5 commits - bin/kolab_smtp_access_policy.py configure.ac pykolab/auth pykolab/logger.py
Jeroen van Meeuwen
vanmeeuwen at kolabsys.com
Fri Apr 13 15:56:35 CEST 2012
bin/kolab_smtp_access_policy.py | 33 +++++++++---
configure.ac | 2
pykolab/auth/__init__.py | 25 +++++++++
pykolab/auth/ldap/__init__.py | 109 ++++++++++++++++++++++++++++++++++++++++
pykolab/logger.py | 18 ++++--
5 files changed, 175 insertions(+), 12 deletions(-)
New commits:
commit 7a035d583d3c8cd961fb7881c86ce3769bab4e5d
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Fri Apr 13 12:48:37 2012 +0100
Bump pre-release
diff --git a/configure.ac b/configure.ac
index 844c9de..12531dd 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
AC_INIT([pykolab], 0.3)
-AC_SUBST([RELEASE], 0.21)
+AC_SUBST([RELEASE], 0.22)
AC_CONFIG_SRCDIR(pykolab/constants.py.in)
commit 9422f2cc8899c74e09f1dc047d049a74e72da283
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Fri Apr 13 12:48:13 2012 +0100
Fix some mistakes in the previous commit
diff --git a/bin/kolab_smtp_access_policy.py b/bin/kolab_smtp_access_policy.py
index e2a9421..7f0bf56 100755
--- a/bin/kolab_smtp_access_policy.py
+++ b/bin/kolab_smtp_access_policy.py
@@ -792,14 +792,14 @@ class PolicyRequest(object):
log.debug(_("Could not find this user, accepting"), level=8)
return True
- if not user['dn'] == None:
+ if not user['dn'] == False:
recipient_policy = auth.get_user_attribute(
sasl_domain,
user,
'kolabAllowSMTPSender'
)
- if not group['dn'] == None:
+ if not group['dn'] == False:
recipient_policy = auth.get_group_attribute(
sasl_domain,
group,
diff --git a/pykolab/auth/ldap/__init__.py b/pykolab/auth/ldap/__init__.py
index 237cfbd..5ed2c46 100644
--- a/pykolab/auth/ldap/__init__.py
+++ b/pykolab/auth/ldap/__init__.py
@@ -836,7 +836,7 @@ class LDAP(object):
attribute = attribute.lower()
log.debug(
- _("Getting attribute %s for group %s") % (attribute,user),
+ _("Getting attribute %s for group %s") % (attribute,group),
level=8
)
commit 8c6f0209bb5cef9be92cc6ef794397e2a2e6d313
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Fri Apr 13 12:33:39 2012 +0100
Bump pre-release
diff --git a/configure.ac b/configure.ac
index 3687a8f..844c9de 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
AC_INIT([pykolab], 0.3)
-AC_SUBST([RELEASE], 0.20)
+AC_SUBST([RELEASE], 0.21)
AC_CONFIG_SRCDIR(pykolab/constants.py.in)
commit 6bcf448d8ee1a9a542d7798c39a68d1be604c61f
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Fri Apr 13 12:33:10 2012 +0100
Allow the Kolab SMTP Access Policy to consult groups as well
diff --git a/bin/kolab_smtp_access_policy.py b/bin/kolab_smtp_access_policy.py
index 5ffb5b7..e2a9421 100755
--- a/bin/kolab_smtp_access_policy.py
+++ b/bin/kolab_smtp_access_policy.py
@@ -751,10 +751,23 @@ class PolicyRequest(object):
)
}
+ group = {
+ 'dn': auth.find_group(
+ search_attrs,
+ normalize_address(recipient),
+ domain=sasl_domain,
+ # TODO: Get the filter from the configuration.
