def test_002_resource_collection(self):
auth = Auth()
auth.connect()
attrs = auth.get_entry_attributes(None, self.cars['dn'], ['*'])
self.assertIn('groupofuniquenames', attrs['objectclass'])
self.assertEqual(len(attrs['uniquemember']), 3)
self.assertEqual(attrs['kolabinvitationpolicy'], 'ACT_ACCEPT')
def test_002_resource_collection(self):
auth = Auth()
auth.connect()
attrs = auth.get_entry_attributes(None, self.cars['dn'], ['*'])
self.assertIn('groupofuniquenames', attrs['objectclass'])
self.assertEqual(len(attrs['uniquemember']), 3)
self.assertEqual(attrs['kolabinvitationpolicy'], 'ACT_ACCEPT')
class LDAPDataHandler(object):
"""
Collector handler to provide user data from LDAP
"""
def __init__(self, *args, **kw):
# load pykolab conf
self.pykolab_conf = pykolab.getConf()
if not hasattr(self.pykolab_conf, 'defaults'):
self.pykolab_conf.finalize_conf(fatal=False)
self.ldap = Auth()
self.ldap.connect()
def register(self, callback):
interests = {
'GETUSERDATA': { 'callback': self.get_user_data }
}
callback(interests)
def get_user_data(self, notification):
notification = json.loads(notification)
log.debug("GETUSERDATA for %r" % (notification), level=9)
if notification.has_key('user'):
try:
user_dn = self.ldap.find_user_dn(notification['user'], True)
log.debug("User DN for %s: %r" % (notification['user'], user_dn), level=8)
except Exception, e:
log.error("LDAP connection error: %r", e)
user_dn = None
if user_dn:
unique_attr = self.pykolab_conf.get('ldap', 'unique_attribute', 'nsuniqueid')
user_rec = self.ldap.get_entry_attributes(None, user_dn, [unique_attr, 'cn'])
log.debug("User attributes: %r" % (user_rec), level=8)
if user_rec and user_rec.has_key(unique_attr):
user_rec['dn'] = user_dn
user_rec['id'] = user_rec[unique_attr]
del user_rec[unique_attr]
else:
user_rec = None
notification['user_data'] = user_rec
return json.dumps(notification)
def heartbeat(lastrun):
global imap
# run archival job every hour only
now = int(time.time())
if lastrun == 0 or now - heartbeat._lastrun < 3600:
return
log.debug(_("module_resources.heartbeat(%d)") % (heartbeat._lastrun), level=8)
# get a list of resource records from LDAP
auth = Auth()
auth.connect()
resource_dns = auth.find_resource('*')
# filter by resource_base_dn
resource_base_dn = conf.get('ldap', 'resource_base_dn', None)
if resource_base_dn is not None:
resource_dns = [dn for dn in resource_dns if resource_base_dn in dn]
if len(resource_dns) > 0:
imap = IMAP()
imap.connect()
for resource_dn in resource_dns:
resource_attrs = auth.get_entry_attributes(None, resource_dn, ['kolabtargetfolder'])
if resource_attrs.has_key('kolabtargetfolder'):
try:
expunge_resource_calendar(resource_attrs['kolabtargetfolder'])
except Exception, e:
log.error(_("Expunge resource calendar for %s (%s) failed: %r") % (
resource_dn, resource_attrs['kolabtargetfolder'], e
))
imap.disconnect()
def get_resource_owner(resource):
"""
Get this resource's owner record
"""
global auth
if not auth:
auth = Auth()
auth.connect()
owners = []
if resource.has_key('owner'):
if not isinstance(resource['owner'], list):
owners = [ resource['owner'] ]
else:
owners = resource['owner']
else:
# get owner attribute from collection
collections = auth.search_entry_by_attribute('uniquemember', resource['dn'])
if not isinstance(collections, list):
collections = [ collections ]
for dn,collection in collections:
if collection.has_key('owner') and isinstance(collection['owner'], list):
owners += collection['owner']
elif collection.has_key('owner'):
owners.append(collection['owner'])
for dn in owners:
owner = auth.get_entry_attributes(None, dn, ['cn','mail','telephoneNumber'])
if owner is not None:
return owner
return None
def execute(*args, **kw):
try:
primary_rcpt_address = conf.cli_args.pop(0)
try:
secondary_rcpt_address = conf.cli_args.pop(0)
except:
print >> sys.stderr, _("Specify the (new) alias address")
sys.exit(1)
except:
print >> sys.stderr, _("Specify the existing recipient address")
sys.exit(1)
if len(primary_rcpt_address.split('@')) > 1:
primary_rcpt_domain = primary_rcpt_address.split('@')[-1]
else:
primary_rcpt_domain = conf.get('kolab', 'primary_domain')
auth = Auth(domain=primary_rcpt_domain)
domains = auth.list_domains()
#print domains
if len(secondary_rcpt_address.split('@')) > 1:
secondary_rcpt_domain = secondary_rcpt_address.split('@')[-1]
else:
secondary_rcpt_domain = conf.get('kolab', 'primary_domain')
# Check if either is in fact a domain
if not primary_rcpt_domain.lower() in domains.keys():
print >> sys.stderr, _("Domain %r is not a local domain") % (
primary_rcpt_domain)
sys.exit(1)
if not secondary_rcpt_domain.lower() in domains.keys():
print >> sys.stderr, _("Domain %r is not a local domain") % (
secondary_rcpt_domain)
sys.exit(1)
if not primary_rcpt_domain == secondary_rcpt_domain:
if not domains[primary_rcpt_domain] == domains[secondary_rcpt_domain]:
print >> sys.stderr, _(
"Primary and secondary domain do not have the same parent domain"
)
sys.exit(1)
primary_recipient_dn = auth.find_recipient(primary_rcpt_address)
if primary_recipient_dn == [] or len(primary_recipient_dn) == 0:
print >> sys.stderr, _("No such recipient %r") % (primary_rcpt_address)
sys.exit(1)
secondary_recipient_dn = auth.find_recipient(secondary_rcpt_address)
if not secondary_recipient_dn == [] and not len(
secondary_recipient_dn) == 0:
print >> sys.stderr, _("Recipient for alias %r already exists") % (
secondary_rcpt_address)
sys.exit(1)
rcpt_attrs = conf.get_list('ldap', 'mail_attributes')
primary_rcpt_attr = rcpt_attrs[0]
if len(rcpt_attrs) >= 2:
secondary_rcpt_attr = rcpt_attrs[1]
else:
print >> sys.stderr, _("Environment is not configured for " + \
"users to hold secondary mail attributes")
sys.exit(1)
primary_recipient = auth.get_entry_attributes(primary_rcpt_domain,
primary_recipient_dn,
rcpt_attrs)
if not primary_recipient.has_key(primary_rcpt_attr):
print >> sys.stderr, _(
"Recipient %r is not the primary recipient for address %r") % (
primary_recipient, primary_rcpt_address)
sys.exit(1)
if not primary_recipient.has_key(secondary_rcpt_attr):
auth.set_entry_attributes(
primary_rcpt_domain, primary_recipient_dn,
{secondary_rcpt_attr: [secondary_rcpt_address]})
else:
if isinstance(primary_recipient[secondary_rcpt_attr], basestring):
new_secondary_rcpt_attrs = [
primary_recipient[secondary_rcpt_attr], secondary_rcpt_address
]
else:
new_secondary_rcpt_attrs = \
primary_recipient[secondary_rcpt_attr] + \
[ secondary_rcpt_address ]
auth.set_entry_attributes(
primary_rcpt_domain, primary_recipient_dn,
{secondary_rcpt_attr: new_secondary_rcpt_attrs})
def execute(*args, **kw):
if not os.path.isdir(mybasepath):
os.makedirs(mybasepath)
for stage in ['incoming', 'ACCEPT', 'REJECT', 'HOLD', 'DEFER' ]:
if not os.path.isdir(os.path.join(mybasepath, stage)):
os.makedirs(os.path.join(mybasepath, stage))
log.debug(_("Resource Management called for %r, %r") % (args, kw), level=9)
auth = Auth()
auth.connect()
imap = IMAP()
imap.connect()
# TODO: Test for correct call.
filepath = args[0]
if kw.has_key('stage'):
log.debug(
_("Issuing callback after processing to stage %s") % (
kw['stage']
),
level=8
)
log.debug(_("Testing cb_action_%s()") % (kw['stage']), level=8)
if hasattr(modules, 'cb_action_%s' % (kw['stage'])):
log.debug(
_("Attempting to execute cb_action_%s()") % (kw['stage']),
level=8
)
exec(
'modules.cb_action_%s(%r, %r)' % (
kw['stage'],
'resources',
filepath
)
)
return
else:
# Move to incoming
new_filepath = os.path.join(
mybasepath,
'incoming',
os.path.basename(filepath)
)
if not filepath == new_filepath:
log.debug("Renaming %r to %r" % (filepath, new_filepath))
os.rename(filepath, new_filepath)
filepath = new_filepath
_message = json.load(open(filepath, 'r'))
log.debug("Loaded message %r" % (_message), level=9)
message = message_from_string(_message['data'])
recipients = _message['to']
any_itips = False
any_resources = False
possibly_any_resources = True
# An iTip message may contain multiple events. Later on, test if the message
# is an iTip message by checking the length of this list.
itip_events = itip_events_from_message(message)
if not len(itip_events) > 0:
log.info(
_("Message is not an iTip message or does not contain any " + \
"(valid) iTip.")
)
else:
any_itips = True
log.debug(
_("iTip events attached to this message contain the " + \
"following information: %r") % (itip_events),
level=9
)
if any_itips:
# See if any iTip actually allocates a resource.
if len([x['resources'] for x in itip_events if x.has_key('resources')]) == 0:
if len([x['attendees'] for x in itip_events if x.has_key('attendees')]) == 0:
possibly_any_resources = False
else:
possibly_any_resources = False
if possibly_any_resources:
for recipient in recipients:
if not len(resource_record_from_email_address(recipient)) == 0:
any_resources = True
if any_resources:
if not any_itips:
log.debug(_("Not an iTip message, but sent to resource nonetheless. Reject message"), level=5)
reject(filepath)
return
else:
# Continue. Resources and iTips. We like.
pass
else:
if not any_itips:
log.debug(_("No itips, no resources, pass along"), level=5)
accept(filepath)
return
else:
log.debug(_("iTips, but no resources, pass along"), level=5)
accept(filepath)
return
# A simple list of merely resource entry IDs that hold any relevance to the
# iTip events
resource_records = resource_records_from_itip_events(itip_events)
# Get the resource details, which includes details on the IMAP folder
resources = {}
for resource_record in list(set(resource_records)):
# Get the attributes for the record
# See if it is a resource collection
# If it is, expand to individual resources
# If it is not, ...
resource_attrs = auth.get_entry_attributes(None, resource_record, ['*'])
if not 'kolabsharedfolder' in [x.lower() for x in resource_attrs['objectclass']]:
if resource_attrs.has_key('uniquemember'):
resources[resource_record] = resource_attrs
for uniquemember in resource_attrs['uniquemember']:
resource_attrs = auth.get_entry_attributes(
None,
uniquemember,
['*']
)
if 'kolabsharedfolder' in [x.lower() for x in resource_attrs['objectclass']]:
resources[uniquemember] = resource_attrs
resources[uniquemember]['memberof'] = resource_record
else:
resources[resource_record] = resource_attrs
log.debug(_("Resources: %r") % (resources), level=8)
