diff options
Diffstat (limited to 'lib/Fripost/Schema')
-rw-r--r-- | lib/Fripost/Schema/Auth.pm | 4 | ||||
-rw-r--r-- | lib/Fripost/Schema/Domain.pm | 43 |
2 files changed, 32 insertions, 15 deletions
diff --git a/lib/Fripost/Schema/Auth.pm b/lib/Fripost/Schema/Auth.pm index f06ce4f..3bdda8f 100644 --- a/lib/Fripost/Schema/Auth.pm +++ b/lib/Fripost/Schema/Auth.pm @@ -23,7 +23,7 @@ use Net::LDAP; use Net::LDAP::Extension::SetPassword; use Authen::SASL; use Fripost::Schema::Util qw/canonical_dn ldap_explode_dn ldap_error - split_addr assert softdie/; + split_addr email_valid assert softdie/; =head1 METHODS @@ -163,7 +163,7 @@ sub auth { $self->whoami( join ',', @{$options{ldap_bind_dn}} ); } else { - return unless defined $user; + return unless email_valid($user, -nodie => 1, -exact => 1); $self->whoami( $self->mail2dn($user) ); } diff --git a/lib/Fripost/Schema/Domain.pm b/lib/Fripost/Schema/Domain.pm index f819348..36194d8 100644 --- a/lib/Fripost/Schema/Domain.pm +++ b/lib/Fripost/Schema/Domain.pm @@ -227,10 +227,9 @@ sub search { # Map a list of LDAP::Entry object into our public representation of # domains. sub _entries_to_domains { - my $user = lc shift; - my @dn = @{ldap_explode_dn $user}; - shift @dn; - my $parent = lc (canonical_dn @dn); + my @user = @{ldap_explode_dn shift}; + my @parent = @user; + shift @parent; my $keys = shift // []; my @domains; @@ -288,16 +287,16 @@ sub _entries_to_domains { if ((not @$keys or grep { $_ eq 'permissions' } @$keys)) { my $perms = ''; $perms .= 'a' if $entry->exists('fripostCanAddAlias') and - grep { $user eq lc $_ or $parent eq lc $_ } + grep { &_dngrep ($_, \@user, \@parent) } $entry->get_value('fripostCanAddAlias'); $perms .= 'l' if $entry->exists('fripostCanAddList') and - grep { $user eq lc $_ or $parent eq lc $_ } + grep { &_dngrep ($_, \@user, \@parent) } $entry->get_value('fripostCanAddList'); $perms = 'o' if $entry->exists('fripostOwner') and - grep { $user eq lc $_ } + grep { &_dngrep ($_, \@user) } $entry->get_value('fripostOwner'); $perms = 'p' if $entry->exists('fripostPostmaster') and - grep { $user eq lc $_ } + grep { &_dngrep ($_, \@user) } $entry->get_value('fripostPostmaster'); $domain{permissions} = $perms; } @@ -354,10 +353,9 @@ B<Fripost::Schema::Util> for details. sub canIAdd { my $self = shift; - my @dn = @{ldap_explode_dn ($self->mail2dn(shift) // $self->whoami)}; - my $user = lc (canonical_dn @dn); - shift @dn; - my $parent = lc (canonical_dn @dn); + my @user = @{ldap_explode_dn ($self->mail2dn(shift) // $self->whoami)}; + my @parent = @user; + shift @parent; my %options = @_; # Nothing to do after an error. @@ -376,7 +374,7 @@ sub canIAdd { die "Multiple virtual directories?" unless $mesg->count == 1; my $base = $mesg->pop_entry // die "Empty virtual directory?"; - scalar (grep { lc $_ eq $user or lc $_ eq $parent } + scalar (grep { &_dngrep($_, \@user, \@parent) } $base->get_value('fripostCanAddDomain')); } @@ -723,6 +721,25 @@ sub _email_to_unicode { return email_to_unicode($email); } + + +# DN matching +sub _dngrep { + my $x = ldap_explode_dn shift; + scalar (grep {&_dngrep1 ($x, $_)} @_); +} + +sub _dngrep1 { + my ($x, $y) = @_; + return unless $#$y == $#$x; + for (my $i = 0; $i <= $#$x; $i++) { + foreach (keys %{$x->[$i]}) { + lc $x->[$i]->{$_} eq lc $y->[$i]->{$_} or return; + } + } + return 1; +} + =back =head1 AUTHOR |