROLE=REQ-PARTICIPANT;CUTYPE=GROUP: # MAILTO:employee-A@host.com attendees = [] for attendee in self.get_attendees(): email = attendee.get_email() name = attendee.get_name() rsvp = attendee.get_rsvp() role = attendee.get_role() partstat = attendee.get_participant_status() cutype = attendee.get_cutype() delegators = attendee.get_delegated_from() delegatees = attendee.get_delegated_to() if rsvp in attendee.rsvp_map: _rsvp = rsvp elif rsvp in attendee.rsvp_map.values(): _rsvp = [k for k, v in attendee.rsvp_map.items() if v == rsvp][0] else: _rsvp = None if role in attendee.role_map: _role = role elif role in attendee.role_map.values(): _role = [k for k, v in attendee.role_map.items() if v == role][0] else: _role = None if partstat in attendee.participant_status_map: _partstat = partstat elif partstat in attendee.participant_status_map.values(): _partstat = [k for k, v in attendee.participant_status_map.items() if v == partstat][0] else: _partstat = None if cutype in attendee.cutype_map: _cutype = cutype elif cutype in attendee.cutype_map.values(): _cutype = [k for k, v in attendee.cutype_map.items() if v == cutype][0] else: _cutype = None _attendee = icalendar.vCalAddress("MAILTO:%s" % email) if not name == None and not name == "": _attendee.params['CN'] = icalendar.vText(name) if not _rsvp == None: _attendee.params['RSVP'] = icalendar.vText(_rsvp) if not _role == None: _attendee.params['ROLE'] = icalendar.vText(_role) if not _partstat == None: _attendee.params['PARTSTAT'] = icalendar.vText(_partstat) if not _cutype == None: _attendee.params['CUTYPE'] = icalendar.vText(_cutype) if not delegators == None and len(delegators) > 0: _attendee.params['DELEGATED-FROM'] = icalendar.vText(delegators[0].email()) if not delegatees == None and len(delegatees) > 0: _attendee.params['DELEGATED-TO'] = icalendar.vText(delegatees[0].email()) attendees.append(_attendee) return attendees def get_ical_attendee_participant_status(self, attendee): attendee = self.get_attendee(attendee) if attendee.get_participant_status() in attendee.participant_status_map: return attendee.get_participant_status() elif attendee.get_participant_status() in attendee.participant_status_map.values(): return [k for k, v in attendee.participant_status_map.items() if v == attendee.get_participant_status()][0] else: raise ValueError(_("Invalid participant status")) def get_ical_created(self): return self.get_created() def get_ical_dtend(self): dtend = self.get_end() # shift end by one day on all-day events if not hasattr(dtend, 'hour'): dtend = dtend + datetime.timedelta(days=1) return dtend def get_ical_dtstamp(self): try: retval = self.get_lastmodified() if retval == None or retval == "": return datetime.datetime.now() except: return datetime.datetime.now() def get_ical_lastmodified(self): return self.get_ical_dtstamp() def get_ical_dtstart(self): return self.get_start() def get_ical_organizer(self): contact = self.get_organizer() organizer = icalendar.vCalAddress("MAILTO:%s" % contact.email()) name = contact.name() if not name == None and not name == "": organizer.params["CN"] = icalendar.vText(name) return organizer def get_ical_status(self): status = self.event.status() if status in self.status_map: return status return self._translate_value(status, self.status_map) if status else None def get_ical_class(self): class_ = self.event.classification() return self._translate_value(class_, self.classification_map) if class_ else None def get_ical_sequence(self): return str(self.event.sequence()) if self.event.sequence() else None def get_ical_comment(self): comment = self.get_comment() if comment is not None: return [ comment ] return None def get_ical_recurrenceid(self): rid = self.get_recurrence_id() if isinstance(rid, datetime.datetime) or isinstance(rid, datetime.date): prop = icalendar.vDatetime(rid) if isinstance(rid, datetime.datetime) else icalendar.vDate(rid) if self.thisandfuture: prop.params.update({'RANGE':'THISANDFUTURE'}) return prop return None def get_ical_rrule(self): result = [] rrule = self.get_recurrence() if rrule.isValid(): result.append(rrule.to_ical()) return result def get_ical_rdate(self): rdates = self.get_recurrence_dates() for i in range(len(rdates)): rdates[i] = icalendar.prop.vDDDLists(rdates[i]) return rdates def get_location(self): return self.event.location() def get_lastmodified(self): try: _datetime = self.event.lastModified() if _datetime == None or not _datetime.isValid(): self.__str__() except: self.__str__() return xmlutils.from_cdatetime(self.event.lastModified(), True) def get_organizer(self): organizer = self.event.organizer() return organizer def get_priority(self): return str(self.event.priority()) def get_start(self): return xmlutils.from_cdatetime(self.event.start(), True) def get_status(self, translated=False): status = self.event.status() if translated: return self._translate_value(status, self.status_map) if status else None return status def get_summary(self): return self.event.summary() def get_uid(self): uid = self.event.uid() if not uid == '': return uid else: self.set_uid(uuid.uuid4()) return self.get_uid() def get_recurrence_id(self): self.thisandfuture = self.event.thisAndFuture(); recurrence_id = xmlutils.from_cdatetime(self.event.recurrenceID(), True) # fix recurrence-id type if stored as date instead of datetime if recurrence_id is not None and isinstance(recurrence_id, datetime.date): dtstart = self.get_start() if not type(recurrence_id) == type(dtstart): recurrence_id = datetime.datetime.combine(recurrence_id, dtstart.time()).replace(tzinfo=dtstart.tzinfo) return recurrence_id def get_thisandfuture(self): self.thisandfuture = self.event.thisAndFuture(); return self.thisandfuture def get_sequence(self): return self.event.sequence() def get_url(self): return self.event.url() def get_transparency(self): return self.event.transparency() def get_recurrence(self): return RecurrenceRule(self.event.recurrenceRule()) def set_attendees(self, _attendees, recursive=False): if recursive: self._attendees = [] self.update_attendees(_attendees, True) else: self._attendees = _attendees self.event.setAttendees(self._attendees) def set_attendee_participant_status(self, attendee, status, rsvp=None): """ Set the participant status of an attendee to status. As the attendee arg, pass an email address or name, for this function to obtain the attendee object by searching the list of attendees for this event. """ attendee = self.get_attendee(attendee) attendee.set_participant_status(status) if rsvp is not None: attendee.set_rsvp(rsvp) # apply update to self and all exceptions self.update_attendees([attendee], False) def update_attendees(self, _attendees, append=True): self.merge_attendee_data(_attendees, append) if len(self._exceptions): vexceptions = self.event.exceptions() for i, exception in enumerate(self._exceptions): exception.merge_attendee_data(_attendees, append) vexceptions[i] = exception.event self.event.setExceptions(vexceptions) def merge_attendee_data(self, _attendees, append=True): for attendee in _attendees: found = False for candidate in self._attendees: if candidate.get_email() == attendee.get_email(): candidate.copy_from(attendee) found = True break if not found and append: self._attendees.append(attendee) self.event.setAttendees(self._attendees) def set_classification(self, classification): if classification in self.classification_map: self.event.setClassification(self.classification_map[classification]) elif classification in self.classification_map.values(): self.event.setClassification(classification) else: raise ValueError(_("Invalid classification %r") % (classification)) def set_created(self, _datetime=None): if _datetime is None or isinstance(_datetime, datetime.time): _datetime = datetime.datetime.utcnow() self.event.setCreated(xmlutils.to_cdatetime(_datetime, False, True)) def set_description(self, description): self.event.setDescription(ustr(description)) def set_comment(self, comment): if hasattr(self.event, 'setComment'): self.event.setComment(ustr(comment)) def set_dtstamp(self, _datetime): self.event.setLastModified(xmlutils.to_cdatetime(_datetime, False, True)) def set_end(self, _datetime): valid_datetime = False if isinstance(_datetime, datetime.date): valid_datetime = True if isinstance(_datetime, datetime.datetime): # If no timezone information is passed on, make it UTC if _datetime.tzinfo == None: _datetime = _datetime.replace(tzinfo=pytz.utc) valid_datetime = True if not valid_datetime: raise InvalidEventDateError(_("Event end needs datetime.date or datetime.datetime instance, got %r") % (type(_datetime))) self.event.setEnd(xmlutils.to_cdatetime(_datetime, True)) def set_exception_dates(self, _datetimes): for _datetime in _datetimes: self.add_exception_date(_datetime) def set_recurrence_dates(self, _datetimes): for _datetime in _datetimes: self.add_recurrence_date(_datetime) def add_custom_property(self, name, value): if not name.upper().startswith('X-'): raise ValueError(_("Invalid custom property name %r") % (name)) props = self.event.customProperties() props.append(kolabformat.CustomProperty(name.upper(), value)) self.event.setCustomProperties(props) def set_from_ical(self, attr, value): attr = attr.replace('-', '') ical_setter = 'set_ical_' + attr default_setter = 'set_' + attr params = value.params if hasattr(value, 'params') else {} if isinstance(value, icalendar.vDDDTypes) and hasattr(value, 'dt'): value = value.dt if attr == "categories": self.add_category(value) elif attr == "class": if (value and value[:2] not in ['X-', 'x-']): self.set_classification(value) elif attr == "recurrenceid": self.set_ical_recurrenceid(value, params) elif hasattr(self, ical_setter): getattr(self, ical_setter)(value) elif hasattr(self, default_setter): getattr(self, default_setter)(value) def set_ical_attendee(self, _attendee): - if isinstance(_attendee, basestring): + if isinstance(_attendee, string_types): _attendee = [_attendee] if isinstance(_attendee, list): for attendee in _attendee: address = str(attendee).split(':')[-1] if hasattr(attendee, 'params'): params = attendee.params else: params = {} if 'CN' in params: name = ustr(params['CN']) else: name = None if 'ROLE' in params: role = params['ROLE'] else: role = None if 'PARTSTAT' in params: partstat = params['PARTSTAT'] else: partstat = None if 'RSVP' in params: rsvp = params['RSVP'] else: rsvp = None if 'CUTYPE' in params: cutype = params['CUTYPE'] else: cutype = kolabformat.CutypeIndividual att = self.add_attendee(address, name=name, rsvp=rsvp, role=role, participant_status=partstat, cutype=cutype, params=params) def set_ical_dtend(self, dtend): # shift end by one day on