post_policy 0.0.1

data/.gitignore

@@ -0,0 +1 @@
+pkg/*

data/CHANGELOG

@@ -0,0 +1,7 @@
+= Change Log
+
+Below is a complete listing of changes for each revision of PostPolicy.
+
+=== 0.0.1
+
+* Initial release

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009 Michał Łomnicki
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,43 @@
+= PostPolicy: Postfix Policy Server in Ruby
+
+PostPolicy uses ACL system, which allow administrators to create rules based on mail source. 
+Unlike simple Postfix policy restrictions in PostPolicy one can create very complex rules against incoming mail.
+PostPolicy is built on top of eventmachine, event-driven network library used for critical networked applications.
+
+<b>PostPolicy is under heavy development so don't expect too much at the moment ;)</b>
+
+== DEPENDENCIES
+
+* eventmachine
+* rpsec (only for tests)
+
+== USAGE 
+
+Configure postpolicy in /etc/postpolicy.yml
+
+Read http://www.postfix.org/SMTPD_POLICY_README.html
+
+append to your master.cf
+
+    policy  unix  -   n   n   -   0   spawn   user=nobody argv=/path/to/postpolicy
+
+in your main.cf
+    
+    smtpd_recipient_restrictions = 
+        ...
+        reject_unauth_destination
+        check_policy_service unix:private/policy
+
+== ABOUT
+
+Author::    Michał Łomnicki <michal@lomnicki.com.pl>
+License::   Copyright 2009 by Michał Łomnicki
+            Released under a MIT license.
+
+== Warranty 
+
+This software is provided "as is" and without any express or
+implied warranties, including, without limitation, the implied
+warranties of merchantibility and fitness for a particular
+purpose.
+

data/Rakefile

@@ -0,0 +1,15 @@
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gemspec|
+    gemspec.name = "post_policy"
+    gemspec.summary = "Postfix Policy Server in Ruby"
+    gemspec.description = 'PostPolicy uses ACL system, which allow administrators to create rules based on mail source.' 
+    gemspec.email = "michal@lomnicki.com.pl"
+    gemspec.homepage = "http://github.com/mlomnicki/post_policy"
+    gemspec.authors = ["Michał Łomnicki"]
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler not available. Install it with: sudo gem install jeweler -s http://gemcutter.org"
+end
+

data/VERSION

@@ -0,0 +1 @@
+0.0.1

data/bin/postpolicy.rb

@@ -0,0 +1,34 @@
+#!/usr/bin/env ruby
+
+require 'optparse'
+require File.join( File.dirname( __FILE__ ), '..', 'lib', 'postpolicy' )
+
+DEFAULT_CONFIG = File.exists?( '/etc/postpolicy.yml' ) ? '/etc/postpolicy.yml' : 
+                      File.join( File.dirname( __FILE__ ), '../postpolicy.yml')
+
+DEFAULT_OPTIONS = { 
+  :verbose => false,
+  :config => DEFAULT_CONFIG
+}
+
+begin
+  options = DEFAULT_OPTIONS
+  OptionParser.new do |opts|
+    opts.banner = "Usage: #{$0} [options]"
+
+    opts.on("-v", "--verbose", "Verbose logging") do |v|
+      options[:verbose] = v
+    end
+
+    opts.on("-c", "--config", "Path to configuration file") do |c|
+      options[:config] = c
+    end
+  end.parse!
+
+  Logger.info( "Starting PostPolicy #{PostPolicy::VERSION::STRING}"
+  PostPolicy::Config.load_from_file( options[:config] )
+  PostPolicy::Protocol.new.start!
+rescue
+  Logger.error( $!.message )
+  raise $!
+end

data/dbconfig.yml

@@ -0,0 +1,6 @@
+host: localhost
+user: username
+password: secret
+driver: postgres
+database: test
+

data/lib/postpolicy.rb

@@ -0,0 +1,15 @@
+require 'rubygems'
+require 'eventmachine'
+
+$:.unshift File.dirname( __FILE__ )
+
+require 'postpolicy/config'
+require 'postpolicy/protocol'
+require 'postpolicy/access_manager'
+require 'postpolicy/logger'
+require 'postpolicy/extensions'
+require 'postpolicy/server'
+require 'postpolicy/rule'
+require 'postpolicy/version'
+
+VERBOSE = false unless defined?( VERBOSE )

