Try/except the actual routines of the Kolab SMTP Access Policy, and push a traceback through log.error (#2329)

Allow empty sender addresses from trusted hosts, or do not crash but return False (#2329)
author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com> 2013-11-21 15:51:52 +0100
committer: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com> 2013-11-21 15:51:52 +0100
commit: 2a4c22da772d05b21ad899281f6a2475d4935727 (patch)
tree: 9cd6bdc4c0e823f1d45b869b703dc62617be91a2 /bin/kolab_smtp_access_policy.py
parent: d54170b4b5ecbdcd7238d7cfadfd261f5db93366 (diff)
download: pykolab-2a4c22da772d05b21ad899281f6a2475d4935727.tar.gz
1 files changed, 40 insertions, 9 deletions
diff --git a/bin/kolab_smtp_access_policy.py b/bin/kolab_smtp_access_policy.py
index 9db2c2a..ed588c2 100755
--- a/bin/kolab_smtp_access_policy.py
+++ b/bin/kolab_smtp_access_policy.py
@@ -1000,6 +1000,31 @@ class PolicyRequest(object):
 
         sender_verified = False
 
+        if self.sender == None:
+            # Trusted host?
+            if not hasattr(self, 'client_address') or \
+                    self.client_address == "" or \
+                    self.client_address == None:
+
+                # Nothing to compare to.
+                return False
+
+            try:
+                import netaddr
+
+                networks = conf.get_list(
+                        'kolab_smtp_access_policy',
+                        'empty_sender_hosts'
+                    )
+
+                trusted = False
+                for network in networks:
+                    if netaddr.IPNetwork(self.client_address) in netaddr.IPNetwork(network):
+                        return True
+
+            except ImportError, errmsg:
+                return False
+
         if not cache == False:
             records = cache_select(
                     sender=self.sender,
@@ -1483,17 +1508,23 @@ if __name__ == "__main__":
             sender_allowed = False
             recipient_allowed = False
 
-            if conf.verify_sender:
-                sender_allowed = policy_requests[instance].verify_sender()
-            else:
-                sender_allowed = True
+            try:
+                if conf.verify_sender:
+                    sender_allowed = policy_requests[instance].verify_sender()
+                else:
+                    sender_allowed = True
 
-            if conf.verify_recipient:
-                recipient_allowed = \
-                        policy_requests[instance].verify_recipients()
+                if conf.verify_recipient:
+                    recipient_allowed = \
+                            policy_requests[instance].verify_recipients()
 
-            else:
-                recipient_allowed = True
+                else:
+                    recipient_allowed = True
+
+            except Exception, errmsg:
+                import traceback
+                log.error(_("Unhandled exception caught: %r") % (errmsg))
+                log.error(traceback.format_exc())
 
             if not sender_allowed:
                 reject(_("Sender access denied"))
author	Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>	2013-11-21 15:51:52 +0100
committer	Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>	2013-11-21 15:51:52 +0100
commit	2a4c22da772d05b21ad899281f6a2475d4935727 (patch)
tree	9cd6bdc4c0e823f1d45b869b703dc62617be91a2 /bin/kolab_smtp_access_policy.py
parent	d54170b4b5ecbdcd7238d7cfadfd261f5db93366 (diff)
download	pykolab-2a4c22da772d05b21ad899281f6a2475d4935727.tar.gz