def proxyfunc(self, *args, **kw):
if 'mail' in kw.keys() and iredutils.is_email(kw.get('mail')):
self.domain = web.safestr(kw['mail']).split('@')[-1]
elif 'domain' in kw.keys() and iredutils.is_domain(kw.get('domain')):
self.domain = web.safestr(kw['domain'])
else:
return False
self.admin = session.get('username')
if not iredutils.is_email(self.admin):
return False
# Check domain global admin.
if session.get('domainGlobalAdmin') is True:
return func(self, *args, **kw)
else:
# Check whether is domain admin.
try:
result = self.conn.select(
'domain_admins',
vars={'username': self.admin, 'domain': [self.domain, 'ALL']},
what='username',
where='username=$username AND domain IN $domain',
)
except Exception:
result = {}
if len(result) != 1:
return func(self, *args, **kw)
else:
raise web.seeother('/users' + '?msg=PERMISSION_DENIED&domain=' + self.domain)
def proxyfunc(self, *args, **kw):
if 'mail' in list(kw.keys()) and iredutils.is_email(kw.get('mail')):
self.domain = web.safestr(kw['mail']).split('@')[-1]
elif 'domain' in list(kw.keys()) and iredutils.is_domain(kw.get('domain')):
self.domain = web.safestr(kw['domain'])
else:
return False
self.admin = session.get('username')
if not iredutils.is_email(self.admin):
return False
# Check domain global admin.
if session.get('domainGlobalAdmin') is True:
return func(self, *args, **kw)
else:
# Check whether is domain admin.
try:
result = self.conn.select(
'domain_admins',
vars={'username': self.admin, 'domain': [self.domain, 'ALL']},
what='username',
where='username=$username AND domain IN $domain',
)
except Exception:
result = {}
if len(result) != 1:
return func(self, *args, **kw)
else:
raise web.seeother('/users' + '?msg=PERMISSION_DENIED&domain=' + self.domain)
def proxyfunc(*args, **kw):
# Check domain global admin.
if session.get('domainGlobalAdmin') is True:
return func(*args, **kw)
else:
if 'domain' in list(kw.keys()) and iredutils.is_domain(
kw.get('domain')):
domain = web.safestr(kw['domain'])
elif 'mail' in list(kw.keys()) and iredutils.is_email(
kw.get('mail')):
domain = web.safestr(kw['mail']).split('@')[-1]
elif 'admin' in list(kw.keys()) and iredutils.is_email(
kw.get('admin')):
domain = web.safestr(kw['admin']).split('@')[-1]
else:
return (False, 'PERMISSION_DENIED')
# Check whether is domain admin.
validator = core.PGSQLWrap()
if validator.is_domainAdmin(
domain=domain,
admin=session.get('username'),
):
return func(*args, **kw)
else:
return (False, 'PERMISSION_DENIED')
def enableOrDisableAccount(self, domain, mails, action, attr="accountStatus"):
if mails is None or len(mails) == 0:
return (False, "NO_ACCOUNT_SELECTED")
self.mails = [str(v) for v in mails if iredutils.is_email(v) and str(v).endswith("@" + str(domain))]
result = {}
connutils = connUtils.Utils()
for mail in self.mails:
self.mail = web.safestr(mail)
if not iredutils.is_email(self.mail):
continue
self.domain = self.mail.split("@")[-1]
self.dn = ldaputils.convert_keyword_to_dn(self.mail, accountType="user")
if self.dn[0] is False:
result[self.mail] = self.dn[1]
continue
try:
connutils.enableOrDisableAccount(
domain=self.domain,
account=self.mail,
dn=self.dn,
action=web.safestr(action).strip().lower(),
accountTypeInLogger="user",
)
except ldap.LDAPError, e:
result[self.mail] = str(e)
def setAccountStatus(self, accounts, accountType, active=True):
# accounts must be a list/tuple.
# accountType in ['domain', 'user', 'admin']
# active: True -> active, False -> disabled
if not len(accounts) > 0:
return (True,)
accountType = str(accountType)
if active is True:
active = 1
action = 'Active'
else:
active = 0
action = 'Disable'
if accountType == 'domain':
accounts = [str(v) for v in accounts if iredutils.is_domain(v)]
try:
self.conn.update(
'domain',
vars={'accounts': accounts},
where='domain IN $accounts',
active=active,
)
except Exception as e:
return (False, str(e))
elif accountType == 'user':
accounts = [str(v) for v in accounts if iredutils.is_email(v)]
try:
self.conn.update(
'mailbox',
vars={'accounts': accounts},
where='username IN $accounts',
active=active,
)
except Exception as e:
return (False, str(e))
elif accountType == 'admin':
accounts = [str(v) for v in accounts if iredutils.is_email(v)]
try:
self.conn.update(
'admin',
vars={'accounts': accounts},
where='username IN $accounts',
active=active,
)
except Exception as e:
return (False, str(e))
else:
pass
try:
web.logger(
msg="%s %s: %s." % (action, accountType, ', '.join(accounts)),
event=action.lower(),
)
except:
pass
return (True,)
def deleteSingleUser(self, mail, deleteFromGroups=True):
self.mail = web.safestr(mail)
if not iredutils.is_email(self.mail):
return (False, "INVALID_MAIL")
# Get domain name of this account.
self.domain = self.mail.split("@")[-1]
# Get dn of mail user and domain.
self.dnUser = ldaputils.convert_keyword_to_dn(self.mail, accountType="user")
if self.dnUser[0] is False:
return self.dnUser
# Delete user object.
try:
# Delete single object.
# self.conn.delete_s(self.dnUser)
# Delete object and its subtree.
deltree.DelTree(self.conn, self.dnUser, ldap.SCOPE_SUBTREE)
if deleteFromGroups:
self.deleteSingleUserFromGroups(self.mail)
# Delete record from SQL database: real-time used quota.
try:
connUtils.deleteAccountFromUsedQuota([self.mail])
except Exception, e:
pass
# Log delete action.
web.logger(msg="Delete user: %s." % (self.mail), domain=self.domain, event="delete")
return (True,)
def is_domainAdmin(
self,
domain,
admin=session.get('username'),
):
if not iredutils.is_domain(domain) or not iredutils.is_email(admin):
return False
if admin == session.get('username') \
and session.get('domainGlobalAdmin') is True:
return True
try:
result = self.conn.select(
'domain_admins',
vars={
'domain': domain,
'username': admin,
},
what='username',
where='domain=$domain AND username=$username AND active=1',
limit=1,
)
if len(result) == 1:
return True
else:
return False
except Exception:
return False
def assign_admins_to_domain(domain, admins, conn=None):
"""Assign list of NEW admins to specified mail domain.
