You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@james.apache.org by bt...@apache.org on 2023/01/09 09:22:11 UTC
[james-project] branch master updated (b5580d13d6 -> f98e3146bd)
This is an automated email from the ASF dual-hosted git repository.
btellier pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git
from b5580d13d6 [DOC] CVE-2022-45935: Temporary File Information Disclosure in Apache JAMES (#1378)
new 1c218529ca SMTP AuthCmdHandler support doDelegation method
new f98e3146bd [FIX] CassandraMessageIdManagerSideEffectTest: Ensure the right schema version
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../CassandraMessageIdManagerSideEffectTest.java | 7 ++++
.../protocols/smtp/core/esmtp/AuthCmdHandler.java | 38 +++++++++++++++++++---
.../apache/james/protocols/smtp/hook/AuthHook.java | 4 +++
.../apache/james/smtpserver/SMTPServerTest.java | 2 +-
4 files changed, 45 insertions(+), 6 deletions(-)
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org
[james-project] 02/02: [FIX] CassandraMessageIdManagerSideEffectTest: Ensure the right schema version
Posted by bt...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
btellier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git
commit f98e3146bdbe9a6f08f0089c7dc8673d5f9b0439
Author: Benoit Tellier <bt...@linagora.com>
AuthorDate: Mon Jan 9 12:36:33 2023 +0700
[FIX] CassandraMessageIdManagerSideEffectTest: Ensure the right schema version
---
.../mailbox/cassandra/CassandraMessageIdManagerSideEffectTest.java | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/mailbox/cassandra/src/test/java/org/apache/james/mailbox/cassandra/CassandraMessageIdManagerSideEffectTest.java b/mailbox/cassandra/src/test/java/org/apache/james/mailbox/cassandra/CassandraMessageIdManagerSideEffectTest.java
index 40bd1f0e04..f42072662f 100644
--- a/mailbox/cassandra/src/test/java/org/apache/james/mailbox/cassandra/CassandraMessageIdManagerSideEffectTest.java
+++ b/mailbox/cassandra/src/test/java/org/apache/james/mailbox/cassandra/CassandraMessageIdManagerSideEffectTest.java
@@ -24,6 +24,8 @@ import java.util.Set;
import org.apache.james.backends.cassandra.CassandraCluster;
import org.apache.james.backends.cassandra.CassandraClusterExtension;
import org.apache.james.backends.cassandra.StatementRecorder;
+import org.apache.james.backends.cassandra.versions.CassandraSchemaVersionDAO;
+import org.apache.james.backends.cassandra.versions.SchemaVersion;
import org.apache.james.events.EventBus;
import org.apache.james.mailbox.cassandra.mail.MailboxAggregateModule;
import org.apache.james.mailbox.extension.PreDeletionHook;
@@ -49,6 +51,11 @@ class CassandraMessageIdManagerSideEffectTest extends AbstractMessageIdManagerSi
@Test
void setInMailboxesShouldLimitMailboxReads(CassandraCluster cassandra) throws Exception {
+ // Ensure the right schema version
+ CassandraSchemaVersionDAO schemaVersionDAO = new CassandraSchemaVersionDAO(cassandra.getConf());
+ schemaVersionDAO.truncateVersion().block();
+ schemaVersionDAO.updateVersion(new SchemaVersion(12)).block();
+
givenUnlimitedQuota();
MessageId messageId = testingData.persist(mailbox2.getMailboxId(), messageUid1, FLAGS, session);
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org
[james-project] 01/02: SMTP AuthCmdHandler support doDelegation method
Posted by bt...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
btellier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git
commit 1c218529cafccd9393cc6490e77ef4b6ad594d99
Author: Tung Van TRAN <vt...@linagora.com>
AuthorDate: Wed Dec 21 21:58:14 2022 +0700
SMTP AuthCmdHandler support doDelegation method
---
.../protocols/smtp/core/esmtp/AuthCmdHandler.java | 38 +++++++++++++++++++---
.../apache/james/protocols/smtp/hook/AuthHook.java | 4 +++
.../apache/james/smtpserver/SMTPServerTest.java | 2 +-
3 files changed, 38 insertions(+), 6 deletions(-)
diff --git a/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/core/esmtp/AuthCmdHandler.java b/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/core/esmtp/AuthCmdHandler.java
index 0a39893cbe..5f4cdddbbd 100644
--- a/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/core/esmtp/AuthCmdHandler.java
+++ b/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/core/esmtp/AuthCmdHandler.java
