def changeMemberAddress(self, member, newaddress, nodelete=0):
assert self.__mlist.Locked()
# Make sure the old address is a member. Assertions that the new
# address is not already a member is done by addNewMember() below.
self.__assertIsMember(member)
# Get the old values
memberkey = member.lower()
fullname = self.getMemberName(memberkey)
flags = self.__mlist.user_options.get(memberkey, 0)
digestsp = self.getMemberOption(memberkey, mm_cfg.Digests)
password = self.__mlist.passwords.get(memberkey,
Utils.MakeRandomPassword())
lang = self.getMemberLanguage(memberkey)
delivery = self.__mlist.delivery_status.get(member.lower(),
(MemberAdaptor.ENABLED, 0))
# First, possibly delete the old member
if not nodelete:
self.removeMember(memberkey)
# Now, add the new member
self.addNewMember(newaddress,
realname=fullname,
digest=digestsp,
password=password,
language=lang)
# Set the entire options bitfield
if flags:
self.__mlist.user_options[newaddress.lower()] = flags
# If this is a straightforward address change, i.e. nodelete = 0,
# preserve the delivery status and time if BYUSER or BYADMIN
if delivery[0] in (MemberAdaptor.BYUSER, MemberAdaptor.BYADMIN)\
and not nodelete:
self.__mlist.delivery_status[newaddress.lower()] = delivery
def addNewMember(self, member, **kws):
# assert self.__mlist.Locked()
# Make sure this address isn't already a member
if self.isMember(member):
raise Errors.MMAlreadyAMember, member
# Parse the keywords
digest = 0
password = Utils.MakeRandomPassword()
language = self.__mlist.preferred_language
realname = None
if kws.has_key('digest'):
digest = kws['digest']
del kws['digest']
if kws.has_key('password'):
password = kws['password']
del kws['password']
if kws.has_key('language'):
language = kws['language']
del kws['language']
if kws.has_key('realname'):
realname = kws['realname']
del kws['realname']
# Assert that no other keywords are present
if kws:
raise ValueError, kws.keys()
# If the localpart has uppercase letters in it, then the value in the
# members (or digest_members) dict is the case preserved address.
# Otherwise the value is 0. Note that the case of the domain part is
# of course ignored.
if Utils.LCDomain(member) == member.lower():
value = 0
else:
value = member
member = member.lower()
if digest:
digest = 'Y'
else:
digest = 'N'
# All we need to do here is add the address.
# and Set the member's default set of options
if self.__mlist.new_member_options:
options = self.__mlist.new_member_options
else:
options = 0
query = "INSERT INTO %s " \
+ "(address, user_options, password, lang, " \
+ "digest, delivery_status,listname) values " \
+ "('%s',%s,'%s','%s','%s','%s','%s')"
query = query %( self._table,
self.escape(member), options, md5_new(password).hexdigest(),
language, digest, MemberAdaptor.ENABLED,self.__mlist.internal_name())
if mm_cfg.MYSQL_MEMBER_DB_VERBOSE:
syslog('mysql',query)
mm_cfg.cursor.execute(query)
mm_cfg.connection.commit()
if realname:
self.setMemberName(member, realname)
def apply_mailman_changes(daan, changes):
mlo = {}
def ensure_opened(l):
if l in mlo:
return True
try:
mlo[l] = MailList.MailList(l)
return True
except Errors.MMUnknownListError:
logging.warn("mailman: could not open %s" % l)
return False
for name, humanName in changes['create']:
newlist = os.path.join(settings.MAILMAN_PATH, 'bin/newlist')
ret = call([
newlist, '-q', name, settings.MAILMAN_DEFAULT_OWNER,
settings.MAILMAN_DEFAULT_PASSWORD
])
if ret != 0:
logging.error("bin/newlist failed")
continue
# Our custom settings
# from: http://karpenoktem.com/wiki/WebCie:Mailinglist
ensure_opened(name)
ml = mlo[name]
ml.send_reminders = 0
ml.send_welcome_msg = False
ml.max_message_size = 0
ml.subscribe_policy = 3
ml.unsubscribe_policy = 0
ml.private_roster = 2
ml.generic_nonmember_action = 0
ml.require_explicit_destination = 0
ml.max_num_recipients = 0
ml.archive_private = 1
ml.from_is_list = 1
try:
for l in changes['add']:
if not ensure_opened(l):
continue
for em in changes['add'][l]:
pw = Utils.MakeRandomPassword()
desc = UserDesc.UserDesc(em, '', pw, False)
mlo[l].ApprovedAddMember(desc, False, False)
for l in changes['remove']:
if not ensure_opened(l):
continue
for em in changes['remove'][l]:
mlo[l].ApprovedDeleteMember(em,
admin_notif=False,
userack=False)
finally:
for ml in mlo.values():
ml.Save()
ml.Unlock()
def add_list(name, **kwargs):
'''
Adds a list to the server
Arguments:
- name: The desired name of the list
- owner: The owner of the list. If not set, [email protected] is used
- password: A given password for the list. If empty, a random password will be set.