# For each resource, determine if any of the events in question is in
# conflict.
#
# Store the (first) conflicting event(s) alongside the resource information.
start = time.time()
for resource in resources.keys():
if not resources[resource].has_key('kolabtargetfolder'):
continue
mailbox = resources[resource]['kolabtargetfolder']
resources[resource]['conflict'] = False
resources[resource]['conflicting_events'] = []
log.debug(
_("Checking events in resource folder %r") % (mailbox),
level=8
)
try:
imap.imap.m.select(mailbox)
except:
log.error(_("Mailbox for resource %r doesn't exist") % (resource))
continue
typ, data = imap.imap.m.search(None, 'ALL')
num_messages = len(data[0].split())
for num in data[0].split():
# For efficiency, makes the routine non-deterministic
if resources[resource]['conflict']:
continue
log.debug(
_("Fetching message UID %r from folder %r") % (num, mailbox),
level=9
)
typ, data = imap.imap.m.fetch(num, '(RFC822)')
event_message = message_from_string(data[0][1])
if event_message.is_multipart():
for part in event_message.walk():
if part.get_content_type() == "application/calendar+xml":
payload = part.get_payload(decode=True)
event = pykolab.xml.event_from_string(payload)
for itip in itip_events:
_es = to_dt(event.get_start())
_is = to_dt(itip['start'].dt)
_ee = to_dt(event.get_end())
_ie = to_dt(itip['end'].dt)
if _es < _is:
if _es <= _ie:
if _ee <= _is:
conflict = False
else:
conflict = True
else:
conflict = True
elif _es == _is:
conflict = True
else: # _es > _is
if _es <= _ie:
conflict = True
else:
conflict = False
if conflict:
log.info(
_("Event %r conflicts with event " + \
"%r") % (
itip['xml'].get_uid(),
event.get_uid()
)
)
resources[resource]['conflicting_events'].append(event)
resources[resource]['conflict'] = True
end = time.time()
log.debug(
_("start: %r, end: %r, total: %r, messages: %r") % (
start, end, (end-start), num_messages
),
level=1
)
for resource in resources.keys():
log.debug(_("Polling for resource %r") % (resource), level=9)
if not resources.has_key(resource):
log.debug(
_("Resource %r has been popped from the list") % (resource),
level=9
)
continue
if not resources[resource].has_key('conflicting_events'):
log.debug(_("Resource is a collection"), level=9)
continue
if len(resources[resource]['conflicting_events']) > 0:
# This is the event being conflicted with!
for itip_event in itip_events:
# Now we have the event that was conflicting
if resources[resource]['mail'] in [a.get_email() for a in itip_event['xml'].get_attendees()]:
itip_event['xml'].set_attendee_participant_status(
[a for a in itip_event['xml'].get_attendees() if a.get_email() == resources[resource]['mail']][0],
"DECLINED"
)
send_response(resources[resource]['mail'], itip_events)
# TODO: Accept the message to the other attendees
else:
# This must have been a resource collection originally.
# We have inserted the reference to the original resource
# record in 'memberof'.
if resources[resource].has_key('memberof'):
original_resource = resources[resources[resource]['memberof']]
_target_resource = resources[original_resource['uniquemember'][random.randint(0,(len(original_resource['uniquemember'])-1))]]
# unset all
for _r in original_resource['uniquemember']:
del resources[_r]
if original_resource['mail'] in [a.get_email() for a in itip_event['xml'].get_attendees()]:
itip_event['xml'].set_attendee_participant_status(
[a for a in itip_event['xml'].get_attendees() if a.get_email() == original_resource['mail']][0],
"DECLINED"
)
send_response(original_resource['mail'], itip_events)
# TODO: Accept the message to the other attendees
else:
# No conflicts, go accept
for itip_event in itip_events:
if resources[resource]['mail'] in [a.get_email() for a in itip_event['xml'].get_attendees()]:
itip_event['xml'].set_attendee_participant_status(
[a for a in itip_event['xml'].get_attendees() if a.get_email() == resources[resource]['mail']][0],
"ACCEPTED"
)
log.debug(
_("Adding event to %r") % (
resources[resource]['kolabtargetfolder']
),
level=9
)
imap.imap.m.setacl(resources[resource]['kolabtargetfolder'], "cyrus-admin", "lrswipkxtecda")
imap.imap.m.append(
resources[resource]['kolabtargetfolder'],
None,
None,
itip_event['xml'].to_message().as_string()
)
send_response(resources[resource]['mail'], itip_event)
else:
# This must have been a resource collection originally.
# We have inserted the reference to the original resource
# record in 'memberof'.
if resources[resource].has_key('memberof'):
original_resource = resources[resources[resource]['memberof']]
