From 48d39ff63e2bfa2bdb7759bc4a99f69778d5ee22 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Tue, 22 Jan 2013 01:41:47 +0100 Subject: Reorganized the ACL. --- ldap/test-user-acl.sh | 60 +++++++++++++++++++++++++++++++-------------------- 1 file changed, 37 insertions(+), 23 deletions(-) (limited to 'ldap/test-user-acl.sh') diff --git a/ldap/test-user-acl.sh b/ldap/test-user-acl.sh index 648f9c6..3e53b48 100755 --- a/ldap/test-user-acl.sh +++ b/ldap/test-user-acl.sh @@ -1024,94 +1024,108 @@ done | grep -Ev '^(objectClass|creatorsName)=' | isOK '=0$' entry ########################################################################### -SUFFIX0="${SUFFIX}" SUFFIX="${SUFFIXS}" echo echo "Service SMTP" +msg "Have =0 access on non-active or pending entries" +for X in ${DOMAINS} ${USERS} ${ALIASES} ${LISTS} ${LISTSC}; do + search -s base -b "${X},${SUFFIXV}" "(|(fripostIsStatusActive=TRUE)(fripostPendingToken=*))" | grep -q '^dn: ' && \ + checkACL "cn=SMTP" "${D}" +done | isOK '=0$' entry +[ $? -eq 0 ] || exit $? + msg "Can read and search the domain attributes it needs" for D in ${DOMAINS}; do + search -s base -b "${D},${SUFFIXV}" "(|(fripostIsStatusActive=FALSE)(fripostPendingToken=*))" | grep -q '^dn: ' || \ checkACL "cn=SMTP" "${D}" entry fvd fripostOptionalMaildrop done | isOK '=rsd$' entry [ $? -eq 0 ] || exit $? msg "Can search the domain attributes it needs" for D in ${DOMAINS}; do - checkACL "cn=SMTP" "${D}" objectClass fripostPendingToken fripostIsStatusActive -done | isOK '=sd$' objectClass + search -s base -b "${D},${SUFFIXV}" "(|(fripostIsStatusActive=FALSE)(fripostPendingToken=*))" | grep -q '^dn: ' || \ + checkACL "cn=SMTP" "${D}" objectClass +done | isOK '=s$' objectClass [ $? -eq 0 ] || exit $? msg "Have =0 access on other domain attributes" for D in ${DOMAINS}; do - checkACL "cn=SMTP" "${D}" children ${OPERATTRS} fripostCanAddAlias fripostCanAddList fripostOwner fripostPostmaster description + checkACL "cn=SMTP" "${D}" children ${OPERATTRS} fripostCanAddAlias fripostCanAddList fripostOwner fripostPostmaster description fripostPendingToken fripostIsStatusActive done | isOK '=0$' children [ $? -eq 0 ] || exit $? msg "Can read and search the user attributes it needs" for U in ${USERS}; do + search -s base -b "${U},${SUFFIXV}" "(fripostIsStatusActive=FALSE)" | grep -q '^dn: ' || \ checkACL "cn=SMTP" "${U}" entry fvu fripostOptionalMaildrop done | isOK '=rsd$' entry [ $? -eq 0 ] || exit $? msg "Can search the user attributes it needs" for U in ${USERS}; do - checkACL "cn=SMTP" "${U}" objectClass fripostIsStatusActive -done | isOK '=sd$' objectClass + search -s base -b "${U},${SUFFIXV}" "(fripostIsStatusActive=FALSE)" | grep -q '^dn: ' || \ + checkACL "cn=SMTP" "${U}" objectClass +done | isOK '=s$' objectClass [ $? -eq 0 ] || exit $? msg "Have =0 access on other user attributes" for U in ${USERS}; do - checkACL "cn=SMTP" "${U}" children ${OPERATTRS} userPassword fripostUserQuota description + checkACL "cn=SMTP" "${U}" children ${OPERATTRS} userPassword fripostUserQuota description fripostIsStatusActive done | isOK '=0$' children [ $? -eq 0 ] || exit $? msg "Can read and search the alias attributes it needs" for A in ${ALIASES}; do + search -s base -b "${A},${SUFFIXV}" "(fripostIsStatusActive=FALSE)" | grep -q '^dn: ' || \ checkACL "cn=SMTP" "${A}" entry fva fripostMaildrop done | isOK '=rsd$' entry [ $? -eq 0 ] || exit $? msg "Can search the alias attributes it needs" for A in ${ALIASES}; do - checkACL "cn=SMTP" "${A}" objectClass fripostIsStatusActive -done | isOK '=sd$' objectClass + search -s base -b "${A},${SUFFIXV}" "(fripostIsStatusActive=FALSE)" | grep -q '^dn: ' || \ + checkACL "cn=SMTP" "${A}" objectClass +done | isOK '=s$' objectClass [ $? -eq 0 ] || exit $? msg "Have =0 access on other alias attributes" for A in ${ALIASES}; do - checkACL "cn=SMTP" "${A}" children ${OPERATTRS} fripostOwner description + checkACL "cn=SMTP" "${A}" children ${OPERATTRS} fripostOwner description fripostIsStatusActive done | isOK '=0$' children [ $? -eq 0 ] || exit $? msg "Can read and search the list attributes it needs" for L in ${LISTS}; do + search -s base -b "${L},${SUFFIXV}" "(|(fripostIsStatusActive=FALSE)(fripostPendingToken=*))" | grep -q '^dn: ' || \ checkACL "cn=SMTP" "${L}" entry fvl fripostLocalAlias done | isOK '=rsd$' entry [ $? -eq 0 ] || exit $? msg "Can search the list attributes it needs" for L in ${LISTS}; do - checkACL "cn=SMTP" "${L}" objectClass fripostIsStatusActive fripostPendingToken -done | isOK '=sd$' objectClass + search -s base -b "${L},${SUFFIXV}" "(|(fripostIsStatusActive=FALSE)(fripostPendingToken=*))" | grep -q '^dn: ' || \ + checkACL "cn=SMTP" "${L}" objectClass +done | isOK '=s$' objectClass [ $? -eq 0 ] || exit $? msg "Have =0 access on other list attributes" for L in ${LISTS}; do - checkACL "cn=SMTP" "${L}" children ${OPERATTRS} fripostListManager fripostOwner description + checkACL "cn=SMTP" "${L}" children ${OPERATTRS} fripostListManager fripostOwner description fripostIsStatusActive fripostPendingToken done | isOK '=0$' children [ $? -eq 0 ] || exit $? msg "Can read and search the list command attributes it needs" for LC in ${LISTSC}; do - checkACL "cn=SMTP" "${LC}" entry fvlc + checkACL "cn=SMTP" "${LC}" entry fvlc fripostLocalAlias done | isOK '=rsd$' entry [ $? -eq 0 ] || exit $? msg "Can search the list command attributes it needs" for LC in ${LISTSC}; do checkACL "cn=SMTP" "${LC}" objectClass -done | isOK '=sd$' objectClass +done | isOK '=s$' objectClass [ $? -eq 0 ] || exit $? msg "Have =0 access on other list command attributes" @@ -1158,7 +1172,7 @@ done | isOK '=rsd$' msg "Have =a access on lists' children attribute" for L in ${LISTS}; do - search -s base -b "${L},${SUFFIX0}" "(fripostPendingToken=*)" | grep -q '^dn: ' || \ + search -s base -b "${L},${SUFFIXV}" "(fripostPendingToken=*)" | grep -q '^dn: ' || \ checkACL "cn=CreateList" "${L}" children done | isOK '=a$' [ $? -eq 0 ] || exit $? @@ -1190,14 +1204,14 @@ echo "Service DeletePendingEntries" msg "Have =z access on the \"children\" attribute of non-pending entries" (checkACL "cn=DeletePendingEntries" "" children for X in ${DOMAINS} ${USERS} ${ALIASES} ${LISTS} ${LISTSC}; do - search -s base -b "${X},${SUFFIX0}" "(fripostPendingToken=*)" | grep -q '^dn: ' || \ + search -s base -b "${X},${SUFFIXV}" "(fripostPendingToken=*)" | grep -q '^dn: ' || \ checkACL "cn=DeletePendingEntries" "${X}" children done) | isOK '=z$' children [ $? -eq 0 ] || exit $? msg "Have =zrsd access on the \"entry\" attribute of pending entries" for X in ${DOMAINS} ${USERS} ${ALIASES} ${LISTS} ${LISTSC}; do - search -s base -b "${X},${SUFFIX0}" "(fripostPendingToken=*)" | grep -q '^dn: ' && \ + search -s base -b "${X},${SUFFIXV}" "(fripostPendingToken=*)" | grep -q '^dn: ' && \ checkACL "cn=DeletePendingEntries" "${X}" entry done | isOK '=zrsd$' entry [ $? -eq 0 ] || exit $? @@ -1205,21 +1219,21 @@ done | isOK '=zrsd$' entry msg "Have =s access on the \"entry\" attribute of non-pending entries" (checkACL "cn=DeletePendingEntries" "" entry for X in ${DOMAINS} ${USERS} ${ALIASES} ${LISTS} ${LISTSC}; do - search -s base -b "${X},${SUFFIX0}" "(fripostPendingToken=*)" | grep -q '^dn: ' || \ + search -s base -b "${X},${SUFFIXV}" "(fripostPendingToken=*)" | grep -q '^dn: ' || \ checkACL "cn=DeletePendingEntries" "${X}" entry done) | isOK '=s$' entry [ $? -eq 0 ] || exit $? -msg "Have =sd access on the attributes it needs on pending entries" +msg "Have =s access on the attributes it needs on pending entries" for X in ${DOMAINS} ${USERS} ${ALIASES} ${LISTS} ${LISTSC}; do - search -s base -b "${X},${SUFFIX0}" "(fripostPendingToken=*)" | grep -q '^dn: ' && \ + search -s base -b "${X},${SUFFIXV}" "(fripostPendingToken=*)" | grep -q '^dn: ' && \ checkACL "cn=DeletePendingEntries" "${X}" createTimestamp fripostPendingToken -done | isOK '=sd$' fripostPendingToken +done | isOK '=s$' fripostPendingToken [ $? -eq 0 ] || exit $? msg "Have =0 access these attributes for non-pending entries" for X in ${DOMAINS} ${USERS} ${ALIASES} ${LISTS} ${LISTSC}; do - search -s base -b "${X},${SUFFIX0}" "(fripostPendingToken=*)" | grep -q '^dn: ' || \ + search -s base -b "${X},${SUFFIXV}" "(fripostPendingToken=*)" | grep -q '^dn: ' || \ checkACL "cn=DeletePendingEntries" "${X}" createTimestamp fripostPendingToken done | isOK '=0$' fripostPendingToken [ $? -eq 0 ] || exit $? -- cgit v1.2.3