- language: Language of list (optional)
- urlhost: Urlhost of the list (optional)
- emailhost: Run list under other email-domain (optional)
Returns true or false
'''
# If list is already present, exit
if list_present(name):
return False, 'List is already present on this system'
owner = DEFAULT_OWNER
if 'owner' in kwargs:
owner = kwargs['owner']
if 'password' in kwargs:
password = kwargs['password']
else:
password = Utils.MakeRandomPassword(mm_cfg.ADMIN_PASSWORD_LENGTH)
# Add optional arguments
args = ''
if 'language' in kwargs:
args = args + " -l %s" % kwargs['language']
if 'urlhost' in kwargs:
args = args + " -u %s" % kwargs['urlhost']
if 'emailhost' in kwargs:
args = args + " -e %s" % kwargs['emailhost']
# We use the commandline tools, because they do a lot of checks,
# we don't want to reimplement all of them.
if len(args) > 0:
cmdline = "%s/newlist %s %s %s %s" % (MM_PATH, args.strip(), name,
owner, password)
else:
cmdline = "%s/newlist %s %s %s" % (MM_PATH, name, owner, password)
cmd = cmdline.split(' ')
p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stdin=subprocess.PIPE)
p.communicate('\n')
p.wait()
if p.returncode == 0:
return True
return False, 'Could not add list %s, something went wrong' % name
def MailUserPassword(self, user):
listfullname = '%s@%s' % (self.real_name, self.host_name)
requestaddr = self.GetRequestEmail()
# find the lowercased version of the user's address
adminaddr = self.GetBouncesEmail()
assert self.isMember(user)
if not self.getMemberPassword(user):
# The user's password somehow got corrupted. Generate a new one
# for him, after logging this bogosity.
syslog('error', 'User %s had a false password for list %s', user,
self.internal_name())
waslocked = self.Locked()
if not waslocked:
self.Lock()
try:
self.setMemberPassword(user, Utils.MakeRandomPassword())
self.Save()
finally:
if not waslocked:
self.Unlock()
# Now send the user his password
cpuser = self.getMemberCPAddress(user)
recipient = self.GetMemberAdminEmail(cpuser)
subject = _('%(listfullname)s mailing list reminder')
# Get user's language and charset
lang = self.getMemberLanguage(user)
cset = Utils.GetCharSet(lang)
password = self.getMemberPassword(user)
# TK: Make unprintables to ?
# The list owner should allow users to set language options if they
# want to use non-us-ascii characters in password and send it back.
password = unicode(password, cset, 'replace').encode(cset, 'replace')
# get the text from the template
text = Utils.maketext(
'userpass.txt', {
'user': cpuser,
'listname': self.real_name,
'fqdn_lname': self.GetListEmail(),
'password': password,
'options_url': self.GetOptionsURL(user, absolute=True),
'requestaddr': requestaddr,
'owneraddr': self.GetOwnerEmail(),
},
lang=lang,
mlist=self)
msg = Message.UserNotification(recipient, adminaddr, subject, text,
lang)
msg['X-No-Archive'] = 'yes'
msg.send(self, verp=mm_cfg.VERP_PERSONALIZED_DELIVERIES)
def addNewMember(self, member, **kws):
assert self.__mlist.Locked()
# Make sure this address isn't already a member
if self.isMember(member):
raise Errors.MMAlreadyAMember(member)
# Parse the keywords
digest = 0
password = Utils.MakeRandomPassword()
language = self.__mlist.preferred_language
realname = None
if 'digest' in kws:
digest = kws['digest']
del kws['digest']
if 'password' in kws:
password = kws['password']
del kws['password']
if 'language' in kws:
language = kws['language']
del kws['language']
if 'realname' in kws:
realname = kws['realname']
del kws['realname']
# Assert that no other keywords are present
if kws:
raise ValueError(list(kws.keys()))
