Allow the Kolab SMTP Access Policy to consult groups as well

author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com> 2012-04-13 12:33:10 +0100
committer: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com> 2012-04-13 12:33:10 +0100
commit: 6bcf448d8ee1a9a542d7798c39a68d1be604c61f (patch)
tree: f8bc5bc3b9f49e2002a05f2050d0b193bdd8c696 /bin
parent: bc0af8397060e65a265bc9ce22df17b1353bf436 (diff)
download: pykolab-6bcf448d8ee1a9a542d7798c39a68d1be604c61f.tar.gz
1 files changed, 27 insertions, 6 deletions
diff --git a/bin/kolab_smtp_access_policy.py b/bin/kolab_smtp_access_policy.py
index 5ffb5b7..e2a9421 100755
--- a/bin/kolab_smtp_access_policy.py
+++ b/bin/kolab_smtp_access_policy.py
@@ -751,10 +751,23 @@ class PolicyRequest(object):
                     )
             }
 
+        group = {
+                'dn': auth.find_group(
+                        search_attrs,
+                        normalize_address(recipient),
+                        domain=sasl_domain,
+                        # TODO: Get the filter from the configuration.
+                        additional_filter="(&(|(objectclass=" + \
+                            "groupofuniquenames)(objectclass=" + \
+                            "groupofurls))%(search_filter)s)"
+                    )
+            }
+
+
         # We have gotten an invalid recipient. We need to catch this case,
         # because testing can input invalid recipients, and so can faulty
         # applications, or misconfigured servers.
-        if not user['dn']:
+        if not user['dn'] and not group['dn']:
             if not conf.allow_unauthenticated:
                 cache_update(
                         function='verify_recipient',
@@ -779,11 +792,19 @@ class PolicyRequest(object):
                 log.debug(_("Could not find this user, accepting"), level=8)
                 return True
 
-        recipient_policy = auth.get_user_attribute(
-                sasl_domain,
-                user,
-                'kolabAllowSMTPSender'
-            )
+        if not user['dn'] == None:
+            recipient_policy = auth.get_user_attribute(
+                    sasl_domain,
+                    user,
+                    'kolabAllowSMTPSender'
+                )
+
+        if not group['dn'] == None:
+            recipient_policy = auth.get_group_attribute(
+                    sasl_domain,
+                    group,
+                    'kolabAllowSMTPSender'
+                )
 
         # If no such attribute has been specified, allow
         if recipient_policy == None:
author	Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>	2012-04-13 12:33:10 +0100
committer	Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>	2012-04-13 12:33:10 +0100
commit	6bcf448d8ee1a9a542d7798c39a68d1be604c61f (patch)
tree	f8bc5bc3b9f49e2002a05f2050d0b193bdd8c696 /bin
parent	bc0af8397060e65a265bc9ce22df17b1353bf436 (diff)
download	pykolab-6bcf448d8ee1a9a542d7798c39a68d1be604c61f.tar.gz