all-day events if not hasattr(dtend, 'hour'): dtend = dtend - datetime.timedelta(days=1) self.set_end(dtend) def set_ical_dtstamp(self, dtstamp): self.set_dtstamp(dtstamp) def set_ical_dtstart(self, dtstart): self.set_start(dtstart) def set_ical_lastmodified(self, lastmod): self.set_lastmodified(lastmod) def set_ical_duration(self, value): if hasattr(value, 'dt'): value = value.dt duration = kolabformat.Duration(value.days, 0, 0, value.seconds, False) self.event.setDuration(duration) def set_ical_organizer(self, organizer): address = str(organizer).split(':')[-1] cn = None if hasattr(organizer, 'params'): params = organizer.params else: params = {} if 'CN' in params: cn = ustr(params['CN']) self.set_organizer(str(address), name=cn) def set_ical_priority(self, priority): self.set_priority(priority) def set_ical_sequence(self, sequence): self.set_sequence(sequence) def set_ical_summary(self, summary): self.set_summary(ustr(summary)) def set_ical_uid(self, uid): self.set_uid(str(uid)) def set_ical_rdate(self, rdate): rdates = [] # rdate here can be vDDDLists or a list of vDDDLists, why?! if isinstance(rdate, icalendar.prop.vDDDLists): rdate = [rdate] for _rdate in rdate: if isinstance(_rdate, icalendar.prop.vDDDLists): tzid = None if hasattr(_rdate, 'params') and 'TZID' in _rdate.params: tzid = _rdate.params['TZID'] dts = icalendar.prop.vDDDLists.from_ical(_rdate.to_ical(), tzid) for datetime in dts: rdates.append(datetime) self.set_recurrence_dates(rdates) def set_ical_recurrenceid(self, value, params): try: self.thisandfuture = params.get('RANGE', '') == 'THISANDFUTURE' self.set_recurrence_id(value, self.thisandfuture) except InvalidEventDateError: pass def set_lastmodified(self, _datetime=None): valid_datetime = False if isinstance(_datetime, datetime.date): valid_datetime = True if isinstance(_datetime, datetime.datetime): valid_datetime = True if _datetime is None or isinstance(_datetime, datetime.time): valid_datetime = True _datetime = datetime.datetime.utcnow() if not valid_datetime: raise InvalidEventDateError(_("Event last-modified needs datetime.date or datetime.datetime instance, got %r") % (type(_datetime))) self.event.setLastModified(xmlutils.to_cdatetime(_datetime, False, True)) def set_location(self, location): self.event.setLocation(ustr(location)) def set_organizer(self, email, name=None): contactreference = ContactReference(email) if not name == None: contactreference.setName(name) self.event.setOrganizer(contactreference) def set_priority(self, priority): self.event.setPriority(priority) def set_sequence(self, sequence): self.event.setSequence(int(sequence)) def set_url(self, url): self.event.setUrl(ustr(url)) def set_recurrence(self, recurrence): self.event.setRecurrenceRule(recurrence) # reset eventcal instance if hasattr(self, 'eventcal'): del self.eventcal def set_start(self, _datetime): valid_datetime = False if isinstance(_datetime, datetime.date): valid_datetime = True if isinstance(_datetime, datetime.datetime): # If no timezone information is passed on, make it UTC if _datetime.tzinfo == None: _datetime = _datetime.replace(tzinfo=pytz.utc) valid_datetime = True if not valid_datetime: raise InvalidEventDateError(_("Event start needs datetime.date or datetime.datetime instance, got %r") % (type(_datetime))) self.event.setStart(xmlutils.to_cdatetime(_datetime, True)) def set_status(self, status): if status in self.status_map: self.event.setStatus(self.status_map[status]) elif status in self.status_map.values(): self.event.setStatus(status) elif not status == kolabformat.StatusUndefined: raise InvalidEventStatusError(_("Invalid status set: %r") % (status)) def set_summary(self, summary): self.event.setSummary(summary) def set_uid(self, uid): self.uid = uid self.event.setUid(str(uid)) def set_recurrence_id(self, _datetime, _thisandfuture=None): valid_datetime = False if isinstance(_datetime, datetime.date): valid_datetime = True if isinstance(_datetime, datetime.datetime): # If no timezone information is passed on, use the one from event start if _datetime.tzinfo == None: _start = self.get_start() _datetime = _datetime.replace(tzinfo=_start.tzinfo) valid_datetime = True if not valid_datetime: raise InvalidEventDateError(_("Event recurrence-id needs datetime.datetime instance")) if _thisandfuture is None: _thisandfuture = self.thisandfuture self.event.setRecurrenceID(xmlutils.to_cdatetime(_datetime), _thisandfuture) def set_transparency(self, transp): return self.event.setTransparency(transp) def __str__(self): event_xml = kolabformat.writeEvent(self.event) error = kolabformat.error() if error == None or not error: return event_xml else: raise EventIntegrityError(kolabformat.errorMessage()) def to_dict(self): data = dict() for p, getter in self.properties_map.items(): val = None if hasattr(self, getter): val = getattr(self, getter)() elif hasattr(self.event, getter): val = getattr(self.event, getter)() if isinstance(val, kolabformat.cDateTime): val = xmlutils.from_cdatetime(val, True) elif isinstance(val, kolabformat.vectordatetime): val = [xmlutils.from_cdatetime(x, True) for x in val] elif isinstance(val, kolabformat.vectors): val = [str(x) for x in val] elif isinstance(val, kolabformat.vectorcs): for x in val: data[x.identifier] = x.value val = None elif isinstance(val, kolabformat.ContactReference): val = ContactReference(val).to_dict() elif isinstance(val, kolabformat.RecurrenceRule): val = RecurrenceRule(val).to_dict() elif isinstance(val, kolabformat.vectorattachment): val = [dict(fmttype=x.mimetype(), label=x.label(), uri=x.uri()) for x in val] elif isinstance(val, kolabformat.vectoralarm): val = [self._alarm_to_dict(x) for x in val] elif isinstance(val, list): val = [x.to_dict() for x in val if hasattr(x, 'to_dict')] if val is not None: data[p] = val return data def _alarm_to_dict(self, alarm): ret = dict( action=self._translate_value(alarm.type(), self.alarm_type_map), summary=alarm.summary(), description=alarm.description(), trigger=None ) start = alarm.start() if start and start.isValid(): ret['trigger'] = xmlutils.from_cdatetime(start, True) else: ret['trigger'] = dict(related=self._translate_value(alarm.relativeTo(), self.related_map)) duration = alarm.relativeStart() if duration and duration.isValid(): prefix = '-' if duration.isNegative() else '+' value = prefix + "P%dW%dDT%dH%dM%dS" % ( duration.weeks(), duration.days(), duration.hours(), duration.minutes(), duration.seconds() ) ret['trigger']['value'] = re.sub(r"T$", '', re.sub(r"0[WDHMS]", '', value)) if alarm.type() == kolabformat.Alarm.EMailAlarm: ret['attendee'] = [ContactReference(a).to_dict() for a in alarm.attendees()] return ret def _translate_value(self, val, map): name_map = dict([(v, k) for (k, v) in map.items()]) return name_map[val] if val in name_map else 'UNKNOWN' def to_message(self, creator=None): from email.MIMEMultipart import MIMEMultipart from email.MIMEBase import MIMEBase from email.MIMEText import MIMEText from email.Utils import COMMASPACE, formatdate msg = MIMEMultipart() organizer = self.get_organizer() email = organizer.email() name = organizer.name() if creator: msg['From'] = creator elif not name: msg['From'] = email else: msg['From'] = '"%s" <%s>' % (name, email) msg['To'] = ', '.join([x.__str__() for x in self.get_attendees()]) msg['Date'] = formatdate(localtime=True) msg.add_header('X-Kolab-MIME-Version', '3.0') msg.add_header('X-Kolab-Type', 'application/x-vnd.kolab.' + self.type) text = utils.multiline_message(""" This is a Kolab Groupware object. To view this object you will need an email client that understands the Kolab Groupware format. For a list of such email clients please visit http://www.kolab.org/ """) msg.attach( MIMEText(text) ) part = MIMEBase('application', "calendar+xml") part.set_charset('UTF-8') msg["Subject"] = self.get_uid() # extract attachment data into separate MIME parts vattach = self.event.attachments() i = 0 for attach in vattach: if attach.uri(): continue mimetype = attach.mimetype() (primary, seconday) = mimetype.split('/') name = attach.label() if not name: name = 'unknown.x' (basename, suffix) = path.splitext(name) t = datetime.datetime.now() cid = "%s.%s.%s%s" % (basename, time.mktime(t.timetuple()), t.microsecond + len(self._attachment_parts), suffix) p = MIMEBase(primary, seconday) p.add_header('Content-Disposition', 'attachment', filename=name) p.add_header('Content-Transfer-Encoding', 'base64') p.add_header('Content-ID', '<' + cid + '>') p.set_payload(base64.b64encode(attach.data())) self._attachment_parts.append(p) # modify attachment object attach.setData('', mimetype) attach.setUri('cid:' + cid, mimetype) vattach[i] = attach i += 1 self.event.setAttachments(vattach) part.set_payload(str(self)) part.add_header('Content-Disposition', 'attachment; filename="kolab.xml"') part.replace_header('Content-Transfer-Encoding', '8bit') msg.attach(part) # append attachment parts for p in self._attachment_parts: msg.attach(p) return msg def to_message_itip(self, from_address, method="REQUEST", participant_status="ACCEPTED", subject=None, message_text=None): from email.MIMEMultipart import MIMEMultipart from email.MIMEBase import MIMEBase from email.MIMEText import MIMEText from email.Utils import COMMASPACE, formatdate # encode unicode strings with quoted-printable from email import charset charset.add_charset('utf-8', charset.SHORTEST, charset.QP) msg = MIMEMultipart("alternative") msg_from = None attendees = None if method == "REPLY": # TODO: Make user friendly name msg['To'] = self.get_organizer().email() attendees = self.get_attendees() reply_attendees = [] # There's an exception here for delegation (partstat DELEGATED) for attendee in attendees: if attendee.get_email() == from_address: # Only the attendee is supposed to be listed in a reply attendee.set_participant_status(participant_status) attendee.set_rsvp(False) reply_attendees.append(attendee) name = attendee.get_name() email = attendee.get_email() if not name: msg_from = email else: msg_from = '"%s" <%s>' % (name, email) elif from_address in attendee.get_delegated_from(True): reply_attendees.append(attendee) # keep only replying (and delegated) attendee(s) self._attendees = reply_attendees self.event.setAttendees(self._attendees) if msg_from == None: organizer = self.get_organizer() email = organizer.email() name = organizer.name() if email == from_address: if not name: msg_from = email else: msg_from = '"%s" <%s>' % (name, email) elif method == "REQUEST": organizer = self.get_organizer() email = organizer.email() name = organizer.name() if not name: msg_from = email else: msg_from = '"%s" <%s>' % (name, email) if msg_from == None: if