# If the localpart has uppercase letters in it, then the value in the
# members (or digest_members) dict is the case preserved address.
# Otherwise the value is 0. Note that the case of the domain part is
# of course ignored.
if Utils.LCDomain(member) == member.lower():
value = 0
else:
value = member
member = member.lower()
if digest:
self.__mlist.digest_members[member] = value
else:
self.__mlist.members[member] = value
self.setMemberPassword(member, password)
self.setMemberLanguage(member, language)
if realname:
self.setMemberName(member, realname)
# Set the member's default set of options
if self.__mlist.new_member_options:
self.__mlist.user_options[member] = self.__mlist.new_member_options
def reset_pw(mlist, *args):
try:
opts, args = getopt.getopt(args, 'v', ['verbose'])
except getopt.error as msg:
usage(1, msg)
verbose = False
for opt, args in opts:
if opt in ('-v', '--verbose'):
verbose = True
listname = mlist.internal_name()
if verbose:
print(C_('Changing passwords for list: %(listname)s'))
for member in mlist.getMembers():
randompw = Utils.MakeRandomPassword()
mlist.setMemberPassword(member, randompw)
if verbose:
print(C_('New password for member %(member)40s: %(randompw)s'))
mlist.Save()
_('There was no hidden token in your submission or it was corrupted.'))
results.append(_('You must GET the form before submitting it.'))
# Check captcha
captcha_answer = cgidata.getvalue('captcha_answer', '')
if not Captcha.verify(fcaptcha_idx, captcha_answer, mm_cfg.CAPTCHAS):
results.append(_('This was not the right answer to the CAPTCHA question.'))
# Was an attempt made to subscribe the list to itself?
if email == mlist.GetListEmail():
syslog('mischief', 'Attempt to self subscribe %s: %s', email, remote)
results.append(_('You may not subscribe a list to itself!'))
# If the user did not supply a password, generate one for him
password = cgidata.getfirst('pw', '').strip()
confirmed = cgidata.getfirst('pw-conf', '').strip()
if not password and not confirmed:
password = Utils.MakeRandomPassword()
elif not password or not confirmed:
results.append(_('If you supply a password, you must confirm it.'))
elif password <> confirmed:
results.append(_('Your passwords did not match.'))
# Get the digest option for the subscription.
digestflag = cgidata.getfirst('digest')
if digestflag:
try:
digest = int(digestflag)
except (TypeError, ValueError):
digest = 0
else:
digest = mlist.digest_is_default
def process_form(mlist, doc, cgidata, lang):
listowner = mlist.GetOwnerEmail()
realname = mlist.real_name
results = []
# The email address being subscribed, required
email = cgidata.getvalue('email', '').strip()
if not email:
results.append(_('You must supply a valid email address.'))
fullname = cgidata.getvalue('fullname', '')
# Canonicalize the full name
fullname = Utils.canonstr(fullname, lang)
# Who was doing the subscribing?
remote = os.environ.get(
'REMOTE_HOST', os.environ.get('REMOTE_ADDR', 'unidentified origin'))
# Are we checking the hidden data?
if mm_cfg.SUBSCRIBE_FORM_SECRET:
now = int(time.time())
try:
ftime, fhash = cgidata.getvalue('sub_form_token', '').split(':')
then = int(ftime)
except ValueError:
ftime = fhash = ''
then = now
token = Utils.sha_new(mm_cfg.SUBSCRIBE_FORM_SECRET + ftime +
mlist.internal_name() + remote).hexdigest()
if now - then > mm_cfg.FORM_LIFETIME:
results.append(_('The form is too old. Please GET it again.'))
if now - then < mm_cfg.SUBSCRIBE_FORM_MIN_TIME:
results.append(
_('Please take a few seconds to fill out the form before submitting it.'
))
if token != fhash:
results.append(_('You must GET the form before submitting it.'))