data/lib/postpolicy/access_manager.rb

@@ -0,0 +1,36 @@
+require 'rubygems'
+require 'eventmachine'
+
+module PostPolicy
+
+  class AccessManager
+  
+    include EventMachine::Deferrable
+
+    DEFAULT_ACTION = "DUNNO"
+
+    @@access_list = []
+
+    def self.access_list
+      @@access_list   
+    end
+
+    def self.<<( action )
+      @@access_list << action
+    end
+
+    def check( args )
+      action = DEFAULT_ACTION
+      @@access_list.each do |access|
+        if access.match?( args )
+          action = access.action
+          break
+        end
+      end
+      yield action if block_given?
+      return action
+    end
+
+  end
+end
+

data/lib/postpolicy/config.rb

@@ -0,0 +1,64 @@
+require 'yaml'
+require 'singleton'
+
+Dir.glob( File.join( File.dirname( __FILE__ ), "plugins/base/*" ) ).each { |base| require base }
+Dir.glob( File.join( File.dirname( __FILE__ ), "plugins/acl/*" ) ).each { |acl| require acl }
+Dir.glob( File.join( File.dirname( __FILE__ ), "plugins/datasource/*" ) ).each { |datasource| require datasource }
+
+module PostPolicy
+
+  class Config
+
+    def self.load_from_file( filename )
+      load( YAML.load_file( filename ) )
+    end
+
+    def self.load( config_hash ) 
+      acls = Hash.new { |hsh, key| hsh[key] = Array.new }
+      config_acls = config_hash.delete( "acl" )
+      config_acls.each_pair do |human_name, klass_value_maps|
+        klass_value_maps.each_pair do |klass, value|
+          acls[human_name] << ACL.const_get(klass.classify).new( resolve_datasource( value ) )
+        end
+      end
+      actions = config_hash.delete( "action" )
+      accesses = config_hash.delete( "access" )
+      accesses.each_pair do |action, acl|
+        AccessManager << Access.new( acls[acl], actions[action] )
+      end
+      Db.load( config_hash["database"] )
+    end
+
+    class Db
+      class << self
+        attr_reader :dbconfig, :dbi_params
+
+        def load( filename )
+          if filename 
+            @dbconfig = YAML.load_file( filename ).stringify_keys!.freeze
+            require "do_#{@dbconfig[:driver]}"
+            @dbi_params = "#{@dbconfig[:driver]}://#{@dbconfig[:user]}:#{@dbconfig[:password]}@#{@dbconfig[:host]}:#{@dbconfig[:port]}/#{@dbconfig[:database]}"
+          end
+        end
+
+      end
+    end
+
+    protected
+
+    def self.resolve_datasource( klass_and_value )
+      @@datasource_cache ||= {}
+      klass, value = klass_and_value.split( "://" )
+      if value == nil # consider as constant value
+        value = klass
+        klass = "value"
+      end
+      @@datasource_cache[klass] ||= DataSource.const_get(klass.classify)
+
+      return @@datasource_cache[klass].new( value )
+    end
+
+  end
+
+end
+

data/lib/postpolicy/extensions.rb

@@ -0,0 +1,2 @@
+require File.join( File.dirname( __FILE__ ), 'extensions/string' )
+require File.join( File.dirname( __FILE__ ), 'extensions/hash' )

data/lib/postpolicy/extensions/hash.rb

@@ -0,0 +1,7 @@
+class Hash
+
+  def stringify_keys!
+    self.replace( inject({}) { |hsh, (k, v)| hsh[k.to_sym]=v; hsh } )
+  end
+
+end

data/lib/postpolicy/extensions/string.rb

@@ -0,0 +1,11 @@
+class String
+
+  def camelize
+    self.gsub(/\/(.?)/) { "::#{$1.upcase}" }.gsub(/(?:^|_)(.)/) { $1.upcase }
+  end
+
+  def classify
+    self.sub(/.*\./, '').camelize
+  end
+
+end

data/lib/postpolicy/logger.rb

@@ -0,0 +1,28 @@
+require 'syslog'
+
+module Logger
+
+  @@app_name = "rpolicy"
+  @@log_opts = (Syslog::LOG_PID | Syslog::LOG_CONS)
+  @@facility = Syslog::LOG_MAIL
+  Syslog.open( @@app_name, @@log_opts, @@facility )
+
+  def self.error( msg )
+    Syslog.err( msg )
+  end
+
+  def self.info( msg )
+    Syslog.info( msg )
+  end
+
+  def self.debug( msg )
+    Syslog.debug( msg )
+  end
+
+  def self.warn( msg )
+    Syslog.warning( msg )
+  end
+
+
+end
+

