tkleen

author: Gregor Kleen <gkleen@yggdrasil.li> 2024-05-25 20:37:25 +0200
committer: Gregor Kleen <gkleen@yggdrasil.li> 2024-05-25 20:37:25 +0200
commit: 329de92b6e00f1af9925f56a4fc6da14087802e5 (patch)
tree: efc06ae01168bff5db83907c96e51ed54bfdd32b /hosts/surtr/email/ccert-policy-server
parent: 2f8b062363b293a72e4afa0e682f1c4371317515 (diff)
download: nixos-329de92b6e00f1af9925f56a4fc6da14087802e5.tar
nixos-329de92b6e00f1af9925f56a4fc6da14087802e5.tar.gz
nixos-329de92b6e00f1af9925f56a4fc6da14087802e5.tar.bz2
nixos-329de92b6e00f1af9925f56a4fc6da14087802e5.tar.xz
nixos-329de92b6e00f1af9925f56a4fc6da14087802e5.zip
1 files changed, 21 insertions, 14 deletions
diff --git a/hosts/surtr/email/ccert-policy-server/ccert_policy_server/__main__.py b/hosts/surtr/email/ccert-policy-server/ccert_policy_server/__main__.py
index f481090c..00182523 100644
--- a/hosts/surtr/email/ccert-policy-server/ccert_policy_server/__main__.py
+++ b/hosts/surtr/email/ccert-policy-server/ccert_policy_server/__main__.py
@@ -27,20 +27,27 @@ class PolicyHandler(StreamRequestHandler):
        logger.info('Connection parameters: %s', self.args)
        allowed = False
-        with self.server.db_pool.connection() as conn:
+        user = None
-            local, domain = self.args['sender'].split(sep='@', maxsplit=1)
+        if self.args['sasl_username']:
-            extension = None
+            user = self.args['sasl_username']
-            if '+' in local:
+        if self.args['ccert_subject']:
-                local, extension = local.split(sep='+', maxsplit=1)
+            user = self.args['ccert_subject']
-            logger.debug('Parsed address: %s', {'local': local, 'extension': extension, 'domain': domain})
+        if user:
+            with self.server.db_pool.connection() as conn:
-            with conn.cursor() as cur:
+                local, domain = self.args['sender'].split(sep='@', maxsplit=1)
-                cur.row_factory = namedtuple_row
+                extension = None
-                cur.execute('SELECT "mailbox"."mailbox" as "user", "local", "extension", "domain" FROM "mailbox" INNER JOIN "mailbox_mapping" ON "mailbox".id = "mailbox_mapping"."mailbox" WHERE "mailbox"."mailbox" = %(user)s AND ("local" = %(local)s OR "local" IS NULL) AND ("extension" = %(extension)s OR "extension" IS NULL) AND "domain" = %(domain)s', params = {'user': self.args['ccert_subject'], 'local': local, 'extension': extension if extension is not None else '', 'domain': domain}, prepare=True)
+                if '+' in local:
-                for record in cur:
+                    local, extension = local.split(sep='+', maxsplit=1)
-                    logger.debug('Received result: %s', record)
-                    allowed = True
+                logger.debug('Parsed address: %s', {'local': local, 'extension': extension, 'domain': domain})
+                with conn.cursor() as cur:
+                    cur.row_factory = namedtuple_row
+                    cur.execute('SELECT "mailbox"."mailbox" as "user", "local", "extension", "domain" FROM "mailbox" INNER JOIN "mailbox_mapping" ON "mailbox".id = "mailbox_mapping"."mailbox" WHERE "mailbox"."mailbox" = %(user)s AND ("local" = %(local)s OR "local" IS NULL) AND ("extension" = %(extension)s OR "extension" IS NULL) AND "domain" = %(domain)s', params = {'user': user, 'local': local, 'extension': extension if extension is not None else '', 'domain': domain}, prepare=True)
+                    for record in cur:
+                        logger.debug('Received result: %s', record)