# Was an attempt made to subscribe the list to itself?
if email == mlist.GetListEmail():
syslog('mischief', 'Attempt to self subscribe %s: %s', email, remote)
results.append(_('You may not subscribe a list to itself!'))
# If the user did not supply a password, generate one for him
password = cgidata.getvalue('pw', '').strip()
confirmed = cgidata.getvalue('pw-conf', '').strip()
if not password and not confirmed:
password = Utils.MakeRandomPassword()
elif not password or not confirmed:
results.append(_('If you supply a password, you must confirm it.'))
elif password <> confirmed:
results.append(_('Your passwords did not match.'))
# Get the digest option for the subscription.
digestflag = cgidata.getvalue('digest')
if digestflag:
try:
digest = int(digestflag)
except ValueError:
digest = 0
else:
digest = mlist.digest_is_default
# Sanity check based on list configuration. BAW: It's actually bogus that
# the page allows you to set the digest flag if you don't really get the
# choice. :/
if not mlist.digestable:
digest = 0
elif not mlist.nondigestable:
digest = 1
if results:
print_results(mlist, ERRORSEP.join(results), doc, lang)
return
# If this list has private rosters, we have to be careful about the
# message that gets printed, otherwise the subscription process can be
# used to mine for list members. It may be inefficient, but it's still
# possible, and that kind of defeats the purpose of private rosters.
# We'll use this string for all successful or unsuccessful subscription
# results.
if mlist.private_roster == 0:
# Public rosters
privacy_results = ''
else:
privacy_results = _("""\
Your subscription request has been received, and will soon be acted upon.
Depending on the configuration of this mailing list, your subscription request
may have to be first confirmed by you via email, or approved by the list
moderator. If confirmation is required, you will soon get a confirmation
email which contains further instructions.""")
try:
userdesc = UserDesc(email, fullname, password, digest, lang)
mlist.AddMember(userdesc, remote)
results = ''
# Check for all the errors that mlist.AddMember can throw options on the
# web page for this cgi
except Errors.MembershipIsBanned:
results = _("""The email address you supplied is banned from this
mailing list. If you think this restriction is erroneous, please
contact the list owners at %(listowner)s.""")
except Errors.MMBadEmailError:
results = _("""\
The email address you supplied is not valid. (E.g. it must contain an
`@'.)""")
except Errors.MMHostileAddress:
results = _("""\
Your subscription is not allowed because the email address you gave is
insecure.""")
except Errors.MMSubscribeNeedsConfirmation:
# Results string depends on whether we have private rosters or not
if privacy_results:
results = privacy_results
else:
results = _("""\
Confirmation from your email address is required, to prevent anyone from
subscribing you without permission. Instructions are being sent to you at
%(email)s. Please note your subscription will not start until you confirm
your subscription.""")
except Errors.MMNeedApproval, x:
# Results string depends on whether we have private rosters or not
if privacy_results:
results = privacy_results
else:
# We need to interpolate into x.__str__()
x = _(str(x))
results = _("""\
Your subscription request was deferred because %(x)s. Your request has been
forwarded to the list moderator. You will receive email informing you of the
moderator's decision when they get to your request.""")
