aboutsummaryrefslogtreecommitdiffstats
path: root/ldap/test-user-acl.sh
diff options
context:
space:
mode:
Diffstat (limited to 'ldap/test-user-acl.sh')
-rwxr-xr-xldap/test-user-acl.sh224
1 files changed, 120 insertions, 104 deletions
diff --git a/ldap/test-user-acl.sh b/ldap/test-user-acl.sh
index 26298f9..6983706 100755
--- a/ldap/test-user-acl.sh
+++ b/ldap/test-user-acl.sh
@@ -72,8 +72,8 @@ USERS=$(search -u -b "${SUFFIX}" "objectClass=FripostVirtualMailbox" dn | \
grep -i '^ufn: ' | sed -re 's/^ufn: ([^,]+), *([^,]+),.*/fvu=\1,fvd=\2/')
ALIASES=$(search -u -b "${SUFFIX}" "objectClass=FripostVirtualAlias" dn | \
grep -i '^ufn: ' | sed -re 's/^ufn: ([^,]+), *([^,]+),.*/fva=\1,fvd=\2/')
-MLS=$(search -u -b "${SUFFIX}" "objectClass=FripostVirtualML" dn | \
- grep -i '^ufn: ' | sed -re 's/^ufn: ([^,]+), *([^,]+),.*/fvml=\1,fvd=\2/')
+LISTS=$(search -u -b "${SUFFIX}" "objectClass=FripostVirtualList" dn | \
+ grep -i '^ufn: ' | sed -re 's/^ufn: ([^,]+), *([^,]+),.*/fvl=\1,fvd=\2/')
########################################################################
@@ -104,9 +104,9 @@ done | isOK '=0' entry
[ $? -eq 0 ] || exit $?
-msg "Have =0 access to mailing lists entries"
-for ML in ${MLS}; do
- checkACL "" "${ML}"
+msg "Have =0 access to list entries"
+for L in ${LISTS}; do
+ checkACL "" "${L}"
done | isOK '=0' entry
[ $? -eq 0 ] || exit $?
@@ -162,34 +162,36 @@ echo "Authenticated users, access to domain entries"
# * entry:
# =s-a for all
-# +rd if children, canCreate{Alias,ML}, owner or postmaster
+# +rd if children, canCreate{Alias,List}, owner or postmaster
# +z if owner or postmaster
# * children:
# =w for all
+# * objectClass:
+# =s for all
# * fvd:
-# =rscd if children, canCreate{Alias,ML}, owner or postmaster
+# =rscd if children, canCreate{Alias,List}, owner or postmaster
# +w if owner or postmaster
# * fripostIsStatusActive
-# =rscd if children, canCreate{Alias,ML}, owner or postmaster
+# =rscd if children, canCreate{Alias,List}, owner or postmaster
# +w if owner or postmaster
# * fripostCanCreateAlias
# =rscd if canCreateAlias, owner or postmaster
# +w if postmaster
-# * fripostCanCreateML
-# =rscd if canCreateML, owner or postmaster
+# * fripostCanCreateList
+# =rscd if canCreateList, owner or postmaster
# +w if postmaster
# * fripostOwner
# =s for all
# +d if children
-# +rc if canCreate{Alias,ML}, owner or postmaster
+# +rc if canCreate{Alias,List}, owner or postmaster
# * fripostPostmaster
# =s for all
# +d if children
-# +rc if canCreate{Alias,ML}, owner or postmaster
+# +rc if canCreate{Alias,List}, owner or postmaster
# * fripostOptionalMaildrop
# =wrscd if owner or postmaster
# * description
-# =rscd if children, canCreate{Alias,ML}, owner or postmaster
+# =rscd if children, canCreate{Alias,List}, owner or postmaster
# +w if owner or postmaster
usersD () {
@@ -213,6 +215,10 @@ msg "Have =w access to \"children\""
usersD children | isOK '=w$' children
[ $? -eq 0 ] || exit $?
+msg "Have =s access to \"objectClass\""
+usersD objectClass | isOK '=s' objectClass
+[ $? -eq 0 ] || exit $?