It doesn't remove existing admins."""
if not iredutils.is_domain(domain):
return (False, 'INVALID_DOMAIN_NAME')
if not isinstance(admins, (list, tuple, set)):
return (False, 'NO_ADMINS')
else:
admins = [str(i).lower() for i in admins if iredutils.is_email(i)]
if not admins:
return (False, 'NO_ADMINS')
if not conn:
_wrap = SQLWrap()
conn = _wrap.conn
for adm in admins:
try:
conn.insert('domain_admins', domain=domain, username=adm)
except Exception as e:
if e.__class__.__name__ == 'IntegrityError':
pass
else:
return (False, repr(e))
return (True, )
def delete(self, domain, mails=None, keep_mailbox_days=0):
if not mails:
return (False, 'NO_ACCOUNT_SELECTED')
self.domain = web.safestr(domain)
self.mails = [
str(v) for v in mails
if iredutils.is_email(v) and str(v).endswith('@' + self.domain)
]
if not len(self.mails) > 0:
return (False, 'INVALID_MAIL')
if not iredutils.is_domain(self.domain):
return (False, 'INVALID_DOMAIN_NAME')
self.domaindn = ldaputils.convert_keyword_to_dn(self.domain,
accountType='domain')
result = {}
for mail in self.mails:
self.mail = web.safestr(mail)
try:
# Delete user object (ldap.SCOPE_BASE).
self.deleteSingleUser(mail=self.mail,
keep_mailbox_days=keep_mailbox_days)
except ldap.LDAPError as e:
result[self.mail] = ldaputils.getExceptionDesc(e)
if result == {}:
return (True, )
else:
return (False, str(result))
def getManagedDomains(self, admin, domainNameOnly=False, listedOnly=False,):
admin = web.safestr(admin)
if not iredutils.is_email(admin):
return (False, 'INCORRECT_USERNAME')
sql_left_join = ''
if listedOnly is False:
sql_left_join = """OR domain_admins.domain='ALL'"""
try:
result = self.conn.query(
"""
SELECT domain.domain
FROM domain
LEFT JOIN domain_admins ON (domain.domain=domain_admins.domain %s)
WHERE domain_admins.username=$admin
ORDER BY domain_admins.domain
""" % (sql_left_join),
vars={'admin': admin, },
)
if domainNameOnly is True:
domains = []
for i in result:
if iredutils.is_domain(i.domain):
domains += [str(i.domain).lower()]
return (True, domains)
else:
return (True, list(result))
except Exception, e:
return (False, str(e))
def is_email_exists(self, mail):
# Return True if account is invalid or exist.
mail = web.safestr(mail)
if not iredutils.is_email(mail):
return True
sql_vars = {'email': mail, }
try:
resultOfMailbox = self.conn.select(
'mailbox',
vars=sql_vars,
what='username',
where='username=$email',
limit=1,
)
resultOfAlias = self.conn.select(
'alias',
vars=sql_vars,
what='address',
where='address=$email',
limit=1,
)
if resultOfMailbox or resultOfAlias:
return True
else:
return False
except Exception:
return True
def delete(self, domain, mails=None, keep_mailbox_days=0):
domain = str(domain).lower()
if not iredutils.is_domain(domain):
return (False, 'INVALID_DOMAIN_NAME')
if not mails:
return (False, 'INVALID_MAIL')
mails = [
str(v).lower() for v in mails
if iredutils.is_email(v) and str(v).endswith('@' + domain)
]
if not mails:
return (False, 'INVALID_MAIL')
# Delete user and related records.
try:
qr = self.deleteAccounts(accounts=mails,
accountType='user',
keep_mailbox_days=keep_mailbox_days)
if qr[0] is True:
web.logger(
msg="Delete user: %s." % ', '.join(mails),
domain=domain,
event='delete',
)
else:
return qr
return (True, )
except Exception as e:
return (False, str(e))
def getManagedDomains(self, admin, domainNameOnly=False, listedOnly=False,):
admin = web.safestr(admin)
if not iredutils.is_email(admin):
return (False, 'INCORRECT_USERNAME')
sql_left_join = ''
if listedOnly is False:
sql_left_join = """OR domain_admins.domain='ALL'"""
try:
result = self.conn.query(
"""
SELECT domain.domain
FROM domain
LEFT JOIN domain_admins ON (domain.domain=domain_admins.domain %s)
WHERE domain_admins.username=$admin
ORDER BY domain_admins.domain
""" % (sql_left_join),
vars={'admin': admin, },
)
if domainNameOnly is True:
domains = []
for i in result:
if iredutils.is_domain(i.domain):
domains += [str(i.domain).lower()]
return (True, domains)
else:
return (True, list(result))
except Exception, e:
return (False, str(e))
def get_profile(mail, columns=None, conn=None):
if not iredutils.is_email(mail):
return (False, 'INVALID_MAIL')
if isinstance(columns, (list, tuple, set)):
columns = ','.join(columns)
else:
columns = '*'
if not conn:
_wrap = SQLWrap()
conn = _wrap.conn
try:
qr = conn.select('admin',
vars={'username': mail},
what=columns,
where='username=$username',
limit=1)
if qr:
return (True, list(qr)[0])
else:
return (False, 'NO_SUCH_ACCOUNT')
except Exception as e:
log_traceback()
return (False, repr(e))
def delete_admins(mails, revoke_admin_privilege_from_user=True, conn=None):
mails = [str(v) for v in mails if iredutils.is_email(v)]
if not mails:
return (True, )
sql_vars = {'mails': mails}
try:
if not conn:
_wrap = SQLWrap()
conn = _wrap.conn
# Standalone mail admins
conn.delete('admin', vars=sql_vars, where='username IN $mails')
conn.delete('domain_admins', vars=sql_vars, where='username IN $mails')
# Unmark globa/domain admin which is mail user
if revoke_admin_privilege_from_user:
conn.update(
'mailbox',
vars=sql_vars,
where='username IN $mails AND (isadmin=1 OR isglobaladmin=1)',
isadmin=0,
isglobaladmin=0)
log_activity(event='delete',
msg="Delete admin(s): %s." % ', '.join(mails))
return (True, )
except Exception as e:
log_traceback()
return (False, repr(e))
def set_account_status(conn,
accounts,
account_type,
enable_account=False):
"""Set account status.
accounts -- an iterable object (list/tuple) filled with accounts.
account_type -- possible value: domain, admin, user, alias
enable_account -- possible value: True, False
"""
if account_type in ['admin', 'user']:
# email
accounts = [str(v).lower() for v in accounts if iredutils.is_email(v)]
else:
# domain name
accounts = [str(v).lower() for v in accounts if iredutils.is_domain(v)]
if not accounts:
return (True, )
# 0: disable, 1: enable
account_status = 0
action = 'disable'
if enable_account:
account_status = 1
action = 'active'
if account_type == 'domain':
# handle with function which handles admin privilege
qr = sql_lib_domain.enable_disable_domains(domains=accounts,
action=action)
return qr
elif account_type == 'admin':