+                        allowed = True
        action = '550 5.7.0 Sender address not authorized for current user'
        if allowed:
author	Gregor Kleen <gkleen@yggdrasil.li>	2024-05-25 20:37:25 +0200
committer	Gregor Kleen <gkleen@yggdrasil.li>	2024-05-25 20:37:25 +0200
commit	329de92b6e00f1af9925f56a4fc6da14087802e5 (patch)
tree	efc06ae01168bff5db83907c96e51ed54bfdd32b /hosts/surtr/email/ccert-policy-server
parent	2f8b062363b293a72e4afa0e682f1c4371317515 (diff)
download	nixos-329de92b6e00f1af9925f56a4fc6da14087802e5.tar nixos-329de92b6e00f1af9925f56a4fc6da14087802e5.tar.gz nixos-329de92b6e00f1af9925f56a4fc6da14087802e5.tar.bz2 nixos-329de92b6e00f1af9925f56a4fc6da14087802e5.tar.xz nixos-329de92b6e00f1af9925f56a4fc6da14087802e5.zip

diff --git a/hosts/surtr/email/ccert-policy-server/ccert_policy_server/__main__.py b/hosts/surtr/email/ccert-policy-server/ccert_policy_server/__main__.py index f481090c..00182523 100644 --- a/hosts/surtr/email/ccert-policy-server/ccert_policy_server/__main__.py +++ b/hosts/surtr/email/ccert-policy-server/ccert_policy_server/__main__.py
@@ -27,20 +27,27 @@ class PolicyHandler(StreamRequestHandler):
27	logger.info('Connection parameters: %s', self.args)	27	logger.info('Connection parameters: %s', self.args)
28		28
29	allowed = False	29	allowed = False
30	with self.server.db_pool.connection() as conn:	30	user = None
31	local, domain = self.args['sender'].split(sep='@', maxsplit=1)	31	if self.args['sasl_username']:
32	extension = None	32	user = self.args['sasl_username']
33	if '+' in local:	33	if self.args['ccert_subject']:
34	local, extension = local.split(sep='+', maxsplit=1)	34	user = self.args['ccert_subject']
35		35
36	logger.debug('Parsed address: %s', {'local': local, 'extension': extension, 'domain': domain})	36	if user:
37		37	with self.server.db_pool.connection() as conn:
38	with conn.cursor() as cur:	38	local, domain = self.args['sender'].split(sep='@', maxsplit=1)
39	cur.row_factory = namedtuple_row	39	extension = None
40	cur.execute('SELECT "mailbox"."mailbox" as "user", "local", "extension", "domain" FROM "mailbox" INNER JOIN "mailbox_mapping" ON "mailbox".id = "mailbox_mapping"."mailbox" WHERE "mailbox"."mailbox" = %(user)s AND ("local" = %(local)s OR "local" IS NULL) AND ("extension" = %(extension)s OR "extension" IS NULL) AND "domain" = %(domain)s', params = {'user': self.args['ccert_subject'], 'local': local, 'extension': extension if extension is not None else '', 'domain': domain}, prepare=True)	40	if '+' in local:
41	for record in cur:	41	local, extension = local.split(sep='+', maxsplit=1)
42	logger.debug('Received result: %s', record)	42
43	allowed = True	43	logger.debug('Parsed address: %s', {'local': local, 'extension': extension, 'domain': domain})
		44
		45	with conn.cursor() as cur:
		46	cur.row_factory = namedtuple_row
		47	cur.execute('SELECT "mailbox"."mailbox" as "user", "local", "extension", "domain" FROM "mailbox" INNER JOIN "mailbox_mapping" ON "mailbox".id = "mailbox_mapping"."mailbox" WHERE "mailbox"."mailbox" = %(user)s AND ("local" = %(local)s OR "local" IS NULL) AND ("extension" = %(extension)s OR "extension" IS NULL) AND "domain" = %(domain)s', params = {'user': user, 'local': local, 'extension': extension if extension is not None else '', 'domain': domain}, prepare=True)
		48	for record in cur:
		49	logger.debug('Received result: %s', record)
		50	allowed = True
44		51
45	action = '550 5.7.0 Sender address not authorized for current user'	52	action = '550 5.7.0 Sender address not authorized for current user'
46	if allowed:	53	if allowed: