From de29a02a1cc6a3a1cf86d624432f1ef14ec95be1 Mon Sep 17 00:00:00 2001 From: "Jeroen van Meeuwen (Kolab Systems)" Date: Wed, 21 Sep 2011 11:43:00 +0100 Subject: Verify whether the user is using an alias as well --- bin/kolab_smtp_access_policy.py | 39 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 37 insertions(+), 2 deletions(-) (limited to 'bin') diff --git a/bin/kolab_smtp_access_policy.py b/bin/kolab_smtp_access_policy.py index 159117c..64bbbfc 100755 --- a/bin/kolab_smtp_access_policy.py +++ b/bin/kolab_smtp_access_policy.py @@ -293,6 +293,34 @@ def read_request_input(): return policy_request +def verify_alias(policy_request, sender_domain, sender_user): + sender_uses_alias = None + + # TODO: Whether or not a domain name is in the sasl_username depends on + # whether or not a default realm is specified elsewhere. In other words, + # only attempt to do this and fall back to the primary_domain configured + # for Kolab. + sasl_domain = policy_request['sasl_username'].split('@')[1] + + sender_aliases = auth.get_user_attributes( + sender_domain, + sender_user, + [ 'mail', 'mailalternateaddress' ] + ) + + # We get back a normalized dictionary + for key in sender_aliases.keys(): + if type(sender_aliases[key]) == list: + if policy_request['sender'] in sender_aliases[key]: + sender_uses_alias = True + break + else: + if policy_request['sender'] == sender_aliases[key]: + sender_uses_alias = True + break + + return sender_uses_alias + def verify_delegate(policy_request, sender_domain, sender_user): """ Use the information passed along to determine whether the authenticated @@ -640,6 +668,7 @@ def verify_sender(policy_request): sender_verified = False sender_is_delegate = None + sender_uses_alias = None sasl_user = False @@ -674,7 +703,7 @@ def verify_sender(policy_request): sender_user = { 'dn': auth.find_user( # TODO: Use the configured cyrus-sasl result attribute - 'mail', + [ 'mail', 'mailAlternateAddress' ], parse_address(policy_request['sender']), domain=sender_domain ) @@ -699,9 +728,15 @@ def verify_sender(policy_request): sender_user ) + sender_uses_alias = verify_alias( + policy_request, + sender_domain, + sender_user + ) + # If the authenticated user is using delegate functionality, apply the # recipient policy attribute for the envelope sender. - if sender_is_delegate == False: + if sender_is_delegate == False and sender_uses_alias == False: return False elif sender_is_delegate: -- cgit v1.1