# [(<table>, <column-used-for-query>), ...]
table_column_maps = [("admin", "username")]
elif account_type == 'alias':
table_column_maps = [
("alias", "address"),
("forwardings", "address"),
]
else:
# account_type == 'user'
table_column_maps = [
("mailbox", "username"),
("forwardings", "address"),
]
for (_table, _column) in table_column_maps:
sql_where = '{} IN {}'.format(_column, web.sqlquote(accounts))
try:
conn.update(_table,
where=sql_where,
active=account_status)
except Exception as e:
return (False, repr(e))
log_activity(event=action,
msg="{} {}: {}.".format(action.title(), account_type, ', '.join(accounts)))
return (True, )
def is_domain_admin(domain, admin=None, conn=None) -> bool:
if (not iredutils.is_domain(domain)) or (not iredutils.is_email(admin)):
return False
if not admin:
admin = session.get('username')
if admin == session.get('username') and session.get('is_global_admin'):
return True
try:
if not conn:
_wrap = SQLWrap()
conn = _wrap.conn
qr = conn.select(
'domain_admins',
vars={
'domain': domain,
'username': admin
},
what='username',
where='domain=$domain AND username=$username AND active=1',
limit=1,
)
if qr:
return True
else:
return False
except:
return False
def is_email_exists(mail, conn=None) -> bool:
# Return True if account is invalid or exist.
if not iredutils.is_email(mail):
return True
mail = iredutils.strip_mail_ext_address(mail)
if not conn:
_wrap = SQLWrap()
conn = _wrap.conn
try:
# `forwardings` table has email addr of mail user account and alias account.
qr = conn.select('forwardings',
vars={'mail': mail},
what='address',
where='address=$mail',
limit=1)
if qr:
return True
# Check `alias` for alias account which doesn't have any member.
qr = conn.select('alias',
vars={'mail': mail},
what='address',
where='address=$mail',
limit=1)
if qr:
return True
return False
except Exception:
return True
def delete(self, domain, mails=[]):
domain = str(domain)
if not iredutils.is_domain(domain):
return (False, 'INVALID_DOMAIN_NAME')
if not isinstance(mails, list):
return (False, 'INVALID_MAIL')
mails = [str(v).lower() for v in mails if iredutils.is_email(v) and str(v).endswith('@' + domain)]
if not mails:
return (False, 'INVALID_MAIL')
# Delete user and related records.
try:
qr = self.deleteAccounts(accounts=mails, accountType='user')
if qr[0] is True:
web.logger(
msg="Delete user: %s." % ', '.join(mails),
domain=domain,
event='delete',
)
else:
return qr
return (True,)
except Exception, e:
return (False, str(e))
def delete(self, mails=[]):
if not isinstance(mails, list):
return (False, 'INVALID_MAIL')
self.mails = [str(v).lower() for v in mails if iredutils.is_email(v)]
sql_vars = {
'username': self.mails,
}
# Delete domain and related records.
try:
self.conn.delete(
'admin',
vars=sql_vars,
where='username IN $username',
)
self.conn.delete(
'domain_admins',
vars=sql_vars,
where='username IN $username',
)
web.logger(
msg="Delete admin: %s." % ', '.join(self.mails),
event='delete',
)
return (True, )
except Exception as e:
return (False, str(e))
def profile(self, mail):
self.mail = web.safestr(mail)
self.domainGlobalAdmin = False
if not iredutils.is_email(self.mail):
return (False, 'INVALID_MAIL')
try:
result = self.conn.select(
'admin',
vars={
'username': self.mail,
},
where='username=$username',
limit=1,
)
if len(result) == 1:
if self.is_global_admin(admin=self.mail):
self.domainGlobalAdmin = True
return (True, self.domainGlobalAdmin, list(result)[0])
else:
return (False, 'INVALID_MAIL')
except Exception as e:
return (False, str(e))
def isAdminExists(self, mail):
# Return True if account is invalid or exist.
mail = str(mail)
if not iredutils.is_email(mail):
return True
try:
result = self.conn.select(
'admin',
vars={
'username': mail,
},
what='username',
where='username=$username',
limit=1,
)
if len(result) > 0:
# Exists.
return True
else:
return False
except:
# Return True as exist to not allow to create new domain/account.
return True
def is_email_exists(self, mail):
# Return True if account is invalid or exist.
mail = web.safestr(mail)
if not iredutils.is_email(mail):
return True
sql_vars = {
'email': mail,
}
try:
result = self.conn.select('forwardings',
vars=sql_vars,
what='address',
where='address=$email',
limit=1)
if result:
return True
else:
return False
except Exception:
return True
def is_email_exists(self, mail):
# Return True if account is invalid or exist.
mail = web.safestr(mail)
if not iredutils.is_email(mail):
return True
sql_vars = {
'email': mail,
}
try:
resultOfMailbox = self.conn.select(
'mailbox',
vars=sql_vars,
what='username',
where='username=$email',
limit=1,
)
resultOfAlias = self.conn.select(
'alias',
vars=sql_vars,
what='address',
where='address=$email',
limit=1,
)
if resultOfMailbox or resultOfAlias:
return True
else:
return False
except Exception:
return True
def GET(self, profile_type, mail):
i = web.input()
self.mail = str(mail).lower()
self.cur_domain = self.mail.split('@', 1)[-1]
self.profile_type = str(profile_type)
if self.mail.startswith('@') and iredutils.is_domain(self.cur_domain):
# Catchall account.
raise web.seeother('/profile/domain/catchall/%s' % self.cur_domain)
if not iredutils.is_email(self.mail):
raise web.seeother('/domains?msg=INVALID_USER')
if not iredutils.is_domain(self.cur_domain):
raise web.seeother('/domains?msg=INVALID_DOMAIN_NAME')
userLib = userlib.User()
qr = userLib.profile(domain=self.cur_domain, mail=self.mail)
if qr[0] is True:
self.profile = qr[1]
else:
raise web.seeother('/users/%s?msg=%s' % (self.cur_domain, web.urlquote(qr[1])))
return web.render(
'pgsql/user/profile.html',
cur_domain=self.cur_domain,
mail=self.mail,
profile_type=self.profile_type,
profile=self.profile,
languagemaps=get_language_maps(),
msg=i.get('msg'),
)
def get_multi_values(form,
input_name,
default_value=None,
input_is_textarea=False,
is_domain=False,
is_email=False,
to_lowercase=False,
to_uppercase=False):
v = form.get(input_name)
if v:
if input_is_textarea:
v = v.splitlines()
else:
v = default_value
# Remove duplicate items.
v = list(set(v))
if is_domain:
v = [str(i).lower() for i in v if iredutils.is_domain(i)]
if is_email:
v = [str(i).lower() for i in v if iredutils.is_email(i)]
if to_lowercase:
if not (is_domain or is_email):
v = [i.lower() for i in v]
if to_uppercase:
if not (is_domain or is_email):
v = [i.upper() for i in v]
return v
def POST(self, domain):
i = web.input(_unicode=False, mail=[])
self.domain = str(domain)
if not iredutils.is_domain(self.domain):
raise web.seeother('/domains?msg=INVALID_DOMAIN_NAME')
self.mails = [str(v)
for v in i.get('mail', [])
if iredutils.is_email(v)
and str(v).endswith('@' + self.domain)
]
action = i.get('action', '')
msg = i.get('msg', None)
userLib = userlib.User()
if action == 'delete':
result = userLib.delete(domain=self.domain, mails=self.mails,)
msg = 'DELETED'
elif action == 'disable':
result = userLib.enableOrDisableAccount(domain=self.domain, accounts=self.mails, active=False)
msg = 'DISABLED'
elif action == 'enable':
result = userLib.enableOrDisableAccount(domain=self.domain, accounts=self.mails, active=True)
msg = 'ENABLED'
else:
result = (False, 'INVALID_ACTION')
if result[0] is True:
raise web.seeother('/users/%s?msg=%s' % (self.domain, msg,))
else:
raise web.seeother('/users/%s?msg=%s' % (self.domain, web.urlquote(result[1]),))
def getManagedDomains(self, mail, attrs=attrs.ADMIN_ATTRS_ALL, listedOnly=False):
self.mail = web.safestr(mail)
if not iredutils.is_email(self.mail):
return (False, 'INCORRECT_USERNAME')
# Pre-defined filter.
filter = '(&(objectClass=mailDomain)(domainAdmin=%s))' % self.mail
if session.get('domainGlobalAdmin') is True and listedOnly is False:
filter = '(objectClass=mailDomain)'
try:
self.managedDomains = self.conn.search_s(
self.basedn,
ldap.SCOPE_ONELEVEL,
filter,
attrs,
)
if listedOnly:
domains = []
for qr in self.managedDomains:
domains += qr[1]['domainName']
self.managedDomains = domains
return (True, self.managedDomains)
except Exception as e:
return (False, ldaputils.getExceptionDesc(e))
def enableOrDisableAccount(self, mails, action, attr='accountStatus',):
if mails is None or len(mails) == 0:
return (False, 'NO_ACCOUNT_SELECTED')
result = {}
connutils = connUtils.Utils()
for mail in mails:
self.mail = web.safestr(mail).strip().lower()
if not iredutils.is_email(self.mail):
continue
self.domain = self.mail.split('@')[-1]
self.dn = ldaputils.convert_keyword_to_dn(self.mail, accountType='admin')
if self.dn[0] is False:
return self.dn
try:
connutils.enableOrDisableAccount(
domain=self.domain,
account=self.mail,
dn=self.dn,
action=web.safestr(action).strip().lower(),
accountTypeInLogger='admin',
)
except ldap.LDAPError as e:
result[self.mail] = str(e)
if result == {}:
return (True,)
else:
return (False, ldaputils.getExceptionDesc(result))
def enable_disable_mail_accounts(mails, account_type, action, conn=None):
"""Enable (action='enable') or disable (action='disable') given mail users.
:param mails: a list/tuple/set of user mail addresses
:param account_type: user, maillist, alias.
:param action: enable, disable.
:param conn: ldap connection cursor
"""
mails = [str(v).lower() for v in mails if iredutils.is_email(v)]
action = action.lower()
if action not in ['enable', 'disable']:
return (False, 'INVALID_ACTION')
if not conn:
_wrap = LDAPWrap()
conn = _wrap.conn
mapping = {'user': ldaputils.rdn_value_to_user_dn}
for mail in mails:
_func = mapping[account_type]
dn = _func(mail)
qr = enable_disable_account_by_dn(dn=dn,
action=action,
conn=conn)
if not qr[0]:
return qr
return (True, )
def getDnWithKeyword(self, value, accountType='user'):
self.keyword = web.safestr(value)
if accountType == 'user':
if attrs.RDN_USER == 'mail':
if not iredutils.is_email(self.keyword):
return False
return ldaputils.convert_keyword_to_dn(self.keyword, accountType='user')
else:
self.domain = self.keyword.split('@', 1)[-1]
self.dnOfDomain = ldaputils.convert_keyword_to_dn(self.domain, accountType='domain',)
try:
result = self.conn.search_s(
attrs.DN_BETWEEN_USER_AND_DOMAIN + self.dnOfDomain,
ldap.SCOPE_SUBTREE,
'(&(objectClass=mailUser)(mail=%s))' % (self.keyword),
)
if len(result) == 1:
self.dn = result[0][0]
return self.dn
else:
return False
except:
return False
else:
# Unsupported accountType.
return False
def getNumberOfManagedAccounts(self, admin=None, accountType='domain', domains=[],):
if admin is None:
admin = session.get('username')
else:
admin = str(admin)
if not iredutils.is_email(admin):
return 0
domains = []
if len(domains) > 0:
domains = [str(d).lower() for d in domains if iredutils.is_domain(d)]
else:
connutils = connUtils.Utils()
qr = connutils.getManagedDomains(mail=admin, attrs=['domainName'], listedOnly=True)
if qr[0] is True:
domains = qr[1]
if accountType == 'domain':
try:
return len(domains)
except Exception:
pass
return 0
def getManagedDomains(
self,
admin,
domainNameOnly=False,
listedOnly=False,
):
admin = web.safestr(admin)
if not iredutils.is_email(admin):
return (False, 'INCORRECT_USERNAME')
try:
result = self.conn.select('domain')
if domainNameOnly is True:
domains = []
for i in result:
if iredutils.is_domain(i.domain):
domains += [str(i.domain).lower()]
return (True, domains)
else:
return (True, list(result))
except Exception as e:
return (False, str(e))
def getNumberOfManagedAccounts(self, admin=None, accountType='domain', domains=[],):
if admin is None:
admin = session.get('username')
else:
admin = str(admin)
if not iredutils.is_email(admin):
return 0
domains = []
if len(domains) > 0:
domains = [str(d).lower() for d in domains if iredutils.is_domain(d)]
else:
connutils = connUtils.Utils()
qr = connutils.getManagedDomains(mail=admin, attrs=['domainName'], listedOnly=True)
if qr[0] is True:
domains = qr[1]
if accountType == 'domain':
try:
return len(domains)
except Exception:
pass
return 0
def enableOrDisableAccount(self, mails, action, attr='accountStatus',):
if mails is None or len(mails) == 0:
return (False, 'NO_ACCOUNT_SELECTED')
result = {}
connutils = connUtils.Utils()
for mail in mails:
self.mail = web.safestr(mail).strip().lower()
if not iredutils.is_email(self.mail):
continue
self.domain = self.mail.split('@')[-1]
self.dn = ldaputils.convert_keyword_to_dn(self.mail, accountType='admin')
if self.dn[0] is False:
return self.dn
try:
connutils.enableOrDisableAccount(
domain=self.domain,
account=self.mail,
dn=self.dn,
action=web.safestr(action).strip().lower(),
accountTypeInLogger='admin',
)
except ldap.LDAPError, e:
result[self.mail] = str(e)
def delete(mails, revoke_admin_privilege_from_user=True, conn=None):
"""
Delete standalone domain admin accounts, or revoke admin privilege from
mail user which is domain admin.
:param mails: list of domain admin email addresses
:param revoke_admin_privilege_from_user: if @mails contains mail user which
has domain admin privilege, we should revoke the privilege.
