Changes of Revision 47
guam.spec
Changed
x
1
2
3
Name: guam4
Version: 0.9.105
-Release: 1%{?dist}6
+Release: 2%{?dist}7
Summary: A Smart Reverse IMAP Proxy8
9
Group: System Environment/Daemons10
guam-0.9.10.tar.gz/app.config
Changed
34
1
2
{ port, 1996 },3
{ imap_server, kolabnow },4
5
- { implicit_tls, false },6
+ { implicit_tls, false },7
{ rules, [8
{ filter_groupware, [] },9
{ audit, [] }10
]11
}12
]13
+ },14
+ { kolabnow_tls, [15
+ { port, 1997 },16
+ { imap_server, kolabnow },17
+ { implicit_tls, true },18
+ { rules, [19
+ { filter_groupware, [] },20
+ { audit, [] }21
+ ]22
+ },23
+ { tls_config, [24
+ { certfile, "/home/mollekopf/src/guam/certs/localhost.cert" },25
+ { keyfile, "/home/mollekopf/src/guam/certs/localhost.key" },26
+ { cacertfile, "/home/mollekopf/src/guam/certs/ca.cert" },27
+ { dhfile, "/home/mollekopf/src/guam/certs/dhparam4096.pem" },28
+ { verify, verify_none }29
+ ] }30
+ ]31
}32
]33
}34
guam-0.9.10.tar.gz/apps/kolab_guam/src/rules/kolab_guam_rule_audit.erl
Changed
57
1
2
3
new(_Config) -> #state { }.4
5
+peername({sslsocket, _, _} = Socket) -> ssl:peername(Socket);6
+peername(Socket) -> inet:peername(Socket).7
+8
applies(Socket, _Buffer, { _Tag, _Command, _Data }, State) ->9
- {ok, {Ip, _Port}} = inet:peername(Socket),10
+ {ok, {Ip, _Port}} = peername(Socket),11
% This command is always immediately active as we expect the LOGIN command at the beginning12
{ true, State#state{ ip = Ip }}.13
14
15
Username = extract_username(FullBuffer, Command),16
case eimap_utils:check_response_for_failure(Buffer, Tag) of17
ok ->18
- lager:info("LOGIN ATTEMPT: ~p from ~p, OK", [Username, inet:ntoa(Ip)]),19
+ lager:info("login: ~s from ~s, OK", [Username, inet:ntoa(Ip)]),20
State#state{ active = false, username = Username };21
{ no, Reason } ->22
- lager:info("LOGIN ATTEMPT: ~p from ~p, NO: ~p", [Username, inet:ntoa(Ip), Reason]),23
+ lager:info("badlogin: ~s from ~s, NO: ~s", [Username, inet:ntoa(Ip), Reason]),24
State#state{ active = false, username = Username };25
{ bad, Reason } ->26
- lager:info("LOGIN ATTEMPT: ~p from ~p, BAD: ~p", [Username, inet:ntoa(Ip), Reason]),27
+ lager:info("badlogin: ~s from ~s, BAD: ~s", [Username, inet:ntoa(Ip), Reason]),28
State#state{ active = false, username = Username }29
end;30
untagged -> State31
32
case Command of33
Command when Command =:= <<"AUTHENTICATE">>; Command =:= <<"authenticate">> ->34
Lines = binary:split(FullBuffer, <<"\r\n">>, [ global ]),35
- % We can only handle the LOGIN method36
- lager:info("Lines ~p", [Lines]),37
- base64:decode(lists:nth(2, Lines));38
+ FirstLine = lists:nth(1, Lines),39
+ FirstLineParts = binary:split(FirstLine, <<" ">>, [ global ]),40
