forked from miracle2k/pysieved
-
Notifications
You must be signed in to change notification settings - Fork 1
/
pysieved.py
executable file
·266 lines (225 loc) · 9.79 KB
/
pysieved.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
#! /usr/bin/env python
## pysieved - Python managesieve server
## Copyright (C) 2007 Neale Pickett
## This program is free software; you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published by
## the Free Software Foundation; either version 2 of the License, or (at
## your option) any later version.
## This program is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
## You should have received a copy of the GNU General Public License
## along with this program; if not, write to the Free Software
## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
## USA
import optparse
import SocketServer
import socket
import os
import managesieve
import syslog
import sys
from config import Config
try:
from tlslite.api import *
have_tls = True
except:
have_tls = False
class Server(SocketServer.ForkingTCPServer):
allow_reuse_address = True
def main():
parser = optparse.OptionParser()
parser.add_option('-i', '--inetd',
help='Run once on stdin (inetd mode)',
action='store_true', dest='stdin', default=False)
parser.add_option('-l', '--port',
help='What port to run on (default 2000)',
action='store', dest='port', default=None, type='int')
parser.add_option('-b', '--bindaddr',
help='What IP address to bind to (default all)',
action='store', dest='bindaddr', default=None)
parser.add_option('-p', '--pidfile',
help='Where to write a PID file',
action='store', dest='pidfile', default=None)
parser.add_option('-c', '--config',
help='Location of config file',
action='store', dest='config',
default='/usr/local/etc/pysieved.ini')
parser.add_option('-v', '--verbosity',
help="Set logging verbosity level (default 1)",
action='store', dest='verbosity', default=1, type='int')
parser.add_option('-d', '--debug',
help='Log to stderr (implies --no-daemon)',
action='store_true', dest='debug', default=False)
parser.add_option('-B', '--base',
help='Mail base directory',
action='store', dest='base', default='')
parser.add_option('-t', '--tmpdir',
help='Temp directory',
action='store', dest='tmpdir', default='')
parser.add_option('-T', '--tls',
help='STARTTLS required before authentication',
action='store_true', dest='tls_required', default=False)
parser.add_option('-K', '--key',
help='TLS private key file',
action='store', dest='tls_key', default='')
parser.add_option('-C', '--cert',
help='TLS certificate file',
action='store', dest='tls_cert', default='')
parser.add_option('--no-daemon',
help='Do not daemonize (but stay in foreground)',
action='store_true', dest='nodaemon', default=False)
(options, args) = parser.parse_args()
# Read config file
config = Config(options.config)
port = options.port or config.getint('main', 'port', 2000)
addr = options.bindaddr or config.get('main', 'bindaddr', '')
pidfile = options.pidfile or config.get('main', 'pidfile',
'/var/run/pysieved.pid')
base = options.base or config.get('main', 'base', '')
tmpdir = options.tmpdir or config.get('main', 'tmpdir', '') or \
os.environ.get('TMPDIR', '/tmp')
tls_required = options.tls_required or config.getboolean('TLS', 'required', False)
tls_key = options.tls_key or config.get('TLS', 'key', '')
tls_cert = options.tls_cert or config.get('TLS', 'cert', '')
tls_passphrase = config.get('TLS', 'passphrase', '')
if options.debug:
options.nodaemon = True
# Define the log function
syslog.openlog('pysieved[%d]' % (os.getpid()), 0, syslog.LOG_MAIL)
def log(l, s):
if l <= options.verbosity:
if options.debug:
sys.stderr.write('%s %s\n' % ("=" * l, s))
else:
if l > 0:
lvl = syslog.LOG_NOTICE
elif l == 0:
lvl = syslog.LOG_WARNING
else:
lvl = syslog.LOG_ERR
syslog.syslog(lvl, s)
# Load TLS key and cert
tls_privateKey = None
tls_certChain = None
if tls_key or tls_cert:
# Expect to use TLS
if not have_tls:
log(1, "TLSLite is not available. STARTTLS will not be offered")
tls_required = False
elif not tls_key:
log(1, "Cannot enable TLS without a key. STARTTLS will not be offered")
tls_required = False
elif not tls_cert:
log(1, "Cannot enable TLS without a certificate. STARTTLS will not be offered")
tls_required = False
else:
try:
tls_read_cert = open(tls_cert).read()
tls_x509 = X509()
tls_x509.parse(tls_read_cert)
tls_certChain = X509CertChain([tls_x509])
tls_read_key = open(tls_key).read()
def passphrase():
return tls_passphrase
tls_privateKey = parsePEMKey(tls_read_key, private=True, passwordCallback=passphrase)
except:
log(1, "Failed to load TLS key or certificate. STARTTLS will not be offered.")
