summaryrefslogtreecommitdiffstats
path: root/bin
diff options
context:
space:
mode:
authorJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2011-08-03 09:03:38 -0400
committerJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2011-08-03 09:03:38 -0400
commit783563a4ed9aba2628037539c3e1f75e7e79f04f (patch)
tree2b6117e798c5bb1e1b165d1dbd995ba36df131cc /bin
parent961743dc37f00d916b8388bc905ce18d626dad6c (diff)
downloadpykolab-783563a4ed9aba2628037539c3e1f75e7e79f04f.tar.gz
Correct the inserts back into cache
Diffstat (limited to 'bin')
-rwxr-xr-xbin/kolab_smtp_access_policy.py177
1 files changed, 91 insertions, 86 deletions
diff --git a/bin/kolab_smtp_access_policy.py b/bin/kolab_smtp_access_policy.py
index dcd6ed0..f165be9 100755
--- a/bin/kolab_smtp_access_policy.py
+++ b/bin/kolab_smtp_access_policy.py
@@ -357,12 +357,12 @@ def verify_delegate(policy_request, sender_domain, sender_user):
if result == None:
record_id = cache_insert(
- sender=policy_request['sender'],
- recipient=policy_request['recipient'],
- result=False,
+ policy_request['sender'],
+ policy_request['recipient'],
+ 'verify_sender',
+ (int)(False),
sasl_username=policy_request['sasl_username'],
- sasl_sender=policy_request['sasl_sender'],
- function='verify_sender'
+ sasl_sender=policy_request['sasl_sender']
)
sender_is_delegate = False
@@ -517,13 +517,12 @@ def verify_recipient(policy_request):
if result == None:
record_id = cache_insert(
- sender=policy_request['sender'],
- recipient=policy_request['recipient'],
+ policy_request['sender'],
+ policy_request['recipient'],
+ 'verify_recipient',
+ (int)(recipient_verified),
sasl_username=policy_request['sasl_username'],
- sasl_sender=policy_request['sasl_sender'],
- function='verify_recipient',
- result=(int)(recipient_verified),
- expire=time.time() + cache_expire
+ sasl_sender=policy_request['sasl_sender']
)
return recipient_verified
@@ -690,12 +689,12 @@ def verify_sender(policy_request):
if result == None:
record_id = cache_insert(
- sender=policy_request['sender'],
- recipient=policy_request['recipient'],
+ policy_request['sender'],
+ policy_request['recipient'],
+ 'verify_sender',
+ (int)(sender_verified),
sasl_username=policy_request['sasl_username'],
- sasl_sender=policy_request['sasl_sender'],
- function='verify_sender',
- result=sender_verified
+ sasl_sender=policy_request['sasl_sender']
)
return sender_verified
@@ -742,104 +741,110 @@ if __name__ == "__main__":
sender_allowed = True
recipient_allowed = True
- if conf.verify_sender:
- sender_allowed = False
-
- log.debug(_("Verifying sender."), level=8)
-
- # If no sender is specified, we bail out.
- if policy_request['sender'] == "":
- log.debug(_("No sender specified."), level=8)
- reject(_("Invalid sender"))
+ if conf.has_option('kolab_smtp_access_policy', 'allow_helo_names'):
+ if policy_request['helo_name'] in conf.get('kolab_smtp_access_policy', 'allow_helo_names'):
+ permit(_("Trusted HELO sender"))
policy_done = True
- # If no sasl username exists, ...
- if policy_request['sasl_username'] == "":
- log.debug(_("No SASL username in request."), level=8)
+ if not policy_done:
+ if conf.verify_sender:
+ sender_allowed = False
- if not conf.allow_unauthenticated:
- log.debug(
- _("Not allowing unauthenticated senders."),
- level=8
- )
+ log.debug(_("Verifying sender."), level=8)
- reject(_("Access denied for unauthenticated senders"))
+ # If no sender is specified, we bail out.
+ if policy_request['sender'] == "":
+ log.debug(_("No sender specified."), level=8)
+ reject(_("Invalid sender"))
policy_done = True
- else:
- log.debug(_("Allowing unauthenticated senders."), level=8)
+ # If no sasl username exists, ...