data/lib/postpolicy/plugins/acl/recipient.rb

@@ -0,0 +1,13 @@
+module PostPolicy
+  module ACL
+
+    class Recipient < Base
+      
+      def match?( args )
+        datasource.exists? args[:recipient]
+      end
+
+    end
+
+  end
+end

data/lib/postpolicy/plugins/acl/sender.rb

@@ -0,0 +1,13 @@
+module PostPolicy
+  module ACL
+
+    class Sender < Base
+
+      def match?( args )
+        datasource.exists? args[:sender] 
+      end
+
+    end
+
+  end
+end

data/lib/postpolicy/plugins/base/access.rb

@@ -0,0 +1,20 @@
+module PostPolicy
+
+  class Access
+  
+    def initialize( acls, action )
+      @acls = acls
+      @action = action
+    end
+
+    def match?( args )
+      @acls.all? { |acl| acl.match?( args ) }
+    end
+
+    def action
+      @action
+    end
+
+  end
+
+end

data/lib/postpolicy/plugins/base/acl.rb

@@ -0,0 +1,19 @@
+module PostPolicy
+  module ACL
+
+    class Base
+
+      attr_reader :datasource
+
+      def initialize( datasource )
+        @datasource = datasource
+      end
+
+      def match?( args )
+        :dunno
+      end
+
+    end
+
+  end
+end

data/lib/postpolicy/plugins/base/datasource.rb

@@ -0,0 +1,17 @@
+module PostPolicy
+  module DataSource
+
+    class Base
+     
+      def initialize( values = [] )
+        @values = values
+      end
+
+      def exists?( object )
+        @values.include?( object ) 
+      end
+
+    end
+
+  end
+end

data/lib/postpolicy/plugins/datasource/file.rb

@@ -0,0 +1,14 @@
+module PostPolicy
+  module DataSource
+
+    class File < Base
+
+      def initialize( filename )
+        @values = []
+        ::File.open(filename).each_line { |line| @values << line.chomp }
+      end
+
+    end
+
+  end
+end

data/lib/postpolicy/plugins/datasource/regex.rb

@@ -0,0 +1,17 @@
+module PostPolicy
+  module DataSource
+
+    class Regex < Base
+
+      def initialize( regex )
+        @regex = regex
+      end
+
+      def exists?( value )
+        !!(value =~ @regex )
+      end
+
+    end
+
+  end
+end

data/lib/postpolicy/plugins/datasource/sql.rb

@@ -0,0 +1,35 @@
+module PostPolicy
+  module DataSource
+
+    class Sql < Base
+     
+      def initialize( query )
+        @query = query
+      end
+
+      def exists?( value )
+        result = false
+        connection do |conn|
+          command = conn.create_command( @query )
+          reader = command.execute_reader
+          while reader.next! 
+            if reader.values[0] && reader.values[0] == value
+              result = true
+              break
+            end
+          end
+        end
+        result
+      end
+
+      protected
+      def connection( &block )
+        conn = DataObjects::Connection.new( Config::Db.dbi_params ) 
+        block.call( conn )
+        conn.close
+      end
+
+    end
+
+  end
+end

data/lib/postpolicy/plugins/datasource/value.rb

@@ -0,0 +1,12 @@
+module PostPolicy
+  module DataSource
+
+    class Value < Base
+      
+      def initialize( values )
+        @values = [values].flatten #make it always an array
+      end
+
+    end
+  end
+end

