6,7 → 6,8 |
# |
|
# FIXME use transactions |
# FIXME validate all information |
# FIXME secure to show wrong (m.b. hacked) strings in logs and socket answers? |
# FIXME double check validate_* functions |
|
use strict; |
use vars; |
48,6 → 49,7 |
my $code_ok = 200; |
my $code_ok_but = 201; |
my $code_ignored = 202; |
my $code_some_error = 400; |
my $code_no_body = 400; |
my $code_protocol_header = 401; |
my $code_no_end_lines = 402; |
203,11 → 205,35 |
set_request_code($request, $code_ignored, "Not interesting in users"); |
} |
|
sub handle_system_user_create |
{ |
my $request = shift @_; |
|
set_request_code($request, $code_ignored, "Not interesting in system users"); |
} |
|
sub handle_system_user_modify |
{ |
my $request = shift @_; |
|
set_request_code($request, $code_ignored, "Not interesting in system users"); |
} |
|
sub handle_system_user_delete |
{ |
my $request = shift @_; |
|
set_request_code($request, $code_ignored, "Not interesting in system users"); |
} |
|
# FIXME: merge with handle_domain_modify |
sub handle_domain_create |
{ |
my $request = shift @_; |
my %params = parse_command_params($request, shift @_, ("name")); |
my %params = parse_command_params($request, shift @_, |
{ "name" => \&validate_domain, |
"enabled" => \&validate_boolean, |
"comment" => \&validate_comment } ); |
return unless(%params); |
|
my $res_action = save_to_db($request, "transport", |
230,7 → 256,11 |
sub handle_domain_modify |
{ |
my $request = shift @_; |
my %params = parse_command_params($request, shift @_, ("oldName", "name")); |
my %params = parse_command_params($request, shift @_, |
{ "oldName" => \&validate_domain, |
"name" => \&validate_domain, |
"enabled" => \&validate_boolean, |
"comment" => \&validate_comment } ); |
return unless(%params); |
|
# FIXME: move maildirs, update users and aliases tables |
253,10 → 283,11 |
sub handle_domain_delete |
{ |
my $request = shift @_; |
my %params = parse_command_params($request, shift @_, ("name")); |
my %params = parse_command_params($request, shift @_, |
{ "name" => \&validate_domain } ); |
return unless(%params); |
|
# FIXME: delete maildirs, update users and aliases tables (or they are already deleted by frontend?) |
# FIXME: delete maildirs, update users and aliases tables (or are they already deleted by frontend?) |
|
my $res_action = delete_from_db($request, "transport", |
{ domain => $params{"name"} } ); |
270,18 → 301,6 |
} |
} |
|
sub handle_system_user_create |
{ |
} |
|
sub handle_system_user_modify |
{ |
} |
|
sub handle_system_user_delete |
{ |
} |
|
sub update_mailbox_mailid |
{ |
my $request = shift @_; |
310,7 → 329,14 |
{ |
my $request = shift @_; |
my %params = parse_command_params($request, shift @_, |
("login", "password", "domain")); |
{ "login" => \&validate_name, |
"domain" => \&validate_domain, |
"password" => \&validate_password, |
"enabled" => \&validate_boolean, |
"comment" => \&validate_comment, |
"systemUser" => \&validate_system_user_id, |
"virusCheck" => \&validate_boolean, |
"spamCheck" => \&validate_boolean } ); |
return unless(%params); |
|
# insert or update main information |
343,7 → 369,16 |
{ |
my $request = shift @_; |
my %params = parse_command_params($request, shift @_, |
("oldLogin", "oldDomain", "login", "domain")); |
{ "oldLogin" => \&validate_name, |
"oldDomain" => \&validate_domain, |
"login" => \&validate_name, |
"domain" => \&validate_domain, |
"password" => \&validate_password, |
"enabled" => \&validate_boolean, |
"comment" => \&validate_comment, |
"systemUser" => \&validate_system_user_id, |
"virusCheck" => \&validate_boolean, |
"spamCheck" => \&validate_boolean } ); |
return unless(%params); |
|
# FIXME move the old maildir |
375,7 → 410,9 |
sub handle_mailbox_delete |
{ |
my $request = shift @_; |
my %params = parse_command_params($request, shift @_, ("login", "domain")); |
my %params = parse_command_params($request, shift @_, |
{ "login" => \&validate_name, |
"domain" => \&validate_domain } ); |
return unless(%params); |
|
# FIXME remove the maildir |
460,20 → 497,36 |
return 1; |
} |
|
# FIXME merge with handle_mail_alias_modify |
sub handle_mail_alias_create |
{ |
my $request = shift @_; |
my %params = parse_command_params($request, shift @_, ("address", "domain")); |
my %params = parse_command_params($request, shift @_, |
{ "address" => \&validate_name, |
"domain" => \&validate_domain, |
"enabled" => \&validate_boolean, |
