[Nmailserver-commits] SF.net SVN: nmailserver: [128] NMail/trunk/NMail.Server

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Revision: 128
          http://svn.sourceforge.net/nmailserver/?rev=128&view=rev
Author:   tmyroadctfig
Date:     2007-02-03 00:36:53 -0800 (Sat, 03 Feb 2007)

Log Message:
-----------
Added authorization checks to the remote administration interface.

Modified Paths:
--------------
    NMail/trunk/NMail.Server/NMail.Server.csproj
    NMail/trunk/NMail.Server/RemoteAdminAuthorisation.cs
    NMail/trunk/NMail.Server.Console/NMail.config
    NMail/trunk/NMail.Server.Console/NMailConsoleServer.cs

Modified: NMail/trunk/NMail.Server/NMail.Server.csproj
===================================================================

--- NMail/trunk/NMail.Server/NMail.Server.csproj	2007-02-02 10:47:18 UTC (rev 127)
+++ NMail/trunk/NMail.Server/NMail.Server.csproj	2007-02-03 08:36:53 UTC (rev 128)
@@ -105,6 +105,7 @@
     <Compile Include="AssemblyInfo.cs">
       <SubType>Code</SubType>
     </Compile>
+    <Compile Include="Configuration\ServerConfiguration.cs" />
     <Compile Include="NMailServer.cs">
       <SubType>Code</SubType>
     </Compile>

Modified: NMail/trunk/NMail.Server/RemoteAdminAuthorisation.cs
===================================================================
--- NMail/trunk/NMail.Server/RemoteAdminAuthorisation.cs	2007-02-02 10:47:18 UTC (rev 127)
+++ NMail/trunk/NMail.Server/RemoteAdminAuthorisation.cs	2007-02-03 08:36:53 UTC (rev 128)
@@ -1,23 +1,98 @@
 using System;
 using System.Collections.Generic;
+using System.Configuration;
 using System.Net;
 using System.Net.Sockets;
 using System.Security.Principal;
 using System.Runtime.Remoting.Channels;
 using System.Text;
 
+using log4net;
+
+using NMail.Configuration;
+using NMail.Server.Configuration;
+
 namespace NMail.Server {
+	/// <summary>
+	/// A class used to check authorisation of remote administration clients.
+	/// </summary>
 	public class RemoteAdminAuthorisation : IAuthorizeRemotingConnection {
+		/// <summary>
+		/// Logging support for this class.
+		/// </summary>
+		private static ILog log = LogManager.GetLogger(typeof(RemoteAdminAuthorisation));
+
 		#region IAuthorizeRemotingConnection Members
+		/// <summary>
+		/// Gets a Boolean value that indicates whether the network address of 
+		/// the client is authorized to connect on the current channel. 
+		/// </summary>
+		/// <param name="endPoint">
+		/// The EndPoint that identifies the network address of the client.
+		/// </param>
+		/// <returns>
+		/// True if the network address of the client is authorized; otherwise, false.
+		/// </returns>
+		public bool IsConnectingEndPointAuthorized(EndPoint endPoint) {
+			// We only support IP clients
+			if (endPoint.AddressFamily != AddressFamily.InterNetwork &&
+				endPoint.AddressFamily != AddressFamily.InterNetworkV6) {
 
-		public bool IsConnectingEndPointAuthorized(EndPoint endPoint) {
-			// TODO: check for a valid address here
-			return true;
+				log.Debug(string.Format("Connection attempt from non-IP client. {0}", endPoint.AddressFamily));
+				return false;
+			}
+
+			WildcardHostElementCollection remoteAdminClients = ServerConfiguration.Current.RemoteAdminClients;
+			IPAddress clientAddress = ((IPEndPoint) endPoint).Address;
+
+			// If no clients are specified only local host clients are allowed
+			if (remoteAdminClients == null || remoteAdminClients.Count == 0) {
+				log.Info(string.Format("Connection from (only accept from localhost): {0}", clientAddress));
+				return (clientAddress.Equals(IPAddress.Loopback) || clientAddress.Equals(IPAddress.IPv6Loopback));
+			}
+
+			// Check the list of allowed clients
+			for (int i = 0; i < remoteAdminClients.Count; i++) {
+				if (remoteAdminClients[i].MatchWildcardHost.MatchesSubnet(clientAddress)) {
+					log.Info(string.Format("Connection from: {0}", clientAddress));
+					return true;
+				}
+			}
+
+			log.Info(string.Format("Failed connection from: {0}", clientAddress));
+			return false;
 		}
 
