summaryrefslogtreecommitdiff
path: root/www
diff options
context:
space:
mode:
authorGunnar Wrobel <wrobel@pardus.de>2010-01-11 09:33:32 (GMT)
committerGunnar Wrobel <wrobel@pardus.de>2010-01-11 09:33:32 (GMT)
commitfd8463433a1aa6483b746337382d543f8d85b6a9 (patch)
treed0538d2304cbde5f7ed6d8b564ad94834af7440d /www
parentd90a77e0495d85fb95747859646624cf78108985 (diff)
downloadkolab-webadmin-fd8463433a1aa6483b746337382d543f8d85b6a9.tar.gz
MFB: kolab/issue1340 (RFC: restrict users
to sending mail only to internal recipients)
Diffstat (limited to 'www')
-rw-r--r--www/admin/user/user.php.in73
1 files changed, 73 insertions, 0 deletions
diff --git a/www/admin/user/user.php.in b/www/admin/user/user.php.in
index 3c48400..5b29eaa 100644
--- a/www/admin/user/user.php.in
+++ b/www/admin/user/user.php.in
@@ -148,6 +148,59 @@ function checkdelegate( $form, $key, $value ) {
return '';
}
+function checksmtprecipient ( $form, $key, $value ) {
+ $lst = array_unique( array_filter( array_map( 'trim', preg_split( '/\n/', $value ) ), 'strlen') );
+ $str = '';
+ require_once 'Mail/RFC822.php';
+ foreach( $lst as $SMTPRecipient ) {
+ $trimmed = ltrim($SMTPRecipient, "-."); // potentially every entry is negated with a '-'
+ // $SMTPRecipient is either an
+ // - email address
+ // - local part of an email address with an @ suffix
+ // - a domain part
+ if (valid_domain($SMTPRecipient)) {
+ return '';
+ }
+ if (valid_local_part($SMTPRecipient)) {
+ return sprintf(_("Syntax for Recipient %s is invalid"), $SMTPRecipient);
+ }
+ $result = valid_email_address($SMTPRecipient);
+ if (is_a($result, 'PEAR_Error')) {
+ return $result->getMessage();
+ } else {
+ return '';
+ }
+ }
+ return '';
+}
+
+
+function valid_email_address($address) {
+// the following addresses are invalid
+// email1..@kolab.org
+// email1.-@kolab.org
+// email1._@kolab.org
+// email1@2sub.kolab.org
+// email1@sub.sub.2sub.kolab.org
+ $check = new Mail_RFC822($address);
+ return $check->parseAddressList(null, null, null, true);
+}
+
+function valid_domain($domain) {
+// the following subdomains are invalid
+// 2sub.kolab.org
+// sub.sub.2sub.kolab.org
+ $check = new Mail_RFC822();
+ return $check->_validateDomain($domain);
+}
+
+function valid_local_part($local_part) {
+ // the local part always has an @ appended
+ $local_part = rtrim($local_part, '@');
+ $check = new Mail_RFC822();
+ return $check->_validateLocalPart($local_part);
+}
+
// Check uid/gid used in invitation policy
// We're pretty relaxed about what is entered
// here and only check some basic syntax
@@ -302,6 +355,15 @@ function fill_form_for_modify( &$form, $dn, &$ldap_object ) {
else $v = "";
if(array_key_exists('kolabdelegate',$form->entries)) $form->entries['kolabdelegate']['value'] = $v;
+ // kolabAllowSMTPRecipient
+ if (is_array($ldap_object['kolabAllowSMTPRecipient'])) {
+ $arr = $ldap_object['kolabAllowSMTPRecipient'];
+ unset( $arr['count'] );
+ $v = join("\n", $arr );
+ }
+ else $v = "";
+ if(array_key_exists('kolabAllowSMTPRecipient',$form->entries)) $form->entries['kolabAllowSMTPRecipient']['value'] = $v;
+
// kolabhomeserver
if(array_key_exists('kolabhomeserver',$form->entries)) {
if( is_array($ldap_object['kolabHomeServer']) ) {
@@ -430,6 +492,12 @@ $entries['kolabdelegate'] =array( 'name' => _('Email-Delegates'),
'comment' => _('Others allowed to send emails with a "from" address of this account.') . '<br/>' .
_('One email address per line.') );
+$entries['kolabAllowSMTPRecipient'] =array( 'name' => _('Allowed Recipients'),
+ 'type' => 'textarea',
+ 'validation' => 'checksmtprecipient',
+ 'comment' => _('Restrict allowed recipients of SMTP messages') . '<br/>' .
+ _('One entry per line.') );
+
$entries['title_0'] = array( 'name' => _('Title') );
$entries['o_0'] = array( 'name' => _('Organisation') );
$entries['ou_0'] = array( 'name' => _('Organisational Unit') );
@@ -553,6 +621,11 @@ switch( $action ) {
preg_split( '/\n/', $_POST['kolabdelegate'] ) ), 'strlen') );
if( !$ldap_object['kolabDelegate'] && $action == 'firstsave' ) unset($ldap_object['kolabDelegate']);
+ // kolabAllowSMTPRecipient
+ $ldap_object['kolabAllowSMTPRecipient'] = array_unique( array_filter( array_map( 'trim',
+ preg_split( '/\n/', $_POST['kolabAllowSMTPRecipient'] ) ), 'strlen') );
+ if( !$ldap_object['kolabAllowSMTPRecipient'] && $action == 'firstsave' ) unset($ldap_object['kolabAllowSMTPRecipient']);
+
if ($auth->group() == "maintainer" || $auth->group() == "admin") {
// alias