# Randomly selects a target resource from the resource
# collection.
_target_resource = resources[original_resource['uniquemember'][random.randint(0,(len(original_resource['uniquemember'])-1))]]
# Remove all resources from the collection.
for _r in original_resource['uniquemember']:
del resources[_r]
if original_resource['mail'] in [a.get_email() for a in itip_event['xml'].get_attendees()]:
#
# Delegate:
#
# - delegator: the original resource collection
# - delegatee: the target resource
#
itip_event['xml'].delegate(
original_resource['mail'],
_target_resource['mail']
)
itip_event['xml'].set_attendee_participant_status(
[a for a in itip_event['xml'].get_attendees() if a.get_email() == _target_resource['mail']][0],
"ACCEPTED"
)
log.debug(
_("Adding event to %r") % (
_target_resource['kolabtargetfolder']
),
level=9
)
# TODO: The Cyrus IMAP (or Dovecot) Administrator login
# name comes from configuration.
imap.imap.m.setacl(_target_resource['kolabtargetfolder'], "cyrus-admin", "lrswipkxtecda")
imap.imap.m.append(
_target_resource['kolabtargetfolder'],
None,
None,
itip_event['xml'].to_message().as_string()
)
send_response(original_resource['mail'], itip_event)
# Disconnect IMAP or we lock the mailbox almost constantly
imap.disconnect()
del imap
os.unlink(filepath)
def execute(*args, **kw):
try:
address = conf.cli_args.pop(0)
except:
address = utils.ask_question(_("Email Address"))
auth = Auth()
auth.connect()
user = auth.find_recipient(address)
# Get the main, default backend
backend = conf.get('kolab', 'imap_backend')
if len(address.split('@')) > 1:
domain = address.split('@')[1]
else:
domain = conf.get('kolab', 'primary_domain')
if conf.has_section(domain) and conf.has_option(domain, 'imap_backend'):
backend = conf.get(domain, 'imap_backend')
if conf.has_section(domain) and conf.has_option(domain, 'imap_uri'):
uri = conf.get(domain, 'imap_uri')
else:
uri = conf.get(backend, 'uri')
hostname = None
port = None
result = urlparse(uri)
if hasattr(result, 'hostname'):
hostname = result.hostname
else:
scheme = uri.split(':')[0]
(hostname, port) = uri.split('/')[2].split(':')
port = 4190
# Get the credentials
admin_login = conf.get(backend, 'admin_login')
admin_password = conf.get(backend, 'admin_password')
import sievelib.managesieve
sieveclient = sievelib.managesieve.Client(hostname, port,
conf.debuglevel > 8)
sieveclient.connect(None, None, True)
sieveclient._plain_authentication(admin_login, admin_password, address)
sieveclient.authenticated = True
result = sieveclient.listscripts()
if result == None:
active = None
scripts = []
else:
active, scripts = result
log.debug(_("Found the following scripts for user %s: %s") %
(address, ','.join(scripts)),
level=8)
log.debug(_("And the following script is active for user %s: %s") %
(address, active),
level=8)
mgmt_required_extensions = []
mgmt_script = """#
# MANAGEMENT
#
"""
user = auth.get_entry_attributes(domain, user, ['*'])
#
# Vacation settings (a.k.a. Out of Office)
#
vacation_active = None
vacation_text = None
vacation_uce = None
vacation_noreact_domains = None
vacation_react_domains = None
vacation_active_attr = conf.get('sieve', 'vacation_active_attr')
vacation_text_attr = conf.get('sieve', 'vacation_text_attr')
vacation_uce_attr = conf.get('sieve', 'vacation_uce_attr')
vacation_noreact_domains_attr = conf.get('sieve',
'vacation_noreact_domains_attr')
vacation_react_domains_attr = conf.get('sieve',
'vacation_react_domains_attr')
if not vacation_text_attr == None:
if user.has_key(vacation_active_attr):
vacation_active = utils.true_or_false(user[vacation_active_attr])
else:
vacation_active = False
if user.has_key(vacation_text_attr):
vacation_text = user[vacation_text_attr]
else:
vacation_active = False
if user.has_key(vacation_uce_attr):
vacation_uce = utils.true_or_false(user[vacation_uce_attr])
else:
vacation_uce = False
if user.has_key(vacation_react_domains_attr):
if isinstance(user[vacation_react_domains_attr], list):
vacation_react_domains = user[vacation_react_domains_attr]
else:
vacation_react_domains = [user[vacation_react_domains_attr]]
else:
if user.has_key(vacation_noreact_domains_attr):
if isinstance(user[vacation_noreact_domains_attr], list):
vacation_noreact_domains = user[
vacation_noreact_domains_attr]
else:
vacation_noreact_domains = [
user[vacation_noreact_domains_attr]
]
else:
vacation_noreact_domains = []
#
# Delivery to Folder
#
dtf_active_attr = conf.get('sieve', 'deliver_to_folder_active')
if not dtf_active_attr == None:
if user.has_key(dtf_active_attr):
dtf_active = utils.true_or_false(user[dtf_active_attr])
else:
dtf_active = False
else:
# TODO: Not necessarily de-activated, the *Active attributes are
# not supposed to charge this - check the deliver_to_folder_attr
# attribute value for a value.
dtf_active = False
if dtf_active:
dtf_folder_name_attr = conf.get('sieve', 'deliver_to_folder_attr')
if not dtf_folder_name_attr == None:
if user.has_key(dtf_folder_name_attr):
dtf_folder = user[dtf_folder_name_attr]
else:
log.warning(
_("Delivery to folder active, but no folder name attribute available for user %r"
) % (user))
dtf_active = False
else:
log.error(
_("Delivery to folder active, but no folder name attribute configured"
))
