summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2012-05-11 16:05:45 +0100
committerJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2012-05-11 16:06:52 +0100
commit40956adf14080053250465dede49436dad13e5ce (patch)
tree5023688a8cf537f3b5996f36e05c93f29afd4dae
parent68c91575fca88dbb198ec2c32ef1dc7974c51014 (diff)
downloadpykolab-40956adf14080053250465dede49436dad13e5ce.tar.gz
Initialize Auth() after the configuration has been finalized.
Fix the kolab smtp access policy using legacy API calls
-rwxr-xr-xbin/kolab_smtp_access_policy.py61
-rw-r--r--pykolab/auth/__init__.py19
-rw-r--r--pykolab/auth/ldap/__init__.py8
3 files changed, 36 insertions, 52 deletions
diff --git a/bin/kolab_smtp_access_policy.py b/bin/kolab_smtp_access_policy.py
index 7f0bf56..bc53278 100755
--- a/bin/kolab_smtp_access_policy.py
+++ b/bin/kolab_smtp_access_policy.py
@@ -48,8 +48,7 @@ except:
from sqlalchemy.schema import Index
from sqlalchemy.schema import UniqueConstraint
-sys.path.append('..')
-sys.path.append('../..')
+sys.path = ['..'] + sys.path
import pykolab
@@ -67,7 +66,7 @@ log.remove_stdout_handler()
conf = pykolab.getConf()
-auth = Auth()
+auth = None
#
# Caching routines using SQLAlchemy.
@@ -444,11 +443,6 @@ class PolicyRequest(object):
# If unauthenticated is allowed, I have nothing to do here.
return True
- search_attrs = conf.get_list(
- 'kolab_smtp_access_policy',
- 'address_search_attrs'
- )
-
# If we have an sasl_username, find the user object in the
# authentication database, along with the attributes we are
# interested in.
@@ -459,8 +453,7 @@ class PolicyRequest(object):
self.sasl_domain = conf.get('kolab', 'primary_domain')
self.sasl_user = {
- 'dn': auth.find_user(
- search_attrs,
+ 'dn': auth.find_recipient(
self.sasl_username,
domain=self.sasl_domain
)
@@ -483,7 +476,10 @@ class PolicyRequest(object):
)
)
- attrs = search_attrs
+ attrs = conf.get_list(self.sasl_domain, 'auth_attributes')
+ if attrs == None:
+ attrs = conf.get_list(conf.get('kolab', 'auth_mechanism'), 'auth_attributes')
+
attrs.extend(
[
'kolabAllowSMTPRecipient',
@@ -735,39 +731,17 @@ class PolicyRequest(object):
return True
- search_attrs = conf.get_list(
- 'kolab_smtp_access_policy',
- 'address_search_attrs'
- )
-
- user = {
- 'dn': auth.find_user(
- search_attrs,
- normalize_address(recipient),
- domain=sasl_domain,
- # TODO: Get the filter from the configuration.
- additional_filter="(&(objectclass=" + \
- "kolabinetorgperson)%(search_filter)s)"
- )
- }
-
- group = {
- 'dn': auth.find_group(
- search_attrs,
+ recipient = {
+ 'dn': auth.find_recipient(
normalize_address(recipient),
domain=sasl_domain,
- # TODO: Get the filter from the configuration.
- additional_filter="(&(|(objectclass=" + \
- "groupofuniquenames)(objectclass=" + \
- "groupofurls))%(search_filter)s)"
)
}
-
# We have gotten an invalid recipient. We need to catch this case,
# because testing can input invalid recipients, and so can faulty
# applications, or misconfigured servers.
- if not user['dn'] and not group['dn']:
+ if not recipient['dn']:
if not conf.allow_unauthenticated:
cache_update(
function='verify_recipient',
@@ -792,17 +766,10 @@ class PolicyRequest(object):
log.debug(_("Could not find this user, accepting"), level=8)
return True
- if not user['dn'] == False:
- recipient_policy = auth.get_user_attribute(
+ if not recipient['dn'] == False:
+ recipient_policy = auth.get_entry_attribute(
sasl_domain,
- user,
- 'kolabAllowSMTPSender'
- )
-
- if not group['dn'] == False:
- recipient_policy = auth.get_group_attribute(
- sasl_domain,
- group,
+ recipient,
'kolabAllowSMTPSender'
)
@@ -1321,6 +1288,8 @@ if __name__ == "__main__":
conf.finalize_conf()
+ auth = Auth()
+
cache = cache_init()
policy_requests = {}
diff --git a/pykolab/auth/__init__.py b/pykolab/auth/__init__.py
index 47f2322..6eaee64 100644
--- a/pykolab/auth/__init__.py
+++ b/pykolab/auth/__init__.py
@@ -149,11 +149,19 @@ class Auth(pykolab.base.Base):
self._auth._disconnect()
- def find_recipient(self, address):
+ def find_recipient(self, address, domain=None):
"""
Find one or more entries corresponding to the recipient address.
"""
- return self._auth.find_recipient(address)
+ if not domain == None:
+ self.connect(domain=domain)
+
+ result = self._auth.find_recipient(address)
+
+ if isinstance(result, list) and len(result) == 1:
+ return result[0]
+ else:
+ return result
def find_user(self, attr, value, **kw):
return self._auth._find_user(attr, value, domain=domain, **kw)
@@ -197,11 +205,14 @@ class Auth(pykolab.base.Base):
def domain_default_quota(self, domain):
return self._auth._domain_default_quota(domain)
+ def get_entry_attribute(self, domain, entry, attribute):
+ return self._auth.get_entry_attribute(entry, attribute)
+
def get_user_attribute(self, domain, user, attribute):
- return self._auth._get_user_attribute(user, attribute)
+ return self._auth.get_entry_attribute(user, attribute)
def get_user_attributes(self, domain, user, attributes):
- return self._auth._get_user_attributes(user, attributes)
+ return self._auth.get_entry_attributes(user, attributes)
def search_mail_address(self, domain, mail_address):
return self._auth._search_mail_address(domain, mail_address)
diff --git a/pykolab/auth/ldap/__init__.py b/pykolab/auth/ldap/__init__.py
index 3d5b699..6bf9f01 100644
--- a/pykolab/auth/ldap/__init__.py
+++ b/pykolab/auth/ldap/__init__.py
@@ -277,13 +277,15 @@ class LDAP(pykolab.base.Base):
Get multiple attributes for an entry.
"""
+ print entry_id
entry_dn = self.entry_dn(entry_id)
+ print entry_dn
_search = self.ldap.search_ext(
entry_dn,
ldap.SCOPE_BASE,
- '(objectclass=*)',
- [ 'dn' ] + attributes
+ filterstr='(objectclass=*)',
+ attrlist=[ 'dn' ] + attributes
)
(
@@ -312,6 +314,8 @@ class LDAP(pykolab.base.Base):
the current entry.
"""
+ self._bind()
+
if not exclude_entry_id == None:
__filter_prefix = "(&"
__filter_suffix = "(!(%s=%s)))" % (