[PATCH] Host whitelist using postfix $mynetworks
Gunnar Wrobel
wrobel at pardus.de
Wed Apr 16 09:38:04 CEST 2008
"Diego Woitasen" <diegows at xtech.com.ar> writes:
> I want to share this patch. It would be useful for somebody else.
>
> The idea is to use the postfix-mynetworks value in LDAP
> (k=kolab,dc=foo,dc=bar) as whitelist for kolabfilter.
Thanks. I didn't look at the code now but wondered if we don't have
something like that in there?
Cheers,
Gunnar
>
> Steps:
>
> 1- /kolab/bin/pear Net_IPv4
> 2- Apply the patch.
>
> Then, when you add a host or net in Services->Privileged host via Web
> admin it gets whitelisted.
>
> --- /tmp/xx/Kolab_Filter-2.2rc120080204/Filter/Content.php 2008-02-04
> 14:51:45.000000000 +0000
> +++ lib/php/Kolab/Filter/Content.php 2008-04-14 22:54:38.976551441 +0000
> @@ -34,6 +34,7 @@
>
> /* Load the basic filter definition */
> require_once 'Kolab/Filter/Filter.php';
> +require_once('Net/IPv4.php');
>
> define('RM_STATE_READING_HEADER', 1 );
> define('RM_STATE_READING_FROM', 2 );
> @@ -390,6 +391,39 @@
> return sprintf($fmt, $sender);
> }
>
> +
> +
> +function permited_host($host){
> +
> + global $conf;
> +
> + $ldapconn = ldap_connect($conf['filter']['ldap_uri']);
> + if(!$ldapconn)
> + return false;
> +
> + if(!ldap_bind($ldapconn, $conf['filter']['bind_dn'],
> + $conf['filter']['bind_pw']))
> + return false;
> +
> + $attrs[0] = "postfix-mynetworks";
> + $result = ldap_search($ldapconn, $conf['filter']['base_dn'],
> + "k=kolab", $attrs);
> + if(!$result)
> + return false;
> +
> + $info = ldap_get_entries($ldapconn, $result);
> + if($info['count'] != 1 || !array_key_exists($attrs[0], $info[0]))
> + return false;
> + $addrs = $info[0]['postfix-mynetworks'];
> + foreach($addrs as $addr){
> + if($host == $addr or Net_IPv4::ipInNetwork($host, $addr))
> + return true;
> + }
> +
> + return false;
> +
> +}
> +
> /** Check that the From header is not trying
> to impersonate a valid user that is not
> $sasluser. Returns one of:
> @@ -438,6 +472,12 @@
> $kolabhosts = 'localhost';
> }
>
> + /*
> + * Allow Postfix $mynetworks
> + */
> + if(permited_host($client_addr))
> + return true;
> +
> /* Allow anything from localhost and
> * fellow Kolab-hosts
> */
>
>
>
> --
> Diego Woitasen
> XTECH - Soluciones Linux para empresas
> (54) 011 5219-0678
>
> _______________________________________________
> Kolab-users mailing list
> Kolab-users at kolab.org
> https://kolab.org/mailman/listinfo/kolab-users
--
______ http://kdab.com _______________ http://kolab-konsortium.com _
p at rdus Kolab work is funded in part by KDAB and the Kolab Konsortium
____ http://www.pardus.de _________________ http://gunnarwrobel.de _
E-mail : p at rdus.de Dr. Gunnar Wrobel
Tel. : +49 700 6245 0000 Bundesstrasse 29
Fax : +49 721 1513 52322 D-20146 Hamburg
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> Mail at ease - Rent a kolab groupware server at p at rdus <<
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
More information about the users
mailing list