[PATCH] Host whitelist using postfix $mynetworks
Bo Thorsen
bo at thorsen-consulting.dk
Tue Apr 15 09:19:32 CEST 2008
You should make an entry in the Kolab bug tracker with this:
https://www.intevation.de/roundup/kolab/
Bo.
On tirsdag den 15. April 2008, Diego Woitasen wrote:
> I want to share this patch. It would be useful for somebody else.
>
> The idea is to use the postfix-mynetworks value in LDAP
> (k=kolab,dc=foo,dc=bar) as whitelist for kolabfilter.
>
> Steps:
>
> 1- /kolab/bin/pear Net_IPv4
> 2- Apply the patch.
>
> Then, when you add a host or net in Services->Privileged host via Web
> admin it gets whitelisted.
>
> --- /tmp/xx/Kolab_Filter-2.2rc120080204/Filter/Content.php 2008-02-04
> 14:51:45.000000000 +0000
> +++ lib/php/Kolab/Filter/Content.php 2008-04-14 22:54:38.976551441 +0000
> @@ -34,6 +34,7 @@
>
> /* Load the basic filter definition */
> require_once 'Kolab/Filter/Filter.php';
> +require_once('Net/IPv4.php');
>
> define('RM_STATE_READING_HEADER', 1 );
> define('RM_STATE_READING_FROM', 2 );
> @@ -390,6 +391,39 @@
> return sprintf($fmt, $sender);
> }
>
> +
> +
> +function permited_host($host){
> +
> + global $conf;
> +
> + $ldapconn = ldap_connect($conf['filter']['ldap_uri']);
> + if(!$ldapconn)
> + return false;
> +
> + if(!ldap_bind($ldapconn, $conf['filter']['bind_dn'],
> + $conf['filter']['bind_pw']))
> + return false;
> +
> + $attrs[0] = "postfix-mynetworks";
> + $result = ldap_search($ldapconn, $conf['filter']['base_dn'],
> + "k=kolab", $attrs);
> + if(!$result)
> + return false;
> +
> + $info = ldap_get_entries($ldapconn, $result);
> + if($info['count'] != 1 || !array_key_exists($attrs[0], $info[0]))
> + return false;
> + $addrs = $info[0]['postfix-mynetworks'];
> + foreach($addrs as $addr){
> + if($host == $addr or Net_IPv4::ipInNetwork($host, $addr))
> + return true;
> + }
> +
> + return false;
> +
> +}
> +
> /** Check that the From header is not trying
> to impersonate a valid user that is not
> $sasluser. Returns one of:
> @@ -438,6 +472,12 @@
> $kolabhosts = 'localhost';
> }
>
> + /*
> + * Allow Postfix $mynetworks
> + */
> + if(permited_host($client_addr))
> + return true;
> +
> /* Allow anything from localhost and
> * fellow Kolab-hosts
> */
--
Thorsen Consulting ApS - Qt consulting services
http://www.thorsen-consulting.dk
More information about the users
mailing list