print >> fd, msg
sys.exit(code)
def reset_pw(mlist, *args):
try:
opts, args = getopt.getopt(args, 'v', ['verbose'])
except getopt.error, msg:
usage(1, msg)
verbose = False
for opt, args in opts:
if opt in ('-v', '--verbose'):
verbose = True
listname = mlist.internal_name()
if verbose:
print _('Changing passwords for list: %(listname)s')
for member in mlist.getMembers():
randompw = Utils.MakeRandomPassword()
mlist.setMemberPassword(member, randompw)
if verbose:
print _('New password for member %(member)40s: %(randompw)s')
mlist.Save()
if __name__ == '__main__':
usage(0)
def process(res, args):
mlist = res.mlist
digest = None
password = None
address = None
realname = None
# Parse the args
argnum = 0
for arg in args:
if arg.lower().startswith('address='):
address = arg[8:]
elif argnum == 0:
password = arg
elif argnum == 1:
if arg.lower() not in ('digest', 'nodigest'):
res.results.append(_('Bad digest specifier: %(arg)s'))
return STOP
if arg.lower() == 'digest':
digest = 1
else:
digest = 0
else:
res.results.append(_('Usage:'))
res.results.append(gethelp(mlist))
return STOP
argnum += 1
# Fix the password/digest issue
if (digest is None
and password and password.lower() in ('digest', 'nodigest')):
if password.lower() == 'digest':
digest = 1
else:
digest = 0
password = None
# Fill in empty defaults
if digest is None:
digest = mlist.digest_is_default
if password is None:
password = Utils.MakeRandomPassword()
if address is None:
realname, address = parseaddr(res.msg['from'])
if not address:
# Fall back to the sender address
address = res.msg.get_sender()
if not address:
res.results.append(_('No valid address found to subscribe'))
return STOP
# Watch for encoded names
try:
h = make_header(decode_header(realname))
# BAW: in Python 2.2, use just unicode(h)
realname = str(h)
except UnicodeError:
realname = ''
# Coerce to byte string if uh contains only ascii
try:
realname = realname.encode('us-ascii')
except UnicodeError:
pass
# Create the UserDesc record and do a non-approved subscription
listowner = mlist.GetOwnerEmail()
userdesc = UserDesc(address, realname, password, digest)
remote = res.msg.get_sender()
try:
mlist.AddMember(userdesc, remote)
except Errors.MembershipIsBanned:
res.results.append(_("""\
The email address you supplied is banned from this mailing list.
If you think this restriction is erroneous, please contact the list
owners at %(listowner)s."""))
return STOP
except Errors.MMBadEmailError:
res.results.append(_("""\
Mailman won't accept the given email address as a valid address.
(E.g. it must have an @ in it.)"""))
return STOP
except Errors.MMHostileAddress:
res.results.append(_("""\
Your subscription is not allowed because
the email address you gave is insecure."""))
return STOP
except Errors.MMAlreadyAMember:
res.results.append(_('You are already subscribed!'))
return STOP
except Errors.MMCantDigestError:
res.results.append(
_('No one can subscribe to the digest of this list!'))
return STOP
except Errors.MMMustDigestError:
res.results.append(_('This list only supports digest subscriptions!'))
return STOP
except Errors.MMSubscribeNeedsConfirmation:
# We don't need to respond /and/ send a confirmation message.
res.respond = 0
except Errors.MMNeedApproval:
res.results.append(_("""\
Your subscription request has been forwarded to the list administrator
at %(listowner)s for review."""))
else:
# Everything is a-ok
res.results.append(_('Subscription request succeeded.'))
def process_form(mlist, doc, cgidata, lang):
listowner = mlist.GetOwnerEmail()
realname = mlist.real_name
results = []
# The email address being subscribed, required
email = cgidata.getfirst('email', '').strip()
if not email:
results.append(_('You must supply a valid email address.'))
fullname = cgidata.getfirst('fullname', '')
# Canonicalize the full name
fullname = Utils.canonstr(fullname, lang)
# Who was doing the subscribing?
remote = os.environ.get('HTTP_FORWARDED_FOR',
os.environ.get('HTTP_X_FORWARDED_FOR',
os.environ.get('REMOTE_ADDR',
'unidentified origin')))
# Check reCAPTCHA submission, if enabled
if mm_cfg.RECAPTCHA_SECRET_KEY:
request = urllib2.Request(
url = 'https://www.google.com/recaptcha/api/siteverify',
data = urllib.urlencode({
'secret': mm_cfg.RECAPTCHA_SECRET_KEY,
'response': cgidata.getvalue('g-recaptcha-response', ''),
'remoteip': remote}))
try:
httpresp = urllib2.urlopen(request)
captcha_response = json.load(httpresp)
httpresp.close()
if not captcha_response['success']:
e_codes = COMMASPACE.join(captcha_response['error-codes'])
results.append(_('reCAPTCHA validation failed: %(e_codes)s'))
except urllib2.URLError as e:
e_reason = e.reason
results.append(_('reCAPTCHA could not be validated: %(e_reason)s'))
# Are we checking the hidden data?
if mm_cfg.SUBSCRIBE_FORM_SECRET:
now = int(time.time())
# Try to accept a range in case of load balancers, etc. (LP: #1447445)
if remote.find('.') >= 0:
# ipv4 - drop last octet
remote1 = remote.rsplit('.', 1)[0]
else:
