wilde: server/php-kolab/Kolab_Filter/Filter Content.php,1.4,1.5
cvs at kolab.org
cvs at kolab.org
Mon Feb 11 17:46:53 CET 2008
Author: wilde
Update of /kolabrepository/server/php-kolab/Kolab_Filter/Filter
In directory doto:/tmp/cvs-serv1349/php-kolab/Kolab_Filter/Filter
Modified Files:
Content.php
Log Message:
Kolab-Filter: don't reject or rewrite mails from privileged networks.
THIS IS AN PRELIMINARY HOT FIX. See kolab/issue2466.
Index: Content.php
===================================================================
RCS file: /kolabrepository/server/php-kolab/Kolab_Filter/Filter/Content.php,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- Content.php 30 Jan 2008 21:04:28 -0000 1.4
+++ Content.php 11 Feb 2008 16:46:51 -0000 1.5
@@ -390,6 +390,26 @@
return sprintf($fmt, $sender);
}
+/** Match IP addresses against Networks in CIDR notation. **/
+function match_ip($network, $ip)
+{
+ $iplong = ip2long($ip);
+ $cidr = explode("/", $network);
+ $netiplong = ip2long($cidr[0]);
+ if ( $cidr[1] ) {
+ $iplong = $iplong & ( 0xffffffff << 32 - $cidr[1] );
+ $netiplong = $netiplong & ( 0xffffffff << 32 - $cidr[1] );
+ }
+ if ($iplong == $netiplong)
+ {
+ return TRUE;
+ }
+ else
+ {
+ return FALSE;
+ }
+}
+
/** Check that the From header is not trying
to impersonate a valid user that is not
$sasluser. Returns one of:
@@ -438,6 +458,12 @@
$kolabhosts = 'localhost';
}
+ if (!empty($conf['filter']['privileged_networks'])) {
+ $privnetworks = $conf['filter']['privileged_networks'];
+ } else {
+ $privnetworks = '127.0.0.0/8';
+ }
+
/* Allow anything from localhost and
* fellow Kolab-hosts
*/
@@ -448,10 +474,16 @@
$kolabhosts = split(',', $kolabhosts);
$kolabhosts = array_map('gethostbyname', $kolabhosts );
+ $privnetworks = split(',', $privnetworks);
+
if (array_search($client_addr, $kolabhosts) !== false) {
return true;
}
+ foreach ($privnetworks as $network)
+ if (match_ip($network, $client_addr))
+ return true;
+
if ($sasluser) {
$allowed_addrs = addrs_for_uid($sasluser);
if ($allowed_addrs instanceof PEAR_Error) {
More information about the commits
mailing list