@@ -170,13 +170,13 @@ public class AuthCmdHandler
session.pushLineHandler(new AbstractSMTPLineHandler() {
@Override
protected Response onCommand(SMTPSession session, String l) {
- return doPlainAuthPass(session, l);
+ return doPlainAuth(session, l);
}
});
return AUTH_READY_PLAIN;
} else {
userpass = initialResponse.trim();
- return doPlainAuthPass(session, userpass);
+ return doPlainAuth(session, userpass);
}
} else if (authType.equals(AUTH_TYPE_LOGIN) && session.getConfiguration().isPlainAuthEnabled()) {
@@ -242,16 +242,19 @@ public class AuthCmdHandler
* @param session SMTP session object
* @param line the initial response line passed in with the AUTH command
*/
- private Response doPlainAuthPass(SMTPSession session, String line) {
+ private Response doPlainAuth(SMTPSession session, String line) {
try {
List<String> tokens = Optional.ofNullable(decodeBase64(line))
.map(userpass1 -> Arrays.stream(userpass1.split("\0"))
.filter(token -> !token.isBlank())
.collect(Collectors.toList()))
.orElse(List.of());
- Preconditions.checkArgument(tokens.size() == 2 || tokens.size() == 3);
+ Preconditions.checkArgument(tokens.size() == 1 || tokens.size() == 2 || tokens.size() == 3);
Response response = null;
- if (tokens.size() == 2) {
+
+ if (tokens.size() == 1) {
+ response = doDelegation(session, Username.of(tokens.get(0)));
+ } else if (tokens.size() == 2) {
// If we got here, this is what happened. RFC 2595
// says that "the client may leave the authorization
// identity empty to indicate that it is the same as
@@ -339,6 +342,31 @@ public class AuthCmdHandler
return doAuthTest(session, username, pass, "LOGIN");
}
+ protected Response doDelegation(SMTPSession session, Username username) {
+ Response res = null;
+
+ List<AuthHook> hooks = Optional.ofNullable(getHooks())
+ .orElse(List.of());
+
+ for (AuthHook rawHook : hooks) {
+ rawHook.doDelegation(session, username);
+ res = executeHook(session, rawHook, hook -> rawHook.doDelegation(session, username));
+
+ if (res != null) {
+ if (SMTPRetCode.AUTH_FAILED.equals(res.getRetCode())) {
+ LOGGER.warn("{} was not authorized to connect as {}", session.getUsername(), username);
+ } else if (SMTPRetCode.AUTH_OK.equals(res.getRetCode())) {
+ LOGGER.info("{} was authorized to connect as {}", session.getUsername(), username);
+ }
+ return res;
+ }
+ }
+
+ res = AUTH_FAILED;
+ LOGGER.error("DELEGATE failed from {}@{}", username, session.getRemoteAddress().getAddress().getHostAddress());
+ return res;
+ }
+
protected Response doAuthTest(SMTPSession session, Username username, String pass, String authType) {
if ((username == null) || (pass == null)) {
return new SMTPResponse(SMTPRetCode.SYNTAX_ERROR_ARGUMENTS,"Could not decode parameters for AUTH " + authType);
diff --git a/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/hook/AuthHook.java b/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/hook/AuthHook.java
index f9e7f76f87..8351eb2367 100644
--- a/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/hook/AuthHook.java
+++ b/protocols/smtp/src/main/java/org/apache/james/protocols/smtp/hook/AuthHook.java
@@ -38,4 +38,8 @@ public interface AuthHook extends Hook {
HookResult doAuth(SMTPSession session, Username username, String password);
HookResult doSasl(SMTPSession session, OidcSASLConfiguration saslConfiguration, String initialResponse);
+
+ default HookResult doDelegation(SMTPSession session, Username target) {
+ return HookResult.DECLINED;
+ }
}
diff --git a/server/protocols/protocols-smtp/src/test/java/org/apache/james/smtpserver/SMTPServerTest.java b/server/protocols/protocols-smtp/src/test/java/org/apache/james/smtpserver/SMTPServerTest.java
index fbde0a3f89..8356b9d16a 100644
--- a/server/protocols/protocols-smtp/src/test/java/org/apache/james/smtpserver/SMTPServerTest.java
+++ b/server/protocols/protocols-smtp/src/test/java/org/apache/james/smtpserver/SMTPServerTest.java
@@ -1420,7 +1420,7 @@ public class SMTPServerTest {
smtpProtocol.sendCommand("AUTH PLAIN");
smtpProtocol.sendCommand("canNotDecode");
assertThat(smtpProtocol.getReplyString())
- .contains("501 Could not decode parameters for AUTH PLAIN");
+ .contains("535 Authentication Failed");
}
@Test
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org