From 6ced1934bd46087a5f55eedf24dfeb2eacda70ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1s=20Touceda?= Date: Wed, 6 Nov 2013 11:51:33 -0300 Subject: Reject senders if they aren't the logged in user --- mail/changes/bug_reject_bad_sender | 2 ++ mail/src/leap/mail/smtp/__init__.py | 6 ++++-- mail/src/leap/mail/smtp/smtprelay.py | 17 ++++++++++++++--- 3 files changed, 20 insertions(+), 5 deletions(-) create mode 100644 mail/changes/bug_reject_bad_sender diff --git a/mail/changes/bug_reject_bad_sender b/mail/changes/bug_reject_bad_sender new file mode 100644 index 00000000..0e46c287 --- /dev/null +++ b/mail/changes/bug_reject_bad_sender @@ -0,0 +1,2 @@ + o Reject senders that aren't the user that is currently logged + in. Fixes #3952. \ No newline at end of file diff --git a/mail/src/leap/mail/smtp/__init__.py b/mail/src/leap/mail/smtp/__init__.py index b30cd20c..be568b83 100644 --- a/mail/src/leap/mail/smtp/__init__.py +++ b/mail/src/leap/mail/smtp/__init__.py @@ -29,7 +29,7 @@ from leap.common.events import proto, signal from leap.mail.smtp.smtprelay import SMTPFactory -def setup_smtp_relay(port, keymanager, smtp_host, smtp_port, +def setup_smtp_relay(port, userid, keymanager, smtp_host, smtp_port, smtp_cert, smtp_key, encrypted_only): """ Setup SMTP relay to run with Twisted. @@ -39,6 +39,8 @@ def setup_smtp_relay(port, keymanager, smtp_host, smtp_port, :param port: The port in which to run the server. :type port: int + :param userid: The user currently logged in + :type userid: unicode :param keymanager: A Key Manager from where to get recipients' public keys. :type keymanager: leap.common.keymanager.KeyManager @@ -75,7 +77,7 @@ def setup_smtp_relay(port, keymanager, smtp_host, smtp_port, } # configure the use of this service with twistd - factory = SMTPFactory(keymanager, config) + factory = SMTPFactory(userid, keymanager, config) try: tport = reactor.listenTCP(port, factory, interface="localhost") diff --git a/mail/src/leap/mail/smtp/smtprelay.py b/mail/src/leap/mail/smtp/smtprelay.py index fca66c0b..92a9f0e1 100644 --- a/mail/src/leap/mail/smtp/smtprelay.py +++ b/mail/src/leap/mail/smtp/smtprelay.py @@ -153,7 +153,7 @@ class SMTPFactory(ServerFactory): Factory for an SMTP server with encrypted relaying capabilities. """ - def __init__(self, keymanager, config): + def __init__(self, userid, keymanager, config): """ Initialize the SMTP factory. @@ -169,11 +169,14 @@ class SMTPFactory(ServerFactory): ENCRYPTED_ONLY_KEY: , } @type config: dict + @param userid: The user currently logged in + @type userid: unicode """ # assert params leap_assert_type(keymanager, KeyManager) assert_config_structure(config) # and store them + self._userid = userid self._km = keymanager self._config = config @@ -187,7 +190,8 @@ class SMTPFactory(ServerFactory): @return: The protocol. @rtype: SMTPDelivery """ - smtpProtocol = smtp.SMTP(SMTPDelivery(self._km, self._config)) + smtpProtocol = smtp.SMTP(SMTPDelivery(self._userid, self._km, + self._config)) smtpProtocol.factory = self return smtpProtocol @@ -203,7 +207,7 @@ class SMTPDelivery(object): implements(smtp.IMessageDelivery) - def __init__(self, keymanager, config): + def __init__(self, userid, keymanager, config): """ Initialize the SMTP delivery object. @@ -219,11 +223,14 @@ class SMTPDelivery(object): ENCRYPTED_ONLY_KEY: , } @type config: dict + @param userid: The user currently logged in + @type userid: unicode """ # assert params leap_assert_type(keymanager, KeyManager) assert_config_structure(config) # and store them + self._userid = userid self._km = keymanager self._config = config self._origin = None @@ -310,6 +317,10 @@ class SMTPDelivery(object): """ # accept mail from anywhere. To reject an address, raise # smtp.SMTPBadSender here. + if str(origin) != str(self._userid): + log.msg("Rejecting sender {0}, expected {1}".format(origin, + self._userid)) + raise smtp.SMTPBadSender(origin) self._origin = origin return origin -- cgit v1.2.3