Subversion Repositories general

Compare Revisions

Ignore whitespace Rev 1215 → Rev 1216

/hostadmiral/trunk/backend/backend.pl
6,7 → 6,8
#
 
# FIXME use transactions
# FIXME validate all information
# FIXME secure to show wrong (m.b. hacked) strings in logs and socket answers?
# FIXME double check validate_* functions
 
use strict;
use vars;
48,6 → 49,7
my $code_ok = 200;
my $code_ok_but = 201;
my $code_ignored = 202;
my $code_some_error = 400;
my $code_no_body = 400;
my $code_protocol_header = 401;
my $code_no_end_lines = 402;
203,11 → 205,35
set_request_code($request, $code_ignored, "Not interesting in users");
}
 
sub handle_system_user_create
{
my $request = shift @_;
 
set_request_code($request, $code_ignored, "Not interesting in system users");
}
 
sub handle_system_user_modify
{
my $request = shift @_;
 
set_request_code($request, $code_ignored, "Not interesting in system users");
}
 
sub handle_system_user_delete
{
my $request = shift @_;
 
set_request_code($request, $code_ignored, "Not interesting in system users");
}
 
# FIXME: merge with handle_domain_modify
sub handle_domain_create
{
my $request = shift @_;
my %params = parse_command_params($request, shift @_, ("name"));
my %params = parse_command_params($request, shift @_,
{ "name" => \&validate_domain,
"enabled" => \&validate_boolean,
"comment" => \&validate_comment } );
return unless(%params);
 
my $res_action = save_to_db($request, "transport",
230,7 → 256,11
sub handle_domain_modify
{
my $request = shift @_;
my %params = parse_command_params($request, shift @_, ("oldName", "name"));
my %params = parse_command_params($request, shift @_,
{ "oldName" => \&validate_domain,
"name" => \&validate_domain,
"enabled" => \&validate_boolean,
"comment" => \&validate_comment } );
return unless(%params);
 
# FIXME: move maildirs, update users and aliases tables
253,10 → 283,11
sub handle_domain_delete
{
my $request = shift @_;
my %params = parse_command_params($request, shift @_, ("name"));
my %params = parse_command_params($request, shift @_,
{ "name" => \&validate_domain } );
return unless(%params);
 
# FIXME: delete maildirs, update users and aliases tables (or they are already deleted by frontend?)
# FIXME: delete maildirs, update users and aliases tables (or are they already deleted by frontend?)
 
my $res_action = delete_from_db($request, "transport",
{ domain => $params{"name"} } );
270,18 → 301,6
}
}
 
sub handle_system_user_create
{
}
 
sub handle_system_user_modify
{
}
 
sub handle_system_user_delete
{
}
 
sub update_mailbox_mailid
{
my $request = shift @_;
310,7 → 329,14
{
my $request = shift @_;
my %params = parse_command_params($request, shift @_,
("login", "password", "domain"));
{ "login" => \&validate_name,
"domain" => \&validate_domain,
"password" => \&validate_password,
"enabled" => \&validate_boolean,
"comment" => \&validate_comment,
"systemUser" => \&validate_system_user_id,
"virusCheck" => \&validate_boolean,
"spamCheck" => \&validate_boolean } );
return unless(%params);
 
# insert or update main information
343,7 → 369,16
{
my $request = shift @_;
my %params = parse_command_params($request, shift @_,
("oldLogin", "oldDomain", "login", "domain"));
{ "oldLogin" => \&validate_name,
"oldDomain" => \&validate_domain,
"login" => \&validate_name,
"domain" => \&validate_domain,
"password" => \&validate_password,
"enabled" => \&validate_boolean,
"comment" => \&validate_comment,
"systemUser" => \&validate_system_user_id,
"virusCheck" => \&validate_boolean,
"spamCheck" => \&validate_boolean } );
return unless(%params);
 
# FIXME move the old maildir
375,7 → 410,9
sub handle_mailbox_delete
{
my $request = shift @_;
my %params = parse_command_params($request, shift @_, ("login", "domain"));
my %params = parse_command_params($request, shift @_,
{ "login" => \&validate_name,
"domain" => \&validate_domain } );
return unless(%params);
 
# FIXME remove the maildir
460,20 → 497,36
return 1;
}
 
# FIXME merge with handle_mail_alias_modify
sub handle_mail_alias_create
{
my $request = shift @_;
my %params = parse_command_params($request, shift @_, ("address", "domain"));
my %params = parse_command_params($request, shift @_,
{ "address" => \&validate_name,
"domain" => \&validate_domain,
"enabled" => \&validate_boolean,
"comment" => \&validate_comment } );
return unless(%params);
my @rcpts = parse_command_array($request, @_);
 
# validate recipients
foreach (@rcpts) {
unless(validate_email($_)) {
set_request_code($request, $code_wrong_params, "Wrong email $_");
return;
}
}
 
# delete all from db
my $del_action = delete_from_db($request, "aliases",
{ alias => "$params{'address'}\@$params{'domain'}" } );
return if($del_action eq "error");
 
# save new
return unless(save_mail_alias_dest($request, $params{'address'}, $params{'domain'},
$params{'comment'}, \@rcpts));
 