:param conn: ldap connection cursor
"""
mails = [str(i).lower() for i in mails if iredutils.is_email(i)]
if not mails:
return (True, )
if not conn:
_wrap = LDAPWrap()
conn = _wrap.conn
result = {}
for mail in mails:
# Get dn of admin account under o=domainAdmins
dn = ldaputils.rdn_value_to_admin_dn(mail)
try:
conn.delete_s(dn)
log_activity(msg="Delete admin: %s." % (mail), event='delete')
except ldap.NO_SUCH_OBJECT:
if revoke_admin_privilege_from_user:
# This is a mail user admin
dn = ldaputils.rdn_value_to_user_dn(mail)
try:
# Delete enabledService=domainadmin
ldap_lib_general.remove_attr_values(dn=dn,
attr='enabledService',
values=['domainadmin'],
conn=conn)
# Delete domainGlobalAdmin=yes
ldap_lib_general.remove_attr_values(
dn=dn,
attr='domainGlobalAdmin',
values=['yes'],
conn=conn)
log_activity(msg="Revoke domain admin privilege: %s." %
(mail),
event='delete')
except Exception as e:
result[mail] = str(e)
except ldap.LDAPError as e:
result[mail] = str(e)
if result == {}:
return (True, )
else:
return (False, repr(result))
def deleteSingleUserFromGroups(self, mail):
self.mail = web.safestr(mail)
if not iredutils.is_email(self.mail):
return (False, 'INVALID_MAIL')
# Get domain name of this account.
self.domain = self.mail.split('@')[-1]
# Get dn of mail user and domain.
self.dnUser = ldaputils.convert_keyword_to_dn(self.mail,
accountType='user')
self.dnDomain = ldaputils.convert_keyword_to_dn(self.domain,
accountType='domain')
if self.dnUser[0] is False:
return self.dnUser
if self.dnDomain[0] is False:
return self.dnDomain
try:
# Get accounts which contains destination email.
objsHasUser = self.conn.search_s(
self.dnDomain,
ldap.SCOPE_SUBTREE,
self.getFilterOfDeleteUserFromGroups(self.mail),
['dn'],
)
if len(objsHasUser) >= 1:
connutils = connUtils.Utils()
for obj in objsHasUser:
if obj[0].endswith(attrs.DN_BETWEEN_ALIAS_AND_DOMAIN + self.dnDomain) or \
obj[0].endswith(attrs.DN_BETWEEN_USER_AND_DOMAIN + self.dnDomain):
# Remove address from alias and user.
connutils.addOrDelAttrValue(
dn=obj[0],
attr='mailForwardingAddress',
value=self.mail,
action='delete',
)
elif obj[0].endswith('ou=Externals,' + self.domaindn):
# Remove address from external member list.
connutils.addOrDelAttrValue(
dn=obj[0],
attr='mail',
value=self.mail,
action='delete',
)
else:
pass
else:
pass
return (True, )
except Exception, e:
return (False, ldaputils.getExceptionDesc(e))
def filter_existing_emails(mails, base_dn=None, conn=None):
"""
Remove non-existing addresses from given list of mail addresses, return a
list of existing ones.
:param mails: list of email addresses
:param base_dn: if not present, search from `settings.ldap_basedn`
:param conn: ldap connection cursor
"""
mails = [str(v).lower()
for v in mails
if iredutils.is_email(v)]
mails = list(set(mails))
result = {'exist': [], 'nonexist': []}
if not mails:
return result
if not conn:
_wrap = LDAPWrap()
conn = _wrap.conn
_filter = '(&'
_filter += '(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias))'
_filter += '(|'
for addr in mails:
_filter += '(mail={})(shadowAddress={})'.format(addr, addr)
_filter += '))'
if not base_dn:
base_dn = settings.ldap_basedn
try:
qr = conn.search_s(base_dn,
ldap.SCOPE_SUBTREE,
_filter,
['mail', 'shadowAddress'])
if not qr:
# None of them exists.
result['nonexist'] = mails
else:
for (_dn, _ldif) in qr:
_ldif = iredutils.bytes2str(_ldif)
result['exist'] += _ldif.get('mail', []) + _ldif.get('shadowAddress', [])
result['nonexist'] = [v for v in mails if v not in result['exist']]
# Remove duplicates and sort.
result['exist'] = list(set(result['exist']))
result['nonexist'] = list(set(result['nonexist']))
except:
log_traceback()
return result
def add(self, data):
self.cn = data.get('cn', '')
self.mail = web.safestr(data.get('mail')).strip().lower()
if not iredutils.is_email(self.mail):
return (False, 'INVALID_MAIL')
# Check admin exist.
connutils = connUtils.Utils()
if connutils.isAdminExists(self.mail):
return (False, 'ALREADY_EXISTS')
# Get domainGlobalAdmin setting.
self.domainGlobalAdmin = web.safestr(data.get('domainGlobalAdmin', 'no'))
if self.domainGlobalAdmin not in ['yes', 'no', ]:
self.domainGlobalAdmin = 'no'
# Get language setting.
self.preferredLanguage = web.safestr(data.get('preferredLanguage', 'en_US'))
# Get new password.
self.newpw = web.safestr(data.get('newpw'))
self.confirmpw = web.safestr(data.get('confirmpw'))
result = iredutils.verify_new_password(self.newpw, self.confirmpw)
if result[0] is True:
self.passwd = result[1]
else:
return result
try:
self.conn.insert(
'admin',
username=self.mail,
name=self.cn,
password=iredutils.generate_password_hash(self.passwd),
language=self.preferredLanguage,
created=iredutils.get_gmttime(),
active='1',
)
if self.domainGlobalAdmin == 'yes':
self.conn.insert(
'domain_admins',
username=self.mail,
domain='ALL',
created=iredutils.get_gmttime(),
active='1',
)
web.logger(msg="Create admin: %s." % (self.mail), event='create',)
return (True,)
except Exception, e:
return (False, str(e))
def proxyfunc(*args, **kw):
# Check domain global admin.
if session.get('domainGlobalAdmin') is True:
return func(*args, **kw)
else:
if 'domain' in kw.keys() and iredutils.is_domain(kw.get('domain')):
domain = web.safestr(kw['domain'])
elif 'mail' in kw.keys() and iredutils.is_email(kw.get('mail')):
domain = web.safestr(kw['mail']).split('@')[-1]
elif 'admin' in kw.keys() and iredutils.is_email(kw.get('admin')):
domain = web.safestr(kw['admin']).split('@')[-1]
else:
return (False, 'PERMISSION_DENIED')
# Check whether is domain admin.
validator = core.MySQLWrap()
if validator.is_domainAdmin(domain=domain, admin=session.get('username'),):
return func(*args, **kw)
else:
return (False, 'PERMISSION_DENIED')
def ldif_mailExternalUser(mail,):
mail = web.safestr(mail).lower()
if not iredutils.is_email(mail):
return None
listname, domain = mail.split('@')
ldif = [
('objectClass', ['mailExternalUser']),
('accountStatus', ['active']),
('memberOfGroup', [mail]),
('enabledService', ['mail', 'deliver']),
]
return ldif
def listLogs(self, event='all', domain='all', admin='all', cur_page=1):
self.event = web.safestr(event)
self.domain = web.safestr(domain)
self.admin = web.safestr(admin)
self.cur_page = int(cur_page)