# ipv6 - drop last 16 (could end with :: in which case we just
# drop one : resulting in an invalid format, but it's only
# for our hash so it doesn't matter.
remote1 = remote.rsplit(':', 1)[0]
try:
ftime, fhash = cgidata.getfirst('sub_form_token', '').split(':')
then = int(ftime)
except ValueError:
ftime = fhash = ''
then = 0
token = Utils.sha_new(mm_cfg.SUBSCRIBE_FORM_SECRET +
ftime +
mlist.internal_name() +
remote1).hexdigest()
if ftime and now - then > mm_cfg.FORM_LIFETIME:
results.append(_('The form is too old. Please GET it again.'))
if ftime and now - then < mm_cfg.SUBSCRIBE_FORM_MIN_TIME:
results.append(
_('Please take a few seconds to fill out the form before submitting it.'))
if ftime and token != fhash:
results.append(
_("The hidden token didn't match. Did your IP change?"))
if not ftime:
results.append(
_('There was no hidden token in your submission or it was corrupted.'))
results.append(_('You must GET the form before submitting it.'))
# Was an attempt made to subscribe the list to itself?
if email == mlist.GetListEmail():
syslog('mischief', 'Attempt to self subscribe %s: %s', email, remote)
results.append(_('You may not subscribe a list to itself!'))
# If the user did not supply a password, generate one for him
password = cgidata.getfirst('pw', '').strip()
confirmed = cgidata.getfirst('pw-conf', '').strip()
if not password and not confirmed:
password = Utils.MakeRandomPassword()
elif not password or not confirmed:
results.append(_('If you supply a password, you must confirm it.'))
elif password <> confirmed:
results.append(_('Your passwords did not match.'))
# Get the digest option for the subscription.
digestflag = cgidata.getfirst('digest')
if digestflag:
try:
digest = int(digestflag)
except (TypeError, ValueError):
digest = 0
else:
digest = mlist.digest_is_default
# Sanity check based on list configuration. BAW: It's actually bogus that
# the page allows you to set the digest flag if you don't really get the
# choice. :/
if not mlist.digestable:
digest = 0
elif not mlist.nondigestable:
digest = 1
if results:
print_results(mlist, ERRORSEP.join(results), doc, lang)
return
# If this list has private rosters, we have to be careful about the
# message that gets printed, otherwise the subscription process can be
# used to mine for list members. It may be inefficient, but it's still
# possible, and that kind of defeats the purpose of private rosters.
# We'll use this string for all successful or unsuccessful subscription
# results.
if mlist.private_roster == 0:
# Public rosters
privacy_results = ''
else:
privacy_results = _("""\
Your subscription request has been received, and will soon be acted upon.
Depending on the configuration of this mailing list, your subscription request
may have to be first confirmed by you via email, or approved by the list
moderator. If confirmation is required, you will soon get a confirmation
email which contains further instructions.""")
try:
userdesc = UserDesc(email, fullname, password, digest, lang)
mlist.AddMember(userdesc, remote)
results = ''
# Check for all the errors that mlist.AddMember can throw options on the
# web page for this cgi
except Errors.MembershipIsBanned:
results = _("""The email address you supplied is banned from this
mailing list. If you think this restriction is erroneous, please
contact the list owners at %(listowner)s.""")
except Errors.MMBadEmailError:
results = _("""\
The email address you supplied is not valid. (E.g. it must contain an
`@'.)""")
except Errors.MMHostileAddress:
results = _("""\
Your subscription is not allowed because the email address you gave is
insecure.""")
except Errors.MMSubscribeNeedsConfirmation:
# Results string depends on whether we have private rosters or not
if privacy_results:
results = privacy_results
else:
results = _("""\
Confirmation from your email address is required, to prevent anyone from
subscribing you without permission. Instructions are being sent to you at
%(email)s. Please note your subscription will not start until you confirm
your subscription.""")
except Errors.MMNeedApproval, x:
# Results string depends on whether we have private rosters or not
if privacy_results:
results = privacy_results
else:
# We need to interpolate into x.__str__()
x = _(str(x))
results = _("""\
Your subscription request was deferred because %(x)s. Your request has been
forwarded to the list moderator. You will receive email informing you of the
moderator's decision when they get to your request.""")
