8 commits - bin/kolab_smtp_access_policy.py conf/kolab.conf pykolab/cli pykolab/imap saslauthd/init.py

Thu Nov 21 16:01:44 CET 2013

bin/kolab_smtp_access_policy.py           |   49 ++++++++++++++++++++++++------
 conf/kolab.conf                           |    8 +++-
 pykolab/cli/cmd_list_deleted_mailboxes.py |    6 +--
 pykolab/cli/cmd_list_mailbox_metadata.py  |   11 +++---
 pykolab/cli/cmd_undelete_mailbox.py       |    8 ++++
 pykolab/imap/__init__.py                  |   41 +++++++++++++++----------
 pykolab/imap/cyrus.py                     |   13 ++++++-
 saslauthd/__init__.py                     |   36 ++++++++++++++++++----
 8 files changed, 127 insertions(+), 45 deletions(-)

New commits:
commit 7a6d55c34d58f5901d6e3b27167574a97160c0fd
Merge: 0c105fd 7a07218
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Thu Nov 21 16:00:37 2013 +0100

    Merge branch 'master' of ssh://git.kolabsys.com/git/pykolab



commit 0c105fd4f0a1b014e458fb3c09091f1defe72008
Author: Timotheus Pokorra (TBits.net) <tp at tbits.net>
Date:   Thu Nov 21 15:55:16 2013 +0100

    Test if metadata holds the key we're about to use to print the value (#2253)

diff --git a/pykolab/cli/cmd_list_mailbox_metadata.py b/pykolab/cli/cmd_list_mailbox_metadata.py
index ac98283..e77caea 100644
--- a/pykolab/cli/cmd_list_mailbox_metadata.py
+++ b/pykolab/cli/cmd_list_mailbox_metadata.py
@@ -87,8 +87,9 @@ def execute(*args, **kw):
 
             metadata = imap.get_metadata(folder)
 
-            for annotation in metadata[folder].keys():
-                print "  %-49s %s" % (
-                        annotation,
-                        metadata[folder][annotation]
-                    )
+            if metadata.has_key(folder):
+                for annotation in metadata[folder].keys():
+                    print "  %-49s %s" % (
+                            annotation,
+                            metadata[folder][annotation]
+                        )


commit 6280ac3c7e5b7209b7b5da7fd0c7d57e7d3744ca
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Thu Nov 21 15:53:06 2013 +0100

    Add new setting [kolab_smtp_access_policy] empty_sender_networks to the default kolab.conf

diff --git a/conf/kolab.conf b/conf/kolab.conf
index c84f4bb..8fd7934 100644
--- a/conf/kolab.conf
+++ b/conf/kolab.conf
@@ -24,7 +24,7 @@ sync_interval = 300
 
 ; Primary and secondary recipient address policies. This is called the
 ; recipient policy as documented in:
-; 
+;
 ;   http://docs.kolab.org/administrator-guide/configuring-the-kolab-server.html#recipient-policy
 ;
 ; Note this is the global default, and each [$domain] section can have
@@ -225,7 +225,7 @@ quota_attribute = mailquota
 ;
 ; For OpenLDAP, use 'entrydn' - the 'entryUUID' can regrettably not be searched
 ; with.
-; 
+;
 ; For Active Directory, use 'objectsid'.
 unique_attribute = nsuniqueid
 
@@ -260,6 +260,10 @@ cache_uri = mysql://user:pass@localhost/database
 cache_retention = 86400
 address_search_attrs = mail, alias
 
+; Allow hosts in these networks to submit messages with empty envelope senders,
+; such as web-clients responding to MDN requests.
+empty_sender_hosts = 3.2.1.0/24, 6.6.6.0/24
+
 ; Section for Hosted client interface settings. This is not enabled by default.
 ;[kolab_hosting]
 ;


commit 2a4c22da772d05b21ad899281f6a2475d4935727
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Thu Nov 21 15:51:52 2013 +0100