# Generate a dictionary, converted to an SQL WHERE clause.
queryDict = {}
if self.event in LOG_EVENTS and self.event != 'all':
queryDict['event'] = self.event
if iredutils.is_domain(self.domain):
queryDict['domain'] = self.domain
if session.get('domainGlobalAdmin') is not True:
queryDict['admin'] = session.get('username')
else:
if iredutils.is_email(self.admin):
queryDict['admin'] = self.admin
# Get number of total records.
if len(queryDict) == 0:
qr = db.select('log', what='COUNT(timestamp) AS total',)
else:
qr = db.select('log', what='COUNT(timestamp) AS total', where=web.db.sqlwhere(queryDict),)
self.total = qr[0].total or 0
# Get records.
if len(queryDict) == 0:
# No addition filter.
self.entries = db.select(
'log',
offset=(self.cur_page - 1) * settings.PAGE_SIZE_LIMIT,
limit=settings.PAGE_SIZE_LIMIT,
order='timestamp DESC',
)
else:
# With filter.
self.entries = db.select('log',
where=web.db.sqlwhere(queryDict),
offset=(self.cur_page - 1) * settings.PAGE_SIZE_LIMIT,
limit=settings.PAGE_SIZE_LIMIT,
order='timestamp DESC',
)
return (self.total, list(self.entries))
def deleteSingleUserFromGroups(self, mail):
self.mail = web.safestr(mail)
if not iredutils.is_email(self.mail):
return (False, "INVALID_MAIL")
# Get domain name of this account.
self.domain = self.mail.split("@")[-1]
# Get dn of mail user and domain.
self.dnUser = ldaputils.convert_keyword_to_dn(self.mail, accountType="user")
self.dnDomain = ldaputils.convert_keyword_to_dn(self.domain, accountType="domain")
if self.dnUser[0] is False:
return self.dnUser
if self.dnDomain[0] is False:
return self.dnDomain
try:
# Get accounts which contains destination email.
objsHasUser = self.conn.search_s(
self.dnDomain, ldap.SCOPE_SUBTREE, self.getFilterOfDeleteUserFromGroups(self.mail), ["dn"]
)
if len(objsHasUser) >= 1:
connutils = connUtils.Utils()
for obj in objsHasUser:
if obj[0].endswith(attrs.DN_BETWEEN_ALIAS_AND_DOMAIN + self.dnDomain) or obj[0].endswith(
attrs.DN_BETWEEN_USER_AND_DOMAIN + self.dnDomain
):
# Remove address from alias and user.
connutils.addOrDelAttrValue(
dn=obj[0], attr="mailForwardingAddress", value=self.mail, action="delete"
)
elif obj[0].endswith("ou=Externals," + self.domaindn):
# Remove address from external member list.
connutils.addOrDelAttrValue(dn=obj[0], attr="mail", value=self.mail, action="delete")
else:
pass
else:
pass
return (True,)
except Exception, e:
return (False, ldaputils.getExceptionDesc(e))
def POST(self):
# Get username, password.
i = web.input(_unicode=False)
username = web.safestr(i.get('username', '').strip()).lower()
password = i.get('password', '').strip()
save_pass = web.safestr(i.get('save_pass', 'no').strip())
if not iredutils.is_email(username):
raise web.seeother('/login?msg=INVALID_USERNAME')
if not password:
raise web.seeother('/login?msg=EMPTY_PASSWORD')
# Get LDAP URI.
uri = settings.ldap_uri
# Verify bind_dn & bind_pw.
try:
# Detect STARTTLS support.
if uri.startswith('ldaps://'):
starttls = True
else:
starttls = False
# Set necessary option for STARTTLS.
if starttls:
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
# Initialize connection.
conn = ldap.initialize(uri)
# Set LDAP protocol version: LDAP v3.
conn.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3)
if starttls:
conn.set_option(ldap.OPT_X_TLS, ldap.OPT_X_TLS_DEMAND)
# synchronous bind.
conn.bind_s(settings.ldap_bind_dn, settings.ldap_bind_password)
conn.unbind_s()
except (ldap.INVALID_CREDENTIALS):
raise web.seeother('/login?msg=vmailadmin_INVALID_CREDENTIALS')
except Exception, e:
raise web.seeother('/login?msg=%s' % web.safestr(e))
def add(self, data):
self.cn = data.get("cn")
self.mail = web.safestr(data.get("mail")).strip().lower()
if not iredutils.is_email(self.mail):
return (False, "INVALID_MAIL")
self.domainGlobalAdmin = web.safestr(data.get("domainGlobalAdmin", "no"))
if self.domainGlobalAdmin not in ["yes", "no"]:
self.domainGlobalAdmin = "no"
self.preferredLanguage = web.safestr(data.get("preferredLanguage", "en_US"))
# Check password.
self.newpw = web.safestr(data.get("newpw"))
self.confirmpw = web.safestr(data.get("confirmpw"))
result = iredutils.verify_new_password(self.newpw, self.confirmpw)
if result[0] is True:
self.passwd = iredutils.generate_password_hash(result[1])
else:
return result
ldif = iredldif.ldif_mailadmin(
mail=self.mail,
passwd=self.passwd,
cn=self.cn,
preferredLanguage=self.preferredLanguage,
domainGlobalAdmin=self.domainGlobalAdmin,
)
self.dn = ldaputils.convert_keyword_to_dn(self.mail, accountType="admin")
if self.dn[0] is False:
return self.dn
try:
self.conn.add_s(self.dn, ldif)
web.logger(msg="Create admin: %s." % (self.mail), event="create")
return (True,)
except ldap.ALREADY_EXISTS:
return (False, "ALREADY_EXISTS")
except Exception, e:
return (False, ldaputils.getExceptionDesc(e))
def add(self, data):
self.cn = data.get('cn')
self.mail = web.safestr(data.get('mail')).strip().lower()
if not iredutils.is_email(self.mail):
return (False, 'INVALID_MAIL')
self.domainGlobalAdmin = web.safestr(data.get('domainGlobalAdmin', 'no'))
if self.domainGlobalAdmin not in ['yes', 'no', ]:
self.domainGlobalAdmin = 'no'
self.preferredLanguage = web.safestr(data.get('preferredLanguage', 'en_US'))
