summaryrefslogtreecommitdiffstats
path: root/bin
diff options
context:
space:
mode:
authorJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2013-11-21 15:51:52 +0100
committerJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2013-11-21 15:51:52 +0100
commit2a4c22da772d05b21ad899281f6a2475d4935727 (patch)
tree9cd6bdc4c0e823f1d45b869b703dc62617be91a2 /bin
parentd54170b4b5ecbdcd7238d7cfadfd261f5db93366 (diff)
downloadpykolab-2a4c22da772d05b21ad899281f6a2475d4935727.tar.gz
Try/except the actual routines of the Kolab SMTP Access Policy, and push a traceback through log.error (#2329)
Allow empty sender addresses from trusted hosts, or do not crash but return False (#2329)
Diffstat (limited to 'bin')
-rwxr-xr-xbin/kolab_smtp_access_policy.py49
1 files changed, 40 insertions, 9 deletions
diff --git a/bin/kolab_smtp_access_policy.py b/bin/kolab_smtp_access_policy.py
index 9db2c2a..ed588c2 100755
--- a/bin/kolab_smtp_access_policy.py
+++ b/bin/kolab_smtp_access_policy.py
@@ -1000,6 +1000,31 @@ class PolicyRequest(object):
sender_verified = False
+ if self.sender == None:
+ # Trusted host?
+ if not hasattr(self, 'client_address') or \
+ self.client_address == "" or \
+ self.client_address == None:
+
+ # Nothing to compare to.
+ return False
+
+ try:
+ import netaddr
+
+ networks = conf.get_list(
+ 'kolab_smtp_access_policy',
+ 'empty_sender_hosts'
+ )
+
+ trusted = False
+ for network in networks:
+ if netaddr.IPNetwork(self.client_address) in netaddr.IPNetwork(network):
+ return True
+
+ except ImportError, errmsg:
+ return False
+
if not cache == False:
records = cache_select(
sender=self.sender,
@@ -1483,17 +1508,23 @@ if __name__ == "__main__":
sender_allowed = False
recipient_allowed = False
- if conf.verify_sender:
- sender_allowed = policy_requests[instance].verify_sender()
- else:
- sender_allowed = True
+ try:
+ if conf.verify_sender:
+ sender_allowed = policy_requests[instance].verify_sender()
+ else:
+ sender_allowed = True
- if conf.verify_recipient:
- recipient_allowed = \
- policy_requests[instance].verify_recipients()
+ if conf.verify_recipient:
+ recipient_allowed = \
+ policy_requests[instance].verify_recipients()
- else:
- recipient_allowed = True
+ else:
+ recipient_allowed = True
+
+ except Exception, errmsg:
+ import traceback
+ log.error(_("Unhandled exception caught: %r") % (errmsg))
+ log.error(traceback.format_exc())
if not sender_allowed:
reject(_("Sender access denied"))