+
msg "Have >=s access on \"entry\", \"fripostOwner\" and \"fripostPostmaster\""
usersD entry/search fripostOwner/search fripostPostmaster/search | isOK 'ALLOWED$' entry
[ $? -eq 0 ] || exit $?
@@ -225,7 +231,7 @@ usersD structuralObjectClass entryUUID createTimestamp entryCSN modifiersName mo
# We check the following permissions:
# 0. Simple user
# 1. canCreateAlias (exact,wildcard)
-# 2. canCreateML (exact,wildcard)
+# 2. canCreateList (exact,wildcard)
# 3. Owner
# 4. Postmaster
@@ -271,26 +277,26 @@ done | isOK 'ALLOWED$' children
# 2
-ATTRSML="fripostOwner/read fripostOwner/compare
- fripostPostmaster/read fripostPostmaster/compare
- fripostCanCreateML/read fripostCanCreateML/search fripostCanCreateML/compare fripostCanCreateML/disclose"
-msg "Have >=rscd access to the public attributes and >=a to \"children\" (if CanCreateML, exact)"
+ATTRSL="fripostOwner/read fripostOwner/compare
+ fripostPostmaster/read fripostPostmaster/compare
+ fripostCanCreateList/read fripostCanCreateList/search fripostCanCreateList/compare fripostCanCreateList/disclose"
+msg "Have >=rscd access to the public attributes and >=a to \"children\" (if CanCreateList, exact)"
for U in ${USERS}; do
for D in ${DOMAINS}; do
- search -s base -b "${D},${SUFFIX}" "fripostCanCreateML=${U},${SUFFIX}" | grep -q '^dn: ' && \
- checkACL "${U}" "${D}" children/add ${ATTRS0} ${ATTRSML}
+ search -s base -b "${D},${SUFFIX}" "fripostCanCreateList=${U},${SUFFIX}" | grep -q '^dn: ' && \
+ checkACL "${U}" "${D}" children/add ${ATTRS0} ${ATTRSL}
done
done | isOK 'ALLOWED$' children
[ $? -eq 0 ] || exit $?
# 2
-msg "Have >=rscd access to the public attributes and >=a to \"children\" (if CanCreateML, wildcard)"
+msg "Have >=rscd access to the public attributes and >=a to \"children\" (if CanCreateList, wildcard)"
for U in ${USERS}; do
DU="$(echo "${U}" | sed -re 's/.*,(fvd=[^,]+)$/\1/')"
for D in ${DOMAINS}; do
- search -s base -b "${D},${SUFFIX}" "fripostCanCreateML=${DU},${SUFFIX}" | grep -q '^dn: ' && \
- checkACL "${U}" "${D}" children/add ${ATTRS0} ${ATTRSML}
+ search -s base -b "${D},${SUFFIX}" "fripostCanCreateList=${DU},${SUFFIX}" | grep -q '^dn: ' && \
+ checkACL "${U}" "${D}" children/add ${ATTRS0} ${ATTRSL}
done
done | isOK 'ALLOWED$' children
[ $? -eq 0 ] || exit $?
@@ -298,7 +304,7 @@ done | isOK 'ALLOWED$' children
# 3
# >=w to "children", =zrscd to "entry", >=rscd to "fripostCanCreateAlias" and
-# "fripostCanCreateML", and =wrscd to the rest (other than "Owner" and
+# "fripostCanCreateList", and =wrscd to the rest (other than "Owner" and
# Postmaster")
msg "Have =wrscd to the domain attributes (other than \"canCreate\"), and >=w to \"children\" (if Owner)"
ATTRSO="entry/delete
@@ -309,7 +315,7 @@ ATTRSO="entry/delete
for U in ${USERS}; do
for D in ${DOMAINS}; do
search -s base -b "${D},${SUFFIX}" "fripostOwner=${U},${SUFFIX}" | grep -q '^dn: ' && \
- checkACL "${U}" "${D}" children/write ${ATTRS0} ${ATTRSA} ${ATTRSML} ${ATTRSO}
+ checkACL "${U}" "${D}" children/write ${ATTRS0} ${ATTRSA} ${ATTRSL} ${ATTRSO}
done
done | isOK 'ALLOWED$' children
[ $? -eq 0 ] || exit $?