# Check password.
self.newpw = web.safestr(data.get('newpw'))
self.confirmpw = web.safestr(data.get('confirmpw'))
result = iredutils.verify_new_password(self.newpw, self.confirmpw)
if result[0] is True:
self.passwd = ldaputils.generate_ldap_password(result[1])
else:
return result
ldif = iredldif.ldif_mailadmin(
mail=self.mail,
passwd=self.passwd,
cn=self.cn,
preferredLanguage=self.preferredLanguage,
domainGlobalAdmin=self.domainGlobalAdmin,
)
self.dn = ldaputils.convert_keyword_to_dn(self.mail, accountType='admin')
if self.dn[0] is False:
return self.dn
try:
self.conn.add_s(self.dn, ldif)
web.logger(msg="Create admin: %s." % (self.mail), event='create',)
return (True,)
except ldap.ALREADY_EXISTS:
return (False, 'ALREADY_EXISTS')
except Exception, e:
return (False, ldaputils.getExceptionDesc(e))
def GET(self, profile_type, mail):
i = web.input()
self.mail = web.safestr(mail)
self.profile_type = web.safestr(profile_type)
if not iredutils.is_email(self.mail):
raise web.seeother('/admins?msg=INVALID_MAIL')
if session.get('domainGlobalAdmin') is not True and session.get('username') != self.mail:
# Don't allow to view/update other admins' profile.
raise web.seeother('/profile/admin/general/%s?msg=PERMISSION_DENIED' % session.get('username'))
adminLib = adminlib.Admin()
result = adminLib.profile(mail=self.mail)
if result[0] is True:
domainGlobalAdmin, profile = result[1], result[2]
# Get all domains.
self.allDomains = []
domainLib = domainlib.Domain()
resultOfAllDomains = domainLib.getAllDomains()
if resultOfAllDomains[0] is True:
self.allDomains = resultOfAllDomains[1]
# Get managed domains.
self.managedDomains = []
return web.render(
'pgsql/admin/profile.html',
mail=self.mail,
profile_type=self.profile_type,
domainGlobalAdmin=domainGlobalAdmin,
profile=profile,
languagemaps=languages.get_language_maps(),
allDomains=self.allDomains,
min_passwd_length=settings.min_passwd_length,
max_passwd_length=settings.max_passwd_length,
msg=i.get('msg'),
)
else:
raise web.seeother('/admins?msg=' + web.urlquote(result[1]))
def GET(self, profile_type, mail):
i = web.input(enabledService=[], telephoneNumber=[], )
self.mail = web.safestr(mail)
self.cur_domain = self.mail.split('@', 1)[-1]
self.profile_type = web.safestr(profile_type)
if self.mail.startswith('@') and iredutils.is_domain(self.cur_domain):
# Catchall account.
raise web.seeother('/profile/domain/catchall/%s' % self.cur_domain)
if not iredutils.is_email(self.mail):
raise web.seeother('/domains?msg=INVALID_USER')
domainAccountSetting = {}
userLib = user.User()
result = userLib.profile(domain=self.cur_domain, mail=self.mail)
if result[0] is False:
raise web.seeother('/users/%s?msg=%s' % (self.cur_domain, web.urlquote(result[1])))
if self.profile_type == 'password':
# Get accountSetting of current domain.
domainLib = domainlib.Domain()
result_setting = domainLib.getDomainAccountSetting(domain=self.cur_domain)
if result_setting[0] is True:
domainAccountSetting = result_setting[1]
minPasswordLength = domainAccountSetting.get('minPasswordLength', '0')
maxPasswordLength = domainAccountSetting.get('maxPasswordLength', '0')
return web.render(
'ldap/user/profile.html',
profile_type=self.profile_type,
mail=self.mail,
user_profile=result[1],
defaultStorageBaseDirectory=settings.storage_base_directory,
minPasswordLength=minPasswordLength,
maxPasswordLength=maxPasswordLength,
domainAccountSetting=domainAccountSetting,
languagemaps=get_language_maps(),
msg=i.get('msg', None),
)
def getManagedDomains(self, mail, attrs=attrs.ADMIN_ATTRS_ALL, listedOnly=False):
self.mail = web.safestr(mail)
if not iredutils.is_email(self.mail):
return (False, "INCORRECT_USERNAME")
# Pre-defined filter.
filter = "(&(objectClass=mailDomain)(domainAdmin=%s))" % self.mail
if session.get("domainGlobalAdmin") is True and listedOnly is False:
filter = "(objectClass=mailDomain)"
try:
self.managedDomains = self.conn.search_s(self.basedn, ldap.SCOPE_ONELEVEL, filter, attrs)
if listedOnly:
domains = []
for qr in self.managedDomains:
domains += qr[1]["domainName"]
self.managedDomains = domains
return (True, self.managedDomains)
except Exception, e:
return (False, ldaputils.getExceptionDesc(e))
def getFilterOfDeleteUserFromGroups(self, mail):
# Get valid emails as list.
if isinstance(mail, list):
self.mails = [web.safestr(v).lower() for v in mail if iredutils.is_email(str(v))]
else:
# Single email.
self.mails = [web.safestr(mail).lower()]
filterUserAndAlias = "(&(|(objectClass=mailAlias)(objectClass=mailUser))(|"
filterExternalUser = "******"
for mail in self.mails:
filterUserAndAlias += "(mailForwardingAddress=%s)" % mail
filterExternalUser += "(mail=%s)" % mail
# Close filter string.
filterUserAndAlias += "))"
filterExternalUser += "))"
filter = "(|" + filterUserAndAlias + filterExternalUser + ")"
return filter
def is_domainAdmin(self, domain, admin=session.get('username'),):
if not iredutils.is_domain(domain) or not iredutils.is_email(admin):
return False
if admin == session.get('username') \
and session.get('domainGlobalAdmin') is True:
return True
try:
result = self.conn.select(
'domain_admins',
vars={'domain': domain, 'username': admin, },
what='username',
where='domain=$domain AND username=$username AND active=1',
limit=1,
)
if len(result) == 1:
return True
else:
return False
except Exception:
return False
def delete(self, domain, mails=[]):
if mails is None or len(mails) == 0:
return (False, "NO_ACCOUNT_SELECTED")
self.domain = web.safestr(domain)
self.mails = [str(v) for v in mails if iredutils.is_email(v) and str(v).endswith("@" + self.domain)]
if not len(self.mails) > 0:
return (False, "INVALID_MAIL")
self.domaindn = ldaputils.convert_keyword_to_dn(self.domain, accountType="domain")
if self.domaindn[0] is False:
return self.domaindn
if not iredutils.is_domain(self.domain):
return (False, "INVALID_DOMAIN_NAME")
result = {}
for mail in self.mails:
self.mail = web.safestr(mail)
try:
# Delete user object (ldap.SCOPE_BASE).
self.deleteSingleUser(self.mail)
