3 commits - bin/kolab_smtp_access_policy.py conf/kolab.conf pykolab/auth pykolab/utils.py
Jeroen van Meeuwen
vanmeeuwen at kolabsys.com
Fri May 11 17:38:54 CEST 2012
bin/kolab_smtp_access_policy.py | 61 +++++++++-------------------------------
conf/kolab.conf | 12 +++++++
pykolab/auth/__init__.py | 19 +++++++++---
pykolab/auth/ldap/__init__.py | 8 +++--
pykolab/utils.py | 28 +++++++++++++-----
5 files changed, 69 insertions(+), 59 deletions(-)
New commits:
commit bcd2b2fdf90bccd29c281f8143bc9ba73edda01d
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Fri May 11 16:27:28 2012 +0100
Do not echo passwords back even during confirmation
diff --git a/pykolab/utils.py b/pykolab/utils.py
index 6326bf8..325446f 100644
--- a/pykolab/utils.py
+++ b/pykolab/utils.py
@@ -46,23 +46,37 @@ def ask_question(question, default="", password=False, confirm=False):
else:
answer = raw_input("%s [%s]: " % (question, default))
- if not answer == "" and not default == "":
+ if not answer == "":
if confirm:
answer_confirm = None
answer_confirmed = False
while not answer_confirmed:
- if default == "":
- answer_confirm = raw_input("Confirm %s: " % (question))
+ if password:
+ if default == "":
+ answer = getpass.getpass(_("Confirm %s: ") % (question))
+ else:
+ answer = getpass.getpass(_("Confirm %s [%s]: ") % (question, default))
else:
- answer_confirm = raw_input("Confirm %s [%s]: " % (question, default))
+ if default == "":
+ answer = raw_input(_("Confirm %s: ") % (question))
+ else:
+ answer = raw_input(_("Confirm %s [%s]: ") % (question, default))
if not answer_confirm == answer:
print >> sys.stderr, _("Incorrect confirmation. " + \
"Please try again.")
- if default == "":
- answer = raw_input("%s: " % (question))
+
+ if password:
+ if default == "":
+ answer = getpass.getpass(_("Confirm %s: ") % (question))
+ else:
+ answer = getpass.getpass(_("Confirm %s [%s]: ") % (question, default))
else:
- answer = raw_input("%s [%s]: " % (question, default))
+ if default == "":
+ answer = raw_input(_("Confirm %s: ") % (question))
+ else:
+ answer = raw_input(_("Confirm %s [%s]: ") % (question, default))
+
else:
answer_confirmed = True
commit 43cb3e58da39fd7c7566d952691d815488104dd6
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Fri May 11 16:05:45 2012 +0100
Initialize Auth() after the configuration has been finalized.
Fix the kolab smtp access policy using legacy API calls
diff --git a/bin/kolab_smtp_access_policy.py b/bin/kolab_smtp_access_policy.py
index 7f0bf56..bc53278 100755
--- a/bin/kolab_smtp_access_policy.py
+++ b/bin/kolab_smtp_access_policy.py
@@ -48,8 +48,7 @@ except:
from sqlalchemy.schema import Index
from sqlalchemy.schema import UniqueConstraint
-sys.path.append('..')
-sys.path.append('../..')
+sys.path = ['..'] + sys.path
import pykolab
@@ -67,7 +66,7 @@ log.remove_stdout_handler()
conf = pykolab.getConf()
-auth = Auth()
+auth = None
#
# Caching routines using SQLAlchemy.
@@ -444,11 +443,6 @@ class PolicyRequest(object):
# If unauthenticated is allowed, I have nothing to do here.
return True
- search_attrs = conf.get_list(
- 'kolab_smtp_access_policy',
- 'address_search_attrs'
- )
-
# If we have an sasl_username, find the user object in the
# authentication database, along with the attributes we are
# interested in.
@@ -459,8 +453,7 @@ class PolicyRequest(object):
self.sasl_domain = conf.get('kolab', 'primary_domain')
self.sasl_user = {
- 'dn': auth.find_user(
- search_attrs,
+ 'dn': auth.find_recipient(
self.sasl_username,
domain=self.sasl_domain
)
@@ -483,7 +476,10 @@ class PolicyRequest(object):
)
)
- attrs = search_attrs
+ attrs = conf.get_list(self.sasl_domain, 'auth_attributes')
+ if attrs == None:
+ attrs = conf.get_list(conf.get('kolab', 'auth_mechanism'), 'auth_attributes')
+
attrs.extend(
[
'kolabAllowSMTPRecipient',
@@ -735,39 +731,17 @@ class PolicyRequest(object):
return True
- search_attrs = conf.get_list(
- 'kolab_smtp_access_policy',
- 'address_search_attrs'
- )
-
- user = {
- 'dn': auth.find_user(
- search_attrs,
- normalize_address(recipient),
- domain=sasl_domain,
- # TODO: Get the filter from the configuration.
- additional_filter="(&(objectclass=" + \
- "kolabinetorgperson)%(search_filter)s)"
- )
- }
-
- group = {
- 'dn': auth.find_group(
- search_attrs,
+ recipient = {
+ 'dn': auth.find_recipient(
normalize_address(recipient),
domain=sasl_domain,
- # TODO: Get the filter from the configuration.