@@ -317,15 +323,15 @@ done | isOK 'ALLOWED$' children
# 4
# >=w to "children", =zrscd to "entry", >=rscd to "fripostCanCreateAlias" and
-# "fripostCanCreateML", and =wrscd to the rest (other than "Owner" and
+# "fripostCanCreateList", and =wrscd to the rest (other than "Owner" and
# Postmaster")
msg "Have =wrscd to the domain attributes, and >=w to \"children\" (if Postmaster)"
ATTRSP="fripostCanCreateAlias/add fripostCanCreateAlias/delete
- fripostCanCreateML/add fripostCanCreateML/delete"
+ fripostCanCreateList/add fripostCanCreateList/delete"
for U in ${USERS}; do
for D in ${DOMAINS}; do
search -s base -b "${D},${SUFFIX}" "fripostPostmaster=${U},${SUFFIX}" | grep -q '^dn: ' && \
- checkACL "${U}" "${D}" children/write ${ATTRS0} ${ATTRSA} ${ATTRSML} ${ATTRSO} ${ATTRSP}
+ checkACL "${U}" "${D}" children/write ${ATTRS0} ${ATTRSA} ${ATTRSL} ${ATTRSO} ${ATTRSP}
done
done | isOK 'ALLOWED$' children
[ $? -eq 0 ] || exit $?
@@ -339,8 +345,8 @@ for U in ${USERS}; do
[ "x${DU}" = "x${D}" ] || \
search -s base -b "${D},${SUFFIX}" "(|(fripostCanCreateAlias=${U},${SUFFIX})
(fripostCanCreateAlias=${DU},${SUFFIX})
- (fripostCanCreateML=${U},${SUFFIX})
- (fripostCanCreateML=${DU},${SUFFIX})
+ (fripostCanCreateList=${U},${SUFFIX})
+ (fripostCanCreateList=${DU},${SUFFIX})
(fripostOwner=${U},${SUFFIX})
(fripostPostmaster=${U},${SUFFIX}))" | grep -q '^dn: ' || \
checkACL "${U}" "${D}" ${ATTRS0}
@@ -350,17 +356,17 @@ done | isOK 'DENIED$' entry read
# not (1 or 2 or 3 or 4)
-msg "Do not have >=rc access to \"canCreate{Alias,ML}\", \"Owner\", \"Postmaster\" (unless member)"
+msg "Do not have >=rc access to \"canCreate{Alias,List}\", \"Owner\", \"Postmaster\" (unless member)"
for U in ${USERS}; do
DU="$(echo "${U}" | sed -re 's/.*,(fvd=[^,]+)$/\1/')"
for D in ${DOMAINS}; do
search -s base -b "${D},${SUFFIX}" "(|(fripostCanCreateAlias=${U},${SUFFIX})
(fripostCanCreateAlias=${DU},${SUFFIX})
- (fripostCanCreateML=${U},${SUFFIX})
- (fripostCanCreateML=${DU},${SUFFIX})
+ (fripostCanCreateList=${U},${SUFFIX})
+ (fripostCanCreateList=${DU},${SUFFIX})
(fripostOwner=${U},${SUFFIX})
(fripostPostmaster=${U},${SUFFIX}))" | grep -q '^dn: ' || \
- checkACL "${U}" "${D}" ${ATTRSA} ${ATTRSML} entry/add
+ checkACL "${U}" "${D}" ${ATTRSA} ${ATTRSL} entry/add
done
done | isOK 'DENIED$' entry # "entry" here is useless, but it's just to get the count
[ $? -eq 0 ] || exit $?