+ additional_filter="(&(|(objectclass=" + \
+ "groupofuniquenames)(objectclass=" + \
+ "groupofurls))%(search_filter)s)"
+ )
+ }
+
+
# We have gotten an invalid recipient. We need to catch this case,
# because testing can input invalid recipients, and so can faulty
# applications, or misconfigured servers.
- if not user['dn']:
+ if not user['dn'] and not group['dn']:
if not conf.allow_unauthenticated:
cache_update(
function='verify_recipient',
@@ -779,11 +792,19 @@ class PolicyRequest(object):
log.debug(_("Could not find this user, accepting"), level=8)
return True
- recipient_policy = auth.get_user_attribute(
- sasl_domain,
- user,
- 'kolabAllowSMTPSender'
- )
+ if not user['dn'] == None:
+ recipient_policy = auth.get_user_attribute(
+ sasl_domain,
+ user,
+ 'kolabAllowSMTPSender'
+ )
+
+ if not group['dn'] == None:
+ recipient_policy = auth.get_group_attribute(
+ sasl_domain,
+ group,
+ 'kolabAllowSMTPSender'
+ )
# If no such attribute has been specified, allow
if recipient_policy == None:
diff --git a/pykolab/auth/__init__.py b/pykolab/auth/__init__.py
index 36e9600..04fd578 100644
--- a/pykolab/auth/__init__.py
+++ b/pykolab/auth/__init__.py
@@ -144,6 +144,23 @@ class Auth(object):
self._auth._disconnect()
+ def find_group(self, attr, value, domain=None, **kw):
+ self.connect(domain)
+
+ if self.secondary_domains.has_key(domain):
+ log.debug(
+ _("Using primary domain %s instead of secondary domain %s")
+ % (
+ self.secondary_domains[domain],
+ domain
+ ),
+ level=9
+ )
+
+ domain = self.secondary_domains[domain]
+
+ return self._auth._find_group(attr, value, domain=domain, **kw)
+
def find_user(self, attr, value, domain=None, **kw):
self.connect(domain)
@@ -242,6 +259,14 @@ class Auth(object):
return self._auth._domain_section(domain)
+ def get_group_attribute(self, domain, group, attribute):
+ self.connect(domain=domain)
+
+ if self.secondary_domains.has_key(domain):
+ domain = self.secondary_domains[domain]
+
+ return self._auth._get_group_attribute(group, attribute)
+
def get_user_attribute(self, domain, user, attribute):
self.connect(domain=domain)
diff --git a/pykolab/auth/ldap/__init__.py b/pykolab/auth/ldap/__init__.py
index da16560..237cfbd 100644
--- a/pykolab/auth/ldap/__init__.py
+++ b/pykolab/auth/ldap/__init__.py
@@ -302,6 +302,65 @@ class LDAP(object):
return _user_dn
+ def _find_group(self, attr, value, domain=None, additional_filter=None, base_dn=None):
+ self._connect()
+ self._bind()
+
+ if domain == None:
+ domain = conf.get('kolab', 'primary_domain')
+
+ domain_root_dn = self._kolab_domain_root_dn(domain)
+
+ if conf.has_option(domain, 'group_base_dn'):
+ section = domain
+ else:
+ section = 'ldap'
+
+ if base_dn == None:
+ group_base_dn = conf.get_raw(
+ section,
+ 'group_base_dn'
+ ) % ({'base_dn': domain_root_dn})
+ else:
+ group_base_dn = base_dn
+
+ if type(attr) == str:
+ search_filter = "(%s=%s)" % (
+ attr,
+ value
+ )
+ elif type(attr) == list:
+ search_filter = "(|"
+ for _attr in attr:
+ search_filter = "%s(%s=%s)" % (search_filter, _attr, value)
+ search_filter = "%s)" % (search_filter)
+
+ if additional_filter:
+ search_filter = additional_filter % {
+ 'search_filter': search_filter
+ }
+
+ log.debug(
