wilde: server/php-kolab/Kolab_Filter/Filter Content.php,1.4,1.5

cvs at kolab.org cvs at kolab.org
Mon Feb 11 17:46:53 CET 2008 

Author: wilde

Update of /kolabrepository/server/php-kolab/Kolab_Filter/Filter
In directory doto:/tmp/cvs-serv1349/php-kolab/Kolab_Filter/Filter

Modified Files:
	Content.php 
Log Message:
Kolab-Filter: don't reject or rewrite mails from privileged networks.
THIS IS AN PRELIMINARY HOT FIX.  See kolab/issue2466.


Index: Content.php
===================================================================
RCS file: /kolabrepository/server/php-kolab/Kolab_Filter/Filter/Content.php,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- Content.php	30 Jan 2008 21:04:28 -0000	1.4
+++ Content.php	11 Feb 2008 16:46:51 -0000	1.5
@@ -390,6 +390,26 @@
     return sprintf($fmt, $sender);
 }
 
+/** Match IP addresses against Networks in CIDR notation. **/ 
+function match_ip($network, $ip)
+{
+  $iplong = ip2long($ip);
+  $cidr = explode("/", $network);
+  $netiplong = ip2long($cidr[0]);
+  if ( $cidr[1] ) {
+    $iplong = $iplong & ( 0xffffffff << 32 - $cidr[1] );
+    $netiplong = $netiplong & ( 0xffffffff << 32 - $cidr[1] );
+  }
+  if ($iplong == $netiplong)
+    {
+      return TRUE;
+    } 
+  else 
+    {
+      return FALSE;
+    }  
+}
+
 /** Check that the From header is not trying
     to impersonate a valid user that is not
     $sasluser. Returns one of:
@@ -438,6 +458,12 @@
         $kolabhosts = 'localhost';
     }
 
+    if (!empty($conf['filter']['privileged_networks'])) {
+        $privnetworks = $conf['filter']['privileged_networks'];
+    } else {
+        $privnetworks = '127.0.0.0/8';
+    }
+
     /* Allow anything from localhost and
      * fellow Kolab-hosts 
      */
@@ -448,10 +474,16 @@
     $kolabhosts = split(',', $kolabhosts);
     $kolabhosts = array_map('gethostbyname', $kolabhosts );
 
+    $privnetworks = split(',', $privnetworks);
+
     if (array_search($client_addr, $kolabhosts) !== false) {
         return true;
     }
     
+    foreach ($privnetworks as $network)
+      if (match_ip($network, $client_addr))
+        return true;
+
     if ($sasluser) {
         $allowed_addrs = addrs_for_uid($sasluser);
         if ($allowed_addrs instanceof PEAR_Error) {

More information about the commits mailing list