@@ -382,15 +388,15 @@ done | isOK '\(=0\|DENIED\)$' entry # "entry" here is useless, but it's just to
# not (2 or 3 or 4)
-msg "Have =0 access to \"canCreateML\" (unless member, Owner, or Postmaster)"
+msg "Have =0 access to \"canCreateList\" (unless member, Owner, or Postmaster)"
for U in ${USERS}; do
DU="$(echo "${U}" | sed -re 's/.*,(fvd=[^,]+)$/\1/')"
for D in ${DOMAINS}; do
- search -s base -b "${D},${SUFFIX}" "(|(fripostCanCreateML=${U},${SUFFIX})
- (fripostCanCreateML=${DU},${SUFFIX})
+ search -s base -b "${D},${SUFFIX}" "(|(fripostCanCreateList=${U},${SUFFIX})
+ (fripostCanCreateList=${DU},${SUFFIX})
(fripostOwner=${U},${SUFFIX})
(fripostPostmaster=${U},${SUFFIX}))" | grep -q '^dn: ' || \
- checkACL "${U}" "${D}" fripostCanCreateML entry/add
+ checkACL "${U}" "${D}" fripostCanCreateList entry/add
done
done | isOK '\(=0\|DENIED\)$' entry # "entry" here is useless, but it's just to get the count
[ $? -eq 0 ] || exit $?
@@ -409,7 +415,7 @@ done | isOK 'DENIED$' entry
# not 4
-msg "Do not have >=w access to \"canCreate{Alias,ML}\" (unless Postmaster)"
+msg "Do not have >=w access to \"canCreate{Alias,List}\" (unless Postmaster)"
for U in ${USERS}; do
for D in ${DOMAINS}; do
search -s base -b "${D},${SUFFIX}" "fripostPostmaster=${U},${SUFFIX}" | grep -q '^dn: ' || \
@@ -431,6 +437,8 @@ echo "Authenticated users, access to user entries"
# +a if domain postmaster
# * children:
# =0 for all
+# * objectClass:
+# =s for all
# * fvu:
# =wrscd if account owner or domain postmaster
# * userPassword:
@@ -441,8 +449,6 @@ echo "Authenticated users, access to user entries"
# =rscd if account owner or domain postmaster
# * fripostOptionalMaildrop:
# =wrscd if account owner or domain postmaster
-# * cn:
-# =wrscd if account owner or domain postmaster
# * description:
# =wrscd if account owner or domain postmaster
@@ -463,7 +469,7 @@ usersU userPassword | isOK '=w$'
[ $? -eq 0 ] || exit $?
msg "Have =wrscxd access to the other attributes of their own entry"
-usersU fvu fripostIsStatusActive fripostOptionalMaildrop cn description | isOK 'write(=wrscxd)$' fvu
+usersU fvu fripostIsStatusActive fripostOptionalMaildrop description | isOK 'write(=wrscxd)$' fvu
[ $? -eq 0 ] || exit $?
msg "Have >=rsd access to the \"entry\" attribute of their own entry"
@@ -475,6 +481,10 @@ msg "Have =0 access to their \"children\" and operational attributes"
usersU children structuralObjectClass entryUUID createTimestamp entryCSN modifiersName modifyTimestamp | isOK '=0$' children
[ $? -eq 0 ] || exit $?
+msg "Have =s access to \"objectClass\""
+usersD objectClass | isOK '=s' objectClass
+[ $? -eq 0 ] || exit $?
+
msg "Have =0 access to other user entries (unless Postmaster)"
for U1 in ${USERS}; do
for U2 in ${USERS}; do
@@ -486,7 +496,7 @@ for U1 in ${USERS}; do
fripostIsStatusActive \
fripostMailboxQuota \
fripostOptionalMaildrop \
- cn description
+ description
done
done | isOK '=0$' entry
[ $? -eq 0 ] || exit $?
@@ -512,7 +522,7 @@ usersP userPassword | isOK '=w$'
[ $? -eq 0 ] || exit $?
msg "Have =wrscxd access to the other attributes of their users' entry (if Postmaster)"
-usersP fvu fripostIsStatusActive fripostOptionalMaildrop cn description | isOK 'write(=wrscxd)$' fvu
+usersP fvu fripostIsStatusActive fripostOptionalMaildrop description | isOK 'write(=wrscxd)$' fvu
[ $? -eq 0 ] || exit $?
