3 commits - bin/kolab_smtp_access_policy.py conf/kolab.conf
Jeroen van Meeuwen
vanmeeuwen at kolabsys.com
Sun Sep 16 20:24:39 CEST 2012
bin/kolab_smtp_access_policy.py | 91 +++++++++++++++++++---------------------
conf/kolab.conf | 2
2 files changed, 45 insertions(+), 48 deletions(-)
New commits:
commit 23f28a7a1ce96532dc22b434d5b092e27e65d175
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Sun Sep 16 19:23:51 2012 +0100
Re-enable and tweak the kolab_smtp_access_policy cache
diff --git a/bin/kolab_smtp_access_policy.py b/bin/kolab_smtp_access_policy.py
index 45676b4..49319c1 100755
--- a/bin/kolab_smtp_access_policy.py
+++ b/bin/kolab_smtp_access_policy.py
@@ -628,24 +628,15 @@ class PolicyRequest(object):
# Got a final answer here, do the caching thing.
if not cache == False:
- records = cache_select(
+ record_id = cache_update(
function='verify_sender',
sender=self.sender,
recipients=self.recipients,
+ result=(int)(False),
sasl_username=self.sasl_username,
sasl_sender=self.sasl_sender
)
- if not len(records) == len(self.recipients):
- record_id = cache_insert(
- function='verify_sender',
- sender=self.sender,
- recipients=self.recipients,
- result=(int)(False),
- sasl_username=self.sasl_username,
- sasl_sender=self.sasl_sender
- )
-
sender_is_delegate = False
else:
@@ -1039,24 +1030,15 @@ class PolicyRequest(object):
sender_verified = True
if not cache == False:
- records = cache_select(
+ record_id = cache_update(
function='verify_sender',
sender=self.sender,
recipients=self.recipients,
+ result=(int)(sender_verified),
sasl_username=self.sasl_username,
- sasl_sender=self.sasl_sender,
+ sasl_sender=self.sasl_sender
)
- if len(records) == len(self.recipients):
- record_id = cache_insert(
- function='verify_sender',
- sender=self.sender,
- recipients=self.recipients,
- result=(int)(sender_verified),
- sasl_username=self.sasl_username,
- sasl_sender=self.sasl_sender
- )
-
return sender_verified
def cache_cleanup():
@@ -1073,11 +1055,9 @@ def cache_cleanup():
def cache_init():
global cache, cache_expire, session
- return False
-
if conf.has_section('kolab_smtp_access_policy'):
- if conf.has_option('kolab_smtp_access_policy', 'uri'):
- cache_uri = conf.get('kolab_smtp_access_policy', 'uri')
+ if conf.has_option('kolab_smtp_access_policy', 'cache_uri'):
+ cache_uri = conf.get('kolab_smtp_access_policy', 'cache_uri')
cache = True
if conf.has_option('kolab_smtp_access_policy', 'retention'):
cache_expire = (int)(
@@ -1086,7 +1066,10 @@ def cache_init():
'retention'
)
)
-
+ elif conf.has_option('kolab_smtp_access_policy', 'uri'):
+ log.warning(_("The 'uri' setting in the kolab_smtp_access_policy section is soon going to be deprecated in favor of 'cache_uri'"))
+ cache_uri = conf.get('kolab_smtp_access_policy', 'uri')
+ cache = True
else:
return False
else:
commit 21098a6cb023fa3cf95b1477d6e3e4608bfec6ff
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Sun Sep 16 19:20:06 2012 +0100
Set the default retention time for policy enforcement caching to 1 day
diff --git a/conf/kolab.conf b/conf/kolab.conf
index 02d301d..72d2e19 100644
--- a/conf/kolab.conf
+++ b/conf/kolab.conf
@@ -147,7 +147,7 @@ auth_attributes = mail, alias, uid
[kolab_smtp_access_policy]
cache_uri = mysql://user:pass@localhost/database
-cache_retention = 30
+cache_retention = 86400
address_search_attrs = mail, alias
; Section for Hosted client interface settings. This is not enabled by default.
commit ec66f4ec0fd4b4c540e5ee66d5b91ff191a979c0
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Sun Sep 16 18:55:09 2012 +0100
Make sure Auth() is only created for the relevant domain, and at the right time (#1017)
diff --git a/bin/kolab_smtp_access_policy.py b/bin/kolab_smtp_access_policy.py
index fba9c1a..45676b4 100755
--- a/bin/kolab_smtp_access_policy.py
+++ b/bin/kolab_smtp_access_policy.py
@@ -66,8 +66,6 @@ log.remove_stdout_handler()
conf = pykolab.getConf()