data/lib/postpolicy/protocol.rb

@@ -0,0 +1,100 @@
+require 'set'
+
+module PostPolicy
+  class Protocol
+ 
+    PROTOCOLS = %w(ESMTP SMTP)
+    STATES = %w(CONNECT EHLO HELO MAIL RCPT DATA END-OF-MESSAGE VRFY ETRN)
+    
+    TERMINATOR = "\n\n"
+
+    attr_reader :attributes
+
+    @@required_request_attributes = [:request, :protocol_state, :protocol_name, :helo_name, :queue_id, :sender, :recipient, :recipient_count, :client_address, :client_name, :reverse_client_name, :instance].to_set # Postfix 2.1 and later
+  
+    @@request_attributes = @@required_request_attributes + 
+          [:sasl_method, :sasl_username, :sasl_sender, :size, :ccert_subject, :ccert_issuer, :ccert_fingerprint, # Postifx 2.2 and later
+          :encryption_protocol, :encryption_cipher, :encryption_keysize, :etrn_domain, # Postifx 2.3 and later
+          :stress].to_set # Postifx 2.5 and later 
+  
+    def initialize
+      @attributes = {}
+      $stdout.sync = true
+      @buffer = []
+    end
+
+    def start!
+      while line = gets do
+        receive_line( line.chomp )
+      end
+    end
+
+    def receive_line( line )
+      unless line.empty?
+        @buffer << line
+      else
+        Logger.info @buffer.inspect if VERBOSE
+        parse_request
+        @buffer.clear
+      end
+    end
+
+    def response( action )
+      puts "action=#{action}#{TERMINATOR}" unless POST_POLICY_ENV == 'test'
+    end
+    
+    protected
+    def parse_request
+      @buffer.each do |line|
+        key, value = line.split( '=' )
+        @attributes[key.to_sym] = value
+      end
+      return false if( sanitize_arguments == false || validate_arguments == false )
+      run_actions
+    end
+
+    def run_actions
+      am = PostPolicy::AccessManager.new
+      am.callback do |args| 
+        am.check( args ) do |action|  
+          Logger.debug "Returning response #{action}" if VERBOSE
+          response( action )
+        end
+      end
+      am.set_deferred_status :succeeded, @attributes
+    end
+
+    def sanitize_arguments
+      missing_attributes = @@required_request_attributes - @attributes.keys.to_set
+      unless missing_attributes.empty?     
+        Logger.err "missing #{missing_attributes.to_a.join( ',' )}" 
+        return false
+      end
+      unknown_attributes = @attributes.keys.to_set - @@request_attributes
+      unless unknown_attributes.empty?
+        Logger.warn( 'Unknown attributes in policy request %s' % unknown_attributes.to_a.join( ',' ) ) if VERBOSE
+      end
+      unknown_attributes.each { |attr| @attributes.delete( attr ) }
+      true
+    end
+ 
+
+    def validate_arguments
+      unless @attributes[:request] == "smtpd_access_policy"
+        Logger.err( 'only smtpd_access_policy request allowed' )
+        return false
+      end
+      unless PROTOCOLS.include?( @attributes[:protocol_name] )
+        Logger.err( "only #{PROTOCOLS.join(',')} protocols allowed" )
+        return false
+      end
+      unless STATES.include?( @attributes[:protocol_state] )
+        Logger.err( "only #{STATES.join(',')} states allowed" )
+        return false
+      end
+
+      true
+    end
+
+  end
+end

data/lib/postpolicy/rule.rb

@@ -0,0 +1,67 @@
+module PostPolicy
+
+  # rule do 
+  #   sender { format.value "michal.lomnicki@gmail.com" }
+  #   recipient { format.regex /lomnicki.com.pl$/ }
+  #   action "REJECT"
+  # end
+  #
+  class Rule
+    class Format
+
+      class << self
+
+        def format
+          self
+        end
+
+        def value( val )
+          DataSource::Value.new( val )
+        end
+
+        def regex( val )
+          DataSource::Regex.new( val )
+        end
+
+        def file( val )
+          DataSource::File.new( val )
+        end
+
+        def sql( val )
+          DataSource::Sql.new( val )
+        end
+
+      end
+
+    end
+
+    def initialize( &block )
+      instance_eval &block
+    end
+
+    def self.rule( &block )
+      AccessManager << new( &block ).to_access
+    end
+
+    def sender( &block )
+      @rule_sender = ACL::Sender.new( Format.class_eval( &block ) )
+    end
+
+    def recipient( &block )
+      @rule_recipient = ACL::Recipient.new( Format.class_eval( &block ) )
+    end
+
+    def action( value )
+      @rule_action = value
+    end
+
+    def to_access
+      Access.new( [@rule_sender, @rule_recipient].compact, @rule_action )
+    end
+
+  end
+
+
+end
+
+

