1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
|
# Copyright (C) 1998-2009 by the Free Software Foundation, Inc.
#
# This file is part of GNU Mailman.
#
# GNU Mailman is free software: you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free
# Software Foundation, either version 3 of the License, or (at your option)
# any later version.
#
# GNU Mailman is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
# more details.
#
# You should have received a copy of the GNU General Public License along with
# GNU Mailman. If not, see <http://www.gnu.org/licenses/>.
"""Miscellaneous essential routines.
This includes actual message transmission routines, address checking and
message and address munging, a handy-dandy routine to map a function on all
the mailing lists, and whatever else doesn't belong elsewhere.
"""
from __future__ import absolute_import, unicode_literals
__metaclass__ = type
__all__ = [
]
import os
import re
import cgi
import time
import errno
import base64
import random
import logging
import htmlentitydefs
from email.errors import HeaderParseError
from email.header import decode_header, make_header
from lazr.config import as_boolean
from string import ascii_letters, digits, whitespace
import mailman.templates
from mailman import passwords
from mailman.config import config
from mailman.core import errors
from mailman.utilities.string import expand
AT = '@'
CR = '\r'
DOT = '.'
EMPTYSTRING = ''
IDENTCHARS = ascii_letters + digits + '_'
NL = '\n'
UEMPTYSTRING = u''
TEMPLATE_DIR = os.path.dirname(mailman.templates.__file__)
# Search for $(identifier)s strings, except that the trailing s is optional,
# since that's a common mistake
cre = re.compile(r'%\(([_a-z]\w*?)\)s?', re.IGNORECASE)
# Search for $$, $identifier, or ${identifier}
dre = re.compile(r'(\${2})|\$([_a-z]\w*)|\${([_a-z]\w*)}', re.IGNORECASE)
log = logging.getLogger('mailman.error')
# a much more naive implementation than say, Emacs's fill-paragraph!
def wrap(text, column=70, honor_leading_ws=True):
"""Wrap and fill the text to the specified column.
Wrapping is always in effect, although if it is not possible to wrap a
line (because some word is longer than `column' characters) the line is
broken at the next available whitespace boundary. Paragraphs are also
always filled, unless honor_leading_ws is true and the line begins with
whitespace. This is the algorithm that the Python FAQ wizard uses, and
seems like a good compromise.
"""
wrapped = ''
# first split the text into paragraphs, defined as a blank line
paras = re.split('\n\n', text)
for para in paras:
# fill
lines = []
fillprev = False
for line in para.split(NL):
if not line:
lines.append(line)
continue
if honor_leading_ws and line[0] in whitespace:
fillthis = False
else:
fillthis = True
if fillprev and fillthis:
# if the previous line should be filled, then just append a
# single space, and the rest of the current line
lines[-1] = lines[-1].rstrip() + ' ' + line
else:
# no fill, i.e. retain newline
lines.append(line)
fillprev = fillthis
# wrap each line
for text in lines:
while text:
if len(text) <= column:
line = text
text = ''
else:
bol = column
# find the last whitespace character
while bol > 0 and text[bol] not in whitespace:
bol -= 1
# now find the last non-whitespace character
eol = bol
while eol > 0 and text[eol] in whitespace:
eol -= 1
# watch out for text that's longer than the column width
if eol == 0:
# break on whitespace after column
eol = column
while eol < len(text) and text[eol] not in whitespace:
eol += 1
bol = eol
while bol < len(text) and text[bol] in whitespace:
bol += 1
bol -= 1
line = text[:eol+1] + '\n'
# find the next non-whitespace character
bol += 1
while bol < len(text) and text[bol] in whitespace:
bol += 1
text = text[bol:]
wrapped += line
wrapped += '\n'
# end while text
wrapped += '\n'
# end for text in lines
# the last two newlines are bogus
return wrapped[:-2]
def QuotePeriods(text):
JOINER = '\n .\n'
SEP = '\n.\n'
return JOINER.join(text.split(SEP))
# This takes an email address, and returns a tuple containing (user,host)
def ParseEmail(email):
user = None
domain = None
email = email.lower()
at_sign = email.find('@')
if at_sign < 1:
return email, None
user = email[:at_sign]
rest = email[at_sign+1:]
domain = rest.split('.')
return user, domain
def LCDomain(addr):
"returns the address with the domain part lowercased"
atind = addr.find('@')
if atind == -1: # no domain part
return addr
return addr[:atind] + '@' + addr[atind+1:].lower()
# TBD: what other characters should be disallowed?
_badchars = re.compile(r'[][()<>|;^,\000-\037\177-\377]')
def ValidateEmail(s):
"""Verify that the an email address isn't grossly evil."""