dtf_active = False
#
# Folder name to delivery spam to.
#
# Global or local.
#
sdf_filter = True
sdf = conf.get('sieve', 'spam_global_folder')
if sdf == None:
sdf = conf.get('sieve', 'spam_personal_folder')
if sdf == None:
sdf_filter = False
#
# Mail forwarding
#
forward_active = None
forward_addresses = []
forward_keepcopy = None
forward_uce = None
forward_active_attr = conf.get('sieve', 'forward_address_active')
if not forward_active_attr == None:
if user.has_key(forward_active_attr):
forward_active = utils.true_or_false(user[forward_active_attr])
else:
forward_active = False
if not forward_active == False:
forward_address_attr = conf.get('sieve', 'forward_address_attr')
if user.has_key(forward_address_attr):
if isinstance(user[forward_address_attr], basestring):
forward_addresses = [user[forward_address_attr]]
elif isinstance(user[forward_address_attr], str):
forward_addresses = [user[forward_address_attr]]
else:
forward_addresses = user[forward_address_attr]
if len(forward_addresses) == 0:
forward_active = False
forward_keepcopy_attr = conf.get('sieve', 'forward_keepcopy_active')
if not forward_keepcopy_attr == None:
if user.has_key(forward_keepcopy_attr):
forward_keepcopy = utils.true_or_false(
user[forward_keepcopy_attr])
else:
forward_keepcopy = False
forward_uce_attr = conf.get('sieve', 'forward_uce_active')
if not forward_uce_attr == None:
if user.has_key(forward_uce_attr):
forward_uce = utils.true_or_false(user[forward_uce_attr])
else:
forward_uce = False
if vacation_active:
mgmt_required_extensions.append('vacation')
mgmt_required_extensions.append('envelope')
if dtf_active:
mgmt_required_extensions.append('fileinto')
if forward_active and (len(forward_addresses) > 1 or forward_keepcopy):
mgmt_required_extensions.append('copy')
if sdf_filter:
mgmt_required_extensions.append('fileinto')
import sievelib.factory
mgmt_script = sievelib.factory.FiltersSet("MANAGEMENT")
for required_extension in mgmt_required_extensions:
mgmt_script.require(required_extension)
mgmt_script.require('fileinto')
if vacation_active:
if not vacation_react_domains == None and len(
vacation_react_domains) > 0:
mgmt_script.addfilter(
'vacation',
[('envelope', ':domain', ":is", "from", vacation_react_domains)
],
[(
"vacation",
":days",
1,
":subject",
"Out of Office",
# ":handle", see http://tools.ietf.org/html/rfc5230#page-4
# ":mime", to indicate the reason is in fact MIME
vacation_text)])
elif not vacation_noreact_domains == None and len(
vacation_noreact_domains) > 0:
mgmt_script.addfilter(
'vacation',
[('not', ('envelope', ':domain', ":is", "from",
vacation_noreact_domains))],
[(
"vacation",
":days",
1,
":subject",
"Out of Office",
# ":handle", see http://tools.ietf.org/html/rfc5230#page-4
# ":mime", to indicate the reason is in fact MIME
vacation_text)])
else:
mgmt_script.addfilter(
'vacation',
[('true', )],
[(
"vacation",
":days",
1,
":subject",
"Out of Office",
# ":handle", see http://tools.ietf.org/html/rfc5230#page-4
# ":mime", to indicate the reason is in fact MIME
vacation_text)])
if forward_active:
forward_rules = []
# Principle can be demonstrated by:
#
# python -c "print ','.join(['a','b','c'][:-1])"
#
for forward_copy in forward_addresses[:-1]:
forward_rules.append(("redirect", ":copy", forward_copy))
if forward_keepcopy:
# Principle can be demonstrated by:
#
# python -c "print ','.join(['a','b','c'][-1])"
#
if forward_uce:
rule_name = 'forward-uce-keepcopy'
else:
rule_name = 'forward-keepcopy'
forward_rules.append(("redirect", ":copy", forward_addresses[-1]))
else:
if forward_uce:
rule_name = 'forward-uce'
else:
rule_name = 'forward'
forward_rules.append(("redirect", forward_addresses[-1]))
forward_rules.append(("stop"))
if forward_uce:
mgmt_script.addfilter(rule_name, ['true'], forward_rules)
else:
# NOTE: Messages with no X-Spam-Status header need to be matched
# too, and this does exactly that.
mgmt_script.addfilter(rule_name,
[("not",
("X-Spam-Status", ":matches", "Yes,*"))],
forward_rules)
if sdf_filter:
mgmt_script.addfilter('spam_delivery_folder',
[("X-Spam-Status", ":matches", "Yes,*")],
[("fileinto", "INBOX/Spam"), ("stop")])
if dtf_active:
mgmt_script.addfilter('delivery_to_folder', ['true'],
[("fileinto", dtf_folder)])
mgmt_script = mgmt_script.__str__()
log.debug(_("MANAGEMENT script for user %s contents: %r") %
(address, mgmt_script),
level=9)
result = sieveclient.putscript("MANAGEMENT", mgmt_script)
if not result:
log.error(
_("Uploading script MANAGEMENT failed for user %s") % (address))
else:
log.debug(_("Uploading script MANAGEMENT for user %s succeeded") %
(address),
level=8)
user_script = """#
# User
#
require ["include"];
"""
for script in scripts:
if not script in ["MASTER", "MANAGEMENT", "USER"]:
log.debug(_("Including script %s in USER (for user %s)") %
(script, address),
level=8)
user_script = """%s
include :personal "%s";
""" % (user_script, script)
result = sieveclient.putscript("USER", user_script)
if not result:
log.error(_("Uploading script USER failed for user %s") % (address))
else:
log.debug(_("Uploading script USER for user %s succeeded") % (address),
level=8)