    Try/except the actual routines of the Kolab SMTP Access Policy, and push a traceback through log.error (#2329)
    Allow empty sender addresses from trusted hosts, or do not crash but return False (#2329)

diff --git a/bin/kolab_smtp_access_policy.py b/bin/kolab_smtp_access_policy.py
index 9db2c2a..ed588c2 100755
--- a/bin/kolab_smtp_access_policy.py
+++ b/bin/kolab_smtp_access_policy.py
@@ -1000,6 +1000,31 @@ class PolicyRequest(object):
 
         sender_verified = False
 
+        if self.sender == None:
+            # Trusted host?
+            if not hasattr(self, 'client_address') or \
+                    self.client_address == "" or \
+                    self.client_address == None:
+
+                # Nothing to compare to.
+                return False
+
+            try:
+                import netaddr
+
+                networks = conf.get_list(
+                        'kolab_smtp_access_policy',
+                        'empty_sender_hosts'
+                    )
+
+                trusted = False
+                for network in networks:
+                    if netaddr.IPNetwork(self.client_address) in netaddr.IPNetwork(network):
+                        return True
+
+            except ImportError, errmsg:
+                return False
+
         if not cache == False:
             records = cache_select(
                     sender=self.sender,
@@ -1483,17 +1508,23 @@ if __name__ == "__main__":
             sender_allowed = False
             recipient_allowed = False
 
-            if conf.verify_sender:
-                sender_allowed = policy_requests[instance].verify_sender()
-            else:
-                sender_allowed = True
+            try:
+                if conf.verify_sender:
+                    sender_allowed = policy_requests[instance].verify_sender()
+                else:
+                    sender_allowed = True
 
-            if conf.verify_recipient:
-                recipient_allowed = \
-                        policy_requests[instance].verify_recipients()
+                if conf.verify_recipient:
+                    recipient_allowed = \
+                            policy_requests[instance].verify_recipients()
 
-            else:
-                recipient_allowed = True
+                else:
+                    recipient_allowed = True
+
+            except Exception, errmsg:
+                import traceback
+                log.error(_("Unhandled exception caught: %r") % (errmsg))
+                log.error(traceback.format_exc())
 
             if not sender_allowed:
                 reject(_("Sender access denied"))


commit d54170b4b5ecbdcd7238d7cfadfd261f5db93366
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Thu Nov 21 14:58:07 2013 +0100

    Take the autocreate_folders setting from the [kolab] section if it exists there, and no domain specific autocreate_folders exists (#2492)

diff --git a/pykolab/imap/__init__.py b/pykolab/imap/__init__.py
index 52dfdc1..b154476 100644
--- a/pykolab/imap/__init__.py
+++ b/pykolab/imap/__init__.py
@@ -427,24 +427,33 @@ class IMAP(object):
 
         if not self.domain == None:
             if conf.has_option(self.domain, "autocreate_folders"):
-                    _additional_folders = conf.get_raw(
-                            self.domain,
-                            "autocreate_folders"
-                        )
+                _additional_folders = conf.get_raw(
+                        self.domain,
+                        "autocreate_folders"
+                    )
 
-                    additional_folders = conf.plugins.exec_hook(
-                            "create_user_folders",
-                            kw={
-                                    'folder': folder_name,
-                                    'additional_folders': _additional_folders
-                                }
-                        )
+            elif conf.has_option('kolab', "autocreate_folders"):
+                _additional_folders = conf.get_raw(
+                        'kolab',
+                        "autocreate_folders"
+                    )
+            else:
+                _additional_folders = {}
+
+            additional_folders = conf.plugins.exec_hook(
+                    "create_user_folders",
+                    kw={
+                            'folder': folder_name,
+                            'additional_folders': _additional_folders
+                        }
+                )
+
+            if not additional_folders == None:
+                self.user_mailbox_create_additional_folders(
+                        mailbox_base_name,
+                        additional_folders
+                    )
 
-                    if not additional_folders == None:
-                        self.user_mailbox_create_additional_folders(
-                                mailbox_base_name,
-                                additional_folders
-                            )
             if conf.has_option(self.domain, "sieve_mgmt"):
                 sieve_mgmt_enabled = conf.get(self.domain, 'sieve_mgmt')
                 if utils.true_or_false(sieve_mgmt_enabled):


commit a8d3a2e13ff4cfda96e09356bc249c5932f71f41
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Thu Nov 21 14:45:47 2013 +0100

    Fix listing deleted mailboxes' domain list iteration

diff --git a/pykolab/cli/cmd_list_deleted_mailboxes.py b/pykolab/cli/cmd_list_deleted_mailboxes.py
index d39f890..637b491 100644
--- a/pykolab/cli/cmd_list_deleted_mailboxes.py
+++ b/pykolab/cli/cmd_list_deleted_mailboxes.py
@@ -62,10 +62,8 @@ def execute(*args, **kw):
     domains = auth.list_domains()
 
     folders = []
-    for primary,secondaries in domains:
-        folders.extend(imap.lm("DELETED/*@%s" % (primary)))
-        for secondary in secondaries:
-            folders.extend(imap.lm("DELETED/*@%s" % (secondary)))
+    for domain in list(set(domains.keys())):
+        folders.extend(imap.lm("DELETED/*@%s" % (domain)))
 
     folders.extend(imap.lm("DELETED/*"))
 


commit 6bf3cdc14e8b41e303f5204545c380c8813a30a5
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Thu Nov 21 14:43:59 2013 +0100

