gunnar: server/perl-kolab/bin kolab_smtpdpolicy.in,1.2,1.2.2.1

cvs at kolab.org cvs at kolab.org
Fri Dec 4 16:38:24 CET 2009


Author: gunnar

Update of /kolabrepository/server/perl-kolab/bin
In directory doto:/tmp/cvs-serv22113/bin

Modified Files:
      Tag: kolab_2_2_branch
	kolab_smtpdpolicy.in 
Log Message:
 kolab/issue1340 (RFC: restrict users to sending mail only to internal recipients) - A first stub for the policy daemon.

Index: kolab_smtpdpolicy.in
===================================================================
RCS file: /kolabrepository/server/perl-kolab/bin/kolab_smtpdpolicy.in,v
retrieving revision 1.2
retrieving revision 1.2.2.1
diff -u -d -r1.2 -r1.2.2.1
--- kolab_smtpdpolicy.in	20 Jan 2009 17:22:12 -0000	1.2
+++ kolab_smtpdpolicy.in	4 Dec 2009 15:38:22 -0000	1.2.2.1
@@ -281,6 +281,40 @@
   return 1;
 }
 
+sub check_restricted_sender {
+  my $username = shift;
+  my $recipient = shift;
+  my $tries = 0;
+ AGAIN:
+  my $mesg = $ldap->search( base=> $conf_basedn,
+			    scope=> 'sub',
+			    filter=> "(&(objectClass=kolabinetorgperson)(|(mail=$sender)(alias=$sender)))",
+			    attrs => [ 'kolabAllowSMTPRecipient' ]);
+  if( !$mesg->code && $mesg->count() > 0 ) {
+    mylog($syslog_priority, "LDAP search returned ".$mesg->count()." objects") if $verbose;
+    foreach my $entry ( $mesg->entries ) {
+      mylog($syslog_priority, lc($entry->get_value('uid')." is the uid of ".$sender)) if $verbose;
+      my $allowed_recipient;
+      for $allowed_recipient ($entry->get_value('kolabAllowSMTPRecipient')) {
+
+	  # TODO
+
+      }
+      # Allow sending if there was no entry or no entry rejcted
+      return 1;
+    }
+    } elsif( $mesg->code && $mesg->code != LDAP_NO_SUCH_OBJECT && $tries++ <= $ldap_max_tries ) {
+      mylog($syslog_priority, "LDAP Connection error during CHECKRESTRICTEDSENDER: ".$mesg->error.", trying to reconnect" );
+      ldap_connect;
+      goto AGAIN;
+    } elsif( $mesg->code ) {
+      mylog( $syslog_priority, "LDAP Error during CHECKRESTRICTEDSENDER: ".$mesg->error ) if $verbose;
+      # Just fall through and accept the message in case there was an LDAP problem.
+    }
+  }
+  return 1;
+}
+
 #
 # SMTPD access policy routine. The result is an action just like
 # it would be specified on the right-hand side of a Postfix access
@@ -335,6 +369,9 @@
 
   # Check for valid access to restricted distribution lists
   return "REJECT Access denied" unless check_dist_list($username, $recipient);
+
+  # Check for valid access from a restricted sender
+  return "REJECT Recipient denied" unless check_restricted_sender($username, $recipient);
 
   # The result can be any action that is allowed in a Postfix access(5) map.
   #





More information about the commits mailing list