"comment" => \&validate_comment } ); |
return unless(%params); |
my @rcpts = parse_command_array($request, @_); |
|
# validate recipients |
foreach (@rcpts) { |
unless(validate_email($_)) { |
set_request_code($request, $code_wrong_params, "Wrong email $_"); |
return; |
} |
} |
|
# delete all from db |
my $del_action = delete_from_db($request, "aliases", |
{ alias => "$params{'address'}\@$params{'domain'}" } ); |
return if($del_action eq "error"); |
|
# save new |
return unless(save_mail_alias_dest($request, $params{'address'}, $params{'domain'}, |
$params{'comment'}, \@rcpts)); |
|
# result |
if($del_action eq 'delete') { |
set_request_code($request, $code_ok_but, "Mail alias exists, modified"); |
} |
485,17 → 538,34 |
sub handle_mail_alias_modify |
{ |
my $request = shift @_; |
my %params = parse_command_params($request, shift @_, ("address", "domain")); |
my %params = parse_command_params($request, shift @_, |
{ "oldAddress" => \&validate_name, |
"oldDomain" => \&validate_domain, |
"address" => \&validate_name, |
"domain" => \&validate_domain, |
"enabled" => \&validate_boolean, |
"comment" => \&validate_comment } ); |
return unless(%params); |
my @rcpts = parse_command_array($request, @_); |
|
# validate recipients |
foreach (@rcpts) { |
unless(validate_email($_)) { |
set_request_code($request, $code_wrong_params, "Wrong email $_"); |
return; |
} |
} |
|
# delete all from db |
my $del_action = delete_from_db($request, "aliases", |
{ alias => "$params{'address'}\@$params{'domain'}" } ); |
{ alias => "$params{'oldAddress'}\@$params{'oldDomain'}" } ); |
return if($del_action eq "error"); |
|
# save new |
return unless(save_mail_alias_dest($request, $params{'address'}, $params{'domain'}, |
$params{'comment'}, \@rcpts)); |
|
# result |
if($del_action eq 'delete') { |
set_request_code($request, $code_ok, "Mail alias modified"); |
} |
507,7 → 577,9 |
sub handle_mail_alias_delete |
{ |
my $request = shift @_; |
my %params = parse_command_params($request, shift @_, ("address", "domain")); |
my %params = parse_command_params($request, shift @_, |
{ "address" => \&validate_name, |
"domain" => \&validate_domain } ); |
return unless(%params); |
|
my $res_action = delete_from_db($request, "aliases", |
521,6 → 593,24 |
} |
} |
|
sub validate_boolean |
{ |
$_ = shift @_; |
return /^(true|false)$/ ? 1 : 0; |
} |
|
sub validate_comment |
{ |
$_ = shift @_; |
return /^.*$/ ? 1 : 0; # FIXME allow part of control chars only |
} |
|
sub validate_password |
{ |
$_ = shift @_; |
return /^.*$/ ? 1 : 0; # FIXME |
} |
|
sub validate_domain |
{ |
$_ = shift @_; |
530,8 → 620,30 |
|
sub validate_name |
{ |
$_ = shift @_; |
return /^[a-zA-Z]([a-zA-Z0-9._-]*[a-zA-Z0-9])?$/ ? 1 : 0; |
} |
|
sub validate_email |
{ |
$_ = shift @_; |
return /^[a-zA-Z0-9._-]+\@(([a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?)\.)*([a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?)$/ ? 1 : 0; # FIXME too restrict for user name? |
} |
|
sub validate_param_name |
{ |
$_ = shift @_; |
return /^[a-zA-Z_][a-zA-Z0-9._-]*$/ ? 1 : 0; |
} |
|
sub validate_system_user_id |
{ |
$_ = shift @_; |
return 0 unless /^[0-9]*$/; |
|
return ($_ >= 1000) ? 1 : 0; # additional security check |
} |
|
sub decode_param |
{ |
my $value = shift @_; |
563,19 → 675,36 |
{ |
my $request = shift @_; |
my @params = split /\t/, shift @_, -1; |
my %required = map { $_ => 1 } @_; # convert array to hash |
my %expected = %{shift @_}; |
my %values = (); |
|
@params = @params[2..$#params]; # remove handler and action |
map { |
my ($key, $value) = split /=/, $_; |
$values{$key} = decode_param($value); |
delete($required{$key}); |
|
unless(validate_param_name($key)) { |
set_request_code($request, $code_wrong_params, "Wrong param name $key"); |
return (); |
} |
|
unless($expected{$key}) { |
set_request_code($request, $code_wrong_params, "Param $key not expected"); |
return (); |
} |
|
my $param_value = decode_param($value); |
unless(&{$expected{$key}}($param_value)) { |
set_request_code($request, $code_wrong_params, "Wrong value of param $key"); |
return (); |
} |
|
$values{$key} = $param_value; |
delete($expected{$key}); |
} @params; |
|
if(%required) { |
if(%expected) { |
set_request_code($request, $code_wrong_params, |
"Params " . join(', ', keys %required) . " expected but not found"); |
"Params " . join(', ', keys %expected) . " expected but not found"); |
return (); |
} |
|