from_address == None: log.error(_("No sender specified")) else: msg_from = from_address msg['From'] = utils.str2unicode(msg_from) msg['Date'] = formatdate(localtime=True) if subject is None: subject = _("Invitation for %s was %s") % (self.get_summary(), participant_status_label(participant_status)) msg['Subject'] = utils.str2unicode(subject) if message_text is None: message_text = _("""This is an automated response to one of your event requests.""") msg.attach(MIMEText(utils.stripped_message(message_text), _charset='utf-8')) part = MIMEBase('text', 'calendar', charset='UTF-8', method=method) del part['MIME-Version'] # mime parts don't need this part.set_payload(self.as_string_itip(method=method)) part.add_header('Content-Transfer-Encoding', '8bit') msg.attach(part) # restore the original list of attendees # attendees being reduced to the replying attendee above if attendees is not None: self._attendees = attendees self.event.setAttendees(self._attendees) return msg def is_recurring(self): return self.event.recurrenceRule().isValid() or len(self.get_recurrence_dates()) > 0 def to_event_cal(self): from kolab.calendaring import EventCal return EventCal(self.event) def get_next_occurence(self, _datetime): if not hasattr(self, 'eventcal'): self.eventcal = self.to_event_cal() next_cdatetime = self.eventcal.getNextOccurence(xmlutils.to_cdatetime(_datetime, True)) next_datetime = xmlutils.from_cdatetime(next_cdatetime, True) if next_cdatetime is not None else None # cut infinite recurrence at a reasonable point if next_datetime and not self.get_last_occurrence() and next_datetime > xmlutils.to_dt(self._recurrence_end()): next_datetime = None # next_datetime is always a cdatetime, convert to date if necessary if next_datetime and not isinstance(self.get_start(), datetime.datetime): next_datetime = datetime.date(next_datetime.year, next_datetime.month, next_datetime.day) return next_datetime def get_occurence_end_date(self, datetime): if not datetime: return None if not hasattr(self, 'eventcal'): return None end_cdatetime = self.eventcal.getOccurenceEndDate(xmlutils.to_cdatetime(datetime, True)) return xmlutils.from_cdatetime(end_cdatetime, True) if end_cdatetime is not None else None def get_last_occurrence(self, force=False): if not hasattr(self, 'eventcal'): self.eventcal = self.to_event_cal() last = self.eventcal.getLastOccurrence() last_datetime = xmlutils.from_cdatetime(last, True) if last is not None else None # we're forced to return some date if last_datetime is None and force: last_datetime = self._recurrence_end() return last_datetime def get_next_instance(self, datetime): next_start = self.get_next_occurence(datetime) if next_start: instance = Event(from_string=str(self)) instance.set_start(next_start) instance.event.setRecurrenceID(xmlutils.to_cdatetime(next_start), False) next_end = self.get_occurence_end_date(next_start) if next_end: instance.set_end(next_end) # unset recurrence rule and exceptions instance.set_recurrence(kolabformat.RecurrenceRule()) instance.event.setExceptions(kolabformat.vectorevent()) instance.event.setExceptionDates(kolabformat.vectordatetime()) instance._exceptions = [] instance._isexception = False # unset attachments list (only stored in main event) instance.event.setAttachments(kolabformat.vectorattachment()) # copy data from matching exception # (give precedence to single occurrence exceptions over thisandfuture) for exception in self._exceptions: recurrence_id = exception.get_recurrence_id() if recurrence_id == next_start and (not exception.thisandfuture or not instance._isexception): instance = exception instance._isexception = True if not exception.thisandfuture: break elif exception.thisandfuture and next_start > recurrence_id: # TODO: merge exception properties over this instance + adjust start/end with the according offset pass return instance return None def get_instance(self, _datetime): # If no timezone information is given, use the one from event start if isinstance(_datetime, datetime.datetime) and _datetime.tzinfo == None: _start = self.get_start() if hasattr(_start, 'tzinfo'): _datetime = _datetime.replace(tzinfo=_start.tzinfo) if self.is_recurring(): instance = self.get_next_instance(_datetime - datetime.timedelta(days=1)) while instance: recurrence_id = instance.get_recurrence_id() if type(recurrence_id) == type(_datetime) and recurrence_id <= _datetime: if xmlutils.dates_equal(recurrence_id, _datetime): return instance instance = self.get_next_instance(instance.get_start()) else: break elif self.has_exceptions(): for exception in self._exceptions: recurrence_id = exception.get_recurrence_id() if type(recurrence_id) == type(_datetime) and xmlutils.dates_equal(recurrence_id, _datetime): return exception if self.get_recurrence_id(): recurrence_id = self.get_recurrence_id() if type(recurrence_id) == type(_datetime) and xmlutils.dates_equal(recurrence_id, _datetime): return self return None def _recurrence_end(self): """ Determine a reasonable end date for infinitely recurring events """ rrule = self.event.recurrenceRule() if rrule.isValid() and rrule.count() < 0 and not rrule.end().isValid(): now = datetime.datetime.now() switch = { kolabformat.RecurrenceRule.Yearly: 100, kolabformat.RecurrenceRule.Monthly: 20 } intvl = switch[rrule.frequency()] if rrule.frequency() in switch else 10 return self.get_start().replace(year=now.year + intvl) return xmlutils.from_cdatetime(rrule.end(), True) class EventIntegrityError(Exception): def __init__(self, message): Exception.__init__(self, message) class InvalidEventDateError(Exception): def __init__(self, message): Exception.__init__(self, message) class InvalidEventStatusError(Exception): def __init__(self, message): Exception.__init__(self, message) diff --git a/wallace/module_invitationpolicy.py b/wallace/module_invitationpolicy.py index 4ad224e..38dfc70 100644 --- a/wallace/module_invitationpolicy.py +++ b/wallace/module_invitationpolicy.py @@ -1,1483 +1,1484 @@ # -*- coding: utf-8 -*- # Copyright 2014 Kolab Systems AG (http://www.kolabsys.com) # # Thomas Bruederli (Kolab Systems) # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program. If not, see . # +from six import string_types import datetime import os import random import signal import tempfile import time try: from urlparse import urlparse except ImportError: from urllib.parse import urlparse import urllib import hashlib import traceback import re from email import message_from_string from email.parser import Parser from email.utils import formataddr from email.utils import getaddresses import modules import pykolab import kolabformat from pykolab import utils from pykolab.auth import Auth from pykolab.conf import Conf from pykolab.imap import IMAP from pykolab.xml import to_dt from pykolab.xml import utils as xmlutils from pykolab.xml import todo_from_message from pykolab.xml import event_from_message from pykolab.xml import participant_status_label from pykolab.itip import objects_from_message from pykolab.itip import check_event_conflict from pykolab.itip import send_reply from pykolab.translate import _ # define some contstants used in the code below ACT_MANUAL = 1 ACT_ACCEPT = 2 ACT_DELEGATE = 4 ACT_REJECT = 8 ACT_UPDATE = 16 ACT_CANCEL_DELETE = 32 ACT_SAVE_TO_FOLDER = 64 COND_IF_AVAILABLE = 128 COND_IF_CONFLICT = 256 COND_TENTATIVE = 512 COND_NOTIFY = 1024 COND_FORWARD = 2048 COND_TYPE_EVENT = 4096 COND_TYPE_TASK = 8192 COND_TYPE_ALL = COND_TYPE_EVENT + COND_TYPE_TASK ACT_TENTATIVE = ACT_ACCEPT + COND_TENTATIVE ACT_UPDATE_AND_NOTIFY = ACT_UPDATE + COND_NOTIFY ACT_SAVE_AND_FORWARD = ACT_SAVE_TO_FOLDER + COND_FORWARD ACT_CANCEL_DELETE_AND_NOTIFY = ACT_CANCEL_DELETE + COND_NOTIFY FOLDER_TYPE_ANNOTATION = '/vendor/kolab/folder-type' MESSAGE_PROCESSED = 1 MESSAGE_FORWARD = 2 policy_name_map = { # policy values applying to all object types 'ALL_MANUAL': ACT_MANUAL + COND_TYPE_ALL, 'ALL_ACCEPT': ACT_ACCEPT + COND_TYPE_ALL, 'ALL_REJECT': ACT_REJECT + COND_TYPE_ALL, 'ALL_DELEGATE': ACT_DELEGATE + COND_TYPE_ALL, # not implemented 'ALL_UPDATE': ACT_UPDATE + COND_TYPE_ALL, 'ALL_UPDATE_AND_NOTIFY': ACT_UPDATE_AND_NOTIFY + COND_TYPE_ALL, 'ALL_SAVE_TO_FOLDER': ACT_SAVE_TO_FOLDER + COND_TYPE_ALL, 'ALL_SAVE_AND_FORWARD': ACT_SAVE_AND_FORWARD + COND_TYPE_ALL, 'ALL_CANCEL_DELETE': ACT_CANCEL_DELETE + COND_TYPE_ALL, 'ALL_CANCEL_DELETE_AND_NOTIFY': ACT_CANCEL_DELETE_AND_NOTIFY + COND_TYPE_ALL, # event related policy values 'EVENT_MANUAL': ACT_MANUAL + COND_TYPE_EVENT, 'EVENT_ACCEPT': ACT_ACCEPT + COND_TYPE_EVENT, 'EVENT_TENTATIVE': ACT_TENTATIVE + COND_TYPE_EVENT, 'EVENT_REJECT': ACT_REJECT + COND_TYPE_EVENT, 'EVENT_DELEGATE': ACT_DELEGATE + COND_TYPE_EVENT, # not implemented 'EVENT_UPDATE': ACT_UPDATE + COND_TYPE_EVENT, 'EVENT_UPDATE_AND_NOTIFY': ACT_UPDATE_AND_NOTIFY + COND_TYPE_EVENT, 'EVENT_ACCEPT_IF_NO_CONFLICT': ACT_ACCEPT + COND_IF_AVAILABLE + COND_TYPE_EVENT, 'EVENT_TENTATIVE_IF_NO_CONFLICT': ACT_ACCEPT + COND_TENTATIVE + COND_IF_AVAILABLE + COND_TYPE_EVENT, 'EVENT_DELEGATE_IF_CONFLICT': ACT_DELEGATE + COND_IF_CONFLICT + COND_TYPE_EVENT, 'EVENT_REJECT_IF_CONFLICT': ACT_REJECT + COND_IF_CONFLICT + COND_TYPE_EVENT, 'EVENT_SAVE_TO_FOLDER': ACT_SAVE_TO_FOLDER + COND_TYPE_EVENT, 'EVENT_SAVE_AND_FORWARD': ACT_SAVE_AND_FORWARD + COND_TYPE_EVENT, 'EVENT_CANCEL_DELETE': ACT_CANCEL_DELETE + COND_TYPE_EVENT, 'EVENT_CANCEL_DELETE_AND_NOTIFY': ACT_CANCEL_DELETE_AND_NOTIFY + COND_TYPE_EVENT, # task related policy values 'TASK_MANUAL': ACT_MANUAL + COND_TYPE_TASK, 'TASK_ACCEPT': ACT_ACCEPT + COND_TYPE_TASK, 'TASK_REJECT': ACT_REJECT + COND_TYPE_TASK, 'TASK_DELEGATE': ACT_DELEGATE + COND_TYPE_TASK, # not implemented 'TASK_UPDATE': ACT_UPDATE + COND_TYPE_TASK, 'TASK_UPDATE_AND_NOTIFY': ACT_UPDATE_AND_NOTIFY + COND_TYPE_TASK, 'TASK_SAVE_TO_FOLDER': ACT_SAVE_TO_FOLDER + COND_TYPE_TASK, 'TASK_SAVE_AND_FORWARD': ACT_SAVE_AND_FORWARD + COND_TYPE_TASK, 'TASK_CANCEL_DELETE': ACT_CANCEL_DELETE + COND_TYPE_TASK, 'TASK_CANCEL_DELETE_AND_NOTIFY': ACT_CANCEL_DELETE_AND_NOTIFY + COND_TYPE_TASK, # legacy values 'ACT_MANUAL': ACT_MANUAL + COND_TYPE_ALL, 'ACT_ACCEPT': ACT_ACCEPT + COND_TYPE_ALL, 'ACT_ACCEPT_IF_NO_CONFLICT': ACT_ACCEPT + COND_IF_AVAILABLE + COND_TYPE_EVENT, 'ACT_TENTATIVE': ACT_TENTATIVE + COND_TYPE_EVENT, 'ACT_TENTATIVE_IF_NO_CONFLICT': ACT_ACCEPT + COND_TENTATIVE + COND_IF_AVAILABLE + COND_TYPE_EVENT, 'ACT_DELEGATE': ACT_DELEGATE + COND_TYPE_ALL, 'ACT_DELEGATE_IF_CONFLICT': ACT_DELEGATE + COND_IF_CONFLICT + COND_TYPE_EVENT, 'ACT_REJECT': ACT_REJECT + COND_TYPE_ALL, 'ACT_REJECT_IF_CONFLICT': ACT_REJECT + COND_IF_CONFLICT + COND_TYPE_EVENT, 'ACT_UPDATE': ACT_UPDATE + COND_TYPE_ALL, 'ACT_UPDATE_AND_NOTIFY': ACT_UPDATE_AND_NOTIFY + COND_TYPE_ALL, 'ACT_CANCEL_DELETE': ACT_CANCEL_DELETE + COND_TYPE_ALL, 'ACT_CANCEL_DELETE_AND_NOTIFY': ACT_CANCEL_DELETE_AND_NOTIFY + COND_TYPE_ALL, 'ACT_SAVE_TO_CALENDAR': ACT_SAVE_TO_FOLDER + COND_TYPE_EVENT, 'ACT_SAVE_AND_FORWARD': ACT_SAVE_AND_FORWARD + COND_TYPE_EVENT, } policy_value_map = dict([(v &~ COND_TYPE_ALL, k) for (k, v) in policy_name_map.items()]) object_type_conditons = { 'event': COND_TYPE_EVENT, 'task': COND_TYPE_TASK } log = pykolab.getLogger('pykolab.wallace/invitationpolicy') extra_log_params = {'qid': '-'} log = pykolab.logger.LoggerAdapter(log, extra_log_params) conf = pykolab.getConf() mybasepath = '/var/spool/pykolab/wallace/invitationpolicy/' auth = None imap = None write_locks = [] def __init__(): modules.register('invitationpolicy', execute, description=description()) def accept(filepath): new_filepath = os.path.join( mybasepath, 'ACCEPT', os.path.basename(filepath) ) cleanup() os.rename(filepath, new_filepath) filepath = new_filepath exec('modules.cb_action_ACCEPT(%r, %r)' % ('invitationpolicy',filepath)) def reject(filepath): new_filepath = os.path.join( mybasepath, 'REJECT', os.path.basename(filepath) ) os.rename(filepath, new_filepath) filepath = new_filepath exec('modules.cb_action_REJECT(%r, %r)' % ('invitationpolicy',filepath)) def description(): return """Invitation policy execution module.""" def cleanup(): global auth, imap, write_locks, extra_log_params log.debug("cleanup(): %r, %r" % (auth, imap), level=8) extra_log_params['qid'] = '-' auth.disconnect() del auth # Disconnect IMAP or we lock the mailbox almost constantly imap.disconnect() del imap # remove remaining write locks for key in write_locks: remove_write_lock(key, False) def execute(*args, **kw): global auth, imap, extra_log_params filepath = args[0] extra_log_params['qid'] = os.path.basename(filepath) # (re)set language to default pykolab.translate.setUserLanguage(conf.get('kolab','default_locale')) if not os.path.isdir(mybasepath): os.makedirs(mybasepath) for stage in ['incoming', 'ACCEPT', 'REJECT', 'HOLD', 'DEFER', 'locks']: if not os.path.isdir(os.path.join(mybasepath, stage)): os.makedirs(os.path.join(mybasepath, stage)) log.debug(_("Invitation policy called for %r, %r") % (args, kw), level=8) auth = Auth() imap = IMAP() # ignore calls on lock files if '/locks/' in filepath or 'stage' in kw and kw['stage'] == 'locks': return False log.debug("Invitation policy executing for %r, %r" % (filepath, '/locks/' in filepath), level=8) if 'stage' in kw: log.debug(_("Issuing callback after processing to stage %s") % (kw['stage']), level=8) log.debug(_("Testing cb_action_%s()") % (kw['stage']), level=8) if hasattr(modules, 'cb_action_%s' % (kw['stage'])): log.debug(_("Attempting to execute cb_action_%s()") % (kw['stage']), level=8) exec( 'modules.cb_action_%s(%r, %r)' % ( kw['stage'], 'invitationpolicy', filepath ) ) return filepath else: # Move to incoming new_filepath = os.path.join( mybasepath, 'incoming', os.path.basename(filepath) ) if not filepath == new_filepath: log.debug("Renaming %r to %r" % (filepath, new_filepath)) os.rename(filepath, new_filepath) filepath = new_filepath # parse full message message = Parser().parse(open(filepath, 'r')) # invalid message, skip if not message.get('X-Kolab-To'): return filepath recipients = [address for displayname,address in getaddresses(message.get_all('X-Kolab-To'))] sender_email = [address for displayname,address in getaddresses(message.get_all('X-Kolab-From'))][0] any_itips = False recipient_email = None recipient_emails = [] recipient_user_dn = None # An iTip message may contain multiple events. Later on, test if the message # is an iTip message by checking the length of this list. try: itip_events = objects_from_message(message, ['VEVENT','VTODO'], ['REQUEST', 'REPLY', 'CANCEL']) except Exception as errmsg: log.error(_("Failed to parse iTip objects from message: %r" % (errmsg))) itip_events = [] if not len(itip_events) > 0: log.info(_("Message is not an iTip message or does not contain any (valid) iTip objects.")) else: any_itips = True log.debug(_("iTip objects attached to this message contain the following information: %r") % (itip_events), level=8) # See if any iTip actually allocates a user. if any_itips and len([x['uid'] for x in itip_events if 'attendees' in x or 'organizer' in x]) > 0: auth.connect() # we're looking at the first itip object itip_event = itip_events[0] for recipient in recipients: recipient_user_dn = user_dn_from_email_address(recipient) if recipient_user_dn: receiving_user = auth.get_entry_attributes(None, recipient_user_dn, ['*']) recipient_emails = auth.extract_recipient_addresses(receiving_user) recipient_email = recipient # extend with addresses from delegators # (only do this lookup for REPLY messages) receiving_user['_delegated_mailboxes'] = [] if itip_event['method'] == 'REPLY': for _delegator in auth.list_delegators(recipient_user_dn): if not _delegator['_mailbox_basename'] == None: receiving_user['_delegated_mailboxes'].append( _delegator['_mailbox_basename'].split('@')[0] ) log.debug(_("Recipient emails for %s: %r") % (recipient_user_dn, recipient_emails), level=8) break if not any_itips: log.debug(_("No itips, no users, pass along %r") % (filepath), level=5) return filepath elif recipient_email is None: log.debug(_("iTips, but no users, pass along %r") % (filepath), level=5) return filepath # for replies, the organizer is the recipient if itip_event['method'] == 'REPLY': # Outlook can send iTip replies without an organizer property if 'organizer' in itip_event: organizer_mailto = str(itip_event['organizer']).split(':')[-1] user_attendees = [organizer_mailto] if organizer_mailto in recipient_emails else [] else: user_attendees = [recipient_email] else: # Limit the attendees to the one that is actually invited with the current message. attendees = [str(a).split(':')[-1] for a in (itip_event['attendees'] if 'attendees' in itip_event else [])] user_attendees = [a for a in attendees if a in recipient_emails] if 'organizer' in itip_event: sender_email = itip_event['xml'].get_organizer().email() # abort if no attendee matches the envelope recipient if len(user_attendees) == 0: log.info(_("No user attendee matching envelope recipient %s, skip message") % (recipient_email)) return filepath log.debug(_("Receiving user: %r") % (receiving_user), level=8) # set recipient_email to the matching attendee mailto: address recipient_email = user_attendees[0] # change gettext language to the preferredlanguage setting of the receiving user if 'preferredlanguage' in receiving_user: pykolab.translate.setUserLanguage(receiving_user['preferredlanguage']) # find user's kolabInvitationPolicy settings and the matching policy values type_condition = object_type_conditons.get(itip_event['type'], COND_TYPE_ALL) policies = get_matching_invitation_policies(receiving_user, sender_email, type_condition) # select a processing function according to the iTip request method method_processing_map = { 'REQUEST': process_itip_request, 'REPLY': process_itip_reply, 'CANCEL': process_itip_cancel } done = None if itip_event['method'] in method_processing_map: processor_func = method_processing_map[itip_event['method']] # connect as cyrus-admin imap.connect() for policy in policies: log.debug(_("Apply invitation policy %r for sender %r") % (policy_value_map[policy], sender_email), level=8) done = processor_func(itip_event, policy, recipient_email, sender_email, receiving_user) # matching policy found if done is not None: break # remove possible write lock from this iteration remove_write_lock(get_lock_key(receiving_user, itip_event['uid'])) else: log.debug(_("Ignoring '%s' iTip method") % (itip_event['method']), level=8) # message has been processed by the module, remove it if done == MESSAGE_PROCESSED: log.debug(_("iTip message %r consumed by the invitationpolicy module") % (message.get('Message-ID')), level=5) os.unlink(filepath) cleanup() return None # accept message into the destination inbox accept(filepath) def process_itip_request(itip_event, policy, recipient_email, sender_email, receiving_user): """ Process an iTip REQUEST message according to the given policy """ # if invitation policy is set to MANUAL, pass message along if policy & ACT_MANUAL: log.info(_("Pass invitation for manual processing")) return MESSAGE_FORWARD try: receiving_attendee = itip_event['xml'].get_attendee_by_email(recipient_email) log.debug(_("Receiving attendee: %r") % (receiving_attendee.to_dict()), level=8) except Exception as errmsg: log.error("Could not find envelope attendee: %r" % (errmsg)) return MESSAGE_FORWARD # process request to participating attendees with RSVP=TRUE or PARTSTAT=NEEDS-ACTION is_task = itip_event['type'] == 'task' nonpart = receiving_attendee.get_role() == kolabformat.NonParticipant partstat = receiving_attendee.get_participant_status() save_object = not nonpart or not partstat == kolabformat.PartNeedsAction rsvp = receiving_attendee.get_rsvp() scheduling_required = rsvp or partstat == kolabformat.PartNeedsAction respond_with = receiving_attendee.get_participant_status(True) condition_fulfilled = True # find existing event in user's calendar (existing, master) = find_existing_object(itip_event['uid'], itip_event['type'], itip_event['recurrence-id'], receiving_user, True) # compare sequence number to determine a (re-)scheduling request if existing is not None: scheduling_required = itip_event['sequence'] > 0 and itip_event['sequence'] > existing.get_sequence() log.debug(_("Scheduling required: %r, for existing %s: %s") % (scheduling_required, existing.type, existing.get_uid()), level=8) save_object = True # if scheduling: check availability (skip that for tasks) if scheduling_required: if not is_task and policy & (COND_IF_AVAILABLE | COND_IF_CONFLICT): condition_fulfilled = check_availability(itip_event, receiving_user) if not is_task and policy & COND_IF_CONFLICT: condition_fulfilled = not condition_fulfilled log.debug(_("Precondition for object %r fulfilled: %r") % (itip_event['uid'], condition_fulfilled), level=5) if existing: respond_with = None if policy & ACT_ACCEPT and condition_fulfilled: respond_with = 'TENTATIVE' if policy & COND_TENTATIVE else 'ACCEPTED' elif policy & ACT_REJECT and condition_fulfilled: respond_with = 'DECLINED' # TODO: only save declined invitation when a certain config option is set? elif policy & ACT_DELEGATE and condition_fulfilled: # TODO: delegate (but to whom?) return None # auto-update changes if enabled for this user elif policy & ACT_UPDATE and existing: # compare sequence number to avoid outdated updates if not itip_event['sequence'] == existing.get_sequence(): log.info(_("The iTip request sequence (%r) doesn't match the referred object version (%r). Ignoring.") % ( itip_event['sequence'], existing.get_sequence() )) return None log.debug(_("Auto-updating %s %r on iTip REQUEST (no re-scheduling)") % (existing.type, existing.uid), level=8) save_object = True rsvp = False # retain task status and percent-complete properties from my old copy if is_task: itip_event['xml'].set_status(existing.get_status()) itip_event['xml'].set_percentcomplete(existing.get_percentcomplete()) if policy & COND_NOTIFY: sender = itip_event['xml'].get_organizer() comment = itip_event['xml'].get_comment() send_update_notification(itip_event['xml'], receiving_user, existing, False, sender, comment) # if RSVP, send an iTip REPLY if rsvp or scheduling_required: # set attendee's CN from LDAP record if yet missing if not receiving_attendee.get_name() and 'cn' in receiving_user: receiving_attendee.set_name(receiving_user['cn']) # send iTip reply if respond_with is not None and not respond_with == 'NEEDS-ACTION': receiving_attendee.set_participant_status(respond_with) send_reply(recipient_email, itip_event, invitation_response_text(itip_event['type']), subject=_('"%(summary)s" has been %(status)s')) elif policy & ACT_SAVE_TO_FOLDER: # copy the invitation into the user's default folder with PARTSTAT=NEEDS-ACTION itip_event['xml'].set_attendee_participant_status(receiving_attendee, respond_with or 'NEEDS-ACTION') save_object = True else: # policy doesn't match, pass on to next one return None if save_object: targetfolder = None # delete old version from IMAP if existing: targetfolder = existing._imap_folder delete_object(existing) elif master and hasattr(master, '_imap_folder'): targetfolder = master._imap_folder delete_object(master) if not nonpart or existing: # save new copy from iTip if store_object(itip_event['xml'], receiving_user, targetfolder, master): if policy & COND_FORWARD: log.debug(_("Forward invitation for notification"), level=5) return MESSAGE_FORWARD else: return MESSAGE_PROCESSED return None def process_itip_reply(itip_event, policy, recipient_email, sender_email, receiving_user): """ Process an iTip REPLY message according to the given policy """ # if invitation policy is set to MANUAL, pass message along if policy & ACT_MANUAL: log.info(_("Pass reply for manual processing")) return MESSAGE_FORWARD # auto-update is enabled for this user if policy & ACT_UPDATE: try: sender_attendee = itip_event['xml'].get_attendee_by_email(sender_email) log.debug(_("Sender Attendee: %r") % (sender_attendee), level=8) except Exception as errmsg: log.error("Could not find envelope sender attendee: %r" % (errmsg)) return MESSAGE_FORWARD # find existing event in user's calendar # sets/checks lock to avoid concurrent wallace processes trying to update the same event simultaneously (existing, master) = find_existing_object(itip_event['uid'], itip_event['type'], itip_event['recurrence-id'], receiving_user, True) if existing: # compare sequence number to avoid outdated replies? if not itip_event['sequence'] == existing.get_sequence(): log.info(_("The iTip reply sequence (%r) doesn't match the referred object version (%r). Forwarding to Inbox.") % ( itip_event['sequence'], existing.get_sequence() )) remove_write_lock(existing._lock_key) return MESSAGE_FORWARD log.debug(_("Auto-updating %s %r on iTip REPLY") % (existing.type, existing.uid), level=8) updated_attendees = [] try: existing.set_attendee_participant_status(sender_email, sender_attendee.get_participant_status(), rsvp=False) existing_attendee = existing.get_attendee(sender_email) updated_attendees.append(existing_attendee) except Exception as errmsg: log.error("Could not find corresponding attende in organizer's copy: %r" % (errmsg)) # append delegated-from attendee ? if len(sender_attendee.get_delegated_from()) > 0: existing.add_attendee(sender_attendee) updated_attendees.append(sender_attendee) else: # TODO: accept new participant if ACT_ACCEPT ? remove_write_lock(existing._lock_key) return MESSAGE_FORWARD # append delegated-to attendee if len(sender_attendee.get_delegated_to()) > 0: try: delegatee_email = sender_attendee.get_delegated_to(True)[0] sender_delegatee = itip_event['xml'].get_attendee_by_email(delegatee_email) existing_delegatee = existing.find_attendee(delegatee_email) if not existing_delegatee: existing.add_attendee(sender_delegatee) log.debug(_("Add delegatee: %r") % (sender_delegatee.to_dict()), level=8) else: existing_delegatee.copy_from(sender_delegatee) log.debug(_("Update existing delegatee: %r") % (existing_delegatee.to_dict()), level=8) updated_attendees.append(sender_delegatee) # copy all parameters from replying attendee (e.g. delegated-to, role, etc.) existing_attendee.copy_from(sender_attendee) existing.update_attendees([existing_attendee]) log.debug(_("Update delegator: %r") % (existing_attendee.to_dict()), level=8) except Exception as errmsg: log.error("Could not find delegated-to attendee: %r" % (errmsg)) # update the organizer's copy of the object if update_object(existing, receiving_user, master): if policy & COND_NOTIFY: send_update_notification(existing, receiving_user, existing, True, sender_attendee, itip_event['xml'].get_comment()) # update all other attendee's copies if conf.get('wallace','invitationpolicy_autoupdate_other_attendees_on_reply'): propagate_changes_to_attendees_accounts(existing, updated_attendees) return MESSAGE_PROCESSED else: log.error(_("The object referred by this reply was not found in the user's folders. Forwarding to Inbox.")) return MESSAGE_FORWARD return None def process_itip_cancel(itip_event, policy, recipient_email, sender_email, receiving_user): """ Process an iTip CANCEL message according to the given policy """ # if invitation policy is set to MANUAL, pass message along if policy & ACT_MANUAL: log.info(_("Pass cancellation for manual processing")) return MESSAGE_FORWARD # auto-update the local copy if policy & ACT_UPDATE or policy & ACT_CANCEL_DELETE: # find existing object in user's folders (existing, master) = find_existing_object(itip_event['uid'], itip_event['type'], itip_event['recurrence-id'], receiving_user, True) remove_object = policy & ACT_CANCEL_DELETE if existing: # on this-and-future cancel requests, set the recurrence until date on the master event if itip_event['recurrence-id'] and master and itip_event['xml'].get_thisandfuture(): rrule = master.get_recurrence() rrule.set_count(0) rrule.set_until(existing.get_start() + datetime.timedelta(days=-1)) master.set_recurrence(rrule) existing.set_recurrence_id(existing.get_recurrence_id(), True) remove_object = False # delete the local copy if remove_object: # remove exception and register an exdate to the main event if master: log.debug(_("Remove cancelled %s instance %s from %r") % (existing.type, itip_event['recurrence-id'], existing.uid), level=8) master.add_exception_date(existing.get_start()) master.del_exception(existing) success = update_object(master, receiving_user) # delete main event else: success = delete_object(existing) # update the local copy with STATUS=CANCELLED else: log.debug(_("Update cancelled %s %r with STATUS=CANCELLED") % (existing.type, existing.uid), level=8) existing.set_status('CANCELLED') existing.set_transparency(True) success = update_object(existing, receiving_user, master) if success: # send cancellation notification if policy & COND_NOTIFY: sender = itip_event['xml'].get_organizer() comment = itip_event['xml'].get_comment() send_cancel_notification(existing, receiving_user, remove_object, sender, comment) return MESSAGE_PROCESSED else: log.error(_("The object referred by this cancel request was not found in the user's folders. Forwarding to Inbox.")) return MESSAGE_FORWARD return None def user_dn_from_email_address(email_address): """ Resolves the given email address to a Kolab user entity """ global auth if not auth: auth = Auth() auth.connect() # return cached value if email_address in user_dn_from_email_address.cache: return user_dn_from_email_address.cache[email_address] local_domains = auth.list_domains() if local_domains is not None: local_domains = list(set(local_domains.keys())) if not email_address.split('@')[1] in local_domains: user_dn_from_email_address.cache[email_address] = None return None log.debug(_("Checking if email address %r belongs to a local user") % (email_address), level=8) user_dn = auth.find_user_dn(email_address, True) - if isinstance(user_dn, basestring): + if isinstance(user_dn, string_types): log.debug(_("User DN: %r") % (user_dn), level=8) else: log.debug(_("No user record(s) found for %r") % (email_address), level=8) # remember this lookup user_dn_from_email_address.cache[email_address] = user_dn return user_dn user_dn_from_email_address.cache = {} def get_matching_invitation_policies(receiving_user, sender_email, type_condition=COND_TYPE_ALL): # get user's kolabInvitationPolicy settings policies = receiving_user['kolabinvitationpolicy'] if 'kolabinvitationpolicy' in receiving_user else [] if policies and not isinstance(policies, list): policies = [policies] if len(policies) == 0: policies = conf.get_list('wallace', 'kolab_invitation_policy') # match policies agains the given sender_email matches = [] for p in policies: if ':' in p: (value, domain) = p.split(':', 1) else: value = p domain = '' if domain == '' or domain == '*' or str(sender_email).endswith(domain): value = value.upper() if value in policy_name_map: val = policy_name_map[value] # append if type condition matches if val & type_condition: matches.append(val &~ COND_TYPE_ALL) # add manual as default action if len(matches) == 0: matches.append(ACT_MANUAL) return matches def imap_proxy_auth(user_rec): """ Perform IMAP login using proxy authentication with admin credentials """ global imap mail_attribute = conf.get('cyrus-sasl', 'result_attribute') if mail_attribute is None: mail_attribute = 'mail' mail_attribute = mail_attribute.lower() if mail_attribute not in user_rec: log.error(_("User record doesn't have the mailbox attribute %r set" % (mail_attribute))) return False # do IMAP prox auth with the given user backend = conf.get('kolab', 'imap_backend') admin_login = conf.get(backend, 'admin_login') admin_password = conf.get(backend, 'admin_password') try: imap.disconnect() imap.connect(login=False) imap.login_plain(admin_login, admin_password, user_rec[mail_attribute]) except Exception as errmsg: log.error(_("IMAP proxy authentication failed: %r") % (errmsg)) return False return True def list_user_folders(user_rec, _type): """ Get a list of the given user's private calendar/tasks folders """ global imap # return cached list