# Delete user object and whole sub-tree.
# Get dn of mail user and domain.
"""
self.userdn = ldaputils.convert_keyword_to_dn(self.mail, accountType='user')
deltree.DelTree(self.conn, self.userdn, ldap.SCOPE_SUBTREE)
# Log delete action.
web.logger(
msg="Delete user: %s." % (self.mail),
domain=self.mail.split('@')[1],
event='delete',
)
"""
except ldap.LDAPError, e:
result[self.mail] = ldaputils.getExceptionDesc(e)
def profile(self, mail):
self.mail = web.safestr(mail)
self.domainGlobalAdmin = False
if not iredutils.is_email(self.mail):
return (False, 'INVALID_MAIL')
try:
result = self.conn.select(
'admin',
vars={'username': self.mail, },
where='username=$username',
limit=1,
)
if len(result) == 1:
if self.is_global_admin(admin=self.mail):
self.domainGlobalAdmin = True
return (True, self.domainGlobalAdmin, list(result)[0])
else:
return (False, 'INVALID_MAIL')
except Exception, e:
return (False, str(e))
def isAdminExists(self, mail):
# Return True if account is invalid or exist.
mail = str(mail)
if not iredutils.is_email(mail):
return True
try:
result = self.conn.select(
'admin',
vars={'username': mail, },
what='username',
where='username=$username',
limit=1,
)
if len(result) > 0:
# Exists.
return True
else:
return False
except:
# Return True as exist to not allow to create new domain/account.
return True
def isAccountExists(self, domain, mail):
# Return True if account is invalid or exist.
self.domain = str(domain)
self.mail = str(mail)
if not iredutils.is_domain(self.domain):
return True
if not iredutils.is_email(self.mail):
return True
# Check whether mail address ends with domain name or alias domain name.
self.mail_domain = self.mail.split("@", 1)[-1]
qr_domain_and_aliases = self.getAvailableDomainNames(self.domain)
if qr_domain_and_aliases[0] is True:
if self.mail_domain not in qr_domain_and_aliases[1]:
# Mail address is invalid.
return True
# Filter used to search mail accounts.
ldap_filter = (
"(&(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias))(|(mail=%s)(shadowAddress=%s)))"
% (self.mail, self.mail)
)
try:
self.number = self.getNumberOfCurrentAccountsUnderDomain(domain=self.domain, filter=ldap_filter)
if self.number[0] is True and self.number[1] == 0:
# Account not exist.
return False
else:
return True
except Exception, e:
# Account 'EXISTS' (fake) if ldap lookup failed.
return True
def getDnWithKeyword(self, value, accountType="user"):
self.keyword = web.safestr(value)
if accountType == "user":
if attrs.RDN_USER == "mail":
if not iredutils.is_email(self.keyword):
return False
return ldaputils.convert_keyword_to_dn(self.keyword, accountType="user")
else:
self.domain = self.keyword.split("@", 1)[-1]
self.dnOfDomain = ldaputils.convert_keyword_to_dn(self.domain, accountType="domain")
try:
result = self.conn.search_s(
attrs.DN_BETWEEN_USER_AND_DOMAIN + self.dnOfDomain,
ldap.SCOPE_SUBTREE,
"(&(objectClass=mailUser)(mail=%s))" % (self.keyword),
)
if len(result) == 1:
self.dn = result[0][0]
return self.dn
else:
return False
except Exception, e:
return False
def delete(self, mails=[]):
if not isinstance(mails, list):
return (False, 'INVALID_MAIL')
self.mails = [str(v).lower() for v in mails if iredutils.is_email(v)]
sql_vars = {'username': self.mails, }
# Delete domain and related records.
try:
self.conn.delete(
'admin',
vars=sql_vars,
where='username IN $username',
)
self.conn.delete(
'domain_admins',
vars=sql_vars,
where='username IN $username',
)
web.logger(msg="Delete admin: %s." % ', '.join(self.mails), event='delete',)
return (True,)
except Exception, e:
return (False, str(e))
def add(self, domain, data):
# Get domain name, username, cn.
self.domain = web.safestr(data.get('domainName')).strip().lower()
mail_local_part = web.safestr(data.get('username')).strip().lower()
self.mail = mail_local_part + '@' + self.domain
if not iredutils.is_domain(self.domain):
return (False, 'INVALID_DOMAIN_NAME')
if self.domain != domain:
return (False, 'PERMISSION_DENIED')
if not iredutils.is_email(self.mail):
return (False, 'INVALID_MAIL')
# Check account existing.
connutils = connUtils.Utils()
if connutils.is_email_exists(mail=self.mail):
return (False, 'ALREADY_EXISTS')
# Get domain profile.
domainLib = domainlib.Domain()
resultOfDomainProfile = domainLib.profile(domain=self.domain)
if resultOfDomainProfile[0] is True:
domainProfile = resultOfDomainProfile[1]
else:
return resultOfDomainProfile
# Check account limit.
adminLib = adminlib.Admin()
numberOfExistAccounts = adminLib.getNumberOfManagedAccounts(accountType='user', domains=[self.domain])
if domainProfile.mailboxes == -1:
return (False, 'NOT_ALLOWED')
elif domainProfile.mailboxes > 0:
if domainProfile.mailboxes <= numberOfExistAccounts:
return (False, 'EXCEEDED_DOMAIN_ACCOUNT_LIMIT')
# Check spare quota and number of spare account limit.
# Get quota from <form>
mailQuota = str(data.get('mailQuota')).strip()
if mailQuota.isdigit():
mailQuota = int(mailQuota)
else:
mailQuota = 0
# Re-calculate mail quota if this domain has limited max quota.
if domainProfile.maxquota > 0:
# Get used quota.
qr = domainLib.getAllocatedQuotaSize(domain=self.domain)
if qr[0] is True:
allocatedQuota = qr[1]
else:
return qr
spareQuota = domainProfile.maxquota - allocatedQuota
if spareQuota > 0:
if spareQuota < mailQuota:
mailQuota = spareQuota
else:
# No enough quota.
return (False, 'EXCEEDED_DOMAIN_QUOTA_SIZE')
#
# Get password from <form>.
#
newpw = web.safestr(data.get('newpw', ''))
confirmpw = web.safestr(data.get('confirmpw', ''))
resultOfPW = iredutils.verify_new_password(
newpw,
confirmpw,
min_passwd_length=settings.min_passwd_length,
max_passwd_length=settings.max_passwd_length,
)
if resultOfPW[0] is True:
pwscheme = None
if 'storePasswordInPlainText' in data and settings.STORE_PASSWORD_IN_PLAIN_TEXT:
pwscheme = 'PLAIN'
passwd = iredutils.generate_password_for_sql_mail_account(resultOfPW[1], pwscheme=pwscheme)
else:
return resultOfPW
# Get display name from <form>
cn = data.get('cn', '')
# Get storage base directory.
tmpStorageBaseDirectory = settings.storage_base_directory.lower()
splitedSBD = tmpStorageBaseDirectory.rstrip('/').split('/')
storageNode = splitedSBD.pop()
storageBaseDirectory = '/'.join(splitedSBD)
try:
# Store new user in SQL db.
self.conn.insert(
'mailbox',
domain=self.domain,
username=self.mail,
password=passwd,
name=cn,
maildir=iredutils.generate_maildir_path(self.mail),
quota=mailQuota,
storagebasedirectory=storageBaseDirectory,
storagenode=storageNode,
created=iredutils.get_gmttime(),
active='1',
local_part=mail_local_part,
)
# Create an alias account: address=goto.
self.conn.insert(
'alias',
address=self.mail,
goto=self.mail,
domain=self.domain,
created=iredutils.get_gmttime(),
active='1',
)
web.logger(msg="Create user: %s." % (self.mail), domain=self.domain, event='create',)
return (True,)
except Exception, e:
return (False, str(e))
