From 45adb4d6cfdb8b9ed11e3efc398d00ec6dbdc0b0 Mon Sep 17 00:00:00 2001 From: drebs Date: Thu, 26 Mar 2015 15:25:50 -0300 Subject: [bug] limit pgp key lookup to access check server In order to minimize the number of couchdb queries and the number of mx lookups in case of junk mail this commit restricts the pgp key lookup to the access check server (and removes it from the alias server). Closes: #6795. --- changes/bug_6795_reject-mail-if-no-pgp-key-found | 3 +- src/leap/mx/alias_resolver.py | 14 +++----- src/leap/mx/check_recipient_access.py | 43 ++++++++++++++++++++++++ src/leap/mx/tcp_map.py | 20 ----------- 4 files changed, 49 insertions(+), 31 deletions(-) diff --git a/changes/bug_6795_reject-mail-if-no-pgp-key-found b/changes/bug_6795_reject-mail-if-no-pgp-key-found index 7b9ef1f..4fb3583 100644 --- a/changes/bug_6795_reject-mail-if-no-pgp-key-found +++ b/changes/bug_6795_reject-mail-if-no-pgp-key-found @@ -1 +1,2 @@ - o Reject mail if no PGP key was found for a user. Closes #6795. + o Add PGP key lookup on access check server and reject mail if no PGP key + was found for the user. Closes #6795. diff --git a/src/leap/mx/alias_resolver.py b/src/leap/mx/alias_resolver.py index 9206ffb..a139dd0 100644 --- a/src/leap/mx/alias_resolver.py +++ b/src/leap/mx/alias_resolver.py @@ -30,9 +30,8 @@ TODO: from twisted.protocols import postfix -from leap.mx.tcp_map import LEAPostfixTCPMapServerFactory +from leap.mx.tcp_map import LEAPPostfixTCPMapServerFactory from leap.mx.tcp_map import TCP_MAP_CODE_SUCCESS -from leap.mx.tcp_map import TCP_MAP_CODE_TEMPORARY_FAILURE from leap.mx.tcp_map import TCP_MAP_CODE_PERMANENT_FAILURE @@ -41,30 +40,25 @@ class LEAPPostfixTCPMapAliasServer(postfix.PostfixTCPMapServer): A postfix tcp map alias resolver server. """ - def _cbGot(self, value): + def _cbGot(self, uuid): """ Return a code and message depending on the result of the factory's get(). - :param value: The uuid and public key. + :param value: The uuid. :type value: list """ - uuid, pubkey = value if uuid is None: self.sendCode( TCP_MAP_CODE_PERMANENT_FAILURE, postfix.quote("NOT FOUND SRY")) - elif pubkey is None: - self.sendCode( - TCP_MAP_CODE_TEMPORARY_FAILURE, - postfix.quote("4.7.13 USER ACCOUNT DISABLED")) else: self.sendCode( TCP_MAP_CODE_SUCCESS, postfix.quote(uuid)) -class AliasResolverFactory(LEAPostfixTCPMapServerFactory): +class AliasResolverFactory(LEAPPostfixTCPMapServerFactory): """ A factory for postfix tcp map alias resolver servers. """ diff --git a/src/leap/mx/check_recipient_access.py b/src/leap/mx/check_recipient_access.py index cf172c7..0977564 100644 --- a/src/leap/mx/check_recipient_access.py +++ b/src/leap/mx/check_recipient_access.py @@ -23,6 +23,7 @@ Test this with postmap -v -q "foo" tcp:localhost:2244 """ from twisted.protocols import postfix +from twisted.internet import defer from leap.mx.tcp_map import LEAPPostfixTCPMapServerFactory from leap.mx.tcp_map import TCP_MAP_CODE_SUCCESS @@ -33,6 +34,10 @@ from leap.mx.tcp_map import TCP_MAP_CODE_PERMANENT_FAILURE class LEAPPostFixTCPMapAccessServer(postfix.PostfixTCPMapServer): """ A postfix tcp map recipient access checker server. + + The server potentially receives the uuid and a PGP key for the user, which + are looked up by the factory, and will return a permanent or a temporary + failure in case either the user or the key don't exist, respectivelly. """ def _cbGot(self, value): @@ -61,5 +66,43 @@ class LEAPPostFixTCPMapAccessServer(postfix.PostfixTCPMapServer): class CheckRecipientAccessFactory(LEAPPostfixTCPMapServerFactory): + """ + A factory for the recipient access checker. + + When queried, the factory looks up the user's uuid and a PGP key for that + user and returns the result to the server's _cbGot() method. + """ protocol = LEAPPostFixTCPMapAccessServer + + def _getPubKey(self, uuid): + """ + Look up PGP public key based on user uid. + + :param uuid: The user uid. + :type uuid: str + + :return: A deferred that is fired with the uuid and the public key, if + available. + :rtype: DeferredList + """ + if uuid is None: + return defer.succeed([None, None]) + # properly encode uuid, otherwise twisted complains when replying + if isinstance(uuid, unicode): + uuid = uuid.encode("utf8") + return defer.gatherResults([ + defer.succeed(uuid), + self._cdb.getPubKey(uuid), + ]) + + def get(self, key): + """ + Look up uuid and PGP public key based on key. + + :param key: The lookup key. + :type key: str + """ + d = LEAPPostfixTCPMapServerFactory.get(self, key) + d.addCallback(self._getPubKey) + return d diff --git a/src/leap/mx/tcp_map.py b/src/leap/mx/tcp_map.py index b7066ff..b62441f 100644 --- a/src/leap/mx/tcp_map.py +++ b/src/leap/mx/tcp_map.py @@ -18,7 +18,6 @@ from twisted.python import log -from twisted.internet import defer from twisted.internet.protocol import ServerFactory @@ -42,24 +41,6 @@ class LEAPPostfixTCPMapServerFactory(ServerFactory): """ self._cdb = couchdb - def _getPubKey(self, uuid): - """ - Look up PGP public key based on user uid. - - :param uuid: The user uid. - :type uuid: str - - :return: A deferred that is fired with the uuid and the public key, if - available. - :rtype: DeferredList - """ - if uuid is None: - return defer.succeed([None, None]) - return defer.gatherResults([ - defer.succeed(uuid), - self._cdb.getPubKey(uuid), - ]) - def get(self, key): """ Look up uuid based on key, only up to the username id of the key. @@ -71,6 +52,5 @@ class LEAPPostfixTCPMapServerFactory(ServerFactory): """ log.msg("Query key: %s" % (key,)) d = self._cdb.queryByAddress(key) - d.addCallback(self._getPubKey) d.addErrback(log.err) return d -- cgit v1.2.3