if '_imap_folders' in user_rec: return user_rec['_imap_folders'] result = [] if not imap_proxy_auth(user_rec): return result folders = imap.get_metadata('*') log.debug( _("List %r folders for user %r: %r") % ( _type, user_rec['mail'], folders ), level=8 ) (ns_personal, ns_other, ns_shared) = imap.namespaces() _folders = {} # Filter the folders by type relevance for folder, metadata in folders.items(): key = '/shared' + FOLDER_TYPE_ANNOTATION if key in metadata: if metadata[key].startswith(_type): _folders[folder] = metadata key = '/private' + FOLDER_TYPE_ANNOTATION if key in metadata: if metadata[key].startswith(_type): _folders[folder] = metadata for folder, metadata in _folders.items(): folder_delegated = False # Exclude shared and other user's namespace # # First, test if this is another users folder if ns_other is not None and folder.startswith(ns_other): # If we have no delegated mailboxes, we can skip this entirely if '_delegated_mailboxes' not in user_rec: continue for _m in user_rec['_delegated_mailboxes']: if folder.startswith(ns_other + _m + '/'): folder_delegated = True if not folder_delegated: continue # TODO: list shared folders the user has write privileges ? if ns_shared is not None: if len([_ns for _ns in ns_shared if folder.startswith(_ns)]) > 0: continue key = '/shared' + FOLDER_TYPE_ANNOTATION if key in metadata: if metadata[key].startswith(_type): result.append(folder) key = '/private' + FOLDER_TYPE_ANNOTATION if key in metadata: if metadata[key].startswith(_type): result.append(folder) # store default folder in user record if metadata[key].endswith('.default'): user_rec['_default_folder'] = folder continue # store private and confidential folders in user record if metadata[key].endswith('.confidential'): if '_confidential_folder' not in user_rec: user_rec['_confidential_folder'] = folder continue if metadata[key].endswith('.private'): if '_private_folder' not in user_rec: user_rec['_private_folder'] = folder continue # cache with user record user_rec['_imap_folders'] = result return result def find_existing_object(uid, type, recurrence_id, user_rec, lock=False): """ Search user's private folders for the given object (by UID+type) """ global imap lock_key = None if lock: lock_key = get_lock_key(user_rec, uid) set_write_lock(lock_key) event = None master = None for folder in list_user_folders(user_rec, type): log.debug(_("Searching folder %r for %s %r") % (folder, type, uid), level=8) imap.imap.m.select(imap.folder_utf7(folder)) res, data = imap.imap.m.search(None, '(UNDELETED HEADER SUBJECT "%s")' % (uid)) for num in reversed(data[0].split()): res, data = imap.imap.m.fetch(num, '(UID RFC822)') try: msguid = re.search(r"\WUID (\d+)", data[0][0]).group(1) except Exception: log.error(_("No UID found in IMAP response: %r") % (data[0][0])) continue try: if type == 'task': event = todo_from_message(message_from_string(data[0][1])) else: event = event_from_message(message_from_string(data[0][1])) # find instance in a recurring series if recurrence_id and (event.is_recurring() or event.has_exceptions() or event.get_recurrence_id()): master = event event = master.get_instance(recurrence_id) setattr(master, '_imap_folder', folder) setattr(master, '_msguid', msguid) # return master, even if instance is not found if not event and master.uid == uid: return (event, master) if event is not None: setattr(event, '_imap_folder', folder) setattr(event, '_lock_key', lock_key) setattr(event, '_msguid', msguid) except Exception: log.error(_("Failed to parse %s from message %s/%s: %s") % (type, folder, num, traceback.format_exc())) event = None master = None continue if event and event.uid == uid: return (event, master) if lock_key is not None: remove_write_lock(lock_key) return (event, master) def check_availability(itip_event, receiving_user): """ For the receiving user, determine if the event in question is in conflict. """ start = time.time() num_messages = 0 conflict = False # return previously detected conflict if '_conflicts' in itip_event: return not itip_event['_conflicts'] for folder in list_user_folders(receiving_user, 'event'): log.debug(_("Listing events from folder %r") % (folder), level=8) imap.imap.m.select(imap.folder_utf7(folder)) res, data = imap.imap.m.search(None, '(UNDELETED HEADER X-Kolab-Type "application/x-vnd.kolab.event")') num_messages += len(data[0].split()) for num in reversed(data[0].split()): event = None res, data = imap.imap.m.fetch(num, '(RFC822)') try: event = event_from_message(message_from_string(data[0][1])) except Exception as errmsg: log.error(_("Failed to parse event from message %s/%s: %r") % (folder, num, errmsg)) continue if event and event.uid: conflict = check_event_conflict(event, itip_event) if conflict: log.info(_("Existing event %r conflicts with invitation %r") % (event.uid, itip_event['uid'])) break if conflict: break end = time.time() log.debug(_("start: %r, end: %r, total: %r, messages: %d") % (start, end, (end-start), num_messages), level=8) # remember the result of this check for further iterations itip_event['_conflicts'] = conflict return not conflict def set_write_lock(key, wait=True): """ Set a write-lock for the given key and wait if such a lock already exists """ if not os.path.isdir(mybasepath): os.makedirs(mybasepath) if not os.path.isdir(os.path.join(mybasepath, 'locks')): os.makedirs(os.path.join(mybasepath, 'locks')) filename = os.path.join(mybasepath, 'locks', key + '.lock') locktime = 0 if os.path.isfile(filename): locktime = os.path.getmtime(filename) # wait if file lock is in place while time.time() < locktime + 300: if not wait: return False log.debug(_("%r is locked, waiting...") % (key), level=8) time.sleep(0.5) locktime = os.path.getmtime(filename) if os.path.isfile(filename) else 0 # touch the file if os.path.isfile(filename): os.utime(filename, None) else: open(filename, 'w').close() # register active lock write_locks.append(key) return True def remove_write_lock(key, update=True): """ Remove the lock file for the given key """ global write_locks if key is not None: file = os.path.join(mybasepath, 'locks', key + '.lock') if os.path.isfile(file): os.remove(file) if update: write_locks = [k for k in write_locks if not k == key] def get_lock_key(user, uid): return hashlib.md5("%s/%s" % (user['mail'], uid)).hexdigest() def update_object(object, user_rec, master=None): """ Update the given object in IMAP (i.e. delete + append) """ success = False saveobj = object # updating a single instance only: use master event if object.get_recurrence_id() and master: saveobj = master if hasattr(saveobj, '_imap_folder'): if delete_object(saveobj): saveobj.set_lastmodified() # update last-modified timestamp success = store_object(object, user_rec, saveobj._imap_folder, master) # remove write lock for this event if hasattr(saveobj, '_lock_key') and saveobj._lock_key is not None: remove_write_lock(saveobj._lock_key) return success def store_object(object, user_rec, targetfolder=None, master=None): """ Append the given object to the user's default calendar/tasklist """ # find calendar folder to save object to if not specified if targetfolder is None: targetfolders = list_user_folders(user_rec, object.type) oc = object.get_classification() # use *.confidential/private folder for confidential/private invitations if oc == kolabformat.ClassConfidential and '_confidential_folder' in user_rec: targetfolder = user_rec['_confidential_folder'] elif oc == kolabformat.ClassPrivate and '_private_folder' in user_rec: targetfolder = user_rec['_private_folder'] # use *.default folder if exists elif '_default_folder' in user_rec: targetfolder = user_rec['_default_folder'] # fallback to any existing folder of specified type elif targetfolders is not None and len(targetfolders) > 0: targetfolder = targetfolders[0] if targetfolder is None: log.error(_("Failed to save %s: no target folder found for user %r") % (object.type, user_rec['mail'])) return False saveobj = object # updating a single instance only: add exception to master event if object.get_recurrence_id() and master: object.set_lastmodified() # update last-modified timestamp master.add_exception(object) saveobj = master log.debug(_("Save %s %r to user folder %r") % (saveobj.type, saveobj.uid, targetfolder), level=8) try: imap.imap.m.select(imap.folder_utf7(targetfolder)) result = imap.imap.m.append( imap.folder_utf7(targetfolder), None, None, saveobj.to_message(creator="Kolab Server ").as_string() ) return result except Exception as errmsg: log.error(_("Failed to save %s to user folder at %r: %r") % ( saveobj.type, targetfolder, errmsg )) return False def delete_object(existing): """ Removes the IMAP object with the given UID from a user's folder """ targetfolder = existing._imap_folder msguid = existing._msguid if hasattr(existing, '_msguid') else None try: imap.imap.m.select(imap.folder_utf7(targetfolder)) # delete by IMAP UID if msguid is not None: log.debug(_("Delete %s %r in %r by UID: %r") % ( existing.type, existing.uid, targetfolder, msguid ), level=8) imap.imap.m.uid('store', msguid, '+FLAGS', '(\\Deleted)') else: res, data = imap.imap.m.search(None, '(HEADER SUBJECT "%s")' % existing.uid) log.debug(_("Delete %s %r in %r: %r") % ( existing.type, existing.uid, targetfolder, data ), level=8) for num in data[0].split(): imap.imap.m.store(num, '+FLAGS', '(\\Deleted)') imap.imap.m.expunge() return True except Exception as errmsg: log.error(_("Failed to delete %s from folder %r: %r") % ( existing.type, targetfolder, errmsg )) return False def send_update_notification(object, receiving_user, old=None, reply=True, sender=None, comment=None): """ Send a (consolidated) notification about the current participant status to organizer """ global auth from email.MIMEText import MIMEText from email.Utils import formatdate from email.header import Header from email import charset # encode unicode strings with quoted-printable charset.add_charset('utf-8', charset.SHORTEST, charset.QP) organizer = object.get_organizer() orgemail = organizer.email() orgname = organizer.name() itip_comment = None if comment is not None: comment = comment.strip() if sender is not None and not comment == '': itip_comment = _("%s commented: %s") % (_attendee_name(sender), comment) if reply: log.debug(_("Compose participation status summary for %s %r to user %r") % ( object.type, object.uid, receiving_user['mail'] ), level=8) auto_replies_expected = 0 auto_replies_received = 0 is_manual_reply = True partstats = {'ACCEPTED': [], 'TENTATIVE': [], 'DECLINED': [], 'DELEGATED': [], 'IN-PROCESS': [], 'COMPLETED': [], 'PENDING': []} for attendee in object.get_attendees(): parstat = attendee.get_participant_status(True) if parstat in partstats: partstats[parstat].append(attendee.get_displayname()) else: partstats['PENDING'].append(attendee.get_displayname()) # look-up kolabinvitationpolicy for this attendee if attendee.get_cutype() == kolabformat.CutypeResource: resource_dns = auth.find_resource(attendee.get_email()) if isinstance(resource_dns, list): attendee_dn = resource_dns[0] if len(resource_dns) > 0 else None else: attendee_dn = resource_dns else: attendee_dn = user_dn_from_email_address(attendee.get_email()) if attendee_dn: attendee_rec = auth.get_entry_attributes(None, attendee_dn, ['kolabinvitationpolicy']) if is_auto_reply(attendee_rec, orgemail, object.type): auto_replies_expected += 1 if not parstat == 'NEEDS-ACTION': auto_replies_received += 1 if sender is not None and sender.get_email() == attendee.get_email(): is_manual_reply = False # skip notification until we got replies from all automatically responding attendees if not is_manual_reply and auto_replies_received < auto_replies_expected: log.debug(_("Waiting for more automated replies (got %d of %d); skipping notification") % ( auto_replies_received, auto_replies_expected ), level=8) return # build notification message body roundup = '' if itip_comment is not None: roundup += "\n" + itip_comment for status,attendees in partstats.items(): if len(attendees) > 0: roundup += "\n" + participant_status_label(status) + ":\n\t" + "\n\t".join(attendees) + "\n" else: # build notification message body roundup = '' if itip_comment is not None: roundup += "\n" + itip_comment roundup += "\n" + _("Changes submitted by %s have been automatically applied.") % (orgname if orgname else orgemail) # list properties changed from previous version if old: diff = xmlutils.compute_diff(old.to_dict(), object.to_dict()) if len(diff) > 1: roundup += "\n" for change in diff: if not change['property'] in ['created','lastmodified-date','sequence']: new_value = xmlutils.property_to_string(change['property'], change['new']) if change['new'] else _("(removed)") if new_value: roundup += "\n- %s: %s" % (xmlutils.property_label(change['property']), new_value) # compose different notification texts for events/tasks if object.type == 'task': message_text = _(""" The assignment for '%(summary)s' has been updated in your tasklist. %(roundup)s """) % { 'summary': object.get_summary(), 'roundup': roundup } else: message_text = _(""" The event '%(summary)s' at %(start)s has been updated in your calendar. %(roundup)s """) % { 'summary': object.get_summary(), 'start': xmlutils.property_to_string('start', object.get_start()), 'roundup': roundup } if object.get_recurrence_id(): message_text += _("NOTE: This update only refers to this single occurrence!") + "\n" message_text += "\n" + _("*** This is an automated message. Please do not reply. ***") # compose mime message msg = MIMEText(utils.stripped_message(message_text), _charset='utf-8') msg['To'] = receiving_user['mail'] msg['Date'] = formatdate(localtime=True) msg['Subject'] = utils.str2unicode(_('"%s" has been updated') % (object.get_summary())) msg['From'] = Header(utils.str2unicode('%s' % orgname) if orgname else '') msg['From'].append("<%s>" % orgemail) seed = random.randint(0, 6) alarm_after = (seed * 10) + 60 log.debug(_("Set alarm to %s seconds") % (alarm_after), level=8) signal.alarm(alarm_after) result = modules._sendmail(orgemail, receiving_user['mail'], msg.as_string()) log.debug(_("Sent update notification to %r: %r") % (receiving_user['mail'], result), level=8) signal.alarm(0) def send_cancel_notification(object, receiving_user, deleted=False, sender=None, comment=None): """ Send a notification about event/task cancellation """ from email.MIMEText import MIMEText from email.Utils import formatdate from email.header import Header from email import charset # encode unicode strings with quoted-printable charset.add_charset('utf-8', charset.SHORTEST, charset.QP) log.debug(_("Send cancellation notification for %s %r to user %r") % ( object.type, object.uid, receiving_user['mail'] ), level=8) organizer = object.get_organizer() orgemail = organizer.email() orgname = organizer.name() # compose different notification texts for events/tasks if object.type == 'task': message_text = _("The assignment for '%(summary)s' has been cancelled by %(organizer)s.") % { 'summary': object.get_summary(), 'organizer': orgname if orgname else orgemail } if deleted: message_text += " " + _("The copy in your tasklist has been removed accordingly.") else: message_text += " " + _("The copy in your tasklist has been marked as cancelled accordingly.") else: message_text = _("The event '%(summary)s' at %(start)s has been cancelled by %(organizer)s.") % { 'summary': object.get_summary(), 'start': xmlutils.property_to_string('start', object.get_start()), 'organizer': orgname if orgname else orgemail } if deleted: message_text += " " + _("The copy in your calendar has been removed accordingly.") else: message_text += " " + _("The copy in your calendar has been marked as cancelled accordingly.") if comment is not None: comment = comment.strip() if sender is not None and not comment == '': message_text += "\n" + _("%s commented: %s") % (_attendee_name(sender), comment) if object.get_recurrence_id(): message_text += "\n" + _("NOTE: This cancellation only refers to this single occurrence!") message_text += "\n\n" + _("*** This is an automated message. Please do not reply. ***") # compose mime message msg = MIMEText(utils.stripped_message(message_text), _charset='utf-8') msg['To'] = receiving_user['mail'] msg['Date'] = formatdate(localtime=True) msg['Subject'] = utils.str2unicode(_('"%s" has been cancelled') % (object.get_summary())) msg['From'] = Header(utils.str2unicode('%s' % orgname) if orgname else '') msg['From'].append("<%s>" % orgemail) seed = random.randint(0, 6) alarm_after = (seed * 10) + 60 log.debug(_("Set alarm to %s seconds") % (alarm_after), level=8) signal.alarm(alarm_after) result = modules._sendmail(orgemail, receiving_user['mail'], msg.as_string()) log.debug(_("Sent cancel notification to %r: %r") % (receiving_user['mail'], result), level=8) signal.alarm(0) def is_auto_reply(user, sender_email, type): accept_available = False accept_conflicts = False for policy in get_matching_invitation_policies(user, sender_email, object_type_conditons.get(type, COND_TYPE_EVENT)): if policy & (ACT_ACCEPT | ACT_REJECT | ACT_DELEGATE): if check_policy_condition(policy, True): accept_available = True if check_policy_condition(policy, False): accept_conflicts = True # we have both cases covered by a policy if accept_available and accept_conflicts: return True # manual action reached if policy & (ACT_MANUAL | ACT_SAVE_TO_FOLDER): return False return False def check_policy_condition(policy, available): condition_fulfilled = True if policy & (COND_IF_AVAILABLE | COND_IF_CONFLICT): condition_fulfilled = available if policy & COND_IF_CONFLICT: condition_fulfilled = not condition_fulfilled return condition_fulfilled def propagate_changes_to_attendees_accounts(object, updated_attendees=None): """ Find and update copies of this object in all attendee's personal folders """ recurrence_id = object.get_recurrence_id() for attendee in object.get_attendees(): attendee_user_dn = user_dn_from_email_address(attendee.get_email()) if attendee_user_dn: attendee_user = auth.get_entry_attributes(None, attendee_user_dn, ['*']) (attendee_object, master_object) = find_existing_object(object.uid, object.type, recurrence_id, attendee_user, True) # does IMAP authenticate if attendee_object: # find attendee's entry by one of its email addresses attendee_emails = auth.extract_recipient_addresses(attendee_user) for attendee_email in attendee_emails: try: attendee_entry = attendee_object.get_attendee_by_email(attendee_email) except: attendee_entry = None if attendee_entry: break # copy all attendees from master object (covers additions and removals) new_attendees = [] for a in object.get_attendees(): # keep my own entry intact if attendee_entry is not None and attendee_entry.get_email() == a.get_email(): new_attendees.append(attendee_entry) else: new_attendees.append(a) attendee_object.set_attendees(new_attendees) if updated_attendees and not recurrence_id: log.debug("Update Attendees %r for %s" % ([a.get_email()+':'+a.get_participant_status(True) for a in updated_attendees], attendee_user['mail']), level=8) attendee_object.update_attendees(updated_attendees, False) success = update_object(attendee_object, attendee_user, master_object) log.debug(_("Updated %s's copy of %r: %r") % (attendee_user['mail'], object.uid, success), level=8) else: log.debug(_("Attendee %s's copy of %r not found") % (attendee_user['mail'], object.uid), level=8) else: log.debug(_("Attendee %r not found in LDAP") % (attendee.get_email()), level=8) def invitation_response_text(type): footer = "\n\n" + _("*** This is an automated message. Please do not reply. ***") if type == 'task': return _("%(name)s has %(status)s your assignment for %(summary)s.") + footer else: return _("%(name)s has %(status)s your invitation for %(summary)s.") + footer def _attendee_name(attendee): # attendee here can be Attendee or ContactReference try: name = attendee.get_name() except Exception: name = attendee.name() if name == '': try: name = attendee.get_email() except Exception: name = attendee.email() return name diff --git a/wallace/modules.py b/wallace/modules.py index aed60b6..ac7790b 100644 --- a/wallace/modules.py +++ b/wallace/modules.py @@ -1,456 +1,457 @@ # -*- coding: utf-8 -*- # Copyright 2010-2019 Kolab Systems AG (http://www.kolabsys.com) # # Jeroen van Meeuwen (Kolab Systems) # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program. If not, see . # from __future__ import print_function +from six import string_types import os import sys import time from email import message_from_string from email.message import Message from email.mime.base import MIMEBase from email.mime.message import MIMEMessage from email.mime.multipart import MIMEMultipart from email.mime.text import MIMEText from email.parser import Parser from email.utils import COMMASPACE from email.utils import formatdate from email.utils import formataddr from email.utils import getaddresses from email.utils import parsedate_tz import smtplib import pykolab from pykolab import constants from pykolab.translate import _ log = pykolab.getLogger('pykolab.wallace/modules') extra_log_params = {'qid': '-'} log = pykolab.logger.LoggerAdapter(log, extra_log_params) conf = pykolab.getConf() modules = {} def initialize(): # We only want the base path modules_base_path = os.path.dirname(__file__) for modules_path, dirnames, filenames in os.walk(modules_base_path): if not modules_path == modules_base_path: continue for filename in filenames: if filename.startswith('module_') and filename.endswith('.py'): module_name = filename.replace('.py', '') name = module_name.replace('module_', '') # print("exec(\"from %s import __init__ as %s_register\")" % (module_name,name)) exec("from %s import __init__ as %s_register" % (module_name, name)) exec("%s_register()" % (name)) for dirname in dirnames: register_group(modules_path, dirname) def list_modules(*args, **kw): """ List modules """ __modules = {} for module in modules: if isinstance(module, tuple): module_group, module = module __modules[module_group] = { module: modules[(module_group, module)] } else: __modules[module] = modules[module] _modules = __modules.keys() _modules.sort() for _module in _modules: if 'function' in __modules[_module]: # This is a top-level module if __modules[_module]['description'] is not None: print("%-25s - %s" % (_module.replace('_', '-'), __modules[_module]['description'])) else: print("%-25s" % (_module.replace('_', '-'))) for _module in _modules: if 'function' not in __modules[_module]: # This is a nested module print("\n" + _("Module Group: %s") % (_module) + "\n") ___modules = __modules[_module].keys() ___modules.sort() for __module in ___modules: if __modules[_module][__module]['description'] is not None: print( "%-4s%-21s - %s" % ( '', _module.replace('_', '-'), __modules[_module][__module]['description'] ) ) else: print("%-4s%-21s" % ('', __module.replace('_', '-'))) def execute(name, *args, **kw): if name not in modules: log.error(_("No such module %r in modules %r (1).") % (name, modules)) sys.exit(1) if 'function' not in modules[name] and 'group' not in modules[name]: log.error(_("No such module %r in modules %r (2).") % (name, modules)) sys.exit(1) try: return modules[name]['function'](*args, **kw) except Exception as errmsg: log.exception(_("Module %r - Unknown error occurred; %r") % (name, errmsg)) def heartbeat(name, *args, **kw): if name not in modules: log.warning(_("No such module %r in modules %r (1).") % (name, modules)) if 'heartbeat' in modules[name]: return modules[name]['heartbeat'](*args, **kw) def _sendmail(sender, recipients, msg): # NOTE: Use "127.0.0.1" here for IPv6 (see also the service # definition in master.cf). sl = pykolab.logger.StderrToLogger(log) smtplib.stderr = sl smtp = smtplib.SMTP(timeout=15) if conf.debuglevel > 8: smtp.set_debuglevel(1) success = False attempt = 1 while not success and attempt <= 5: try: log.debug(_("Sending email via smtplib from %r, to %r (Attempt %r)") % (sender, recipients, attempt), level=8) smtp.connect("127.0.0.1", 10027) _response = smtp.sendmail(sender, recipients, msg) if len(_response) == 0: log.debug(_("SMTP sendmail OK"), level=8) else: log.debug(_("SMTP sendmail returned: %r") % (_response), level=8) smtp.quit() success = True break except smtplib.SMTPServerDisconnected as errmsg: log.error("SMTP Server Disconnected Error, %r" % (errmsg)) except smtplib.SMTPConnectError as errmsg: # DEFER log.error("SMTP Connect Error, %r" % (errmsg)) except smtplib.SMTPDataError as errmsg: # DEFER log.error("SMTP Data Error, %r" % (errmsg)) except smtplib.SMTPHeloError as errmsg: # DEFER log.error("SMTP HELO Error, %r" % (errmsg)) except smtplib.SMTPRecipientsRefused as errmsg: # REJECT, send NDR log.error("SMTP Recipient(s) Refused, %r" % (errmsg)) except smtplib.SMTPSenderRefused as errmsg: # REJECT, send NDR log.error("SMTP Sender Refused, %r" % (errmsg)) except Exception as errmsg: log.exception(_("smtplib - Unknown error occurred: %r") % (errmsg)) try: smtp.quit() except Exception as errmsg: log.error("smtplib quit() error - %r" % errmsg) time.sleep(10) attempt += 1 return success def cb_action_HOLD(module, filepath): global extra_log_params extra_log_params['qid'] = os.path.basename(filepath) log.info(_("Holding message in queue for manual review (%s by %s)") % (filepath, module)) def cb_action_DEFER(module, filepath): global extra_log_params extra_log_params['qid'] = os.path.basename(filepath) log.info(_("Deferring message in %s (by module %s)") % (filepath, module)) # parse message headers message = Parser().parse(open(filepath, 'r'), True) internal_time = parsedate_tz(message.__getitem__('Date')) internal_time = time.mktime(internal_time[:9]) + internal_time[9] now_time = time.time() delta = now_time - internal_time log.debug(_("The time when the message was sent: %r") % (internal_time), level=8) log.debug(_("The time now: %r") % (now_time), level=8) log.debug(_("The time delta: %r") % (delta), level=8) if delta > 432000: # TODO: Send NDR back to user log.debug(_("Message in file %s older then 5 days, deleting") % (filepath), level=8) os.unlink(filepath) # Alternative method is file age. #Date sent(/var/spool/pykolab/wallace/optout/DEFER/tmpIv7pDl): 'Thu, 08 Mar 2012 11:51:03 +0000' #(2012, 3, 8, 11, 51, 3, 0, 1, -1) # YYYY M D H m s weekday, yearday #log.debug(datetime.datetime(*), level=8) #import os #stat = os.stat(filepath) #fileage = datetime.datetime.fromtimestamp(stat.st_mtime) #now = datetime.datetime.now() #delta = now - fileage #print("file:", filepath, "fileage:", fileage, "now:", now, "delta(seconds):", delta.seconds) #if delta.seconds > 1800: ## TODO: Send NDR back to user #log.debug(_("Message in file %s older then 1800 seconds, deleting") % (filepath), level=8) #os.unlink(filepath) def cb_action_REJECT(module, filepath): global extra_log_params extra_log_params['qid'] = os.path.basename(filepath) log.info(_("Rejecting message in %s (by module %s)") % (filepath, module)) log.debug(_("Rejecting message in: %r") %(filepath), level=8) # parse message headers message = Parser().parse(open(filepath, 'r'), True) envelope_sender = getaddresses(message.get_all('From', [])) recipients = getaddresses(message.get_all('To', [])) + \ getaddresses(message.get_all('Cc', [])) + \ getaddresses(message.get_all('X-Kolab-To', [])) _recipients = [] for recipient in recipients: if not recipient[0] == '': _recipients.append('%s <%s>' % (recipient[0], recipient[1])) else: _recipients.append('%s' % (recipient[1])) # TODO: Find the preferredLanguage for the envelope_sender user. ndr_message_subject = "Undelivered Mail Returned to Sender" ndr_message_text = _("""This is the email system Wallace at %s. I'm sorry to inform you we could not deliver the attached message to the following recipients: - %s Your message is being delivered to any other recipients you may have sent your message to. There is no need to resend the message to those recipients. """) % ( constants.fqdn, "\n- ".join(_recipients) ) diagnostics = _("""X-Wallace-Module: %s X-Wallace-Result: REJECT """) % ( module ) msg = MIMEMultipart("report") msg['From'] = "MAILER-DAEMON@%s" % (constants.fqdn) msg['To'] = formataddr(envelope_sender[0]) msg['Date'] = formatdate(localtime=True) msg['Subject'] = ndr_message_subject msg.preamble = "This is a MIME-encapsulated message." part = MIMEText(ndr_message_text) part.add_header("Content-Description", "Notification") msg.attach(part) _diag_message = Message() _diag_message.set_payload(diagnostics) part = MIMEMessage(_diag_message, "delivery-status") part.add_header("Content-Description", "Delivery Report") msg.attach(part) # @TODO: here I'm not sure message will contain the whole body # when we used headersonly argument of Parser().parse() above # delete X-Kolab-* headers del message['X-Kolab-From'] del message['X-Kolab-To'] part = MIMEMessage(message) part.add_header("Content-Description", "Undelivered Message") msg.attach(part) result = _sendmail( "MAILER-DAEMON@%s" % (constants.fqdn), [formataddr(envelope_sender[0])], msg.as_string() ) log.debug(_("Rejection message was sent successfully: %r") % result) if result: os.unlink(filepath) else: log.debug(_("Message %r was not removed from spool") % filepath) def cb_action_ACCEPT(module, filepath): global extra_log_params extra_log_params['qid'] = os.path.basename(filepath) log.info(_("Accepting message in %s (by module %s)") % (filepath, module)) log.debug(_("Accepting message in: %r") %(filepath), level=8) # parse message headers message = Parser().parse(open(filepath, 'r'), True) messageid = message['message-id'] if 'message-id' in message else None sender = [formataddr(x) for x in getaddresses(message.get_all('X-Kolab-From', []))] recipients = [formataddr(x) for x in getaddresses(message.get_all('X-Kolab-To', []))] log.debug( _("Message-ID: %s, sender: %r, recipients: %r") % (messageid, sender, recipients), level=6 ) # delete X-Kolab-* headers del message['X-Kolab-From'] del message['X-Kolab-To'] log.debug(_("Removed X-Kolab- headers"), level=8) result = _sendmail( sender, recipients, # - Make sure we do not send this as binary. # - Second, strip NUL characters - I don't know where they # come from (TODO) # - Third, a character return is inserted somewhere. It # divides the body from the headers - and we don't like (TODO) # @TODO: check if we need Parser().parse() to load the whole message message.as_string() ) log.debug(_("Message was sent successfully: %r") % result) if result: os.unlink(filepath) else: log.debug(_("Message %r was not removed from spool") % filepath) def register_group(dirname, module): modules_base_path = os.path.join(os.path.dirname(__file__), module) modules[module] = {} for modules_path, dirnames, filenames in os.walk(modules_base_path): if not modules_path == modules_base_path: continue for filename in filenames: if filename.startswith('module_') and filename.endswith('.py'): module_name = filename.replace('.py','') name = module_name.replace('module_', '') # TODO: Error recovery from incomplete / incorrect modules. exec( "from %s.%s import __init__ as %s_%s_register" % ( module, module_name, module, name ) ) exec("%s_%s_register()" % (module,name)) def register(name, func, group=None, description=None, aliases=[], heartbeat=None): if not group == None: module = "%s_%s" % (group,name) else: module = name - if isinstance(aliases, basestring): + if isinstance(aliases, string_types): aliases = [aliases] if module in modules: log.fatal(_("Module '%s' already registered") % (module)) sys.exit(1) if callable(func): if group == None: modules[name] = { 'function': func, 'description': description } else: modules[group][name] = { 'function': func, 'description': description } modules[module] = modules[group][name] modules[module]['group'] = group modules[module]['name'] = name for alias in aliases: modules[alias] = { 'function': func, 'description': _("Alias for %s") % (name) } if callable(heartbeat): modules[module]['heartbeat'] = heartbeat