+		/// <summary>
+		/// Gets a Boolean value that indicates whether the user identity of the client
+		/// is authorized to connect on the current channel. 
+		/// </summary>
+		/// <param name="identity">
+		/// The IIdentity that represents the user identity of the client.
+		/// </param>
+		/// <returns>
+		/// True if the user identity of the client is authorized; otherwise, false.
+		/// </returns>
 		public bool IsConnectingIdentityAuthorized(IIdentity identity) {
-			// TODO: check for a valid username here
-			return identity.IsAuthenticated;
+			string connectingUser = identity.Name.Trim().ToLower();
+			CommaDelimitedStringCollection remoteAdminUsers = ServerConfiguration.Current.RemoteAdminAuthorizedUsers;
+
+			if (remoteAdminUsers == null) {
+				log.Info(string.Format("Failed connection from user (not accepting connections): {0}", connectingUser));
+				return false;
+			}
+
+			// Check if the user is in the list of allowed users
+			for (int i = 0; i < remoteAdminUsers.Count; i++) {
+				if (connectingUser.Equals(remoteAdminUsers[i].Trim().ToLower())) {
+					// They also have to be authenticated
+					log.Info(string.Format("Connection from: '{0}' Authenticated: {1}", connectingUser, identity.IsAuthenticated));
+					return identity.IsAuthenticated;
+				}
+			}
+
+			log.Info(string.Format("Failed connection from user: {0}", connectingUser));
+			return false;
 		}
 		#endregion
 	}

Modified: NMail/trunk/NMail.Server.Console/NMail.config
===================================================================
--- NMail/trunk/NMail.Server.Console/NMail.config	2007-02-02 10:47:18 UTC (rev 127)
+++ NMail/trunk/NMail.Server.Console/NMail.config	2007-02-03 08:36:53 UTC (rev 128)
@@ -2,6 +2,7 @@
 <configuration>
 	<configSections>
 		<section name="NMail" type="NMail.Configuration.NMailConfiguration, NMail" />
+		<section name="NMail.Server" type="NMail.Server.Configuration.ServerConfiguration, NMail.Server" />
 		<section name="NMail.SmtpService" type="NMail.SmtpService.Configuration.SmtpServiceConfiguration, NMail.SmtpService" />
 		<section name="NMail.DnsClient" type="NMail.DnsClient.Configuration.DnsClientConfiguration, NMail.DnsClient" />
 		<section name="NMail.ImapService" type="NMail.ImapService.Configuration.ImapServiceConfiguration, NMail.ImapService" />
@@ -34,6 +35,15 @@
 		</NamedServices>
 	</NMail>
 
+	<NMail.Server
+		   RemoteAdminAuthorizedUsers="niknak\luke">
+
+		<RemoteAdminClients>
+			<Client Match="127.0.0.1/32" />
+			<Client Match="192.168.5.0/24" />
+		</RemoteAdminClients>
+	</NMail.Server>
+
 	<NMail.MessageRouter
 		VisibleHost="localhost"
 		WarningTemplate="Warning.txt"

Modified: NMail/trunk/NMail.Server.Console/NMailConsoleServer.cs
===================================================================
--- NMail/trunk/NMail.Server.Console/NMailConsoleServer.cs	2007-02-02 10:47:18 UTC (rev 127)
+++ NMail/trunk/NMail.Server.Console/NMailConsoleServer.cs	2007-02-03 08:36:53 UTC (rev 128)
@@ -28,6 +28,9 @@
 	/// Provides a console server implementation for NMail.
 	/// </summary>
 	class NMailConsoleServer {
+		/// <summary>
+		/// Logging support for this class.
+		/// </summary>
 		private static ILog log = LogManager.GetLogger(typeof(NMailConsoleServer));
 
 		/// <summary>


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.


