From 329de92b6e00f1af9925f56a4fc6da14087802e5 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sat, 25 May 2024 20:37:25 +0200 Subject: tkleen --- .../ccert_policy_server/__main__.py | 35 +++++++++++++--------- 1 file changed, 21 insertions(+), 14 deletions(-) (limited to 'hosts/surtr/email/ccert-policy-server/ccert_policy_server') diff --git a/hosts/surtr/email/ccert-policy-server/ccert_policy_server/__main__.py b/hosts/surtr/email/ccert-policy-server/ccert_policy_server/__main__.py index f481090c..00182523 100644 --- a/hosts/surtr/email/ccert-policy-server/ccert_policy_server/__main__.py +++ b/hosts/surtr/email/ccert-policy-server/ccert_policy_server/__main__.py @@ -27,20 +27,27 @@ class PolicyHandler(StreamRequestHandler): logger.info('Connection parameters: %s', self.args) allowed = False - with self.server.db_pool.connection() as conn: - local, domain = self.args['sender'].split(sep='@', maxsplit=1) - extension = None - if '+' in local: - local, extension = local.split(sep='+', maxsplit=1) - - logger.debug('Parsed address: %s', {'local': local, 'extension': extension, 'domain': domain}) - - with conn.cursor() as cur: - cur.row_factory = namedtuple_row - cur.execute('SELECT "mailbox"."mailbox" as "user", "local", "extension", "domain" FROM "mailbox" INNER JOIN "mailbox_mapping" ON "mailbox".id = "mailbox_mapping"."mailbox" WHERE "mailbox"."mailbox" = %(user)s AND ("local" = %(local)s OR "local" IS NULL) AND ("extension" = %(extension)s OR "extension" IS NULL) AND "domain" = %(domain)s', params = {'user': self.args['ccert_subject'], 'local': local, 'extension': extension if extension is not None else '', 'domain': domain}, prepare=True) - for record in cur: - logger.debug('Received result: %s', record) - allowed = True + user = None + if self.args['sasl_username']: + user = self.args['sasl_username'] + if self.args['ccert_subject']: + user = self.args['ccert_subject'] + + if user: + with self.server.db_pool.connection() as conn: + local, domain = self.args['sender'].split(sep='@', maxsplit=1) + extension = None + if '+' in local: + local, extension = local.split(sep='+', maxsplit=1) + + logger.debug('Parsed address: %s', {'local': local, 'extension': extension, 'domain': domain}) + + with conn.cursor() as cur: + cur.row_factory = namedtuple_row + cur.execute('SELECT "mailbox"."mailbox" as "user", "local", "extension", "domain" FROM "mailbox" INNER JOIN "mailbox_mapping" ON "mailbox".id = "mailbox_mapping"."mailbox" WHERE "mailbox"."mailbox" = %(user)s AND ("local" = %(local)s OR "local" IS NULL) AND ("extension" = %(extension)s OR "extension" IS NULL) AND "domain" = %(domain)s', params = {'user': user, 'local': local, 'extension': extension if extension is not None else '', 'domain': domain}, prepare=True) + for record in cur: + logger.debug('Received result: %s', record) + allowed = True action = '550 5.7.0 Sender address not authorized for current user' if allowed: -- cgit v1.2.3