From fadf6966be534c132f3e190246b16e3b89b7059b Mon Sep 17 00:00:00 2001 From: Dominik Chilla Date: Tue, 31 Jan 2023 00:29:44 +0100 Subject: [PATCH] Make X-MS-Exchange-CrossTenant-Id header optional - take 2 --- app/policy.py | 21 ++++++++++----------- tests/miltertest.lua | 4 ++-- tests/miltertest_conn_reuse.lua | 8 ++++---- tests/miltertest_conn_reuse_fail_pass.lua | 12 ++++++------ tests/miltertest_fail.lua | 2 +- tests/miltertest_multiple_tenantid.lua | 4 ++-- tests/miltertest_no_tenantid_pass.lua | 4 ++-- tests/policy.json | 5 +++++ 8 files changed, 32 insertions(+), 28 deletions(-) diff --git a/app/policy.py b/app/policy.py index 2cc3b16..0500fc6 100644 --- a/app/policy.py +++ b/app/policy.py @@ -25,7 +25,10 @@ class ExOTAPolicyBackendException(Exception): class ExOTAPolicy(): def __init__(self, policy_dict): - self.tenant_id = policy_dict['tenant_id'] + if 'tenant_id' in policy_dict: + self.tenant_id = policy_dict['tenant_id'] + else: + self.tenant_id = '' if 'dkim_enabled' in policy_dict: self.dkim_enabled = policy_dict['dkim_enabled'] else: @@ -50,18 +53,11 @@ class ExOTAPolicy(): @staticmethod def check_policy(policy_dict): - if 'tenant_id' not in policy_dict: - raise ExOTAPolicyInvalidException( - "Policy must have a 'tenant_id' key!" - ) - if policy_dict['tenant_id'] is None: - raise ExOTAPolicyInvalidException( - "'tenant_id' needs a value!" - ) for policy_key in policy_dict: if policy_key == 'tenant_id': try: - UUID(policy_dict[policy_key]) + if policy_dict[policy_key] != '': + UUID(policy_dict[policy_key]) except ValueError as e: raise ExOTAPolicyInvalidException( "Invalid 'tenant_id': {0}".format(str(e)) @@ -200,7 +196,10 @@ class ExOTAPolicyBackendLDAP(ExOTAPolicyBackend): entry = response[0]['attributes'] policy_dict = {} if self.tenant_id_attr in entry: - policy_dict['tenant_id'] = entry[self.tenant_id_attr][0] + if len(entry[self.tenant_id_attr]) > 0: + policy_dict['tenant_id'] = entry[self.tenant_id_attr][0] + else: + policy_dict['tenant_id'] = '' if self.dkim_enabled_attr in entry: if entry[self.dkim_enabled_attr][0] == 'TRUE': policy_dict['dkim_enabled'] = True diff --git a/tests/miltertest.lua b/tests/miltertest.lua index 7500c45..bc9ad04 100644 --- a/tests/miltertest.lua +++ b/tests/miltertest.lua @@ -33,7 +33,7 @@ end --if mt.header(conn, "fRoM", '"Blah Blubb" ') ~= nil then -- error "mt.header(From) failed" --end -if mt.header(conn, "fRoM", '"Blah Blubb" ') ~= nil then +if mt.header(conn, "fRoM", '"Blah Blubb" ') ~= nil then error "mt.header(From) failed" end if mt.header(conn, "resent-fRoM", '"Blah Blubb" ') ~= nil then @@ -57,7 +57,7 @@ end if mt.header(conn, "Authentication-RESULTS", "my-auth-serv-id;\n dkim=pass header.d=yad.onmicrosoft.comx header.s=selector1-yad-onmicrosoft-com header.b=mmmjFpv8") ~= nil then error "mt.header(Subject) failed" end -if mt.header(conn, "Authentication-RESULTS", "my-auth-serv-id;\n dkim=pass header.d=Chillout2k.de header.s=selector1-yad-onmicrosoft-com header.b=mmmjFpv8") ~= nil then +if mt.header(conn, "Authentication-RESULTS", "my-auth-serv-id;\n dkim=pass header.d=staging.zwackl.de header.s=selector1-yad-onmicrosoft-com header.b=mmmjFpv8") ~= nil then error "mt.header(Subject) failed" end if mt.header(conn, "Authentication-Results", "my-auth-serv-id;\n dkim=fail header.d=yad.onmicrosoft.com header.s=selector2-asdf header.b=mmmjFpv8") ~= nil then diff --git a/tests/miltertest_conn_reuse.lua b/tests/miltertest_conn_reuse.lua index 8ff6077..7767cb0 100644 --- a/tests/miltertest_conn_reuse.lua +++ b/tests/miltertest_conn_reuse.lua @@ -33,7 +33,7 @@ end --if mt.header(conn, "fRoM", '"Blah Blubb" ') ~= nil then -- error "mt.header(From) failed" --end -if mt.header(conn, "fRoM", '"Blah Blubb" ') ~= nil then +if mt.header(conn, "fRoM", '"Blah Blubb" ') ~= nil then error "mt.header(From) failed" end if mt.header(conn, "resent-fRoM", '"Blah Blubb" ') ~= nil then @@ -57,7 +57,7 @@ end if mt.header(conn, "Authentication-RESULTS", "my-auth-serv-id;\n dkim=pass header.d=yad.onmicrosoft.comx header.s=selector1-yad-onmicrosoft-com header.b=mmmjFpv8") ~= nil then error "mt.header(Subject) failed" end -if mt.header(conn, "Authentication-RESULTS", "my-auth-serv-id;\n dkim=pass header.d=chillout2k.de header.s=selector1-yad-onmicrosoft-com header.b=mmmjFpv8") ~= nil then +if mt.header(conn, "Authentication-RESULTS", "my-auth-serv-id;\n dkim=pass header.d=staging.zwackl.de header.s=selector1-yad-onmicrosoft-com header.b=mmmjFpv8") ~= nil then error "mt.header(Subject) failed" end if mt.header(conn, "Authentication-Results", "my-auth-serv-id;\n dkim=fail header.d=yad.onmicrosoft.com header.s=selector2-asdf header.b=mmmjFpv8") ~= nil then @@ -107,13 +107,13 @@ if mt.getreply(conn) ~= SMFIR_CONTINUE then end -- HEADER -if mt.header(conn, "fRoM", '"Blah Blubb" ') ~= nil then +if mt.header(conn, "fRoM", '"Blah Blubb" ') ~= nil then error "mt.header(From) failed" end if mt.header(conn, "x-mS-EXCHANGE-crosstenant-id", "1234abcd-18c5-45e8-88de-123456789abc") ~= nil then error "mt.header(Subject) failed" end -if mt.header(conn, "Authentication-RESULTS", "my-auth-serv-id;\n dkim=pass header.d=chillout2k.de header.s=selector1-yad-onmicrosoft-com header.b=mmmjFpv8") ~= nil then +if mt.header(conn, "Authentication-RESULTS", "my-auth-serv-id;\n dkim=pass header.d=staging.zwackl.de header.s=selector1-yad-onmicrosoft-com header.b=mmmjFpv8") ~= nil then error "mt.header(Subject) failed" end diff --git a/tests/miltertest_conn_reuse_fail_pass.lua b/tests/miltertest_conn_reuse_fail_pass.lua index d734266..89cdf00 100644 --- a/tests/miltertest_conn_reuse_fail_pass.lua +++ b/tests/miltertest_conn_reuse_fail_pass.lua @@ -31,13 +31,13 @@ if mt.getreply(conn) ~= SMFIR_CONTINUE then end -- HEADER -if mt.header(conn, "fRoM", '"Blah Blubb" ') ~= nil then +if mt.header(conn, "fRoM", '"Blah Blubb" ') ~= nil then error "mt.header(From) failed" end if mt.header(conn, "x-mS-EXCHANGE-crosstenant-id", "1234abcd-18c5-45e8-88de-123456789abcXXX") ~= nil then error "mt.header(Subject) failed" end -if mt.header(conn, "Authentication-RESULTS", "my-auth-serv-id;\n dkim=fail header.d=chillout2k.de header.s=selector1-yad-onmicrosoft-com header.b=mmmjFpv8") ~= nil then +if mt.header(conn, "Authentication-RESULTS", "my-auth-serv-id;\n dkim=fail header.d=staging.zwackl.de header.s=selector1-yad-onmicrosoft-com header.b=mmmjFpv8") ~= nil then error "mt.header(Subject) failed" end if mt.header(conn, "X-ExOTA-Authentication-Results", "my-auth-serv-id;\n exota=pass") ~= nil then @@ -81,13 +81,13 @@ if mt.getreply(conn) ~= SMFIR_CONTINUE then end -- HEADER -if mt.header(conn, "fRoM", '"Blah Blubb" ') ~= nil then +if mt.header(conn, "fRoM", '"Blah Blubb" ') ~= nil then error "mt.header(From) failed" end if mt.header(conn, "x-mS-EXCHANGE-crosstenant-id", "1234abcd-18c5-45e8-88de-123456789abc") ~= nil then error "mt.header(Subject) failed" end -if mt.header(conn, "Authentication-RESULTS", "my-auth-serv-id;\n dkim=pass header.d=chillout2k.de header.s=selector1-yad-onmicrosoft-com header.b=mmmjFpv8") ~= nil then +if mt.header(conn, "Authentication-RESULTS", "my-auth-serv-id;\n dkim=pass header.d=staging.zwackl.de header.s=selector1-yad-onmicrosoft-com header.b=mmmjFpv8") ~= nil then error "mt.header(Subject) failed" end @@ -127,13 +127,13 @@ if mt.getreply(conn) ~= SMFIR_CONTINUE then end -- HEADER -if mt.header(conn, "fRoM", '"Blah Blubb" ') ~= nil then +if mt.header(conn, "fRoM", '"Blah Blubb" ') ~= nil then error "mt.header(From) failed" end if mt.header(conn, "x-mS-EXCHANGE-crosstenant-id", "1234abcd-18c5-45e8-88de-123456789abcXXX") ~= nil then error "mt.header(Subject) failed" end -if mt.header(conn, "Authentication-RESULTS", "my-auth-serv-id;\n dkim=fail header.d=chillout2k.de header.s=selector1-yad-onmicrosoft-com header.b=mmmjFpv8") ~= nil then +if mt.header(conn, "Authentication-RESULTS", "my-auth-serv-id;\n dkim=fail header.d=staging.zwackl.de header.s=selector1-yad-onmicrosoft-com header.b=mmmjFpv8") ~= nil then error "mt.header(Subject) failed" end if mt.header(conn, "X-ExOTA-Authentication-Results", "my-auth-serv-id;\n exota=pass") ~= nil then diff --git a/tests/miltertest_fail.lua b/tests/miltertest_fail.lua index abf0ecd..c4e4783 100644 --- a/tests/miltertest_fail.lua +++ b/tests/miltertest_fail.lua @@ -30,7 +30,7 @@ if mt.getreply(conn) ~= SMFIR_CONTINUE then end -- HEADER -if mt.header(conn, "fRoM", '"Blah Blubb" ') ~= nil then +if mt.header(conn, "fRoM", '"Blah Blubb" ') ~= nil then error "mt.header(From) failed" end if mt.header(conn, "x-mS-EXCHANGE-crosstenant-id", "1234abcd-18c5-45e8-88de-123456789abc") ~= nil then diff --git a/tests/miltertest_multiple_tenantid.lua b/tests/miltertest_multiple_tenantid.lua index 10fb596..80080dd 100644 --- a/tests/miltertest_multiple_tenantid.lua +++ b/tests/miltertest_multiple_tenantid.lua @@ -30,7 +30,7 @@ if mt.getreply(conn) ~= SMFIR_CONTINUE then end -- HEADER -if mt.header(conn, "fRoM", '"Blah Blubb" ') ~= nil then +if mt.header(conn, "fRoM", '"Blah Blubb" ') ~= nil then error "mt.header(From) failed" end if mt.header(conn, "x-mS-EXCHANGE-crosstenant-id", "1234abcd-18c5-45e8-88de-123456789abc") ~= nil then @@ -42,7 +42,7 @@ end if mt.header(conn, "X-MS-Exchange-CrossTenant-Id", "4321abcd-18c5-45e8-88de-blahblubb") ~= nil then error "mt.header(tenant-id fail) failed" end -if mt.header(conn, "Authentication-RESULTS", "my-auth-serv-id;\n dkim=pass header.d=chillout2k.de header.s=selector1-yad-onmicrosoft-com header.b=mmmjFpv8") ~= nil then +if mt.header(conn, "Authentication-RESULTS", "my-auth-serv-id;\n dkim=pass header.d=staging.zwackl.de header.s=selector1-yad-onmicrosoft-com header.b=mmmjFpv8") ~= nil then error "mt.header(DKIM-AR) failed" end if mt.header(conn, "X-ExOTA-Authentication-Results", "my-auth-serv-id;\n exota=pass") ~= nil then diff --git a/tests/miltertest_no_tenantid_pass.lua b/tests/miltertest_no_tenantid_pass.lua index e312573..aede38a 100644 --- a/tests/miltertest_no_tenantid_pass.lua +++ b/tests/miltertest_no_tenantid_pass.lua @@ -30,7 +30,7 @@ if mt.getreply(conn) ~= SMFIR_CONTINUE then end -- HEADER -if mt.header(conn, "fRoM", '"Blah Blubb" ') ~= nil then +if mt.header(conn, "fRoM", '"Blah Blubb" ') ~= nil then error "mt.header(From) failed" end if mt.header(conn, "resent-fRoM", '"Blah Blubb" ') ~= nil then @@ -48,7 +48,7 @@ end if mt.header(conn, "Authentication-RESULTS", "my-auth-serv-id;\n dkim=pass header.d=yad.onmicrosoft.comx header.s=selector1-yad-onmicrosoft-com header.b=mmmjFpv8") ~= nil then error "mt.header(Subject) failed" end -if mt.header(conn, "Authentication-RESULTS", "my-auth-serv-id;\n dkim=pass header.d=Chillout2k.de header.s=selector1-yad-onmicrosoft-com header.b=mmmjFpv8") ~= nil then +if mt.header(conn, "Authentication-RESULTS", "my-auth-serv-id;\n dkim=pass header.d=staging.zwackl.de header.s=selector1-yad-onmicrosoft-com header.b=mmmjFpv8") ~= nil then error "mt.header(Subject) failed" end if mt.header(conn, "Authentication-Results", "my-auth-serv-id;\n dkim=fail header.d=yad.onmicrosoft.com header.s=selector2-asdf header.b=mmmjFpv8") ~= nil then diff --git a/tests/policy.json b/tests/policy.json index 17980c8..6744dc9 100644 --- a/tests/policy.json +++ b/tests/policy.json @@ -7,5 +7,10 @@ "example.com": { "tenant_id": "abcd1234-18c5-45e8-88de-987654321cba", "dkim_enabled": false + }, + "staging.zwackl.de": { + "tenant_id": "", + "dkim_enabled": true, + "dkim_alignment_required": true } } \ No newline at end of file