diff options
author | Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com> | 2011-07-18 15:23:01 +0200 |
---|---|---|
committer | Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com> | 2011-07-18 15:23:01 +0200 |
commit | 286705a702674b16f8f142238edf0c2eb1b36e59 (patch) | |
tree | 8d113b150c6dff74e9d558bd513b682fa83f1288 /bin | |
parent | 5ff684c37594dba5bf5936a40b685aa65e8da6ef (diff) | |
download | pykolab-286705a702674b16f8f142238edf0c2eb1b36e59.tar.gz |
Make sure we only hand out one result per policy request
Diffstat (limited to 'bin')
-rw-r--r-- | bin/kolab_smtp_access_policy.py | 25 |
1 files changed, 18 insertions, 7 deletions
diff --git a/bin/kolab_smtp_access_policy.py b/bin/kolab_smtp_access_policy.py index 9e29c11..c814e59 100644 --- a/bin/kolab_smtp_access_policy.py +++ b/bin/kolab_smtp_access_policy.py @@ -679,6 +679,7 @@ if __name__ == "__main__": # When either is configured or specified to be verified, negate # that policy to be false by default. # + policy_done = False sender_allowed = True recipient_allowed = True @@ -691,6 +692,7 @@ if __name__ == "__main__": if policy_request['sender'] == "": log.debug(_("No sender specified."), level=8) reject(_("Invalid sender")) + policy_done = True # If no sasl username exists, ... if policy_request['sasl_username'] == "": @@ -703,6 +705,7 @@ if __name__ == "__main__": ) reject(_("Access denied for unauthenticated senders")) + policy_done = True else: log.debug(_("Allowing unauthenticated senders."), level=8) @@ -710,6 +713,7 @@ if __name__ == "__main__": if not verify_domain(policy_request['sender'].split('@')[1]): sender_allowed = True permit(_("External sender")) + policy_done = True else: sender_allowed = verify_sender(policy_request) @@ -732,6 +736,8 @@ if __name__ == "__main__": ) ) + policy_done = True + # Or if the authenticated username is the sender but the sender address # lists an address with a recipient delimiter... # @@ -749,6 +755,8 @@ if __name__ == "__main__": ) ) + policy_done = True + else: sender_allowed = verify_sender(policy_request) @@ -759,6 +767,7 @@ if __name__ == "__main__": if policy_request['recipient'] == "": reject(_("Invalid recipient")) + policy_done = True if policy_request['sasl_username'] == "": log.debug(_("No SASL username in request."), level=8) @@ -766,18 +775,20 @@ if __name__ == "__main__": if not conf.allow_unauthenticated: log.debug(_("Not allowing unauthenticated senders."), level=8) reject(_("Access denied for unauthenticated senders")) + policy_done = True else: recipient_allowed = verify_recipient(policy_request) else: recipient_allowed = verify_recipient(policy_request) - # TODO: Insert whitelists. - if conf.verify_sender and not sender_allowed: - reject(_("Sender access denied"), policy_request) + if not policy_done: + # TODO: Insert whitelists. + if conf.verify_sender and not sender_allowed: + reject(_("Sender access denied"), policy_request) - elif conf.verify_recipient and not recipient_allowed: - reject(_("Recipient access denied"), policy_request) + elif conf.verify_recipient and not recipient_allowed: + reject(_("Recipient access denied"), policy_request) - else: - permit(_("No objections"))
\ No newline at end of file + else: + permit(_("No objections"))
\ No newline at end of file |