summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2011-11-24 14:52:01 +0000
committerJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2011-11-24 14:52:01 +0000
commit106521620419b765115fefaa12c20d9b640c5b55 (patch)
tree38316e7fe5a525808b53d583921e2eef58c3b140
parent8f82c33791454fe83cfc443038065c74cbe206a3 (diff)
downloadpykolab-106521620419b765115fefaa12c20d9b640c5b55.tar.gz
Execute parse_policy explicitly on the subject of the rules only, to avoid confusion between senders and/or recipients being subject to the rules passed along to this function.
Vastly increase debug output at debug level 8 to assist in troubleshooting.
-rwxr-xr-xbin/kolab_smtp_access_policy.py35
1 files changed, 25 insertions, 10 deletions
diff --git a/bin/kolab_smtp_access_policy.py b/bin/kolab_smtp_access_policy.py
index f0773d3..1ec20ad 100755
--- a/bin/kolab_smtp_access_policy.py
+++ b/bin/kolab_smtp_access_policy.py
@@ -295,7 +295,7 @@ def parse_address(email_address):
else:
return email_address
-def parse_policy(sender, recipient, policy):
+def parse_policy(_subject, policy):
# TODO: A future feature is to allow special values to be expanded
#special_rule_values = {
@@ -304,8 +304,7 @@ def parse_policy(sender, recipient, policy):
rules = { 'allow': [], 'deny': [] }
- sender = sender.lower()
- recipient = recipient.lower()
+ _subject = _subject.lower()
for rule in policy:
rule = rule.lower()
@@ -314,7 +313,10 @@ def parse_policy(sender, recipient, policy):
else:
rules['allow'].append(rule)
- #print "From:", sender, "To:", recipient, "Rules:", rules
+ log.debug(
+ _("Parsing policy for subject %s and rules %r") %(_subject,rules),
+ level=8
+ )
allowed = False
for rule in rules['allow']:
@@ -331,10 +333,16 @@ def parse_policy(sender, recipient, policy):
#continue
deny_override = False
- if recipient.endswith(rule):
- #print "Matched allow rule:", rule
+ if _subject.endswith(rule):
+ log.debug(_("Matched allow rule %s") %(rule), level=8)
for deny_rule in rules['deny']:
if deny_rule.endswith(rule):
+ log.debug(
+ _("Matched deny rule %s to override allow rule %s")
+ %(deny_rule,rule),
+ level=8
+ )
+
deny_override = True
if not deny_override:
@@ -343,20 +351,29 @@ def parse_policy(sender, recipient, policy):
denied = False
for rule in rules['deny']:
allow_override = False
- if recipient.endswith(rule):
- #print "Matched deny rule:", rule
+ if _subject.endswith(rule):
+ log.debug(_("Matched deny rule %s") %(rule), level=8)
if not allowed:
denied = True
continue
else:
+ log.debug(_("Subject %s explicitly allowed already"), level=8)
+
for allow_rule in rules['allow']:
if allow_rule.endswith(rule):
+ log.debug(
+ _("Matched allow rule %s to override deny rule %s")
+ %(allow_rule,rule),
+ level=8
+ )
+
allow_override = True
if not allow_override:
denied = True
if not denied:
+ log.debug(_("Not explicitly denied by policy, allowing"), level=8)
allowed = True
return allowed
@@ -718,7 +735,6 @@ def verify_recipient(policy_request):
else:
recipient_verified = parse_policy(
policy_request['sasl_username'],
- policy_request['recipient'],
recipient_policy
)
@@ -908,7 +924,6 @@ def verify_sender(policy_request):
)
sender_verified = parse_policy(
- recipient_policy_sender,
policy_request['recipient'],
recipient_policy
)