tls_certChain = None
tls_privateKey = None
tls_required = False
##
## Import plugins
##
auth = __import__('plugins.%s' % config.get('main', 'auth', 'SASL').lower(),
None, None, True)
userdb = __import__('plugins.%s' % config.get('main', 'userdb', 'passwd').lower(),
None, None, True)
storage = __import__('plugins.%s' % config.get('main', 'storage', 'Dovecot').lower(),
None, None, True)
consumer = __import__('plugins.%s' % config.get('main', 'consumer', 'Dovecot').lower(),
None, None, True)
# If the same plugin is used in two places, recycle it
authenticate = auth.PysievedPlugin(log, config)
if userdb == auth:
homedir = authenticate
else:
homedir = userdb.PysievedPlugin(log, config)
if storage == auth:
store = authenticate
elif storage == userdb:
store = homedir
else:
store = storage.PysievedPlugin(log, config)
if consumer == auth:
consume = authenticate
elif consumer == userdb:
consume = homedir
elif consumer == storage:
consume = store
else:
consume = consumer.PysievedPlugin(log, config)
class handler(managesieve.RequestHandler):
capabilities = consume.capabilities
def __init__(self, *args):
self.params = {}
managesieve.RequestHandler.__init__(self, *args)
def log(self, l, s):
log(l, s)
def list_mech(self):
mechs = authenticate.mechanisms()
self.log(5, "Announcing mechanisms : %r" % mechs)
return mechs
def do_sasl_first(self, mechanism, *args):
self.log(5, "Starting SASL authentication (%s) : %s" % (mechanism, ' '.join(args)))
ret = authenticate.do_sasl_first(mechanism, *args);
if ret['result'] == 'CONT':
self.log(5, "Need more SASL authentication : %r" % ret)
else:
self.log(5, "Finished SASL authentication : %r" % ret)
return ret
def do_sasl_next(self, b64_string):
self.log(5, "Continuing SASL authentication : %s" % b64_string)
ret = authenticate.do_sasl_next(b64_string);
if ret['result'] == 'CONT':
self.log(5, "Need more SASL authentication : %r" % ret)
else:
self.log(5, "Finished SASL authentication : %r" % ret)
return ret
def authenticate(self, username, passwd):
self.log(5, "Authenticating %s" % username)
self.params['username'] = username
self.params['password'] = passwd
return authenticate.auth(self.params)
def get_homedir(self, username):
self.params['username'] = username
ret = homedir.lookup(self.params)
self.log(5, "Plugin returned home : %r" % ret)
if ret and not os.path.isabs(ret) and base:
ret = os.path.join(base, ret)
self.log(5, "Added base to home : %r" % ret)
return ret
def new_storage(self, homedir):
self.params['homedir'] = homedir
return store.create_storage(self.params)
def get_tls_params(self):
return {'required': tls_required,
'key': tls_privateKey,
'cert': tls_certChain}
def pre_save(self, script):
return consume.pre_save(tmpdir, script)
def post_load(self, script):
return consume.post_load(script)
if options.stdin:
sock = socket.fromfd(0, socket.AF_INET, socket.SOCK_STREAM)
h = handler(sock, sock.getpeername(), None)
else:
import daemon
s = Server((addr, port), handler)
if not options.nodaemon:
daemon.daemon(pidfile=pidfile)
log(1, 'Listening on %s port %d' % (addr or "INADDR_ANY", port))
s.serve_forever()
if __name__ == '__main__':
main()