result = sieveclient.putscript(
"MASTER", """#
# MASTER
#
# This file is authoritative for your system and MUST BE KEPT ACTIVE.
#
# Altering it is likely to render your account dysfunctional and may
# be violating your organizational or corporate policies.
#
# For more information on the mechanism and the conventions behind
# this script, see http://wiki.kolab.org/KEP:14
#
require ["include"];
# OPTIONAL: Includes for all or a group of users
# include :global "all-users";
# include :global "this-group-of-users";
# The script maintained by the general management system
include :personal "MANAGEMENT";
# The script(s) maintained by one or more editors available to the user
include :personal "USER";
""")
if not result:
log.error(_("Uploading script MASTER failed for user %s") % (address))
else:
log.debug(_("Uploading script MASTER for user %s succeeded") %
(address),
level=8)
sieveclient.setactive("MASTER")
log.error(_("No recipient found for email address %r") % (email_address))
sys.exit(1)
log.debug(_("Found the following recipient(s): %r") % (recipients), level=8)
mail_attributes = conf.get_list(domain, 'mail_attributes')
if mail_attributes == None or len(mail_attributes) < 1:
mail_attributes = conf.get_list(conf.get('kolab', 'auth_mechanism'), 'mail_attributes')
log.debug(_("Using the following mail attributes: %r") % (mail_attributes), level=8)
if isinstance(recipients, basestring):
recipient = recipients
# Only a single recipient found, remove the address
attributes = auth.get_entry_attributes(domain, recipient, mail_attributes)
# See which attribute holds the value we're trying to remove
for attribute in attributes.keys():
if isinstance(attributes[attribute], list):
if email_address in attributes[attribute]:
attributes[attribute].pop(attributes[attribute].index(email_address))
replace_attributes = {
attribute: attributes[attribute]
}
auth.set_entry_attributes(domain, recipient, replace_attributes)
else:
if email_address == attributes[attribute]:
auth.set_entry_attributes(domain, recipient, {attribute: None})
pass
def execute(*args, **kw):
try:
primary_rcpt_address = conf.cli_args.pop(0)
try:
secondary_rcpt_address = conf.cli_args.pop(0)
except:
print >> sys.stderr, _("Specify the (new) alias address")
sys.exit(1)
except:
print >> sys.stderr, _("Specify the existing recipient address")
sys.exit(1)
if len(primary_rcpt_address.split('@')) > 1:
primary_rcpt_domain = primary_rcpt_address.split('@')[-1]
else:
primary_rcpt_domain = conf.get('kolab', 'primary_domain')
auth = Auth(domain=primary_rcpt_domain)
domains = auth.list_domains()
#print domains
if len(secondary_rcpt_address.split('@')) > 1:
secondary_rcpt_domain = secondary_rcpt_address.split('@')[-1]
else:
secondary_rcpt_domain = conf.get('kolab', 'primary_domain')
# Check if either is in fact a domain
if not primary_rcpt_domain.lower() in domains.keys():
print >> sys.stderr, _("Domain %r is not a local domain") % (primary_rcpt_domain)
sys.exit(1)
if not secondary_rcpt_domain.lower() in domains.keys():
print >> sys.stderr, _("Domain %r is not a local domain") % (secondary_rcpt_domain)
sys.exit(1)
if not primary_rcpt_domain == secondary_rcpt_domain:
if not domains[primary_rcpt_domain] == domains[secondary_rcpt_domain]:
print >> sys.stderr, _("Primary and secondary domain do not have the same parent domain")
sys.exit(1)
primary_recipient_dn = auth.find_recipient(primary_rcpt_address)
if primary_recipient_dn == [] or len(primary_recipient_dn) == 0:
print >> sys.stderr, _("No such recipient %r") % (primary_rcpt_address)
sys.exit(1)
secondary_recipient_dn = auth.find_recipient(secondary_rcpt_address)
if not secondary_recipient_dn == [] and not len(secondary_recipient_dn) == 0:
print >> sys.stderr, _("Recipient for alias %r already exists") % (secondary_rcpt_address)
sys.exit(1)
rcpt_attrs = conf.get_list('ldap', 'mail_attributes')
primary_rcpt_attr = rcpt_attrs[0]
if len(rcpt_attrs) >= 2:
secondary_rcpt_attr = rcpt_attrs[1]
else:
print >> sys.stderr, _("Environment is not configured for " + \
"users to hold secondary mail attributes")
sys.exit(1)
primary_recipient = auth.get_entry_attributes(primary_rcpt_domain, primary_recipient_dn, rcpt_attrs)
if not primary_recipient.has_key(primary_rcpt_attr):
print >> sys.stderr, _("Recipient %r is not the primary recipient for address %r") % (primary_recipient, primary_rcpt_address)
sys.exit(1)
if not primary_recipient.has_key(secondary_rcpt_attr):
