summaryrefslogtreecommitdiffstats
path: root/bin
diff options
context:
space:
mode:
authorJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2011-07-05 09:42:58 +0100
committerJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2011-07-05 09:42:58 +0100
commited15509ca71bc93ca7d2fd063fd453c585fc9834 (patch)
tree43359e98b44aa368ba3a691d701722086efbddaf /bin
parentb982bd940db33270ed9b25fa11032ca291d94a54 (diff)
downloadpykolab-ed15509ca71bc93ca7d2fd063fd453c585fc9834.tar.gz
Try only two locations for caching, /var/lib/kolab/ and /tmp/
Make sure we use the recipient as the object to pull kolabAllowSMTPSender from
Diffstat (limited to 'bin')
-rw-r--r--bin/kolab_smtp_access_policy.py59
1 files changed, 33 insertions, 26 deletions
diff --git a/bin/kolab_smtp_access_policy.py b/bin/kolab_smtp_access_policy.py
index 10c2bdd..a0f18ba 100644
--- a/bin/kolab_smtp_access_policy.py
+++ b/bin/kolab_smtp_access_policy.py
@@ -40,22 +40,24 @@ conf = pykolab.getConf()
auth = Auth()
+#
+# Caching routines using buzhug.
+#
cache_expire = 3600
try:
from buzhug import TS_Base
- # TODO: Attempt to detect the correct location
if os.access(KOLAB_LIB_PATH, os.W_OK):
- cache_path = os.path.join(KOLAB_LIB_PATH, 'kolab_smtp_policy_access')
- else:
- if os.environ.has_key('TMPDIR'):
- if os.access(os.environ['TMPDIR'] or '/tmp', os.W_OK):
- cache_path = os.path.join(TMPDIR, 'kolab_smtp_policy_access')
- else:
- cache_path = './kolab_smtp_access_policy_cache/'
- else:
- cache_path = './kolab_smtp_access_policy_cache/'
+ cache_path = os.path.join(
+ KOLAB_LIB_PATH,
+ 'kolab_smtp_access_policy_cache'
+ )
+ elif os.access('/tmp/', os.W_OK):
+ cache_path = os.path.join(
+ '/tmp/',
+ 'kolab_smtp_access_policy_cache'
+ )
if os.path.exists(cache_path):
mode = "open"
else:
@@ -74,16 +76,20 @@ try:
mode=mode
)
except:
- cache.create(
- ('sender', str),
- ('recipient', str),
- ('sasl_username', str),
- ('sasl_sender', str),
- ('function', str),
- ('result', int),
- ('expire', float),
- mode="override"
- )
+ try:
+ cache.create(
+ ('sender', str),
+ ('recipient', str),
+ ('sasl_username', str),
+ ('sasl_sender', str),
+ ('function', str),
+ ('result', int),
+ ('expire', float),
+ mode="override"
+ )
+ except:
+ log.error(_("Kolab SMTP Access Policy Cache not writeable!"))
+ cache = False
except ImportError:
log.warning(_("Could not import caching library, caching disabled"))
@@ -176,7 +182,8 @@ def read_request_input():
def verify_recipient(policy_request):
"""
- Verify whether the sender is allowed send to this recipient.
+ Verify whether the sender is allowed send to this recipient, using the
+ recipient's kolabAllowSMTPSender.
"""
recipient_verified = False
@@ -198,24 +205,24 @@ def verify_recipient(policy_request):
else:
return record.result
- domain = policy_request['sender'].split('@')[1]
+ domain = policy_request['recipient'].split('@')[1]
user = {
# TODO: Use cyrus-sasl result attribute
'dn': auth.find_user(
'mail',
- parse_address(policy_request['sender']),
+ parse_address(policy_request['recipient']),
domain=domain
)
}
- sender_policy = auth.get_user_attribute(
+ recipient_policy = auth.get_user_attribute(
domain,
user,
'kolabAllowSMTPSender'
)
# If no such attribute has been specified, allow
- if sender_policy == None:
+ if recipient_policy == None:
recipient_verified = True
# Otherwise, match the values in allowed_senders to the actual sender
@@ -223,7 +230,7 @@ def verify_recipient(policy_request):
recipient_verified = parse_policy(
policy_request['sasl_username'],
policy_request['recipient'],
- sender_policy
+ recipient_policy
)
if not cache == False: