gunnar: server/perl-kolab/bin kolab_smtpdpolicy.in,1.2.2.2,1.2.2.3
cvs at kolab.org
cvs at kolab.org
Mon Dec 7 09:41:20 CET 2009
Author: gunnar
Update of /kolabrepository/server/perl-kolab/bin
In directory doto:/tmp/cvs-serv3939/bin
Modified Files:
Tag: kolab_2_2_branch
kolab_smtpdpolicy.in
Log Message:
kolab/issue1340 (RFC: restrict users to sending mail only to internal recipients)
Index: kolab_smtpdpolicy.in
===================================================================
RCS file: /kolabrepository/server/perl-kolab/bin/kolab_smtpdpolicy.in,v
retrieving revision 1.2.2.2
retrieving revision 1.2.2.3
diff -u -d -r1.2.2.2 -r1.2.2.3
--- kolab_smtpdpolicy.in 4 Dec 2009 16:33:52 -0000 1.2.2.2
+++ kolab_smtpdpolicy.in 7 Dec 2009 08:41:18 -0000 1.2.2.3
@@ -292,17 +292,37 @@
attrs => [ 'kolabAllowSMTPRecipient' ]);
if( !$mesg->code && $mesg->count() > 0 ) {
mylog($syslog_priority, "LDAP search returned ".$mesg->count()." objects") if $verbose;
+ my $global_permit = 1;
foreach my $entry ( $mesg->entries ) {
my $allowed_recipient;
+ my $permit;
for $allowed_recipient ($entry->get_value('kolabAllowSMTPRecipient')) {
- mylog($syslog_priority, lc($entry->get_value('uid')." has allowed recipient ".$allowed_recipient)) if $verbose;
+ mylog($syslog_priority, lc($username." has allowed recipient ".$allowed_recipient)) if $verbose;
+ # Return early with REJECT if the sender may not send at all ('-')
return undef if $allowed_recipient eq '-';
- # TODO
-
+ # Check if the entry is a negation (leading '-')
+ if ( $allowed_recipient =~ /^-(.*)/ ) {
+ $permit = undef;
+ $allowed_recipient = $1;
+ } else {
+ # Once there is a non-negating entry we need REJECT if no rule matched
+ $global_permit = undef;
+ $permit = 1;
+ }
+ if ( $allowed_recipient =~ /@/ ) {
+ # If the entry contains '@' the leading segment must match
+ return $permit if $recipient =~ /^$allowed_recipient/;
+ } elsif ( $allowed_recipient =~ /^\.(.*)/ ) {
+ # If the entry starts with '.' the trailing domain must match
+ return $permit if $recipient =~ /${1}$/;
+ } else {
+ # All other entries must match the last part of the mail address
+ return $permit if $recipient =~ /\@${allowed_recipient}$/;
+ }
}
}
- # Allow sending if there was no entry or no entry rejcted
- return 1;
+ # Allow sending if there was no entry or no negated entry rejected
+ return $global_permit;
} elsif( $mesg->code && $mesg->code != LDAP_NO_SUCH_OBJECT && $tries++ <= $ldap_max_tries ) {
mylog($syslog_priority, "LDAP Connection error during CHECKRESTRICTEDSENDER: ".$mesg->error.", trying to reconnect" );
ldap_connect;
More information about the commits
mailing list