auth.set_entry_attributes(primary_rcpt_domain, primary_recipient_dn, {secondary_rcpt_attr: [ secondary_rcpt_address ] })
else:
if isinstance(primary_recipient[secondary_rcpt_attr], basestring):
new_secondary_rcpt_attrs = [
primary_recipient[secondary_rcpt_attr],
secondary_rcpt_address
]
else:
new_secondary_rcpt_attrs = \
primary_recipient[secondary_rcpt_attr] + \
[ secondary_rcpt_address ]
auth.set_entry_attributes(
primary_rcpt_domain,
primary_recipient_dn,
{
secondary_rcpt_attr: new_secondary_rcpt_attrs
}
)
def execute(*args, **kw):
try:
address = conf.cli_args.pop(0)
except:
address = utils.ask_question(_("Email Address"))
auth = Auth()
auth.connect()
user = auth.find_recipient(address)
# Get the main, default backend
backend = conf.get('kolab', 'imap_backend')
if len(address.split('@')) > 1:
domain = address.split('@')[1]
else:
domain = conf.get('kolab', 'primary_domain')
if conf.has_section(domain) and conf.has_option(domain, 'imap_backend'):
backend = conf.get(domain, 'imap_backend')
if conf.has_section(domain) and conf.has_option(domain, 'imap_uri'):
uri = conf.get(domain, 'imap_uri')
else:
uri = conf.get(backend, 'uri')
hostname = None
port = None
result = urlparse(uri)
if hasattr(result, 'hostname'):
hostname = result.hostname
else:
scheme = uri.split(':')[0]
(hostname, port) = uri.split('/')[2].split(':')
port = 4190
# Get the credentials
admin_login = conf.get(backend, 'admin_login')
admin_password = conf.get(backend, 'admin_password')
import sievelib.managesieve
sieveclient = sievelib.managesieve.Client(hostname, port, conf.debuglevel > 8)
sieveclient.connect(None, None, True)
sieveclient._plain_authentication(admin_login, admin_password, address)
sieveclient.authenticated = True
result = sieveclient.listscripts()
if result == None:
active = None
scripts = []
else:
active, scripts = result
log.debug(_("Found the following scripts for user %s: %s") % (address, ','.join(scripts)), level=8)
log.debug(_("And the following script is active for user %s: %s") % (address, active), level=8)
mgmt_required_extensions = []
mgmt_script = """#
# MANAGEMENT
#
"""
user = auth.get_entry_attributes(domain, user, ['*'])
#
# Vacation settings (a.k.a. Out of Office)
#
vacation_active = None
vacation_text = None
vacation_uce = None
vacation_noreact_domains = None
vacation_react_domains = None
vacation_active_attr = conf.get('sieve', 'vacation_active_attr')
vacation_text_attr = conf.get('sieve', 'vacation_text_attr')
vacation_uce_attr = conf.get('sieve', 'vacation_uce_attr')
vacation_noreact_domains_attr = conf.get('sieve', 'vacation_noreact_domains_attr')
vacation_react_domains_attr = conf.get('sieve', 'vacation_react_domains_attr')
if not vacation_text_attr == None:
if user.has_key(vacation_active_attr):
vacation_active = utils.true_or_false(user[vacation_active_attr])
else:
vacation_active = False
if user.has_key(vacation_text_attr):
vacation_text = user[vacation_text_attr]
else:
vacation_active = False
if user.has_key(vacation_uce_attr):
vacation_uce = utils.true_or_false(user[vacation_uce_attr])
else:
vacation_uce = False
if user.has_key(vacation_react_domains_attr):
if isinstance(user[vacation_react_domains_attr], list):
vacation_react_domains = user[vacation_react_domains_attr]
else:
vacation_react_domains = [ user[vacation_react_domains_attr] ]
else:
if user.has_key(vacation_noreact_domains_attr):
if isinstance(user[vacation_noreact_domains_attr], list):
vacation_noreact_domains = user[vacation_noreact_domains_attr]
else:
vacation_noreact_domains = [ user[vacation_noreact_domains_attr] ]
else:
vacation_noreact_domains = []
#
# Delivery to Folder
#
dtf_active_attr = conf.get('sieve', 'deliver_to_folder_active')
if not dtf_active_attr == None:
if user.has_key(dtf_active_attr):
dtf_active = utils.true_or_false(user[dtf_active_attr])
else:
dtf_active = False
else:
# TODO: Not necessarily de-activated, the *Active attributes are
# not supposed to charge this - check the deliver_to_folder_attr
# attribute value for a value.
dtf_active = False
if dtf_active:
dtf_folder_name_attr = conf.get('sieve', 'deliver_to_folder_attr')
if not dtf_folder_name_attr == None:
if user.has_key(dtf_folder_name_attr):
dtf_folder = user[dtf_folder_name_attr]
else:
log.warning(_("Delivery to folder active, but no folder name attribute available for user %r") % (user))
dtf_active = False
else:
log.error(_("Delivery to folder active, but no folder name attribute configured"))