+ _("Attempting to find the group with search filter: %s") % (
+ search_filter
+ ),
+ level=8
+ )
+
+ _results = self.ldap.search_s(
+ group_base_dn,
+ scope=ldap.SCOPE_SUBTREE,
+ filterstr=search_filter,
+ attrlist=[ 'dn' ]
+ )
+
+ if len(_results) == 1:
+ (_group_dn, _group_attrs) = _results[0]
+ else:
+ return False
+
+ return _group_dn
+
def _find_user(self, attr, value, domain=None, additional_filter=None, base_dn=None):
self._connect()
self._bind()
@@ -771,6 +830,56 @@ class LDAP(object):
else:
return 'ldap'
+ def _get_group_attribute(self, group, attribute):
+ self._bind()
+
+ attribute = attribute.lower()
+
+ log.debug(
+ _("Getting attribute %s for group %s") % (attribute,user),
+ level=8
+ )
+
+ _result_type = None
+
+ _search = self.ldap.search_ext(
+ group['dn'],
+ ldap.SCOPE_BASE,
+ '(objectclass=*)',
+ [ 'dn', attribute ]
+ )
+
+ (
+ _result_type,
+ _result_data,
+ _result_msgid,
+ _result_controls
+ ) = self.ldap.result3(_search)
+
+ if len(_result_data) >= 1:
+ (group_dn, group_attrs) = _result_data[0]
+ else:
+ log.warning(_("Could not get attribute %s for group %s")
+ % (attribute,user['dn']))
+
+ return None
+
+ group_attrs = utils.normalize(group_attrs)
+
+ if not group_attrs.has_key(attribute):
+ log.debug(
+ _("Wanted attribute %s, which does not exist for group " + \
+ "%r") % (
+ attribute,
+ group_dn
+ ),
+ level=8
+ )
+
+ group_attrs[attribute] = None
+
+ return group_attrs[attribute]
+
def _get_user_attribute(self, user, attribute):
self._bind()
commit bc0af8397060e65a265bc9ce22df17b1353bf436
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Tue Apr 10 11:20:26 2012 +0100
Silence the stdout logger if it can detect we're meant to fork to the background
diff --git a/pykolab/logger.py b/pykolab/logger.py
index e1d1189..2101866 100644
--- a/pykolab/logger.py
+++ b/pykolab/logger.py
@@ -33,6 +33,7 @@ class Logger(logging.Logger):
loglevel capabilities, a debuglevel capability.
"""
debuglevel = 0
+ fork = False
loglevel = logging.CRITICAL
for arg in sys.argv:
@@ -40,6 +41,7 @@ class Logger(logging.Logger):
debuglevel = int(arg)
loglevel = logging.DEBUG
break
+
if '-d' == arg:
debuglevel = -1
continue
@@ -47,6 +49,10 @@ class Logger(logging.Logger):
if '-l' == arg:
loglevel = -1
continue
+
+ if '--fork' == arg:
+ fork = True
+
if loglevel == -1:
if hasattr(logging,arg.upper()):
loglevel = getattr(logging,arg.upper())
@@ -65,10 +71,11 @@ class Logger(logging.Logger):
plaintextformatter = logging.Formatter("%(asctime)s %(name)s %(levelname)s %(message)s")
- self.console_stdout = logging.StreamHandler(sys.stdout)
- self.console_stdout.setFormatter(plaintextformatter)
+ if not self.fork:
+ self.console_stdout = logging.StreamHandler(sys.stdout)
+ self.console_stdout.setFormatter(plaintextformatter)
- self.addHandler(self.console_stdout)
+ self.addHandler(self.console_stdout)
if kw.has_key('logfile'):
self.logfile = kw['logfile']
@@ -88,8 +95,9 @@ class Logger(logging.Logger):
pass
def remove_stdout_handler(self):
- self.console_stdout.close()
- self.removeHandler(self.console_stdout)
+ if not self.fork:
+ self.console_stdout.close()
+ self.removeHandler(self.console_stdout)
def debug(self, msg, level=1):
self.setLevel(self.loglevel)
More information about the commits
mailing list