diff options
author | Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com> | 2012-04-13 12:33:10 +0100 |
---|---|---|
committer | Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com> | 2012-04-13 12:33:10 +0100 |
commit | 6bcf448d8ee1a9a542d7798c39a68d1be604c61f (patch) | |
tree | f8bc5bc3b9f49e2002a05f2050d0b193bdd8c696 /bin | |
parent | bc0af8397060e65a265bc9ce22df17b1353bf436 (diff) | |
download | pykolab-6bcf448d8ee1a9a542d7798c39a68d1be604c61f.tar.gz |
Allow the Kolab SMTP Access Policy to consult groups as well
Diffstat (limited to 'bin')
-rwxr-xr-x | bin/kolab_smtp_access_policy.py | 33 |
1 files changed, 27 insertions, 6 deletions
diff --git a/bin/kolab_smtp_access_policy.py b/bin/kolab_smtp_access_policy.py index 5ffb5b7..e2a9421 100755 --- a/bin/kolab_smtp_access_policy.py +++ b/bin/kolab_smtp_access_policy.py @@ -751,10 +751,23 @@ class PolicyRequest(object): ) } + group = { + 'dn': auth.find_group( + search_attrs, + normalize_address(recipient), + domain=sasl_domain, + # TODO: Get the filter from the configuration. + additional_filter="(&(|(objectclass=" + \ + "groupofuniquenames)(objectclass=" + \ + "groupofurls))%(search_filter)s)" + ) + } + + # We have gotten an invalid recipient. We need to catch this case, # because testing can input invalid recipients, and so can faulty # applications, or misconfigured servers. - if not user['dn']: + if not user['dn'] and not group['dn']: if not conf.allow_unauthenticated: cache_update( function='verify_recipient', @@ -779,11 +792,19 @@ class PolicyRequest(object): log.debug(_("Could not find this user, accepting"), level=8) return True - recipient_policy = auth.get_user_attribute( - sasl_domain, - user, - 'kolabAllowSMTPSender' - ) + if not user['dn'] == None: + recipient_policy = auth.get_user_attribute( + sasl_domain, + user, + 'kolabAllowSMTPSender' + ) + + if not group['dn'] == None: + recipient_policy = auth.get_group_attribute( + sasl_domain, + group, + 'kolabAllowSMTPSender' + ) # If no such attribute has been specified, allow if recipient_policy == None: |