3 commits - bin/kolab_smtp_access_policy.py conf/kolab.conf

Jeroen van Meeuwen vanmeeuwen at kolabsys.com
Sun Sep 16 20:24:39 CEST 2012


 bin/kolab_smtp_access_policy.py |   91 +++++++++++++++++++---------------------
 conf/kolab.conf                 |    2 
 2 files changed, 45 insertions(+), 48 deletions(-)

New commits:
commit 23f28a7a1ce96532dc22b434d5b092e27e65d175
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Sun Sep 16 19:23:51 2012 +0100

    Re-enable and tweak the kolab_smtp_access_policy cache

diff --git a/bin/kolab_smtp_access_policy.py b/bin/kolab_smtp_access_policy.py
index 45676b4..49319c1 100755
--- a/bin/kolab_smtp_access_policy.py
+++ b/bin/kolab_smtp_access_policy.py
@@ -628,24 +628,15 @@ class PolicyRequest(object):
 
             # Got a final answer here, do the caching thing.
             if not cache == False:
-                records = cache_select(
+                record_id = cache_update(
                         function='verify_sender',
                         sender=self.sender,
                         recipients=self.recipients,
+                        result=(int)(False),
                         sasl_username=self.sasl_username,
                         sasl_sender=self.sasl_sender
                     )
 
-                if not len(records) == len(self.recipients):
-                    record_id = cache_insert(
-                            function='verify_sender',
-                            sender=self.sender,
-                            recipients=self.recipients,
-                            result=(int)(False),
-                            sasl_username=self.sasl_username,
-                            sasl_sender=self.sasl_sender
-                        )
-
             sender_is_delegate = False
 
         else:
@@ -1039,24 +1030,15 @@ class PolicyRequest(object):
             sender_verified = True
 
         if not cache == False:
-            records = cache_select(
+            record_id = cache_update(
                     function='verify_sender',
                     sender=self.sender,
                     recipients=self.recipients,
+                    result=(int)(sender_verified),
                     sasl_username=self.sasl_username,
-                    sasl_sender=self.sasl_sender,
+                    sasl_sender=self.sasl_sender
                 )
 
-            if len(records) == len(self.recipients):
-                record_id = cache_insert(
-                        function='verify_sender',
-                        sender=self.sender,
-                        recipients=self.recipients,
-                        result=(int)(sender_verified),
-                        sasl_username=self.sasl_username,
-                        sasl_sender=self.sasl_sender
-                    )
-
         return sender_verified
 
 def cache_cleanup():
@@ -1073,11 +1055,9 @@ def cache_cleanup():
 def cache_init():
     global cache, cache_expire, session
 
-    return False
-
     if conf.has_section('kolab_smtp_access_policy'):
-        if conf.has_option('kolab_smtp_access_policy', 'uri'):
-            cache_uri = conf.get('kolab_smtp_access_policy', 'uri')
+        if conf.has_option('kolab_smtp_access_policy', 'cache_uri'):
+            cache_uri = conf.get('kolab_smtp_access_policy', 'cache_uri')
             cache = True
             if conf.has_option('kolab_smtp_access_policy', 'retention'):
                 cache_expire = (int)(
@@ -1086,7 +1066,10 @@ def cache_init():
                                 'retention'
                             )
                     )
-
+        elif conf.has_option('kolab_smtp_access_policy', 'uri'):
+            log.warning(_("The 'uri' setting in the kolab_smtp_access_policy section is soon going to be deprecated in favor of 'cache_uri'"))
+            cache_uri = conf.get('kolab_smtp_access_policy', 'uri')
+            cache = True
         else:
             return False
     else:


commit 21098a6cb023fa3cf95b1477d6e3e4608bfec6ff
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Sun Sep 16 19:20:06 2012 +0100

    Set the default retention time for policy enforcement caching to 1 day

diff --git a/conf/kolab.conf b/conf/kolab.conf
index 02d301d..72d2e19 100644
--- a/conf/kolab.conf
+++ b/conf/kolab.conf
@@ -147,7 +147,7 @@ auth_attributes = mail, alias, uid
 
 [kolab_smtp_access_policy]
 cache_uri = mysql://user:pass@localhost/database
-cache_retention = 30
+cache_retention = 86400
 address_search_attrs = mail, alias
 
 ; Section for Hosted client interface settings. This is not enabled by default.


commit ec66f4ec0fd4b4c540e5ee66d5b91ff191a979c0
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Sun Sep 16 18:55:09 2012 +0100

    Make sure Auth() is only created for the relevant domain, and at the right time (#1017)

diff --git a/bin/kolab_smtp_access_policy.py b/bin/kolab_smtp_access_policy.py
index fba9c1a..45676b4 100755
--- a/bin/kolab_smtp_access_policy.py
+++ b/bin/kolab_smtp_access_policy.py
@@ -66,8 +66,6 @@ log.remove_stdout_handler()
 
 conf = pykolab.getConf()
 
-auth = None
-
 #
 # Caching routines using SQLAlchemy.
 #
@@ -154,6 +152,8 @@ class PolicyRequest(object):
     email_address_keys = [ 'sender', 'recipient' ]
     recipients = []
 
+    auth = None
+
     sasl_domain = None
     sasl_user = None
     sender_domain = None
@@ -241,7 +241,7 @@ class PolicyRequest(object):
                     'address_search_attrs'
                 )
 
