Bug 53463 – [UCS 5.0] listfilter.py does not respect use_sasl_username=yes/no

Bug 53463 - [UCS 5.0] listfilter.py does not respect use_sasl_username=yes/no


Summary:	[UCS 5.0] listfilter.py does not respect use_sasl_username=yes/no

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Mail
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 5.0-0-errata
Assigned To:	Tobias Wenzel
QA Contact:	Daniel Tröder

URL:	https://git.knut.univention.de/univen...
Keywords:

Depends on:	46176
Blocks:	54560
	Show dependency tree / graph

Reported:	2021-06-18 11:51 CEST by Toni Röhmeyer
Modified:	2022-03-16 14:05 CET (History)
CC List:	4 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.034
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Toni Röhmeyer

2021-06-18 11:51:37 CEST

+++ This bug was initially created as a clone of Bug #46176 +++

listfilter.py does not respect use_sasl_username=yes/no. If the variable is set to yes, the check fails because attr["sender"] and attr["sasl_username"] are empty. This only affects the case, where --test is used.

root@master41:~# ucr set mail/postfix/policy/listfilter/use_sasl_username=yes
Setting mail/postfix/policy/listfilter/use_sasl_username
Multifile: /etc/postfix/main.cf
File: /etc/listfilter.secret
Multifile: /etc/postfix/master.cf
root@master41:~# /usr/share/univention-mail-postfix/listfilter.py -t -s user1mail@nstx.local -r grp1@nstx.local -b dc=nstx,dc=local
listfilter: sender=None recipient='grp1@nstx.local' check_sasl_username=True
listfilter: attrib={'recipient': 'grp1@nstx.local', 'sender': 'user1mail@nstx.local'}
listfilter: allowed_user_dns=['uid=user1,cn=users,dc=nstx,dc=local'] allowed_group_dns=[]
action=REJECT Access denied for not authenticated sender to restricted list grp1@nstx.local

root@master41:~# ucr set mail/postfix/policy/listfilter/use_sasl_username=no
Setting mail/postfix/policy/listfilter/use_sasl_username
Multifile: /etc/postfix/main.cf
File: /etc/listfilter.secret
Multifile: /etc/postfix/master.cf
root@master41:~# /usr/share/univention-mail-postfix/listfilter.py -t -s user1mail@nstx.local -r grp1@nstx.local -b dc=nstx,dc=local
listfilter: sender='user1mail@nstx.local' recipient='grp1@nstx.local' check_sasl_username=False
listfilter: attrib={'recipient': 'grp1@nstx.local', 'sender': 'user1mail@nstx.local'}
listfilter: allowed_user_dns=['uid=user1,cn=users,dc=nstx,dc=local'] allowed_group_dns=[]
listfilter: user_dn='uid=user1,cn=users,dc=nstx,dc=local'
action=DUNNO allowed per user dn

--- a/mail/univention-mail-postfix/share/listfilter.py
+++ b/mail/univention-mail-postfix/share/listfilter.py
@@ -191,6 +191,7 @@ if options.test:
 		parser.print_help()
 		sys.exit(1)
 	attr["sender"] = options.sender
+	attr["sasl_username"] = options.sender
 	attr["recipient"] = options.recipient
 	action = listfilter(attr)
 	print("action={}\n".format(action))

Comment 1 Toni Röhmeyer

2021-06-22 16:33:16 CEST

Applied same fix as in Bug #46176 on a new feature branch troehmey/bug53463_fix_listfilter_test_5.0 rebased from 5.0-0 with

4eb5188cd1 Bug #53463: fix listfilter test with use_sasl_username

Comment 2 Florian Best

2021-06-23 07:45:50 CEST

Please don't forget to set the Target Milestone.
I created a merge request for your branch, so it's easier to comment:
https://git.knut.univention.de/univention/ucs/-/merge_requests/106

Comment 3 Florian Best

2021-06-23 07:49:14 CEST

REOPEN: the changes are not python 3 compatible and break.

Comment 4 Tobias Wenzel

2021-06-28 14:27:37 CEST

Thanks for the remarks!

I commited a fix with 

[troehmey/bug53463_fix_listfilter_test_5.0] 7189b154eb Bug #53463: replace sys.stderr with print
[troehmey/bug53463_fix_listfilter_test_5.0] 32aa8f2c2c Bug #53463: fix listfilter test with use_sasl_username

Comment 5 Tobias Wenzel

2021-06-30 09:48:58 CEST

As requested merged & build

[5.0-0] 6eb06b1914 Bug #53463: add fix to advisory
[5.0-0] 79dc49a713 Bug #53463: remove docbook in advisory
[5.0-0] db80bbf61d Bug #53463: changelog and advisory
[5.0-0] aa7561bfae Bug #53463: replace sys.stderr with print
[5.0-0] 4dd2eb2db5 Bug #53463: fix listfilter test with use_sasl_username


Package: univention-mail-postfix
Version: 14.0.1-2A~5.0.0.202106300946
Branch: ucs_5.0-0
Scope: errata5.0-0

Comment 6 Daniel Tröder

2021-06-30 09:57:38 CEST

OK: code review
OK: package update
OK: advisory

Comment 7 Erik Damrose

2021-06-30 18:54:24 CEST

<https://errata.software-univention.de/#/?erratum=5.0x39>

Comment 8 Florian Best

2021-09-16 19:57:45 CEST

No QA contact set at the bug.
The bug introduced:
mail/univention-mail-postfix/share/listfilter.py|214 col 37 error| undefined name 'att' [F821]