aboutsummaryrefslogtreecommitdiffstats
path: root/lib/Fripost/Schema
diff options
context:
space:
mode:
Diffstat (limited to 'lib/Fripost/Schema')
-rw-r--r--lib/Fripost/Schema/Auth.pm4
-rw-r--r--lib/Fripost/Schema/Domain.pm43
2 files changed, 32 insertions, 15 deletions
diff --git a/lib/Fripost/Schema/Auth.pm b/lib/Fripost/Schema/Auth.pm
index f06ce4f..3bdda8f 100644
--- a/lib/Fripost/Schema/Auth.pm
+++ b/lib/Fripost/Schema/Auth.pm
@@ -23,7 +23,7 @@ use Net::LDAP;
use Net::LDAP::Extension::SetPassword;
use Authen::SASL;
use Fripost::Schema::Util qw/canonical_dn ldap_explode_dn ldap_error
- split_addr assert softdie/;
+ split_addr email_valid assert softdie/;
=head1 METHODS
@@ -163,7 +163,7 @@ sub auth {
$self->whoami( join ',', @{$options{ldap_bind_dn}} );
}
else {
- return unless defined $user;
+ return unless email_valid($user, -nodie => 1, -exact => 1);
$self->whoami( $self->mail2dn($user) );
}
diff --git a/lib/Fripost/Schema/Domain.pm b/lib/Fripost/Schema/Domain.pm
index f819348..36194d8 100644
--- a/lib/Fripost/Schema/Domain.pm
+++ b/lib/Fripost/Schema/Domain.pm
@@ -227,10 +227,9 @@ sub search {
# Map a list of LDAP::Entry object into our public representation of
# domains.
sub _entries_to_domains {
- my $user = lc shift;
- my @dn = @{ldap_explode_dn $user};
- shift @dn;
- my $parent = lc (canonical_dn @dn);
+ my @user = @{ldap_explode_dn shift};
+ my @parent = @user;
+ shift @parent;
my $keys = shift // [];
my @domains;
@@ -288,16 +287,16 @@ sub _entries_to_domains {
if ((not @$keys or grep { $_ eq 'permissions' } @$keys)) {
my $perms = '';
$perms .= 'a' if $entry->exists('fripostCanAddAlias') and
- grep { $user eq lc $_ or $parent eq lc $_ }
+ grep { &_dngrep ($_, \@user, \@parent) }
$entry->get_value('fripostCanAddAlias');
$perms .= 'l' if $entry->exists('fripostCanAddList') and
- grep { $user eq lc $_ or $parent eq lc $_ }
+ grep { &_dngrep ($_, \@user, \@parent) }
$entry->get_value('fripostCanAddList');
$perms = 'o' if $entry->exists('fripostOwner') and
- grep { $user eq lc $_ }
+ grep { &_dngrep ($_, \@user) }
$entry->get_value('fripostOwner');
$perms = 'p' if $entry->exists('fripostPostmaster') and
- grep { $user eq lc $_ }
+ grep { &_dngrep ($_, \@user) }
$entry->get_value('fripostPostmaster');
$domain{permissions} = $perms;
}
@@ -354,10 +353,9 @@ B<Fripost::Schema::Util> for details.
sub canIAdd {
my $self = shift;
- my @dn = @{ldap_explode_dn ($self->mail2dn(shift) // $self->whoami)};
- my $user = lc (canonical_dn @dn);
- shift @dn;
- my $parent = lc (canonical_dn @dn);
+ my @user = @{ldap_explode_dn ($self->mail2dn(shift) // $self->whoami)};
+ my @parent = @user;
+ shift @parent;
my %options = @_;
# Nothing to do after an error.
@@ -376,7 +374,7 @@ sub canIAdd {
die "Multiple virtual directories?" unless $mesg->count == 1;
my $base = $mesg->pop_entry // die "Empty virtual directory?";
- scalar (grep { lc $_ eq $user or lc $_ eq $parent }
+ scalar (grep { &_dngrep($_, \@user, \@parent) }
$base->get_value('fripostCanAddDomain'));
}
@@ -723,6 +721,25 @@ sub _email_to_unicode {
return email_to_unicode($email);
}
+
+
+# DN matching
+sub _dngrep {
+ my $x = ldap_explode_dn shift;
+ scalar (grep {&_dngrep1 ($x, $_)} @_);
+}
+
+sub _dngrep1 {
+ my ($x, $y) = @_;
+ return unless $#$y == $#$x;
+ for (my $i = 0; $i <= $#$x; $i++) {
+ foreach (keys %{$x->[$i]}) {
+ lc $x->[$i]->{$_} eq lc $y->[$i]->{$_} or return;
+ }
+ }
+ return 1;
+}
+
=back
=head1 AUTHOR