data/lib/postpolicy/server.rb

@@ -0,0 +1,24 @@
+# the simplest PostPolicy server using DSL
+#
+# require 'post_policy'
+#
+# PostPolicy::Server.run do
+#
+#   rule do
+#     sender { format.value "michal.lomnicki@gmail.com" }
+#     action "REJECT"
+#   end
+#
+# end
+module PostPolicy
+
+  class Server
+    
+    def self.run( &block )
+      Rule.class_eval( &block )
+      PostPolicy::Protocol.new.start!
+    end
+
+  end
+
+end

data/lib/postpolicy/version.rb

@@ -0,0 +1,9 @@
+module PostPolicy
+  module VERSION
+    MAJOR = 0
+    MINOR = 0
+    TINY = 1
+
+    STRING = [MAJOR, MAJOR, TINY].join('.')
+  end
+end

data/post_policy.gemspec

@@ -0,0 +1,85 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE
+# Instead, edit Jeweler::Tasks in Rakefile, and run `rake gemspec`
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{post_policy}
+  s.version = "0.0.1"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Micha\305\202 \305\201omnicki"]
+  s.date = %q{2009-10-12}
+  s.default_executable = %q{postpolicy.rb}
+  s.description = %q{PostPolicy uses ACL system, which allow administrators to create rules based on mail source.}
+  s.email = %q{michal@lomnicki.com.pl}
+  s.executables = ["postpolicy.rb"]
+  s.extra_rdoc_files = [
+    "README.rdoc"
+  ]
+  s.files = [
+    ".gitignore",
+     "CHANGELOG",
+     "MIT-LICENSE",
+     "README.rdoc",
+     "Rakefile",
+     "VERSION",
+     "bin/postpolicy.rb",
+     "dbconfig.yml",
+     "lib/postpolicy.rb",
+     "lib/postpolicy/access_manager.rb",
+     "lib/postpolicy/config.rb",
+     "lib/postpolicy/extensions.rb",
+     "lib/postpolicy/extensions/hash.rb",
+     "lib/postpolicy/extensions/string.rb",
+     "lib/postpolicy/logger.rb",
+     "lib/postpolicy/plugins/acl/recipient.rb",
+     "lib/postpolicy/plugins/acl/sender.rb",
+     "lib/postpolicy/plugins/base/access.rb",
+     "lib/postpolicy/plugins/base/acl.rb",
+     "lib/postpolicy/plugins/base/datasource.rb",
+     "lib/postpolicy/plugins/datasource/file.rb",
+     "lib/postpolicy/plugins/datasource/regex.rb",
+     "lib/postpolicy/plugins/datasource/sql.rb",
+     "lib/postpolicy/plugins/datasource/value.rb",
+     "lib/postpolicy/protocol.rb",
+     "lib/postpolicy/rule.rb",
+     "lib/postpolicy/server.rb",
+     "lib/postpolicy/version.rb",
+     "post_policy.gemspec",
+     "postpolicy.yml",
+     "spec/access_manager_spec.rb",
+     "spec/acl_spec.rb",
+     "spec/config_spec.rb",
+     "spec/datasource_spec.rb",
+     "spec/format_spec.rb",
+     "spec/protocol_spec.rb",
+     "spec/rule_spec.rb",
+     "spec/test_helper.rb"
+  ]
+  s.homepage = %q{http://github.com/mlomnicki/post_policy}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.5}
+  s.summary = %q{Postfix Policy Server in Ruby}
+  s.test_files = [
+    "spec/acl_spec.rb",
+     "spec/access_manager_spec.rb",
+     "spec/format_spec.rb",
+     "spec/datasource_spec.rb",
+     "spec/protocol_spec.rb",
+     "spec/test_helper.rb",
+     "spec/rule_spec.rb",
+     "spec/config_spec.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+    else
+    end
+  else
+  end
+end

data/postpolicy.yml

@@ -0,0 +1,14 @@
+acl: 
+  foo: 
+    sender: michal@lomnicki.com.pl
+  bar:
+    #sender: file:///home/michal/test/filetest
+    recipient: sql://"SELECT * FROM users WHERE login = '%l'"
+
+action: 
+  pass: REJECT
+
+access:
+  pass: foo 
+
+database: "dbconfig.yml"