+ if policy_request['sasl_username'] == "":
+ log.debug(_("No SASL username in request."), level=8)
+
+ if not conf.allow_unauthenticated:
+ log.debug(
+ _("Not allowing unauthenticated senders."),
+ level=8
+ )
- if not verify_domain(policy_request['sender'].split('@')[1]):
- sender_allowed = True
- permit(_("External sender"))
+ reject(_("Access denied for unauthenticated senders"))
policy_done = True
else:
- sender_allowed = verify_sender(policy_request)
+ log.debug(_("Allowing unauthenticated senders."), level=8)
- # If the authenticated username is the sender...
- elif policy_request["sasl_username"] == policy_request["sender"]:
- log.debug(
- _("Allowing authenticated sender %s to send as %s.") %(
- policy_request["sasl_username"],
- policy_request["sender"]
- ),
- level=8
- )
+ if not verify_domain(policy_request['sender'].split('@')[1]):
+ sender_allowed = True
+ permit(_("External sender"))
+ policy_done = True
- sender_allowed = True
+ else:
+ sender_allowed = verify_sender(policy_request)
- permit(
- _("Authenticated as sender %s") %(
- policy_request['sender']
- )
- )
+ # If the authenticated username is the sender...
+ elif policy_request["sasl_username"] == policy_request["sender"]:
+ log.debug(
+ _("Allowing authenticated sender %s to send as %s.") %(
+ policy_request["sasl_username"],
+ policy_request["sender"]
+ ),
+ level=8
+ )
- policy_done = True
+ sender_allowed = True
- # Or if the authenticated username is the sender but the sender address
- # lists an address with a recipient delimiter...
- #
- # TODO: The recipient delimiter is configurable!
- elif policy_request["sasl_username"] == \
- parse_address(
- policy_request["sender"]
- ):
+ permit(
+ _("Authenticated as sender %s") %(
+ policy_request['sender']
+ )
+ )
- sender_allowed = True
+ policy_done = True
- permit(
- _("Authenticated as sender %s") %(
- parse_address(policy_request["sender"])
- )
- )
+ # Or if the authenticated username is the sender but the sender address
+ # lists an address with a recipient delimiter...
+ #
+ # TODO: The recipient delimiter is configurable!
+ elif policy_request["sasl_username"] == \
+ parse_address(
+ policy_request["sender"]
+ ):
- policy_done = True
+ sender_allowed = True
- else:
- sender_allowed = verify_sender(policy_request)
+ permit(
+ _("Authenticated as sender %s") %(
+ parse_address(policy_request["sender"])
+ )
+ )
- if conf.verify_recipient:
- recipient_allowed = False
+ policy_done = True
- log.debug(_("Verifying recipient."), level=8)
+ else:
+ sender_allowed = verify_sender(policy_request)
- if policy_request['recipient'] == "":
- reject(_("Invalid recipient"))
- policy_done = True
+ if conf.verify_recipient:
+ recipient_allowed = False
- if policy_request['sasl_username'] == "":
- log.debug(_("No SASL username in request."), level=8)
+ log.debug(_("Verifying recipient."), level=8)
- if not conf.allow_unauthenticated:
- log.debug(_("Not allowing unauthenticated senders."), level=8)
- reject(_("Access denied for unauthenticated senders"))
+ if policy_request['recipient'] == "":
+ reject(_("Invalid recipient"))
policy_done = True
+ if policy_request['sasl_username'] == "":
+ log.debug(_("No SASL username in request."), level=8)
+
+ if not conf.allow_unauthenticated:
+ log.debug(_("Not allowing unauthenticated senders."), level=8)
+ reject(_("Access denied for unauthenticated senders"))
+ policy_done = True
+
+ else:
+ recipient_allowed = verify_recipient(policy_request)
else:
recipient_allowed = verify_recipient(policy_request)
- else:
- recipient_allowed = verify_recipient(policy_request)
if not policy_done:
# TODO: Insert whitelists.