# Pretty minimal, cheesy check. We could do better...
if not s or ' ' in s:
raise errors.InvalidEmailAddress(repr(s))
if _badchars.search(s) or s[0] == '-':
raise errors.InvalidEmailAddress(repr(s))
user, domain_parts = ParseEmail(s)
# Local, unqualified addresses are not allowed.
if not domain_parts:
raise errors.InvalidEmailAddress(repr(s))
if len(domain_parts) < 2:
raise errors.InvalidEmailAddress(repr(s))
def GetPossibleMatchingAddrs(name):
"""returns a sorted list of addresses that could possibly match
a given name.
For Example, given scott@pobox.com, return ['scott@pobox.com'],
given scott@blackbox.pobox.com return ['scott@blackbox.pobox.com',
'scott@pobox.com']"""
name = name.lower()
user, domain = ParseEmail(name)
res = [name]
if domain:
domain = domain[1:]
while len(domain) >= 2:
res.append("%s@%s" % (user, DOT.join(domain)))
domain = domain[1:]
return res
_vowels = ('a', 'e', 'i', 'o', 'u')
_consonants = ('b', 'c', 'd', 'f', 'g', 'h', 'k', 'm', 'n',
'p', 'r', 's', 't', 'v', 'w', 'x', 'z')
_syllables = []
for v in _vowels:
for c in _consonants:
_syllables.append(c+v)
_syllables.append(v+c)
del c, v
def UserFriendly_MakeRandomPassword(length):
syls = []
while len(syls) * 2 < length:
syls.append(random.choice(_syllables))
return EMPTYSTRING.join(syls)[:length]
def Secure_MakeRandomPassword(length):
bytesread = 0
bytes = []
fd = None
try:
while bytesread < length:
try:
# Python 2.4 has this on available systems.
newbytes = os.urandom(length - bytesread)
except (AttributeError, NotImplementedError):
if fd is None:
try:
fd = os.open('/dev/urandom', os.O_RDONLY)
except OSError, e:
if e.errno <> errno.ENOENT:
raise
# We have no available source of cryptographically
# secure random characters. Log an error and fallback
# to the user friendly passwords.
log.error(
'urandom not available, passwords not secure')
return UserFriendly_MakeRandomPassword(length)
newbytes = os.read(fd, length - bytesread)
bytes.append(newbytes)
bytesread += len(newbytes)
s = base64.encodestring(EMPTYSTRING.join(bytes))
# base64 will expand the string by 4/3rds
return s.replace('\n', '')[:length]
finally:
if fd is not None:
os.close(fd)
def MakeRandomPassword(length=None):
if length is None:
length = int(config.passwords.member_password_length)
if as_boolean(config.passwords.user_friendly_passwords):
password = UserFriendly_MakeRandomPassword(length)
else:
password = Secure_MakeRandomPassword(length)
return password.decode('ascii')
def GetRandomSeed():
chr1 = int(random.random() * 52)
chr2 = int(random.random() * 52)
def mkletter(c):
if 0 <= c < 26:
c += 65
if 26 <= c < 52:
#c = c - 26 + 97
c += 71
return c
return "%c%c" % tuple(map(mkletter, (chr1, chr2)))
def set_global_password(pw, siteadmin=True, scheme=None):
if scheme is None:
scheme = passwords.Schemes.ssha
if siteadmin:
filename = config.SITE_PW_FILE
else:
filename = config.LISTCREATOR_PW_FILE
try:
fp = open(filename, 'w')
print >> fp, passwords.make_secret(pw, scheme)
finally:
fp.close()
def get_global_password(siteadmin=True):
if siteadmin:
filename = config.SITE_PW_FILE
else:
filename = config.LISTCREATOR_PW_FILE
try:
fp = open(filename)
challenge = fp.read()[:-1] # strip off trailing nl
fp.close()
except IOError, e:
if e.errno <> errno.ENOENT:
raise
# It's okay not to have a site admin password
return None
return challenge
def check_global_password(response, siteadmin=True):
challenge = get_global_password(siteadmin)
if challenge is None:
return False
return passwords.check_response(challenge, response)
def websafe(s):
return cgi.escape(s, quote=True)
def nntpsplit(s):
parts = s.split(':', 1)
if len(parts) == 2:
try:
return parts[0], int(parts[1])
except ValueError:
pass
# Use the defaults
return s, 119
# Just changing these two functions should be enough to control the way
# that email address obscuring is handled.
def ObscureEmail(addr, for_text=False):
"""Make email address unrecognizable to web spiders, but invertable.
When for_text option is set (not default), make a sentence fragment
instead of a token."""
if for_text:
return addr.replace('@', ' at ')
else:
return addr.replace('@', '--at--')
def UnobscureEmail(addr):
"""Invert ObscureEmail() conversion."""
# Contrived to act as an identity operation on already-unobscured
# emails, so routines expecting obscured ones will accept both.
return addr.replace('--at--', '@')
class OuterExit(Exception):
pass
def findtext(templatefile, raw_dict=None, raw=False, lang=None, mlist=None):
# Make some text from a template file. The order of searches depends on
# whether mlist and lang are provided. Once the templatefile is found,
# string substitution is performed by interpolation in `dict'. If `raw'
# is false, the resulting text is wrapped/filled by calling wrap().
#
# When looking for a template in a specific language, there are 4 places
# that are searched, in this order:
#
# 1. the list-specific language directory
# lists/<listname>/<language>
#
# 2. the domain-specific language directory
# templates/<list.host_name>/<language>
#
# 3. the site-wide language directory
# templates/site/<language>
#
# 4. the global default language directory
# templates/<language>
#
# The first match found stops the search. In this way, you can specialize
# templates at the desired level, or, if you use only the default
# templates, you don't need to change anything. You should never modify
# files in the templates/<language> subdirectory, since Mailman will
# overwrite these when you upgrade. That's what the templates/site
# language directories are for.
#
# A further complication is that the language to search for is determined
# by both the `lang' and `mlist' arguments. The search order there is
# that if lang is given, then the 4 locations above are searched,
# substituting lang for <language>. If no match is found, and mlist is
# given, then the 4 locations are searched using the list's preferred
# language. After that, the server default language is used for
# <language>. If that still doesn't yield a template, then the standard
# distribution's English language template is used as an ultimate
# fallback, and when lang is not 'en', the resulting template is passed
# through the translation service. If this template is missing you've got
# big problems. ;)
#
# A word on backwards compatibility: Mailman versions prior to 2.1 stored
# templates in templates/*.{html,txt} and lists/<listname>/*.{html,txt}.
# Those directories are no longer searched so if you've got customizations
# in those files, you should move them to the appropriate directory based
# on the above description. Mailman's upgrade script cannot do this for
# you.
#
# The function has been revised and renamed as it now returns both the
# template text and the path from which it retrieved the template. The
# original function is now a wrapper which just returns the template text
# as before, by calling this renamed function and discarding the second
# item returned.
#
# Calculate the languages to scan
languages = set()
if lang is not None:
languages.add(lang)
if mlist is not None:
languages.add(mlist.preferred_language.code)
languages.add(config.mailman.default_language)
assert None not in languages, 'None in languages'
# Calculate the locations to scan
searchdirs = []
if mlist is not None:
searchdirs.append(mlist.data_path)
searchdirs.append(os.path.join(TEMPLATE_DIR, mlist.host_name))
searchdirs.append(os.path.join(TEMPLATE_DIR, 'site'))
searchdirs.append(TEMPLATE_DIR)
# Start scanning
fp = None
try:
for lang in languages:
for dir in searchdirs:
filename = os.path.join(dir, lang, templatefile)
try:
fp = open(filename)
raise OuterExit
except IOError, e:
if e.errno <> errno.ENOENT:
raise
# Okay, it doesn't exist, keep looping
fp = None
except OuterExit:
pass
if fp is None:
# Try one last time with the distro English template, which, unless
# you've got a really broken installation, must be there.
try:
filename = os.path.join(TEMPLATE_DIR, 'en', templatefile)
fp = open(filename)
except IOError, e:
if e.errno <> errno.ENOENT:
raise
# We never found the template. BAD!
raise IOError(errno.ENOENT, 'No template file found', templatefile)
else:
from mailman.i18n import get_translation
# XXX BROKEN HACK
data = fp.read()[:-1]
template = get_translation().ugettext(data)
fp.close()
else:
template = fp.read()
fp.close()
charset = config.languages[lang].charset
template = unicode(template, charset, 'replace')
text = template
if raw_dict is not None:
text = expand(template, raw_dict)
if raw:
return text, filename
return wrap(text), filename
def maketext(templatefile, dict=None, raw=False, lang=None, mlist=None):
return findtext(templatefile, dict, raw, lang, mlist)[0]
# Figure out epoch seconds of midnight at the start of today (or the given
# 3-tuple date of (year, month, day).
def midnight(date=None):
if date is None:
date = time.localtime()[:3]
# -1 for dst flag tells the library to figure it out
return time.mktime(date + (0,)*5 + (-1,))
# The opposite of canonstr() -- sorta. I.e. it attempts to encode s in the
# charset of the given language, which is the character set that the page will
# be rendered in, and failing that, replaces non-ASCII characters with their
# html references. It always returns a byte string.
def uncanonstr(s, lang=None):
if s is None:
s = u''
if lang is None:
charset = 'us-ascii'
else:
charset = config.languages[lang].charset
# See if the string contains characters only in the desired character
# set. If so, return it unchanged, except for coercing it to a byte
# string.
try:
if isinstance(s, unicode):
return s.encode(charset)
else:
u = unicode(s, charset)
return s
except UnicodeError:
# Nope, it contains funny characters, so html-ref it
return uquote(s)
def uquote(s):
a = []
for c in s:
o = ord(c)
if o > 127:
a.append('&#%3d;' % o)
else:
a.append(c)
# Join characters together and coerce to byte string
return str(EMPTYSTRING.join(a))
def oneline(s, cset='us-ascii', in_unicode=False):
# Decode header string in one line and convert into specified charset
try:
h = make_header(decode_header(s))
ustr = h.__unicode__()
line = UEMPTYSTRING.join(ustr.splitlines())
if in_unicode:
return line
else:
return line.encode(cset, 'replace')
except (LookupError, UnicodeError, ValueError, HeaderParseError):
# possibly charset problem. return with undecoded string in one line.
return EMPTYSTRING.join(s.splitlines())
def strip_verbose_pattern(pattern):
# Remove white space and comments from a verbose pattern and return a
# non-verbose, equivalent pattern. Replace CR and NL in the result
# with '\\r' and '\\n' respectively to avoid multi-line results.
if not isinstance(pattern, str):
return pattern
newpattern = ''
i = 0
inclass = False
skiptoeol = False
copynext = False
while i < len(pattern):
c = pattern[i]
if copynext:
if c == NL:
newpattern += '\\n'
elif c == CR:
newpattern += '\\r'
else:
newpattern += c
copynext = False
elif skiptoeol:
if c == NL:
skiptoeol = False
elif c == '#' and not inclass:
skiptoeol = True
elif c == '[' and not inclass:
inclass = True
newpattern += c
copynext = True
elif c == ']' and inclass:
inclass = False
newpattern += c
elif re.search('\s', c):
if inclass:
if c == NL:
newpattern += '\\n'
elif c == CR:
newpattern += '\\r'
else:
newpattern += c
elif c == '\\' and not inclass:
newpattern += c
copynext = True
else:
if c == NL:
newpattern += '\\n'
elif c == CR:
newpattern += '\\r'
else:
newpattern += c
i += 1
return newpattern
def get_pattern(email, pattern_list):
"""Returns matched entry in pattern_list if email matches.
Otherwise returns None.
"""
if not pattern_list:
return None
matched = None
for pattern in pattern_list:
if pattern.startswith('^'):
# This is a regular expression match
try:
if re.search(pattern, email, re.IGNORECASE):
matched = pattern
break
except re.error:
# BAW: we should probably remove this pattern
pass
else:
# Do the comparison case insensitively
if pattern.lower() == email.lower():
matched = pattern
break
return matched
|