dtf_active = False
#
# Folder name to delivery spam to.
#
# Global or local.
#
sdf_filter = True
sdf = conf.get('sieve', 'spam_global_folder')
if sdf == None:
sdf = conf.get('sieve', 'spam_personal_folder')
if sdf == None:
sdf_filter = False
#
# Mail forwarding
#
forward_active = None
forward_addresses = []
forward_keepcopy = None
forward_uce = None
forward_active_attr = conf.get('sieve', 'forward_address_active')
if not forward_active_attr == None:
if user.has_key(forward_active_attr):
forward_active = utils.true_or_false(user[forward_active_attr])
else:
forward_active = False
if not forward_active == False:
forward_address_attr = conf.get('sieve', 'forward_address_attr')
if user.has_key(forward_address_attr):
if isinstance(user[forward_address_attr], basestring):
forward_addresses = [ user[forward_address_attr] ]
elif isinstance(user[forward_address_attr], str):
forward_addresses = [ user[forward_address_attr] ]
else:
forward_addresses = user[forward_address_attr]
if len(forward_addresses) == 0:
forward_active = False
forward_keepcopy_attr = conf.get('sieve', 'forward_keepcopy_active')
if not forward_keepcopy_attr == None:
if user.has_key(forward_keepcopy_attr):
forward_keepcopy = utils.true_or_false(user[forward_keepcopy_attr])
else:
forward_keepcopy = False
forward_uce_attr = conf.get('sieve', 'forward_uce_active')
if not forward_uce_attr == None:
if user.has_key(forward_uce_attr):
forward_uce = utils.true_or_false(user[forward_uce_attr])
else:
forward_uce = False
if vacation_active:
mgmt_required_extensions.append('vacation')
mgmt_required_extensions.append('envelope')
if dtf_active:
mgmt_required_extensions.append('fileinto')
if forward_active and (len(forward_addresses) > 1 or forward_keepcopy):
mgmt_required_extensions.append('copy')
if sdf_filter:
mgmt_required_extensions.append('fileinto')
import sievelib.factory
mgmt_script = sievelib.factory.FiltersSet("MANAGEMENT")
for required_extension in mgmt_required_extensions:
mgmt_script.require(required_extension)
mgmt_script.require('fileinto')
if vacation_active:
if not vacation_react_domains == None and len(vacation_react_domains) > 0:
mgmt_script.addfilter(
'vacation',
[('envelope', ':domain', ":is", "from", vacation_react_domains)],
[
(
"vacation",
":days", 1,
":subject",
"Out of Office",
# ":handle", see http://tools.ietf.org/html/rfc5230#page-4
# ":mime", to indicate the reason is in fact MIME
vacation_text
)
]
)
elif not vacation_noreact_domains == None and len(vacation_noreact_domains) > 0:
mgmt_script.addfilter(
'vacation',
[('not', ('envelope', ':domain', ":is", "from", vacation_noreact_domains))],
[
(
"vacation",
":days", 1,
":subject",
"Out of Office",
# ":handle", see http://tools.ietf.org/html/rfc5230#page-4
# ":mime", to indicate the reason is in fact MIME
vacation_text
)
]
)
else:
mgmt_script.addfilter(
'vacation',
[('true',)],
[
(
"vacation",
":days", 1,
":subject",
"Out of Office",
# ":handle", see http://tools.ietf.org/html/rfc5230#page-4
# ":mime", to indicate the reason is in fact MIME
vacation_text
)
]
)
if forward_active:
forward_rules = []
# Principle can be demonstrated by:
#
# python -c "print ','.join(['a','b','c'][:-1])"
#
for forward_copy in forward_addresses[:-1]:
forward_rules.append(("redirect", ":copy", forward_copy))
if forward_keepcopy:
# Principle can be demonstrated by:
#
# python -c "print ','.join(['a','b','c'][-1])"
#
if forward_uce:
rule_name = 'forward-uce-keepcopy'
else:
rule_name = 'forward-keepcopy'
forward_rules.append(("redirect", ":copy", forward_addresses[-1]))
else:
if forward_uce:
rule_name = 'forward-uce'
else:
rule_name = 'forward'
forward_rules.append(("redirect", forward_addresses[-1]))
forward_rules.append(("stop"))
if forward_uce:
mgmt_script.addfilter(rule_name, ['true'], forward_rules)
else:
# NOTE: Messages with no X-Spam-Status header need to be matched
# too, and this does exactly that.
mgmt_script.addfilter(rule_name, [("not", ("X-Spam-Status", ":matches", "Yes,*"))], forward_rules)
if sdf_filter:
mgmt_script.addfilter('spam_delivery_folder', [("X-Spam-Status", ":matches", "Yes,*")], [("fileinto", "INBOX/Spam"), ("stop")])
if dtf_active:
mgmt_script.addfilter('delivery_to_folder', ['true'], [("fileinto", dtf_folder)])
mgmt_script = mgmt_script.__str__()
log.debug(_("MANAGEMENT script for user %s contents: %r") % (address,mgmt_script), level=9)
result = sieveclient.putscript("MANAGEMENT", mgmt_script)
if not result:
log.error(_("Uploading script MANAGEMENT failed for user %s") % (address))
else:
log.debug(_("Uploading script MANAGEMENT for user %s succeeded") % (address), level=8)
user_script = """#
# User
#
require ["include"];
"""
for script in scripts:
if not script in [ "MASTER", "MANAGEMENT", "USER" ]:
log.debug(_("Including script %s in USER (for user %s)") % (script,address) ,level=8)
user_script = """%s
include :personal "%s";
""" % (user_script, script)
result = sieveclient.putscript("USER", user_script)
if not result:
log.error(_("Uploading script USER failed for user %s") % (address))
else:
log.debug(_("Uploading script USER for user %s succeeded") % (address), level=8)
result = sieveclient.putscript("MASTER", """#
# MASTER
#
# This file is authoritative for your system and MUST BE KEPT ACTIVE.
#
# Altering it is likely to render your account dysfunctional and may
# be violating your organizational or corporate policies.
#
# For more information on the mechanism and the conventions behind
# this script, see http://wiki.kolab.org/KEP:14
#
require ["include"];
# OPTIONAL: Includes for all or a group of users
# include :global "all-users";
# include :global "this-group-of-users";
# The script maintained by the general management system
include :personal "MANAGEMENT";
# The script(s) maintained by one or more editors available to the user
include :personal "USER";
""")
if not result:
log.error(_("Uploading script MASTER failed for user %s") % (address))
else:
log.debug(_("Uploading script MASTER for user %s succeeded") % (address), level=8)
sieveclient.setactive("MASTER")