data/spec/access_manager_spec.rb

@@ -0,0 +1,47 @@
+require 'test_helper'
+
+CONFIG = {
+  "acl" =>  {
+    "michal-lomnicki" => {
+      "sender" => "michal@lomnicki.com.pl"
+    },
+    "foo-to-bar" => { 
+      "sender" => "foo",
+      "recipient" => "bar"
+    }
+  },
+
+  "action" => { "reject" => "REJECT", "defer" => "DEFER_IF_PERMIT" },
+  "access" => { 
+    "reject" => "michal-lomnicki",
+    "defer" => "foo-to-bar"
+  }
+}
+
+describe PostPolicy::AccessManager do 
+
+  before(:all) do
+    PostPolicy::Config.load( CONFIG )
+    @am = PostPolicy::AccessManager.new
+  end
+
+  it "should reject michal@lomnicki.com.pl" do
+    @am.check( { :sender => "michal@lomnicki.com.pl" } ) do |action|
+      action.should == "REJECT"
+    end
+  end
+
+  it "should defer foo to bar" do
+    @am.check( { :sender => "foo", :recipient => "bar" } ) do |action|
+      action.should == "DEFER_IF_PERMIT"
+    end
+  end
+
+  # on any other acl default action should be given
+  it "should return default action on bar to foo" do
+    @am.check( { :sender => "bar", :recipient => "foo" } ) do |action|
+      action.should == PostPolicy::AccessManager::DEFAULT_ACTION
+    end
+  end
+
+end

data/spec/acl_spec.rb

@@ -0,0 +1,21 @@
+require 'test_helper'
+
+describe PostPolicy::ACL::Sender do
+
+  it "should match given sender" do
+    ds = PostPolicy::DataSource::Value.new( ATTRS[:sender] )
+    sender_acl = PostPolicy::ACL::Sender.new( ds )
+    sender_acl.match?( ATTRS ).should == true
+  end
+
+end
+
+describe PostPolicy::ACL::Recipient do 
+
+  it "should match given recipient" do
+    ds = PostPolicy::DataSource::Value.new( ATTRS[:recipient] )
+    recipient_acl = PostPolicy::ACL::Recipient.new( ds )
+    recipient_acl.match?( ATTRS ).should == true
+  end
+
+end

data/spec/config_spec.rb

@@ -0,0 +1,26 @@
+require 'test_helper'
+
+describe PostPolicy::Config::Db do
+  
+  it "should load config from file and build dbi_params" do
+    filename = '/tmp/dbconfig' 
+    config = {  :host => 'localhost',
+                :database => 'postpolicy',
+                :user => 'foo',
+                :password => 'secret',
+                :port => 5432,
+                :driver => 'postgres' }
+
+    File.open( filename, 'w' ) do |f|
+      f.puts config.to_yaml 
+    end
+
+    PostPolicy::Config::Db.load( filename )
+    PostPolicy::Config::Db.dbconfig.should == config
+    dbi_params = "#{config[:driver]}://#{config[:user]}:#{config[:password]}@#{config[:host]}:#{config[:port]}/#{config[:database]}"
+    PostPolicy::Config::Db.dbi_params.should == dbi_params
+  
+    FileUtils.rm( filename )
+  end
+
+end

data/spec/datasource_spec.rb

@@ -0,0 +1,61 @@
+require 'test_helper'
+
+GOOD_VALUES = ["michal@lomnicki.com.pl", "foo@example.com", "bar@baz.com"]
+BAD_VALUES = ["michal@bar.com", "bar@baz.net", "foo@bar.baz"]
+
+describe PostPolicy::DataSource::Value do
+
+  it "should allow passing one or multiple values" do
+    ds = PostPolicy::DataSource::Value.new( 1 )
+    ds.exists?( 1 ).should == true
+    ds = PostPolicy::DataSource::Value.new( [1,2] )
+    ds.exists?( 1 ).should == true
+    ds.exists?( 2 ).should == true
+  end
+
+  it "should match initialized dss" do
+    ds = PostPolicy::DataSource::Value.new( GOOD_VALUES )
+    ds.exists?( GOOD_VALUES.first ).should == true
+    ds.exists?( GOOD_VALUES.last ).should == true
+    ds.exists?( BAD_VALUES.first ).should == false
+    ds.exists?( BAD_VALUES.last ).should == false
+  end
+
+end
+
+describe PostPolicy::DataSource::File do
+
+  it "should read from file" do
+    filename = '/tmp/file_datasource'
+    File.open( filename, 'w' ) do |f| 
+      GOOD_VALUES.each { |value| f.puts value }
+    end
+    ds = PostPolicy::DataSource::File.new( filename )
+    GOOD_VALUES.each do |value|
+      ds.exists?( value ).should == true
+    end
+    BAD_VALUES.each do |value|
+      ds.exists?( value ).should == false
+    end
+    FileUtils.rm( filename ) 
+  end
+
+end
+
+describe PostPolicy::DataSource::Regex do
+
+  it "should match regex" do
+    ds = PostPolicy::DataSource::Regex.new( /^michal@.*\.pl$/ )
+    ds.exists?( "michal@lomnicki.com.pl" ).should == true
+    ds.exists?( "foo@lomnicki.com.pl" ).should == false
+  end
+
+end
+
+describe PostPolicy::DataSource::Sql do
+
+  it "should check in db" do
+    ds = PostPolicy::DataSource::Sql.new( "SELECT id from test" )
+  end
+
+end