-            rule_subject = auth.get_user_attributes(
+            rule_subject = self.auth.get_user_attributes(
                     self.sasl_domain,
                     { 'dn': dn },
                     search_attrs + [ 'objectclass' ]
@@ -282,8 +282,8 @@ class PolicyRequest(object):
 
         users = []
 
-        auth._auth._bind()
-        _users = auth._auth._search(
+        self.auth._auth._bind()
+        _users = self.auth._auth._search(
                 _base_dn,
                 scope=LDAP_SCOPE[_scope],
                 filterstr=_filter,
@@ -457,7 +457,12 @@ class PolicyRequest(object):
             else:
                 self.sasl_domain = conf.get('kolab', 'primary_domain')
 
-        sasl_users = auth.find_recipient(
+        if self.auth == None:
+            self.auth = Auth(self.sasl_domain)
+        elif not self.auth.domain == self.sasl_domain:
+            self.auth = Auth(self.sasl_domain)
+
+        sasl_users = self.auth.find_recipient(
                 self.sasl_username,
                 domain=self.sasl_domain
             )
@@ -517,7 +522,7 @@ class PolicyRequest(object):
 
         attrs = list(set(attrs))
 
-        user_attrs = auth.get_user_attributes(
+        user_attrs = self.auth.get_user_attributes(
                 self.sasl_domain,
                 self.sasl_user,
                 attrs
@@ -555,7 +560,7 @@ class PolicyRequest(object):
                     'mail_attributes'
                 )
 
-        sender_users = auth.find_recipient(
+        sender_users = self.auth.find_recipient(
                 self.sender,
                 domain=self.sender_domain
             )
@@ -594,7 +599,7 @@ class PolicyRequest(object):
                     ]
             )
 
-        user_attrs = auth.get_user_attributes(
+        user_attrs = self.auth.get_user_attributes(
                 self.sender_domain,
                 self.sender_user,
                 attrs
@@ -647,7 +652,7 @@ class PolicyRequest(object):
             # See if we can match the value of the envelope sender delegates to
             # the actual sender sasl_username
             if self.sasl_user == None:
-                sasl_users = auth.find_recipient(
+                sasl_users = self.auth.find_recipient(
                         self.sasl_username,
                         domain=self.sasl_domain
                     )
@@ -664,7 +669,7 @@ class PolicyRequest(object):
             # Possible values for the kolabDelegate attribute are:
             # a 'uid', a 'dn'.
             if not self.sasl_user.has_key('uid'):
-                self.sasl_user['uid'] = auth.get_user_attribute(
+                self.sasl_user['uid'] = self.auth.get_user_attribute(
                         self.sasl_domain,
                         self.sasl_user,
                         'uid'
@@ -748,16 +753,16 @@ class PolicyRequest(object):
             sasl_domain = conf.get('kolab', 'primary_domain')
 
         if verify_domain(sasl_domain):
-            if auth.secondary_domains.has_key(sasl_domain):
+            if self.auth.secondary_domains.has_key(sasl_domain):
                 log.debug(
                         _("Using authentication domain %s instead of %s") % (
-                                auth.secondary_domains[sasl_domain],
+                                self.auth.secondary_domains[sasl_domain],
                                 sasl_domain
                             ),
                         level=8
                     )
 
-                sasl_domain = auth.secondary_domains[sasl_domain]
+                sasl_domain = self.auth.secondary_domains[sasl_domain]
             else:
                 log.debug(
                         _("Domain %s is a primary domain") % (
@@ -775,7 +780,12 @@ class PolicyRequest(object):
 
             return True
 
-        recipients = auth.find_recipient(
+        if self.auth == None:
+            self.auth = Auth(sasl_domain)
+        elif not self.auth.domain == sasl_domain:
+            self.auth = Auth(sasl_domain)
+
+        recipients = self.auth.find_recipient(
                 normalize_address(recipient),
                 domain=sasl_domain,
             )
@@ -832,7 +842,7 @@ class PolicyRequest(object):
                 return True
 
         if not recipient['dn'] == False:
-            recipient_policy = auth.get_entry_attribute(
+            recipient_policy = self.auth.get_entry_attribute(
                     sasl_domain,
                     recipient,
                     'kolabAllowSMTPSender'
@@ -988,7 +998,7 @@ class PolicyRequest(object):
         if recipient_policy_user.has_key('kolaballowsmtprecipient'):
             recipient_policy = recipient_policy_user['kolaballowsmtprecipient']
         else:
-            recipient_policy = auth.get_user_attribute(
+            recipient_policy = self.auth.get_user_attribute(
                     recipient_policy_domain,
                     recipient_policy_user,
                     'kolabAllowSMTPRecipient'
@@ -1247,6 +1257,9 @@ def expand_mydomains():
         Return a list of my domains.
     """
 
+    auth = Auth()
+    auth.connect()
+
     mydomains = []
 
     _mydomains = auth.list_domains()
@@ -1314,6 +1327,9 @@ def verify_domain(domain):
         Verify whether the domain is internal (mine) or external.
     """
 
+    auth = Auth()
+    auth.connect()
+
     domain_verified = False
 
     _mydomains = auth.list_domains()
@@ -1360,8 +1376,6 @@ if __name__ == "__main__":
 
     conf.finalize_conf()
 
-    auth = Auth()
-
     cache = cache_init()
 
     policy_requests = {}





More information about the commits mailing list