- additional_filter="(&(|(objectclass=" + \
- "groupofuniquenames)(objectclass=" + \
- "groupofurls))%(search_filter)s)"
)
}
-
# We have gotten an invalid recipient. We need to catch this case,
# because testing can input invalid recipients, and so can faulty
# applications, or misconfigured servers.
- if not user['dn'] and not group['dn']:
+ if not recipient['dn']:
if not conf.allow_unauthenticated:
cache_update(
function='verify_recipient',
@@ -792,17 +766,10 @@ class PolicyRequest(object):
log.debug(_("Could not find this user, accepting"), level=8)
return True
- if not user['dn'] == False:
- recipient_policy = auth.get_user_attribute(
+ if not recipient['dn'] == False:
+ recipient_policy = auth.get_entry_attribute(
sasl_domain,
- user,
- 'kolabAllowSMTPSender'
- )
-
- if not group['dn'] == False:
- recipient_policy = auth.get_group_attribute(
- sasl_domain,
- group,
+ recipient,
'kolabAllowSMTPSender'
)
@@ -1321,6 +1288,8 @@ if __name__ == "__main__":
conf.finalize_conf()
+ auth = Auth()
+
cache = cache_init()
policy_requests = {}
diff --git a/pykolab/auth/__init__.py b/pykolab/auth/__init__.py
index a50ee1b..3c1b058 100644
--- a/pykolab/auth/__init__.py
+++ b/pykolab/auth/__init__.py
@@ -177,11 +177,19 @@ class Auth(pykolab.base.Base):
self._auth._disconnect()
- def find_recipient(self, address):
+ def find_recipient(self, address, domain=None):
"""
Find one or more entries corresponding to the recipient address.
"""
- return self._auth.find_recipient(address)
+ if not domain == None:
+ self.connect(domain=domain)
+
+ result = self._auth.find_recipient(address)
+
+ if isinstance(result, list) and len(result) == 1:
+ return result[0]
+ else:
+ return result
def find_user(self, attr, value, **kw):
return self._auth._find_user(attr, value, domain=domain, **kw)
@@ -225,11 +233,14 @@ class Auth(pykolab.base.Base):
def domain_default_quota(self, domain):
return self._auth._domain_default_quota(domain)
+ def get_entry_attribute(self, domain, entry, attribute):
+ return self._auth.get_entry_attribute(entry, attribute)
+
def get_user_attribute(self, domain, user, attribute):
- return self._auth._get_user_attribute(user, attribute)
+ return self._auth.get_entry_attribute(user, attribute)
def get_user_attributes(self, domain, user, attributes):
- return self._auth._get_user_attributes(user, attributes)
+ return self._auth.get_entry_attributes(user, attributes)
def search_mail_address(self, domain, mail_address):
return self._auth._search_mail_address(domain, mail_address)
diff --git a/pykolab/auth/ldap/__init__.py b/pykolab/auth/ldap/__init__.py
index 3730644..6eed427 100644
--- a/pykolab/auth/ldap/__init__.py
+++ b/pykolab/auth/ldap/__init__.py
@@ -277,13 +277,15 @@ class LDAP(pykolab.base.Base):
Get multiple attributes for an entry.
"""
+ print entry_id
entry_dn = self.entry_dn(entry_id)
+ print entry_dn
_search = self.ldap.search_ext(
entry_dn,
ldap.SCOPE_BASE,
- '(objectclass=*)',
- [ 'dn' ] + attributes
+ filterstr='(objectclass=*)',
+ attrlist=[ 'dn' ] + attributes
)
(
@@ -312,6 +314,8 @@ class LDAP(pykolab.base.Base):
the current entry.
"""
+ self._bind()
+
if not exclude_entry_id == None:
__filter_prefix = "(&"
__filter_suffix = "(!(%s=%s)))" % (
commit d63495232db482983fcc26d5f3924f260c58f4e1
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Fri May 11 11:52:27 2012 +0100
Add SSL settings for the Kolab Web Administration Panel (#757)
diff --git a/conf/kolab.conf b/conf/kolab.conf
index c1efe67..84511a1 100644
--- a/conf/kolab.conf
+++ b/conf/kolab.conf
@@ -135,8 +135,20 @@ address_search_attrs = mail, alias
[kolab_wap]
skin = default
sql_uri = mysql://user:pass@localhost/database
+
+; Use the following setting to indicate the API is installed on a different
+; system, or in a non-standard location.
;api_url = http://localhost/kolab-webadmin/api
+; Configure SSL should you want to have the web admin panel (client interface)
+; use the API over HTTPS.
+;ssl_verify_peer = false
+;ssl_verify_host = false
+;ssl_cafile = /path/to/ca/file
+;ssl_capath = /path/to/ca/dir
+;ssl_local_cert = /path/to/local/cert
+;ssl_passphrase = MyPassword
+
[cyrus-imap]
; The URI to use to connect to IMAP. Note that pykolab itself can detect whether
; or not Cyrus IMAP is deployed in a Murder topology, and should be able to
More information about the commits
mailing list