gunnar: server/perl-kolab/bin kolab_smtpdpolicy.in,1.2.2.1,1.2.2.2

cvs at kolab.org cvs at kolab.org
Fri Dec 4 17:33:54 CET 2009


Author: gunnar

Update of /kolabrepository/server/perl-kolab/bin
In directory doto:/tmp/cvs-serv24111/bin

Modified Files:
      Tag: kolab_2_2_branch
	kolab_smtpdpolicy.in 
Log Message:
 kolab/issue1340 (RFC: restrict users to sending mail only to internal recipients) - Doh, shouldn't test this with the webclient as it is always in the permit hosts. This next step reacts toward a single - which denies all recipients.

Index: kolab_smtpdpolicy.in
===================================================================
RCS file: /kolabrepository/server/perl-kolab/bin/kolab_smtpdpolicy.in,v
retrieving revision 1.2.2.1
retrieving revision 1.2.2.2
diff -u -d -r1.2.2.1 -r1.2.2.2
--- kolab_smtpdpolicy.in	4 Dec 2009 15:38:22 -0000	1.2.2.1
+++ kolab_smtpdpolicy.in	4 Dec 2009 16:33:52 -0000	1.2.2.2
@@ -288,29 +288,28 @@
  AGAIN:
   my $mesg = $ldap->search( base=> $conf_basedn,
 			    scope=> 'sub',
-			    filter=> "(&(objectClass=kolabinetorgperson)(|(mail=$sender)(alias=$sender)))",
+			    filter=> "(&(objectClass=kolabinetorgperson)(|(mail=$username)(uid=$username)))",
 			    attrs => [ 'kolabAllowSMTPRecipient' ]);
   if( !$mesg->code && $mesg->count() > 0 ) {
     mylog($syslog_priority, "LDAP search returned ".$mesg->count()." objects") if $verbose;
     foreach my $entry ( $mesg->entries ) {
-      mylog($syslog_priority, lc($entry->get_value('uid')." is the uid of ".$sender)) if $verbose;
       my $allowed_recipient;
       for $allowed_recipient ($entry->get_value('kolabAllowSMTPRecipient')) {
-
+          mylog($syslog_priority, lc($entry->get_value('uid')." has allowed recipient ".$allowed_recipient)) if $verbose;
+	  return undef if $allowed_recipient eq '-';
 	  # TODO
 
       }
-      # Allow sending if there was no entry or no entry rejcted
-      return 1;
-    }
-    } elsif( $mesg->code && $mesg->code != LDAP_NO_SUCH_OBJECT && $tries++ <= $ldap_max_tries ) {
-      mylog($syslog_priority, "LDAP Connection error during CHECKRESTRICTEDSENDER: ".$mesg->error.", trying to reconnect" );
-      ldap_connect;
-      goto AGAIN;
-    } elsif( $mesg->code ) {
-      mylog( $syslog_priority, "LDAP Error during CHECKRESTRICTEDSENDER: ".$mesg->error ) if $verbose;
-      # Just fall through and accept the message in case there was an LDAP problem.
     }
+    # Allow sending if there was no entry or no entry rejcted
+    return 1;
+  } elsif( $mesg->code && $mesg->code != LDAP_NO_SUCH_OBJECT && $tries++ <= $ldap_max_tries ) {
+    mylog($syslog_priority, "LDAP Connection error during CHECKRESTRICTEDSENDER: ".$mesg->error.", trying to reconnect" );
+    ldap_connect;
+    goto AGAIN;
+  } elsif( $mesg->code ) {
+    mylog( $syslog_priority, "LDAP Error during CHECKRESTRICTEDSENDER: ".$mesg->error ) if $verbose;
+    # Just fall through and accept the message in case there was an LDAP problem.
   }
   return 1;
 }
@@ -341,6 +340,9 @@
 
   eval{ $username = lookup_uid($username) }; return "DEFER_IF_PERMIT $@" if $@;
 
+  # Check for valid access from a restricted sender
+  return "REJECT Recipient denied" unless check_restricted_sender($username, $recipient);
+
   # See if sender is owned by someone
   my @uids;
   eval { @uids = lookup_sender_uids($sender) }; return "DEFER_IF_PERMIT $@" if $@;
@@ -369,9 +371,6 @@
 
   # Check for valid access to restricted distribution lists
   return "REJECT Access denied" unless check_dist_list($username, $recipient);
-
-  # Check for valid access from a restricted sender
-  return "REJECT Recipient denied" unless check_restricted_sender($username, $recipient);
 
   # The result can be any action that is allowed in a Postfix access(5) map.
   #





More information about the commits mailing list