# "+a" is needed to create new accounts. "+z" would be required to
@@ -540,6 +550,8 @@ echo "Authenticated users, access to alias entries"
# +w (regular alias) if domain owner or domain postmaster
# * children:
# =0 for all
+# * objectClass:
+# =s for all
# * fva:
# =rscd (reserved alias) if domain owner or domain postmaster
# =wrscd (regular alias) if alias owner, domain owner or domain postmaster
@@ -574,6 +586,10 @@ msg "Have =0 access to the \"children\" and operational attributes"
usersA children structuralObjectClass entryUUID createTimestamp entryCSN modifiersName modifyTimestamp | isOK '=0$' children
[ $? -eq 0 ] || exit $?
+msg "Have =s access to \"objectClass\""
+usersD objectClass | isOK '=s' objectClass
+[ $? -eq 0 ] || exit $?
+
RESERVED_ATTRS="entry/delete
fva/write
fripostIsStatusActive/write"
@@ -739,136 +755,136 @@ done | isOK 'DENIED$' entry delete
echo
-echo "Authenticated users, access to mailing list entries"
+echo "Authenticated users, access to list entries"
# * entry:
# =s for all
-# +a if canCreateML, domain owner or domain postmaster
-# +zrd if mailing list owner, domain owner or domain postmaster
+# +a if canCreateList, domain owner or domain postmaster
+# +zrd if list owner, domain owner or domain postmaster
# * children:
# =0 for all
-# * fvml:
-# =wrscd if mailing list owner, domain owner or domain postmaster
-# * fripostMLManager:
-# =rscd if mailing list owner, domain owner or domain postmaster
+# * fvl:
+# =wrscd if list owner, domain owner or domain postmaster
+# * fripostListManager:
+# =rscd if list owner, domain owner or domain postmaster
# * fripostIsStatusActive:
-# =wrscd if mailing list owner, domain owner or domain postmaster
-# * fripostMLCommand:
-# =rscd if mailing list owner, domain owner or domain postmaster
+# =wrscd if list owner, domain owner or domain postmaster
+# * fripostListCommand:
+# =rscd if list owner, domain owner or domain postmaster
# * fripostOwner:
# =d for all
-# +rsc if mailing list owner, domain owner or domain postmaster
+# +rsc if list owner, domain owner or domain postmaster
# +w if domain owner or domain postmaster
# * description:
-# =wrscd if mailing list owner, domain owner or domain postmaster
+# =wrscd if list owner, domain owner or domain postmaster
-usersML () {
+usersL () {
for U in ${USERS}; do
- for ML in ${MLS}; do
- checkACL "${U}" "${ML}" "$@"
+ for L in ${LISTS}; do
+ checkACL "${U}" "${L}" "$@"
done
done
}
msg "Have >=s access on \"entry\" and \"fripostOwner\""
-usersML fripostOwner/search entry/search | isOK 'ALLOWED$' entry
+usersL fripostOwner/search entry/search | isOK 'ALLOWED$' entry
[ $? -eq 0 ] || exit $?
msg "Have =0 access the \"children\" and operational attributes"
-usersML children structuralObjectClass entryUUID createTimestamp entryCSN modifiersName modifyTimestamp | isOK '=0$' children
+usersL children structuralObjectClass entryUUID createTimestamp entryCSN modifiersName modifyTimestamp | isOK '=0$' children
[ $? -eq 0 ] || exit $?
msg "Cannot change transport-related attributes"
for U in ${USERS}; do
- for ML in ${MLS}; do
- checkACL "${U}" "${ML}" fripostMLCommand/add fripostMLCommand/delete \
- fripostMLManager/write
+ for L in ${LISTS}; do
+ checkACL "${U}" "${L}" fripostListCommand/add fripostListCommand/delete \
+ fripostListManager/write
done
-done | isOK 'DENIED$' fripostMLManager
+done | isOK 'DENIED$' fripostListManager
[ $? -eq 0 ] || exit $?
ATTRS="entry/read entry/disclose entry/delete
- fvml/write fvml/read fvml/search fvml/compare fvml/disclose
- fripostMLManager/read fripostMLManager/search fripostMLManager/compare fripostMLManager/disclose
+ fvl/write fvl/read fvl/search fvl/compare fvl/disclose
+ fripostListManager/read fripostListManager/search fripostListManager/compare fripostListManager/disclose
fripostIsStatusActive/write fripostIsStatusActive/read fripostIsStatusActive/search fripostIsStatusActive/compare fripostIsStatusActive/disclose
- fripostMLCommand/read fripostMLCommand/search fripostMLCommand/compare fripostMLCommand/disclose
+ fripostListCommand/read fripostListCommand/search fripostListCommand/compare fripostListCommand/disclose
fripostOwner/read fripostOwner/compare fripostOwner/disclose
description/add description/delete description/read description/compare description/disclose"
ATTRS2="fripostOwner/add fripostOwner/delete"
-msg "Can edit/delete mailing list (if mailing list Owner)"
+msg "Can edit/delete list (if list Owner)"
for U in ${USERS}; do
- for ML in ${MLS}; do
- search -s base -b "${ML},${SUFFIX}" "fripostOwner=${U},${SUFFIX}" | grep -q '^dn: ' && \
- checkACL "${U}" "${ML}" ${ATTRS}
+ for L in ${LISTS}; do
+ search -s base -b "${L},${SUFFIX}" "fripostOwner=${U},${SUFFIX}" | grep -q '^dn: ' && \
+ checkACL "${U}" "${L}" ${ATTRS}
done
done | isOK 'ALLOWED$' entry delete
[ $? -eq 0 ] || exit $?
-msg "Can edit/create/delete mailing list (if domain Owner)"
+msg "Can edit/create/delete list (if domain Owner)"
[ $? -eq 0 ] || exit $?
for U in ${USERS}; do
- for ML in ${MLS}; do
- DML="$(echo "${ML}" | sed -re 's/.*,(fvd=[^,]+)$/\1/')"
- search -s base -b "${DML},${SUFFIX}" "fripostOwner=${U},${SUFFIX}" | grep -q '^dn: ' && \
- checkACL "${U}" "${ML}" ${ATTRS} ${ATTRS2} entry/add
+ for L in ${LISTS}; do
+ DL="$(echo "${L}" | sed -re 's/.*,(fvd=[^,]+)$/\1/')"
+ search -s base -b "${DL},${SUFFIX}" "fripostOwner=${U},${SUFFIX}" | grep -q '^dn: ' && \
+ checkACL "${U}" "${L}" ${ATTRS} ${ATTRS2} entry/add
done
done | isOK 'ALLOWED$' entry add
[ $? -eq 0 ] || exit $?
-msg "Can edit/create/delete mailing list (if domain Postmaster)"
+msg "Can edit/create/delete list (if domain Postmaster)"
[ $? -eq 0 ] || exit $?
for U in ${USERS}; do
- for ML in ${MLS}; do
- DML="$(echo "${ML}" | sed -re 's/.*,(fvd=[^,]+)$/\1/')"
- search -s base -b "${DML},${SUFFIX}" "fripostPostmaster=${U},${SUFFIX}" | grep -q '^dn: ' && \
- checkACL "${U}" "${ML}" ${ATTRS} ${ATTRS2} entry/add
+ for L in ${LISTS}; do
+ DL="$(echo "${L}" | sed -re 's/.*,(fvd=[^,]+)$/\1/')"
+ search -s base -b "${DL},${SUFFIX}" "fripostPostmaster=${U},${SUFFIX}" | grep -q '^dn: ' && \
+ checkACL "${U}" "${L}" ${ATTRS} ${ATTRS2} entry/add
done
done | isOK 'ALLOWED$' entry add
[ $? -eq 0 ] || exit $?
# Needed to create new entries. ("+z" is required to delete, btw.)
-msg "Have >=a access to \"entry\" (if CanCreateML, exact)"
+msg "Have >=a access to \"entry\" (if CanCreateList, exact)"
for U in ${USERS}; do
- for ML in ${MLS}; do
- DML="$(echo "${ML}" | sed -re 's/.*,(fvd=[^,]+)$/\1/')"
- search -s base -b "${DML},${SUFFIX}" "fripostCanCreateML=${U},${SUFFIX}" | grep -q '^dn: ' && \
- checkACL "${U}" "${ML}" entry/add
+ for L in ${LISTS}; do
+ DL="$(echo "${L}" | sed -re 's/.*,(fvd=[^,]+)$/\1/')"
+ search -s base -b "${DL},${SUFFIX}" "fripostCanCreateList=${U},${SUFFIX}" | grep -q '^dn: ' && \
+ checkACL "${U}" "${L}" entry/add
done
done | isOK 'ALLOWED$' entry
[ $? -eq 0 ] || exit $?
