Version 1

- Added basic error handling
- Decided to keep Debug block:
	- moved it to the bottom
	- hardcoded my hostmask
- Changed server config variable to Private
- Changed access config variable's help text
This commit is contained in:
Georg Pfuetzenreuter 2021-06-03 05:42:21 +02:00
parent eda43f1d3c
commit 491452f326
Signed by: Georg
GPG Key ID: 0EC71AFA80C807E3
3 changed files with 215 additions and 187 deletions

Binary file not shown.

View File

@ -68,7 +68,7 @@ registry.String('',
""" """
Your Mailcow server \(https://example.com\) Your Mailcow server \(https://example.com\)
""" """
, private=False , private=True
)) ))
conf.registerGroup(Mailcow, 'access') conf.registerGroup(Mailcow, 'access')
@ -76,7 +76,7 @@ conf.registerGroup(Mailcow, 'access')
conf.registerGlobalValue(Mailcow.access, 'read', conf.registerGlobalValue(Mailcow.access, 'read',
registry.CommaSeparatedListOfStrings('', registry.CommaSeparatedListOfStrings('',
""" """
Nicknames to grant Read-Only access Hostmasks to grant Read-Only access
""" """
, private=True , private=True
)) ))
@ -84,7 +84,7 @@ Nicknames to grant Read-Only access
conf.registerGlobalValue(Mailcow.access, 'write', conf.registerGlobalValue(Mailcow.access, 'write',
registry.CommaSeparatedListOfStrings('', registry.CommaSeparatedListOfStrings('',
""" """
Nicknames to grant Write access Hostmasks to grant Write access
""" """
, private=True , private=True
)) ))

