Kolab Groupware OBS

guam.spec Changed

guam-0.9.10.tar.gz/app.config Changed

@@ -82,13 +82,31 @@
                         { port, 1996 },
                         { imap_server, kolabnow },
 
-                         { implicit_tls, false },
+                        { implicit_tls, false },
                         { rules, 
                                 { filter_groupware,  },
                                 { audit,  }
                                 
                         }
                         
+            },
+            { kolabnow_tls, 
+                        { port, 1997 },
+                        { imap_server, kolabnow },
+                        { implicit_tls, true },
+                        { rules, 
+                                { filter_groupware,  },
+                                { audit,  }
+                                
+                        },
+                       { tls_config, 
+                                    { certfile, "/home/mollekopf/src/guam/certs/localhost.cert" },
+                                    { keyfile, "/home/mollekopf/src/guam/certs/localhost.key" },
+                                    { cacertfile, "/home/mollekopf/src/guam/certs/ca.cert" },
+                                    { dhfile, "/home/mollekopf/src/guam/certs/dhparam4096.pem" },
+                                    { verify, verify_none }
+                          }
+                        
             }
         
     }

guam-0.9.10.tar.gz/apps/kolab_guam/src/rules/kolab_guam_rule_audit.erl Changed

@@ -24,8 +24,11 @@
 
 new(_Config) -> #state { }.
 
+peername({sslsocket, _, _} = Socket) -> ssl:peername(Socket);
+peername(Socket) -> inet:peername(Socket).
+
 applies(Socket, _Buffer, { _Tag, _Command, _Data }, State) ->
-    {ok, {Ip, _Port}} = inet:peername(Socket),
+    {ok, {Ip, _Port}} = peername(Socket),
     % This command is always immediately active as we expect the LOGIN command at the beginning
     { true, State#state{ ip = Ip }}.
 
@@ -55,13 +58,13 @@
             Username = extract_username(FullBuffer, Command),
             case eimap_utils:check_response_for_failure(Buffer, Tag) of
                 ok ->
-                    lager:info("LOGIN ATTEMPT: ~p from ~p, OK", Username, inet:ntoa(Ip)),
+                    lager:info("login: ~s from ~s, OK", Username, inet:ntoa(Ip)),
                     State#state{ active = false, username = Username };
                 { no, Reason } ->
-                    lager:info("LOGIN ATTEMPT: ~p from ~p, NO: ~p", Username, inet:ntoa(Ip), Reason),
+                    lager:info("badlogin: ~s from ~s, NO: ~s", Username, inet:ntoa(Ip), Reason),
                     State#state{ active = false, username = Username };
                 { bad, Reason } ->
-                    lager:info("LOGIN ATTEMPT: ~p from ~p, BAD: ~p", Username, inet:ntoa(Ip), Reason),
+                    lager:info("badlogin: ~s from ~s, BAD: ~s", Username, inet:ntoa(Ip), Reason),
                     State#state{ active = false, username = Username }
             end;
         untagged -> State
@@ -84,9 +87,22 @@
     case Command of
         Command when Command =:= <<"AUTHENTICATE">>; Command =:= <<"authenticate">> ->
             Lines = binary:split(FullBuffer, <<"\r\n">>,  global ),
-            % We can only handle the LOGIN method
-            lager:info("Lines ~p", Lines),
-            base64:decode(lists:nth(2, Lines));
+            FirstLine = lists:nth(1, Lines),
+            FirstLineParts = binary:split(FirstLine, <<" ">>,  global ),
+            AuthenticateMethod = lists:last(FirstLineParts),
+            case AuthenticateMethod of
+                <<"PLAIN">> ->
+                    Decoded = base64:decode(lists:nth(2, Lines)),
+                    % In the form of \0$username\0$password
+                    Split = binary:split(Decoded, <<0>>,  global ),
+                    lists:nth(2, Split);
+                <<"LOGIN">> ->
+                    base64:decode(lists:nth(2, Lines));
+                _ ->
+                    %TODO SASL-IR would go here
+                    lager:info("AUTHENTICATE method not implemented ~p", AuthenticateMethod),
+                    <<"Not implemented">>
+            end;
         <<"LOGIN">> ->
             List = binary:split(FullBuffer, <<" ">>,  global ),
             lists:nth(3, List)

guam-0.9.10.tar.gz/apps/kolab_guam/test/kolab_guam_rule_audit_SUITE.erl Changed

guam-0.9.10.tar.gz/generatecerts.sh Added

@@ -0,0 +1,61 @@
+#!/bin/bash
+# Generates test certificates for localhost so tls can be tested
+
+base_dir=$(dirname $(dirname $0))
+
+cert_dir="${base_dir}/certs/"
+
+if  ! -d "${cert_dir}" ; then
+    mkdir -p ${cert_dir}
+fi
+
+if  ! -f "${cert_dir}/ca.key" ; then
+    openssl genrsa -out ${cert_dir}/ca.key 4096
+
+    openssl req \
+        -new \
+        -x509 \
+        -nodes \
+        -days 3650 \
+        -key ${cert_dir}/ca.key \
+        -out ${cert_dir}/ca.cert \
+        -subj '/O=Example CA/'
+fi
+
+if  -f /etc/pki/tls/openssl.cnf ; then
+    openssl_cnf="/etc/pki/tls/openssl.cnf"
+elif  -f /etc/ssl/openssl.cnf ; then
+    openssl_cnf="/etc/ssl/openssl.cnf"
+else
+    echo "No openssl.cnf"
+    exit 1
+fi
+
+for name in localhost; do
+    openssl genrsa -out ${cert_dir}/${name}.key 4096
+
+    openssl req \
+        -new \
+        -key ${cert_dir}/${name}.key \
+        -out ${cert_dir}/${name}.csr \
+        -subj "/O=Example CA/CN=${name}/" \
+        -reqexts SAN \
+        -config <(cat ${openssl_cnf} \
+            <(printf "SAN\nsubjectAltName=DNS:${name}"))
+
+    openssl x509 \
+        -req \
+        -in ${cert_dir}/${name}.csr \
+        -CA ${cert_dir}/ca.cert \
+        -CAkey ${cert_dir}/ca.key \
+        -CAcreateserial \
+        -out ${cert_dir}/${name}.cert \
+        -days 28 \
+        -extfile <(cat ${openssl_cnf} \
+            <(printf "SAN\nsubjectAltName=DNS:${name}")) \
+        -extensions SAN
+done
+
+openssl dhparam -out ${cert_dir}/dhparam4096.pem
+
+chmod 644 ${cert_dir}/*.{cert,key,pem}

guam.dsc Changed

Changes of Revision 47