data/spec/format_spec.rb

@@ -0,0 +1,35 @@
+require 'test_helper'
+
+describe PostPolicy::Rule::Format do
+
+  before(:each) do
+    @klass = PostPolicy::Rule::Format
+  end
+
+  it "should return DataSource::Value for format.value" do
+    value = "michal.lomnicki@gmail.com"
+    ds = @klass.format.value( value )
+    ds.class.should == PostPolicy::DataSource::Value
+    ds.exists?( value ).should == true
+  end
+
+  it "should return DataSource::Regex for format.regex" do
+    value = /gmail.com$/
+    ds = @klass.format.regex( value )
+    ds.class.should == PostPolicy::DataSource::Regex
+    ds.exists?( "michal.lomnicki@gmail.com" ).should == true
+  end
+  
+  it "should return DataSource::File for format.file" do
+    filename = '/tmp/file_datasource'
+    value = "michal.lomnicki@gmail.com"
+    File.open( filename, 'w' ) do |f| 
+       f.puts value
+    end
+    ds = @klass.format.file( filename )
+    ds.class.should == PostPolicy::DataSource::File
+    ds.exists?( value ).should == true
+    FileUtils.rm( filename )
+  end
+
+end

data/spec/protocol_spec.rb

@@ -0,0 +1,42 @@
+require 'stringio'
+require 'test_helper' 
+
+describe PostPolicy::Protocol do
+  
+  before(:each) do
+    @protocol = PostPolicy::Protocol.new
+  end
+
+  it "should parse attributes" do 
+    form_string( ATTRS ).each_line { |l| @protocol.receive_line( l.strip ) }
+    @protocol.attributes.should == ATTRS
+  end
+
+  it "should discard unknown attributes" do
+    ATTRS.merge( :foo => 'bar', :bar => 'baz' ).each_pair { |k,v| @protocol.receive_line( [k,v].join( '=' ) ) }
+    form_string( ATTRS ).each_line { |l| @protocol.receive_line( l.strip ) }
+    @protocol.attributes.should == ATTRS
+  end
+
+  #it "should return false on missing attributes" do
+  #  ATTRS.reject { |k,v| k == :protocol_name }.each_pair { |k,v| @protocol.receive_line( [k,v].join( '=' ) ) }
+  #  form_string( ATTRS ).each_line { |l| @protocol.receive_line( l.strip ) }
+  #  @protocol.receive.should == false
+  #end
+
+  #it "should validate arguments" do
+  #  ATTRS.merge( :request => "bar" ).each_pair { |k,v| @protocol.receive_line( [k,v].join( '=' ) ) }
+  #  form_string( ATTRS ).each_line { |l| @protocol.receive_line( l.strip ) }
+  #  @protocol.receive.should == false
+  #end
+
+  #it "should terminate response" do
+  #  @protocol.response("dunno").should == "action=dunno\n\n"
+  #end
+
+  protected
+  def form_string( args )
+    StringIO.new( args.each.inject("") { |str, kv| str << (kv.join('=') + "\n") } << "\n" )
+  end
+
+end