    Add an option --dry-run to undelete-mailbox cmd

diff --git a/pykolab/cli/cmd_undelete_mailbox.py b/pykolab/cli/cmd_undelete_mailbox.py
index 46eec85..8f9c791 100644
--- a/pykolab/cli/cmd_undelete_mailbox.py
+++ b/pykolab/cli/cmd_undelete_mailbox.py
@@ -30,6 +30,14 @@ conf = pykolab.getConf()
 def __init__():
     commands.register('undelete_mailbox', execute, description=description())
 
+def cli_options():
+    my_option_group = conf.add_cli_parser_option_group(_("CLI Options"))
+    my_option_group.add_option( '--dry-run',
+                                dest    = "dry_run",
+                                action  = "store_true",
+                                default = False,
+                                help    = _("Do not actually execute, but state what would have been executed."))
+
 def description(*args, **kw):
     return _("Recover mailboxes previously deleted.")
 
diff --git a/pykolab/imap/cyrus.py b/pykolab/imap/cyrus.py
index 6034b48..ae90fd6 100644
--- a/pykolab/imap/cyrus.py
+++ b/pykolab/imap/cyrus.py
@@ -18,6 +18,7 @@
 #
 
 import cyruslib
+import sys
 import time
 
 from urlparse import urlparse
@@ -323,10 +324,16 @@ class Cyrus(cyruslib.CYRUS):
 
             target_server = self.find_mailfolder_server(target_folder)
 
-            if not target_server == self.server:
-                self.xfer(undelete_folder,target_server)
+            if hasattr(conf,'dry_run') and not conf.dry_run:
+                if not target_server == self.server:
+                    self.xfer(undelete_folder,target_server)
 
-            self.rename(undelete_folder,target_folder)
+                self.rename(undelete_folder,target_folder)
+            else:
+                if not target_server == self.server:
+                    print >> sys.stdout, _("Would have transfered %s from %s to %s") % (undelete_folder, self.server, target_server)
+
+                print >> sys.stdout, _("Would have renamed %s to %s") % (undelete_folder, target_folder)
 
     def parse_mailfolder(self, mailfolder):
         """


commit 998804c66908f84e5e7b2da4685dd3043b8e8c1c
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Thu Nov 21 14:42:34 2013 +0100

    Attempt to circumvent interrupted system calls on UCS / Debian Squeeze

diff --git a/saslauthd/__init__.py b/saslauthd/__init__.py
index 4eaba67..90a7413 100644
--- a/saslauthd/__init__.py
+++ b/saslauthd/__init__.py
@@ -30,6 +30,7 @@ from ConfigParser import SafeConfigParser
 
 import os
 import shutil
+import sys
 import time
 import traceback
 
@@ -86,11 +87,15 @@ class SASLAuthDaemon(object):
 
         conf.finalize_conf()
 
-        utils.ensure_directory(
-                os.path.dirname(conf.pidfile),
-                conf.process_username,
-                conf.process_groupname
-            )
+        try:
+            utils.ensure_directory(
+                    os.path.dirname(conf.pidfile),
+                    conf.process_username,
+                    conf.process_groupname
+                )
+        except Exception, errmsg:
+            log.error(_("Could not create %r: %r") % (os.path.dirname(conf.pidfile), errmsg))
+            sys.exit(1)
 
         self.thread_count = 0
 
@@ -167,7 +172,26 @@ class SASLAuthDaemon(object):
         s.listen(5)
 
         while 1:
-            (clientsocket, address) = s.accept()
+            max_tries = 20
+            cur_tries = 0
+            bound = False
+            while not bound:
+                cur_tries += 1
+                try:
+                    (clientsocket, address) = s.accept()
+                    bound = True
+                except Exception, errmsg:
+                    log.error(
+                            _("kolab-saslauthd could not accept " + \
+                            "connections on socket: %r") % (errmsg)
+                        )
+
+                    if cur_tries >= max_tries:
+                        log.fatal(_("Maximum tries exceeded, exiting"))
+                        sys.exit(1)
+
+                    time.sleep(1)
+
             received = clientsocket.recv(4096)
 
             login = []




8 commits - bin/kolab_smtp_access_policy.py conf/kolab.conf pykolab/cli pykolab/imap saslauthd/__init__.py

8 commits - bin/kolab_smtp_access_policy.py conf/kolab.conf pykolab/cli pykolab/imap saslauthd/init.py