+ AuthenticateMethod = lists:last(FirstLineParts),41
+ case AuthenticateMethod of42
+ <<"PLAIN">> ->43
+ Decoded = base64:decode(lists:nth(2, Lines)),44
+ % In the form of \0$username\0$password45
+ Split = binary:split(Decoded, <<0>>, [ global ]),46
+ lists:nth(2, Split);47
+ <<"LOGIN">> ->48
+ base64:decode(lists:nth(2, Lines));49
+ _ ->50
+ %TODO SASL-IR would go here51
+ lager:info("AUTHENTICATE method not implemented ~p", [AuthenticateMethod]),52
+ <<"Not implemented">>53
+ end;54
<<"LOGIN">> ->55
List = binary:split(FullBuffer, <<" ">>, [ global ]),56
lists:nth(3, List)57
guam-0.9.10.tar.gz/apps/kolab_guam/test/kolab_guam_rule_audit_SUITE.erl
Changed
15
1
2
<<"V2VsY29tZTJLb2xhYlN5c3RlbXM=\r\n">>],3
<<"a001 OK LOGIN completed">>,4
true5
+ },6
+ % Thunderbird with the authenticate plain mechanism7
+ {8
+ [<<"1 authenticate PLAIN\r\n">>,9
+ <<"AHRlc3QxQGtvbGFiLm9yZwBXZWxjb21lMktvbGFiU3lzdGVtcw==\r\n">>],10
+ <<"1 OK LOGIN completed">>,11
+ true12
}13
],14
15
guam-0.9.10.tar.gz/generatecerts.sh
Added
63
1
2
+#!/bin/bash3
+# Generates test certificates for localhost so tls can be tested4
+5
+base_dir=$(dirname $(dirname $0))6
+7
+cert_dir="${base_dir}/certs/"8
+9
+if [ ! -d "${cert_dir}" ]; then10
+ mkdir -p ${cert_dir}11
+fi12
+13
+if [ ! -f "${cert_dir}/ca.key" ]; then14
+ openssl genrsa -out ${cert_dir}/ca.key 409615
+16
+ openssl req \17
+ -new \18
+ -x509 \19
+ -nodes \20
+ -days 3650 \21
+ -key ${cert_dir}/ca.key \22
+ -out ${cert_dir}/ca.cert \23
+ -subj '/O=Example CA/'24
+fi25
+26
+if [ -f /etc/pki/tls/openssl.cnf ]; then27
+ openssl_cnf="/etc/pki/tls/openssl.cnf"28
+elif [ -f /etc/ssl/openssl.cnf ]; then29
+ openssl_cnf="/etc/ssl/openssl.cnf"30
+else31
+ echo "No openssl.cnf"32
+ exit 133
+fi34
+35
+for name in localhost; do36
+ openssl genrsa -out ${cert_dir}/${name}.key 409637
+38
+ openssl req \39
+ -new \40
+ -key ${cert_dir}/${name}.key \41
+ -out ${cert_dir}/${name}.csr \42
+ -subj "/O=Example CA/CN=${name}/" \43
+ -reqexts SAN \44
+ -config <(cat ${openssl_cnf} \45
+ <(printf "[SAN]\nsubjectAltName=DNS:${name}"))46
+47
+ openssl x509 \48
+ -req \49
+ -in ${cert_dir}/${name}.csr \50
+ -CA ${cert_dir}/ca.cert \51
+ -CAkey ${cert_dir}/ca.key \52
+ -CAcreateserial \53
+ -out ${cert_dir}/${name}.cert \54
+ -days 28 \55
+ -extfile <(cat ${openssl_cnf} \56
+ <(printf "[SAN]\nsubjectAltName=DNS:${name}")) \57
+ -extensions SAN58
+done59
+60
+openssl dhparam -out ${cert_dir}/dhparam4096.pem61
+62
+chmod 644 ${cert_dir}/*.{cert,key,pem}63
guam.dsc
Changed
10
1
2
Source: guam3
Binary: guam4
Architecture: any5
-Version: 0.9.10-16
+Version: 0.9.10-27
Maintainer: Christoph Erhardt <kolab@sicherha.de>8
Homepage: https://kolab.org/about/guam9
Standards-Version: 3.9.610