data/spec/rule_spec.rb

@@ -0,0 +1,32 @@
+require 'test_helper'
+
+describe PostPolicy::Rule do
+
+  before(:all) do
+    SENDER = "foo@example.com"
+    RECIPIENT = "bar@example.com"
+    ACTION = "REJECT"
+  end
+
+  before(:each) do
+    @rule = PostPolicy::Rule.new do
+      sender { format.value SENDER  }
+      recipient { format.value RECIPIENT }
+      action ACTION 
+    end
+
+  end
+
+  it "should respond_to to_access" do
+    @rule.should respond_to( :to_access )
+  end
+
+  it "should match given arguments after converting to access" do
+    @rule.to_access.match?( :sender => SENDER, :recipient => RECIPIENT ).should == true
+  end
+
+  it "should return given action after converting to access" do
+    @rule.to_access.action.should == ACTION
+  end
+
+end

data/spec/test_helper.rb

@@ -0,0 +1,27 @@
+$LOAD_PATH.unshift File.join( File.dirname( __FILE__ ), '../lib' )
+require 'postpolicy'
+
+POST_POLICY_ENV = ENV['POST_POLICY_ENV'] || "test"
+
+ATTRS = { 
+  :request => "smtpd_access_policy",
+  :protocol_state => "RCPT",
+  :protocol_name => "SMTP",
+  :helo_name => "some.domain.tld",
+  :queue_id => "8045F2AB23",
+  :sender => "foo@bar.tld",
+  :recipient => "bar@foo.tld",
+  :recipient_count => "0",
+  :client_address => "1.2.3.4",
+  :client_name => "another.domain.tld",
+  :reverse_client_name => "another.domain.tld",
+  :instance => "123.456.7"
+}
+
+Object.send(:remove_const, :Logger)
+
+module Logger
+  def self.method_missing(symbol, *args)
+    #simpy do nothing
+  end
+end

metadata

@@ -0,0 +1,99 @@
+--- !ruby/object:Gem::Specification 
+name: post_policy
+version: !ruby/object:Gem::Version 
+  version: 0.0.1
+platform: ruby
+authors: 
+- "Micha\xC5\x82 \xC5\x81omnicki"
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2009-10-12 00:00:00 +02:00
+default_executable: postpolicy.rb
+dependencies: []
+
+description: PostPolicy uses ACL system, which allow administrators to create rules based on mail source.
+email: michal@lomnicki.com.pl
+executables: 
+- postpolicy.rb
+extensions: []
+
+extra_rdoc_files: 
+- README.rdoc
+files: 
+- .gitignore
+- CHANGELOG
+- MIT-LICENSE
+- README.rdoc
+- Rakefile
+- VERSION
+- bin/postpolicy.rb
+- dbconfig.yml
+- lib/postpolicy.rb
+- lib/postpolicy/access_manager.rb
+- lib/postpolicy/config.rb
+- lib/postpolicy/extensions.rb
+- lib/postpolicy/extensions/hash.rb
+- lib/postpolicy/extensions/string.rb
+- lib/postpolicy/logger.rb
+- lib/postpolicy/plugins/acl/recipient.rb
+- lib/postpolicy/plugins/acl/sender.rb
+- lib/postpolicy/plugins/base/access.rb
+- lib/postpolicy/plugins/base/acl.rb
+- lib/postpolicy/plugins/base/datasource.rb
+- lib/postpolicy/plugins/datasource/file.rb
+- lib/postpolicy/plugins/datasource/regex.rb
+- lib/postpolicy/plugins/datasource/sql.rb
+- lib/postpolicy/plugins/datasource/value.rb
+- lib/postpolicy/protocol.rb
+- lib/postpolicy/rule.rb
+- lib/postpolicy/server.rb
+- lib/postpolicy/version.rb
+- post_policy.gemspec
+- postpolicy.yml
+- spec/access_manager_spec.rb
+- spec/acl_spec.rb
+- spec/config_spec.rb
+- spec/datasource_spec.rb
+- spec/format_spec.rb
+- spec/protocol_spec.rb
+- spec/rule_spec.rb
+- spec/test_helper.rb
+has_rdoc: true
+homepage: http://github.com/mlomnicki/post_policy
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.5
+signing_key: 
+specification_version: 3
+summary: Postfix Policy Server in Ruby
+test_files: 
+- spec/acl_spec.rb
+- spec/access_manager_spec.rb
+- spec/format_spec.rb
+- spec/datasource_spec.rb
+- spec/protocol_spec.rb
+- spec/test_helper.rb
+- spec/rule_spec.rb
+- spec/config_spec.rb