# result
if($del_action eq 'delete') {
set_request_code($request, $code_ok_but, "Mail alias exists, modified");
}
485,17 → 538,34
sub handle_mail_alias_modify
{
my $request = shift @_;
my %params = parse_command_params($request, shift @_, ("address", "domain"));
my %params = parse_command_params($request, shift @_,
{ "oldAddress" => \&validate_name,
"oldDomain" => \&validate_domain,
"address" => \&validate_name,
"domain" => \&validate_domain,
"enabled" => \&validate_boolean,
"comment" => \&validate_comment } );
return unless(%params);
my @rcpts = parse_command_array($request, @_);
 
# validate recipients
foreach (@rcpts) {
unless(validate_email($_)) {
set_request_code($request, $code_wrong_params, "Wrong email $_");
return;
}
}
 
# delete all from db
my $del_action = delete_from_db($request, "aliases",
{ alias => "$params{'address'}\@$params{'domain'}" } );
{ alias => "$params{'oldAddress'}\@$params{'oldDomain'}" } );
return if($del_action eq "error");
 
# save new
return unless(save_mail_alias_dest($request, $params{'address'}, $params{'domain'},
$params{'comment'}, \@rcpts));
 
# result
if($del_action eq 'delete') {
set_request_code($request, $code_ok, "Mail alias modified");
}
507,7 → 577,9
sub handle_mail_alias_delete
{
my $request = shift @_;
my %params = parse_command_params($request, shift @_, ("address", "domain"));
my %params = parse_command_params($request, shift @_,
{ "address" => \&validate_name,
"domain" => \&validate_domain } );
return unless(%params);
 
my $res_action = delete_from_db($request, "aliases",
521,6 → 593,24
}
}
 
sub validate_boolean
{
$_ = shift @_;
return /^(true|false)$/ ? 1 : 0;
}
 
sub validate_comment
{
$_ = shift @_;
return /^.*$/ ? 1 : 0; # FIXME allow part of control chars only
}
 
sub validate_password
{
$_ = shift @_;
return /^.*$/ ? 1 : 0; # FIXME
}
 
sub validate_domain
{
$_ = shift @_;
530,8 → 620,30
 
sub validate_name
{
$_ = shift @_;
return /^[a-zA-Z]([a-zA-Z0-9._-]*[a-zA-Z0-9])?$/ ? 1 : 0;
}
 
sub validate_email
{
$_ = shift @_;
return /^[a-zA-Z0-9._-]+\@(([a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?)\.)*([a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?)$/ ? 1 : 0; # FIXME too restrict for user name?
}
 
sub validate_param_name
{
$_ = shift @_;
return /^[a-zA-Z_][a-zA-Z0-9._-]*$/ ? 1 : 0;
}
 
sub validate_system_user_id
{
$_ = shift @_;
return 0 unless /^[0-9]*$/;
 
return ($_ >= 1000) ? 1 : 0; # additional security check
}
 
sub decode_param
{
my $value = shift @_;
563,19 → 675,36
{
my $request = shift @_;
my @params = split /\t/, shift @_, -1;
my %required = map { $_ => 1 } @_; # convert array to hash
my %expected = %{shift @_};
my %values = ();
 
@params = @params[2..$#params]; # remove handler and action
map {
my ($key, $value) = split /=/, $_;
$values{$key} = decode_param($value);
delete($required{$key});
 
unless(validate_param_name($key)) {
set_request_code($request, $code_wrong_params, "Wrong param name $key");
return ();
}
 
unless($expected{$key}) {
set_request_code($request, $code_wrong_params, "Param $key not expected");
return ();
}
 
my $param_value = decode_param($value);
unless(&{$expected{$key}}($param_value)) {
set_request_code($request, $code_wrong_params, "Wrong value of param $key");
return ();
}
 
$values{$key} = $param_value;
delete($expected{$key});
} @params;
 
if(%required) {
if(%expected) {
set_request_code($request, $code_wrong_params,
"Params " . join(', ', keys %required) . " expected but not found");
"Params " . join(', ', keys %expected) . " expected but not found");
return ();
}
 
/hostadmiral/trunk/webapp/mail/box/edit.jsp
96,6 → 96,7
</tr>
</table>
 
<p>FIXME: show system user id without comma</p>
<p>FIXME: checkbox to create a mail alias if new mailbox is created</p>
<p>FIXME: special case: by editing a mailbox which login is the same
as its user and/or mail alias allow to change all them at once. Do the for
/hostadmiral/trunk/webapp/mail/alias/edit.jsp
163,6 → 163,8
</html:form>
<script>loadForm();</script>
 
<p>FIXME: show mailbox@domain for destinations, not just mailbox</p>
 
<p>
<bean:message key="ak.hostadmiral.page.general.version" />:
<bean:write name="projectVersion" />
/hostadmiral/trunk/webapp/mail/alias/editdests.jsp
160,6 → 160,8
</html:form>
<script>loadForm();</script>
 
<p>FIXME: show mailbox@domain for destinations, not just mailbox</p>
 
<p>
<bean:message key="ak.hostadmiral.page.general.version" />:
<bean:write name="projectVersion" />