396
plugin.py
View File

@ -60,132 +60,101 @@ class Mailcow(callbacks.Plugin):
hostmask = irc.state.nickToHostmask(msg.nick) hostmask = irc.state.nickToHostmask(msg.nick)
#Read-Functions: Summary #Read-Functions: Summary
try:
if 'summary' in variant:
if hostmask in read or write:
URL = server + get + '/domain/' + id
try:
response = requests.get(
URL,
headers = {'accept': 'application/json', 'X-API-Key': api_key},
)
data = response.json()
domain = data['domain_name']
description = data['description']
bytes_total = data['bytes_total']
#response.raise_for_status()
irc.reply(f"Domain: {domain} | Description: {description} | Bytes Total: {bytes_total} ")
except requests.exceptions.ConnectionError as err:
irc.error("Connection failed.")
except requests.exceptions.HTTPError as err:
irc.error(err)
else:
irc.reply("Thou shalt not pass.")
print("Intrusion attempt: " + hostmask)
#Write-Functions: Create/Delete
elif 'create' in variant:
if hostmask in write:
URL = server + api + '/add/domain'
payload = {
"active": "1",
"aliases": "20",
"backupmx": "0",
"defquota": "1024",
"description": id,
"domain": id,
"mailboxes": "10",
"maxquota": "2048",
"quota": "5120",
"relay_all_recipients": "0",
"rl_frame": "s",
"rl_value": "10",
"restart_sogo": "10"
}
response = requests.post(
URL,
headers = {'accept': 'application/json', 'X-API-Key': api_key, 'Content-Type': 'application/json'},
json = payload,
)
data = response.json()
print(data)
status = data[0]['type']
#object = data[0]['domain']
#active = data[0]['active']
msg = data[0]['msg']
#max_aliases = data['aliases']
#max_mailboxes = data['mailboxes']
#default_quota = data['defquota']
#max_mailbox_quota = data['maxquota']
#max_domain_quota = data['quota']
irc.reply(f"CREATION: {status} | {msg} | NOTE: SOGo is NOT being restarted automatically.")# Issue 'sogo restart' to make the object visible through Groupware. | Summary of object properties: MaxAliases: {aliases} | MaxMailboxes: {mailboxes} | DefaultQuota: {default_quota} | MaxMailBoxQuota: {max_mailbox_quota} | MaxDomainQuota: {max_domain_quota}")
else:
irc.reply("Thou shall not create.")
print("Intrusion attempt: " + hostmask)
elif 'delete' in variant:
if hostmask in write:
URL = server + api + '/delete/domain'
payload = [
id
]
response = requests.post(
URL,
headers = {'accept': 'application/json', 'X-API-Key': api_key, 'Content-Type': 'application/json'},
json = payload,
)
data = response.json()
status = data[0]['type']
object = data[0]['msg']
irc.reply(f"DELETION: {status} - {msg} - Hey, where's that backup again?")
else:
irc.reply("Thou shall not delete.")
print("Intrusion attempt: " + hostmask)
if 'summary' in variant:
if hostmask in read or write:
URL = server + get + '/domain/' + id
response = requests.get(
URL,
headers = {'accept': 'application/json', 'X-API-Key': api_key},
)
data = response.json()
domain = data['domain_name']
description = data['description']
bytes_total = data['bytes_total']
irc.reply(f"Domain: {domain} | Description: {description} | Bytes Total: {bytes_total} ")
else: else:
irc.reply("Thou shall not pass.") irc.reply("Unknown option.")
print("Intrusion attempt: " + hostmask)
#Write-Functions: Create/Delete except KeyError as err:
elif 'create' in variant: key = err.args[0]
if hostmask in write: if key == 'domain_name':
URL = server + api + '/add/domain' irc.error("Invalid domain.")
#domain = id['domain']
payload = {
"active": "1",
"aliases": "20",
"backupmx": "0",
"defquota": "1024",
"description": id,
"domain": id,
"mailboxes": "10",
"maxquota": "2048",
"quota": "5120",
"relay_all_recipients": "0",
"rl_frame": "s",
"rl_value": "10",
"restart_sogo": "10"
}
response = requests.post(
URL,
headers = {'accept': 'application/json', 'X-API-Key': api_key, 'Content-Type': 'application/json'},
json = payload,
)
data = response.json()
print(data)
status = data[0]['type']
#object = data[0]['domain']
#active = data[0]['active']
msg = data[0]['msg']
#max_aliases = data['aliases']
#max_mailboxes = data['mailboxes']
#default_quota = data['defquota']
#max_mailbox_quota = data['maxquota']
#max_domain_quota = data['quota']
irc.reply(f"CREATION: {status} | {msg} | NOTE: SOGo is NOT being restarted automatically.")# Issue 'sogo restart' to make the object visible through Groupware. | Summary of object properties: MaxAliases: {aliases} | MaxMailboxes: {mailboxes} | DefaultQuota: {default_quota} | MaxMailBoxQuota: {max_mailbox_quota} | MaxDomainQuota: {max_domain_quota}")
else: else:
irc.reply("Thou shall not create.") irc.error("Unhandled " + str(err))
print("Intrusion attempt: " + hostmask)
elif 'delete' in variant:
if hostmask in write:
URL = server + api + '/delete/domain'
payload = [
id
]
response = requests.post(
URL,
headers = {'accept': 'application/json', 'X-API-Key': api_key, 'Content-Type': 'application/json'},
json = payload,
)
data = response.json()
status = data[0]['type']
object = data[0]['msg']
irc.reply(f"DELETION: {status} - {msg} - Hey, where's that backup again?")
else:
irc.reply("Thou shall not delete.")
print("Intrusion attempt: " + hostmask)
else:
irc.reply("Unknown option.")
maildomain = wrap(maildomain, ['anything', 'anything']) maildomain = wrap(maildomain, ['anything', 'anything'])
####################
#FOR DEBUGGING / REMOVE BEFORE RELEASE
####################
def mcdebug(self, irc, msg, args, variant):
"""Prints values."""
server = self.registryValue('api.server')
api_key = self.registryValue('api.key')
read = self.registryValue('access.read')
write = self.registryValue('access.write')
nick = msg.nick
hostmask = irc.state.nickToHostmask(msg.nick)
if hostmask in read or hostmask in write:
if 'key' in variant:
irc.reply('> ' + api_key + ' <')
elif 'server' in variant:
irc.reply('> ' + server + ' <')
elif 'user' in variant:
u = ircdb.users.getUser(msg.prefix)
nick = msg.nick
hm = irc.state.nickToHostmask(nick)
print(hm)
irc.reply('> ' + u.name + ' ' + hm + ' <')
elif 'read' in variant:
irc.reply('> ' + str(read) + ' <')
elif 'write' in variant:
