diff options
| author | Gunnar Wrobel <wrobel@pardus.de> | 2010-01-11 09:33:32 (GMT) |
|---|---|---|
| committer | Gunnar Wrobel <wrobel@pardus.de> | 2010-01-11 09:33:32 (GMT) |
| commit | fd8463433a1aa6483b746337382d543f8d85b6a9 (patch) | |
| tree | d0538d2304cbde5f7ed6d8b564ad94834af7440d /www | |
| parent | d90a77e0495d85fb95747859646624cf78108985 (diff) | |
| download | kolab-webadmin-fd8463433a1aa6483b746337382d543f8d85b6a9.tar.gz | |
MFB: kolab/issue1340 (RFC: restrict users
to sending mail only to internal recipients)
Diffstat (limited to 'www')
| -rw-r--r-- | www/admin/user/user.php.in | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/www/admin/user/user.php.in b/www/admin/user/user.php.in index 3c48400..5b29eaa 100644 --- a/www/admin/user/user.php.in +++ b/www/admin/user/user.php.in @@ -148,6 +148,59 @@ function checkdelegate( $form, $key, $value ) { return ''; } +function checksmtprecipient ( $form, $key, $value ) { + $lst = array_unique( array_filter( array_map( 'trim', preg_split( '/\n/', $value ) ), 'strlen') ); + $str = ''; + require_once 'Mail/RFC822.php'; + foreach( $lst as $SMTPRecipient ) { + $trimmed = ltrim($SMTPRecipient, "-."); // potentially every entry is negated with a '-' + // $SMTPRecipient is either an + // - email address + // - local part of an email address with an @ suffix + // - a domain part + if (valid_domain($SMTPRecipient)) { + return ''; + } + if (valid_local_part($SMTPRecipient)) { + return sprintf(_("Syntax for Recipient %s is invalid"), $SMTPRecipient); + } + $result = valid_email_address($SMTPRecipient); + if (is_a($result, 'PEAR_Error')) { + return $result->getMessage(); + } else { + return ''; + } + } + return ''; +} + + +function valid_email_address($address) { +// the following addresses are invalid +// email1..@kolab.org +// email1.-@kolab.org +// email1._@kolab.org +// email1@2sub.kolab.org +// email1@sub.sub.2sub.kolab.org + $check = new Mail_RFC822($address); + return $check->parseAddressList(null, null, null, true); +} + +function valid_domain($domain) { +// the following subdomains are invalid +// 2sub.kolab.org +// sub.sub.2sub.kolab.org + $check = new Mail_RFC822(); + return $check->_validateDomain($domain); +} + +function valid_local_part($local_part) { + // the local part always has an @ appended + $local_part = rtrim($local_part, '@'); + $check = new Mail_RFC822(); + return $check->_validateLocalPart($local_part); +} + // Check uid/gid used in invitation policy // We're pretty relaxed about what is entered // here and only check some basic syntax @@ -302,6 +355,15 @@ function fill_form_for_modify( &$form, $dn, &$ldap_object ) { else $v = ""; if(array_key_exists('kolabdelegate',$form->entries)) $form->entries['kolabdelegate']['value'] = $v; + // kolabAllowSMTPRecipient + if (is_array($ldap_object['kolabAllowSMTPRecipient'])) { + $arr = $ldap_object['kolabAllowSMTPRecipient']; + unset( $arr['count'] ); + $v = join("\n", $arr ); + } + else $v = ""; + if(array_key_exists('kolabAllowSMTPRecipient',$form->entries)) $form->entries['kolabAllowSMTPRecipient']['value'] = $v; + // kolabhomeserver if(array_key_exists('kolabhomeserver',$form->entries)) { if( is_array($ldap_object['kolabHomeServer']) ) { @@ -430,6 +492,12 @@ $entries['kolabdelegate'] =array( 'name' => _('Email-Delegates'), 'comment' => _('Others allowed to send emails with a "from" address of this account.') . '<br/>' . _('One email address per line.') ); +$entries['kolabAllowSMTPRecipient'] =array( 'name' => _('Allowed Recipients'), + 'type' => 'textarea', + 'validation' => 'checksmtprecipient', + 'comment' => _('Restrict allowed recipients of SMTP messages') . '<br/>' . + _('One entry per line.') ); + $entries['title_0'] = array( 'name' => _('Title') ); $entries['o_0'] = array( 'name' => _('Organisation') ); $entries['ou_0'] = array( 'name' => _('Organisational Unit') ); @@ -553,6 +621,11 @@ switch( $action ) { preg_split( '/\n/', $_POST['kolabdelegate'] ) ), 'strlen') ); if( !$ldap_object['kolabDelegate'] && $action == 'firstsave' ) unset($ldap_object['kolabDelegate']); + // kolabAllowSMTPRecipient + $ldap_object['kolabAllowSMTPRecipient'] = array_unique( array_filter( array_map( 'trim', + preg_split( '/\n/', $_POST['kolabAllowSMTPRecipient'] ) ), 'strlen') ); + if( !$ldap_object['kolabAllowSMTPRecipient'] && $action == 'firstsave' ) unset($ldap_object['kolabAllowSMTPRecipient']); + if ($auth->group() == "maintainer" || $auth->group() == "admin") { // alias |