Projects
Kolab:Winterfell
guam
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 80
View file
guam.spec
Changed
@@ -19,7 +19,7 @@ Name: guam Version: 0.9.10 -Release: 1%{?dist} +Release: 2%{?dist} Summary: A Smart Reverse IMAP Proxy Group: System Environment/Daemons
View file
guam-0.9.10.tar.gz/app.config
Changed
@@ -82,13 +82,31 @@ { port, 1996 }, { imap_server, kolabnow }, - { implicit_tls, false }, + { implicit_tls, false }, { rules, [ { filter_groupware, [] }, { audit, [] } ] } ] + }, + { kolabnow_tls, [ + { port, 1997 }, + { imap_server, kolabnow }, + { implicit_tls, true }, + { rules, [ + { filter_groupware, [] }, + { audit, [] } + ] + }, + { tls_config, [ + { certfile, "/home/mollekopf/src/guam/certs/localhost.cert" }, + { keyfile, "/home/mollekopf/src/guam/certs/localhost.key" }, + { cacertfile, "/home/mollekopf/src/guam/certs/ca.cert" }, + { dhfile, "/home/mollekopf/src/guam/certs/dhparam4096.pem" }, + { verify, verify_none } + ] } + ] } ] }
View file
guam-0.9.10.tar.gz/apps/kolab_guam/src/rules/kolab_guam_rule_audit.erl
Changed
@@ -24,8 +24,11 @@ new(_Config) -> #state { }. +peername({sslsocket, _, _} = Socket) -> ssl:peername(Socket); +peername(Socket) -> inet:peername(Socket). + applies(Socket, _Buffer, { _Tag, _Command, _Data }, State) -> - {ok, {Ip, _Port}} = inet:peername(Socket), + {ok, {Ip, _Port}} = peername(Socket), % This command is always immediately active as we expect the LOGIN command at the beginning { true, State#state{ ip = Ip }}. @@ -55,13 +58,13 @@ Username = extract_username(FullBuffer, Command), case eimap_utils:check_response_for_failure(Buffer, Tag) of ok -> - lager:info("LOGIN ATTEMPT: ~p from ~p, OK", [Username, inet:ntoa(Ip)]), + lager:info("login: ~s from ~s, OK", [Username, inet:ntoa(Ip)]), State#state{ active = false, username = Username }; { no, Reason } -> - lager:info("LOGIN ATTEMPT: ~p from ~p, NO: ~p", [Username, inet:ntoa(Ip), Reason]), + lager:info("badlogin: ~s from ~s, NO: ~s", [Username, inet:ntoa(Ip), Reason]), State#state{ active = false, username = Username }; { bad, Reason } -> - lager:info("LOGIN ATTEMPT: ~p from ~p, BAD: ~p", [Username, inet:ntoa(Ip), Reason]), + lager:info("badlogin: ~s from ~s, BAD: ~s", [Username, inet:ntoa(Ip), Reason]), State#state{ active = false, username = Username } end; untagged -> State @@ -84,9 +87,22 @@ case Command of Command when Command =:= <<"AUTHENTICATE">>; Command =:= <<"authenticate">> -> Lines = binary:split(FullBuffer, <<"\r\n">>, [ global ]), - % We can only handle the LOGIN method - lager:info("Lines ~p", [Lines]), - base64:decode(lists:nth(2, Lines)); + FirstLine = lists:nth(1, Lines), + FirstLineParts = binary:split(FirstLine, <<" ">>, [ global ]), + AuthenticateMethod = lists:last(FirstLineParts), + case AuthenticateMethod of + <<"PLAIN">> -> + Decoded = base64:decode(lists:nth(2, Lines)), + % In the form of \0$username\0$password + Split = binary:split(Decoded, <<0>>, [ global ]), + lists:nth(2, Split); + <<"LOGIN">> -> + base64:decode(lists:nth(2, Lines)); + _ -> + %TODO SASL-IR would go here + lager:info("AUTHENTICATE method not implemented ~p", [AuthenticateMethod]), + <<"Not implemented">> + end; <<"LOGIN">> -> List = binary:split(FullBuffer, <<" ">>, [ global ]), lists:nth(3, List)
View file
guam-0.9.10.tar.gz/apps/kolab_guam/test/kolab_guam_rule_audit_SUITE.erl
Changed
@@ -83,6 +83,13 @@ <<"V2VsY29tZTJLb2xhYlN5c3RlbXM=\r\n">>], <<"a001 OK LOGIN completed">>, true + }, + % Thunderbird with the authenticate plain mechanism + { + [<<"1 authenticate PLAIN\r\n">>, + <<"AHRlc3QxQGtvbGFiLm9yZwBXZWxjb21lMktvbGFiU3lzdGVtcw==\r\n">>], + <<"1 OK LOGIN completed">>, + true } ],
View file
guam-0.9.10.tar.gz/generatecerts.sh
Added
@@ -0,0 +1,61 @@ +#!/bin/bash +# Generates test certificates for localhost so tls can be tested + +base_dir=$(dirname $(dirname $0)) + +cert_dir="${base_dir}/certs/" + +if [ ! -d "${cert_dir}" ]; then + mkdir -p ${cert_dir} +fi + +if [ ! -f "${cert_dir}/ca.key" ]; then + openssl genrsa -out ${cert_dir}/ca.key 4096 + + openssl req \ + -new \ + -x509 \ + -nodes \ + -days 3650 \ + -key ${cert_dir}/ca.key \ + -out ${cert_dir}/ca.cert \ + -subj '/O=Example CA/' +fi + +if [ -f /etc/pki/tls/openssl.cnf ]; then + openssl_cnf="/etc/pki/tls/openssl.cnf" +elif [ -f /etc/ssl/openssl.cnf ]; then + openssl_cnf="/etc/ssl/openssl.cnf" +else + echo "No openssl.cnf" + exit 1 +fi + +for name in localhost; do + openssl genrsa -out ${cert_dir}/${name}.key 4096 + + openssl req \ + -new \ + -key ${cert_dir}/${name}.key \ + -out ${cert_dir}/${name}.csr \ + -subj "/O=Example CA/CN=${name}/" \ + -reqexts SAN \ + -config <(cat ${openssl_cnf} \ + <(printf "[SAN]\nsubjectAltName=DNS:${name}")) + + openssl x509 \ + -req \ + -in ${cert_dir}/${name}.csr \ + -CA ${cert_dir}/ca.cert \ + -CAkey ${cert_dir}/ca.key \ + -CAcreateserial \ + -out ${cert_dir}/${name}.cert \ + -days 28 \ + -extfile <(cat ${openssl_cnf} \ + <(printf "[SAN]\nsubjectAltName=DNS:${name}")) \ + -extensions SAN +done + +openssl dhparam -out ${cert_dir}/dhparam4096.pem + +chmod 644 ${cert_dir}/*.{cert,key,pem}
View file
guam.dsc
Changed
@@ -2,7 +2,7 @@ Source: guam Binary: guam Architecture: any -Version: 0.9.10-1 +Version: 0.9.10-2 Maintainer: Christoph Erhardt <kolab@sicherha.de> Homepage: https://kolab.org/about/guam Standards-Version: 3.9.6
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.