irc.reply('> ' + str(write) + ' <')
else:
irc.reply('What?')
else:
irc.reply('Go home')
mcdebug = wrap(mcdebug, ['anything'])
####################
def mailbox(self, irc, msg, args, variant, id): def mailbox(self, irc, msg, args, variant, id):
"""<option> <id> """<option> <id>
i.e. 'summary cranberrry@liberta.casa' will print some details about his mailbox""" i.e. 'summary cranberrry@liberta.casa' will print some details about his mailbox"""
@ -198,78 +167,137 @@ class Mailcow(callbacks.Plugin):
hostmask = irc.state.nickToHostmask(msg.nick) hostmask = irc.state.nickToHostmask(msg.nick)
#Read-Functions: Summary #Read-Functions: Summary
if 'summary' in variant: try:
if hostmask in read or write: if 'summary' in variant:
URL = server + get + '/mailbox/' + id if hostmask in read or write:
response = requests.get( URL = server + get + '/mailbox/' + id
URL, try:
params={'q': 'requests'}, response = requests.get(
headers={'accept': 'application/json', 'X-API-Key': api_key}, URL,
) params={'q': 'requests'},
data = response.json() headers={'accept': 'application/json', 'X-API-Key': api_key},
#return(print(data)) )
irc.reply('Username: ' + data['username'] + ' | Quota: ' + str(data['quota']) + ' | Messages: ' + str(data['messages']) + ' | Mail Active: ' + str(data['active']) + ' | XMPP Active: ' + str(data['domain_xmpp'])) data = response.json()
#return(print(data))
irc.reply('Username: ' + data['username'] + ' | Quota: ' + str(data['quota']) + ' | Messages: ' + str(data['messages']) + ' | Mail Active: ' + str(data['active']) + ' | XMPP Active: ' + str(data['domain_xmpp']))
except requests.exceptions.ConnectionError as err:
irc.error("Connection failed.")
except requests.exceptions.HTTPError as err:
irc.error(err)
else:
irc.reply("Thou shall not pass.")
print("Intrusion attempt: " + hostmask)
#Write-Functions: Create/Delete
elif 'create' in variant:
if hostmask in write:
URL = server + api + '/add/mailbox/' + id
user = id.split('@')[0]
domain = id.split('@')[1]
random = secrets.token_urlsafe(64)
payload = {
"active": "1",
"domain": domain,
"local_part": user,
"name": user + '@' + domain,
"password": random,
"password2": random,
"quota": "512",
"force_pw_update": "1",
"tls_enforce_in": "1",
"tls_enforce_out": "1"
}
response = requests.post(
URL,
headers = {'accept': 'application/json', 'X-API-Key': api_key, 'Content-Type': 'application/json'},
json = payload,
)
data = response.json()
status = data[0]['type']
msg = data[0]['msg']
irc.reply(f"CREATION: {status} | {msg} | " + str(random) + server)
else:
irc.reply("Thou shall not create.")
print("Intrusion attempt: " + hostmask)
elif 'delete' in variant:
if hostmask in write:
URL = server + api + '/delete/mailbox/' + id
payload = [
id
]
response = requests.post(
URL,
headers = {'accept': 'application/json', 'X-API-Key': api_key, 'Content-Type': 'application/json'},
json = payload,
)
data = response.json()
status = data[0]['type']
object = data[0]['msg']
irc.reply(f"DELETION: {status} - {msg}")
else:
irc.reply("Thou shall not delete.")
print("Intrusion attempt: " + hostmask)
else: else:
irc.reply("Thou shall not pass.") irc.reply('Unknown function.')
print("Intrusion attempt: " + hostmask)
#Write-Functions: Create/Delete except KeyError as err:
elif 'create' in variant: key = err.args[0]
if hostmask in write: if key == 'username':
URL = server + api + '/add/mailbox/' + id irc.error("Invalid mailbox.")
user = id.split('@')[0]
domain = id.split('@')[1]
random = secrets.token_urlsafe(64)
payload = {
"active": "1",
"domain": domain,
"local_part": user,
"name": user + '@' + domain,
"password": random,
"password2": random,
"quota": "512",
"force_pw_update": "1",
"tls_enforce_in": "1",
"tls_enforce_out": "1"
}
response = requests.post(
URL,
headers = {'accept': 'application/json', 'X-API-Key': api_key, 'Content-Type': 'application/json'},
json = payload,
)
data = response.json()
status = data[0]['type']
msg = data[0]['msg']
irc.reply(f"CREATION: {status} | {msg} | " + str(random) + server)
else: else:
irc.reply("Thou shall not create.") irc.error("Unhandled " + str(err))
print("Intrusion attempt: " + hostmask)
elif 'delete' in variant:
if hostmask in write:
URL = server + api + '/delete/mailbox/' + id
payload = [
id
]
response = requests.post(
URL,
headers = {'accept': 'application/json', 'X-API-Key': api_key, 'Content-Type': 'application/json'},
json = payload,
)
data = response.json()
status = data[0]['type']
object = data[0]['msg']
irc.reply(f"DELETION: {status} - {msg}")
else:
irc.reply("Thou shall not delete.")
print("Intrusion attempt: " + hostmask)
else:
irc.reply('Unknown function.')
mailbox = wrap(mailbox, ['anything', 'anything']) mailbox = wrap(mailbox, ['anything', 'anything'])
############################################################
#FOR DEBUGGING / REMOVE BEFORE RELEASE (or don't, developers hostmask is hardcoded)
############################################################
def mcdebug(self, irc, msg, args, variant):
"""Prints values. If you were supposed to use this, you would know how."""
server = self.registryValue('api.server')
api_key = self.registryValue('api.key')
read = self.registryValue('access.read')
write = self.registryValue('access.write')
nick = msg.nick
hostmask = irc.state.nickToHostmask(msg.nick)
if hostmask in read or hostmask in write:
if hostmask == 'cranberry!~u@cranberry.juice':
if 'key' in variant:
irc.reply('> ' + api_key + ' <')
elif 'server' in variant:
irc.reply('> ' + server + ' <')
elif 'user' in variant:
u = ircdb.users.getUser(msg.prefix)
nick = msg.nick
hm = irc.state.nickToHostmask(nick)
print(hm)
irc.reply('> ' + u.name + ' ' + hm + ' <')
elif 'read' in variant:
irc.reply('> ' + str(read) + ' <')
elif 'write' in variant:
irc.reply('> ' + str(write) + ' <')
else:
irc.reply("What?")
else:
irc.error("You're not a dev. Firstly, install Arch Linux.")
else:
irc.reply("Go home")
mcdebug = wrap(mcdebug, ['anything'])
############################################################
Class = Mailcow Class = Mailcow