-auth = None
-
#
# Caching routines using SQLAlchemy.
#
@@ -154,6 +152,8 @@ class PolicyRequest(object):
email_address_keys = [ 'sender', 'recipient' ]
recipients = []
+ auth = None
+
sasl_domain = None
sasl_user = None
sender_domain = None
@@ -241,7 +241,7 @@ class PolicyRequest(object):
'address_search_attrs'
)
- rule_subject = auth.get_user_attributes(
+ rule_subject = self.auth.get_user_attributes(
self.sasl_domain,
{ 'dn': dn },
search_attrs + [ 'objectclass' ]
@@ -282,8 +282,8 @@ class PolicyRequest(object):
users = []
- auth._auth._bind()
- _users = auth._auth._search(
+ self.auth._auth._bind()
+ _users = self.auth._auth._search(
_base_dn,
scope=LDAP_SCOPE[_scope],
filterstr=_filter,
@@ -457,7 +457,12 @@ class PolicyRequest(object):
else:
self.sasl_domain = conf.get('kolab', 'primary_domain')
- sasl_users = auth.find_recipient(
+ if self.auth == None:
+ self.auth = Auth(self.sasl_domain)
+ elif not self.auth.domain == self.sasl_domain:
+ self.auth = Auth(self.sasl_domain)
+
+ sasl_users = self.auth.find_recipient(
self.sasl_username,
domain=self.sasl_domain
)
@@ -517,7 +522,7 @@ class PolicyRequest(object):
attrs = list(set(attrs))
- user_attrs = auth.get_user_attributes(
+ user_attrs = self.auth.get_user_attributes(
self.sasl_domain,
self.sasl_user,
attrs
@@ -555,7 +560,7 @@ class PolicyRequest(object):
'mail_attributes'
)
- sender_users = auth.find_recipient(
+ sender_users = self.auth.find_recipient(
self.sender,
domain=self.sender_domain
)
@@ -594,7 +599,7 @@ class PolicyRequest(object):
]
)
- user_attrs = auth.get_user_attributes(
+ user_attrs = self.auth.get_user_attributes(
self.sender_domain,
self.sender_user,
attrs
@@ -647,7 +652,7 @@ class PolicyRequest(object):
# See if we can match the value of the envelope sender delegates to
# the actual sender sasl_username
if self.sasl_user == None:
- sasl_users = auth.find_recipient(
+ sasl_users = self.auth.find_recipient(
self.sasl_username,
domain=self.sasl_domain
)
@@ -664,7 +669,7 @@ class PolicyRequest(object):
# Possible values for the kolabDelegate attribute are:
# a 'uid', a 'dn'.
if not self.sasl_user.has_key('uid'):
- self.sasl_user['uid'] = auth.get_user_attribute(
+ self.sasl_user['uid'] = self.auth.get_user_attribute(
self.sasl_domain,
self.sasl_user,
'uid'
@@ -748,16 +753,16 @@ class PolicyRequest(object):
sasl_domain = conf.get('kolab', 'primary_domain')
if verify_domain(sasl_domain):
- if auth.secondary_domains.has_key(sasl_domain):
+ if self.auth.secondary_domains.has_key(sasl_domain):
log.debug(
_("Using authentication domain %s instead of %s") % (
- auth.secondary_domains[sasl_domain],
+ self.auth.secondary_domains[sasl_domain],
sasl_domain
),
level=8
)
- sasl_domain = auth.secondary_domains[sasl_domain]
+ sasl_domain = self.auth.secondary_domains[sasl_domain]
else:
log.debug(
_("Domain %s is a primary domain") % (
@@ -775,7 +780,12 @@ class PolicyRequest(object):
return True
- recipients = auth.find_recipient(
+ if self.auth == None:
+ self.auth = Auth(sasl_domain)
+ elif not self.auth.domain == sasl_domain:
+ self.auth = Auth(sasl_domain)
+
+ recipients = self.auth.find_recipient(
normalize_address(recipient),
domain=sasl_domain,
)
@@ -832,7 +842,7 @@ class PolicyRequest(object):
return True
if not recipient['dn'] == False:
- recipient_policy = auth.get_entry_attribute(
+ recipient_policy = self.auth.get_entry_attribute(
sasl_domain,
recipient,
'kolabAllowSMTPSender'
@@ -988,7 +998,7 @@ class PolicyRequest(object):
if recipient_policy_user.has_key('kolaballowsmtprecipient'):
recipient_policy = recipient_policy_user['kolaballowsmtprecipient']
else:
- recipient_policy = auth.get_user_attribute(
+ recipient_policy = self.auth.get_user_attribute(
recipient_policy_domain,
recipient_policy_user,
'kolabAllowSMTPRecipient'
@@ -1247,6 +1257,9 @@ def expand_mydomains():
Return a list of my domains.
"""
+ auth = Auth()
+ auth.connect()
+
mydomains = []
_mydomains = auth.list_domains()
@@ -1314,6 +1327,9 @@ def verify_domain(domain):
Verify whether the domain is internal (mine) or external.
"""
+ auth = Auth()
+ auth.connect()
+
domain_verified = False
_mydomains = auth.list_domains()
@@ -1360,8 +1376,6 @@ if __name__ == "__main__":
conf.finalize_conf()
- auth = Auth()
-
cache = cache_init()
policy_requests = {}
More information about the commits
mailing list