# Needed to create new entries. ("+z" is required to delete, btw.)
-msg "Have >=a access to \"entry\" (if CanCreateML, wildcard)"
+msg "Have >=a access to \"entry\" (if CanCreateList, wildcard)"
for U in ${USERS}; do
DU="$(echo "${U}" | sed -re 's/.*,(fvd=[^,]+)$/\1/')"
- for ML in ${MLS}; do
- DML="$(echo "${ML}" | sed -re 's/.*,(fvd=[^,]+)$/\1/')"
- search -s base -b "${DML},${SUFFIX}" "fripostCanCreateML=${DU},${SUFFIX}" | grep -q '^dn: ' && \
- checkACL "${U}" "${ML}" entry/add
+ for L in ${LISTS}; do
+ DL="$(echo "${L}" | sed -re 's/.*,(fvd=[^,]+)$/\1/')"
+ search -s base -b "${DL},${SUFFIX}" "fripostCanCreateList=${DU},${SUFFIX}" | grep -q '^dn: ' && \
+ checkACL "${U}" "${L}" entry/add
done
done | isOK 'ALLOWED$' entry
[ $? -eq 0 ] || exit $?
-msg "Do not have >=a access to \"entry\" (unless canCreateML)"
+msg "Do not have >=a access to \"entry\" (unless canCreateList)"
for U in ${USERS}; do
DU="$(echo "${U}" | sed -re 's/.*,(fvd=[^,]+)$/\1/')"
- for ML in ${MLS}; do
- DML="$(echo "${ML}" | sed -re 's/.*,(fvd=[^,]+)$/\1/')"
- search -s base -b "${DML},${SUFFIX}" "(|(fripostCanCreateML=${U},${SUFFIX})
- (fripostCanCreateML=${DU},${SUFFIX})
+ for L in ${LISTS}; do
+ DL="$(echo "${L}" | sed -re 's/.*,(fvd=[^,]+)$/\1/')"
+ search -s base -b "${DL},${SUFFIX}" "(|(fripostCanCreateList=${U},${SUFFIX})
+ (fripostCanCreateList=${DU},${SUFFIX})
(fripostOwner=${U},${SUFFIX})
(fripostPostmaster=${U},${SUFFIX}))" | grep -q '^dn: ' || \
- checkACL "${U}" "${ML}" entry/add
+ checkACL "${U}" "${L}" entry/add
done
done | isOK 'DENIED$' entry
[ $? -eq 0 ] || exit $?
@@ -886,14 +902,14 @@ done | isOK 'DENIED$' fripostOwner add
[ $? -eq 0 ] || exit $?
-msg "Have no access to mailing list entries (unless mailing list owner/domain owner/domain postmaster)"
+msg "Have no access to list entries (unless list owner/domain owner/domain postmaster)"
for U in ${USERS}; do
- for ML in ${MLS}; do
- DML="$(echo "${ML}" | sed -re 's/.*,(fvd=[^,]+)$/\1/')"
- search -s base -b "${ML},${SUFFIX}" "fripostOwner=${U},${SUFFIX}" | grep -q '^dn: ' || \
- search -s base -b "${DML},${SUFFIX}" "(|(fripostOwner=${U},${SUFFIX})
+ for L in ${LISTS}; do
+ DL="$(echo "${L}" | sed -re 's/.*,(fvd=[^,]+)$/\1/')"
+ search -s base -b "${L},${SUFFIX}" "fripostOwner=${U},${SUFFIX}" | grep -q '^dn: ' || \
+ search -s base -b "${DL},${SUFFIX}" "(|(fripostOwner=${U},${SUFFIX})
(fripostPostmaster=${U},${SUFFIX}))" | grep -q '^dn: ' || \
- checkACL "${U}" "${ML}" ${ATTRS} entry/delete
+ checkACL "${U}" "${L}" ${ATTRS} entry/delete
done
done | isOK 'DENIED$' entry delete
[ $? -eq 0 ] || exit $?