summaryrefslogtreecommitdiffstats
path: root/bin
diff options
context:
space:
mode:
authorJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2012-04-13 12:33:10 +0100
committerJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2012-04-13 12:33:10 +0100
commit6bcf448d8ee1a9a542d7798c39a68d1be604c61f (patch)
treef8bc5bc3b9f49e2002a05f2050d0b193bdd8c696 /bin
parentbc0af8397060e65a265bc9ce22df17b1353bf436 (diff)
downloadpykolab-6bcf448d8ee1a9a542d7798c39a68d1be604c61f.tar.gz
Allow the Kolab SMTP Access Policy to consult groups as well
Diffstat (limited to 'bin')
-rwxr-xr-xbin/kolab_smtp_access_policy.py33
1 files changed, 27 insertions, 6 deletions
diff --git a/bin/kolab_smtp_access_policy.py b/bin/kolab_smtp_access_policy.py
index 5ffb5b7..e2a9421 100755
--- a/bin/kolab_smtp_access_policy.py
+++ b/bin/kolab_smtp_access_policy.py
@@ -751,10 +751,23 @@ class PolicyRequest(object):
)
}
+ group = {
+ 'dn': auth.find_group(
+ search_attrs,
+ normalize_address(recipient),
+ domain=sasl_domain,
+ # TODO: Get the filter from the configuration.
+ additional_filter="(&(|(objectclass=" + \
+ "groupofuniquenames)(objectclass=" + \
+ "groupofurls))%(search_filter)s)"
+ )
+ }
+
+
# We have gotten an invalid recipient. We need to catch this case,
# because testing can input invalid recipients, and so can faulty
# applications, or misconfigured servers.
- if not user['dn']:
+ if not user['dn'] and not group['dn']:
if not conf.allow_unauthenticated:
cache_update(
function='verify_recipient',
@@ -779,11 +792,19 @@ class PolicyRequest(object):
log.debug(_("Could not find this user, accepting"), level=8)
return True
- recipient_policy = auth.get_user_attribute(
- sasl_domain,
- user,
- 'kolabAllowSMTPSender'
- )
+ if not user['dn'] == None:
+ recipient_policy = auth.get_user_attribute(
+ sasl_domain,
+ user,
+ 'kolabAllowSMTPSender'
+ )
+
+ if not group['dn'] == None:
+ recipient_policy = auth.get_group_attribute(
+ sasl_domain,
+ group,
+ 'kolabAllowSMTPSender'
+ )
# If no such attribute has been specified, allow
if recipient_policy == None: