Gnous/mailcow
2
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

[Web] fix extend_sender_acl issue for domainadmins

Browse Source
This commit is contained in:
FreddleSpl0it 2023-01-06 11:07:44 +01:00
parent fc0e6b6efb
commit dd9296ffc2
4 changed files with 54 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
data/web/inc/functions.mailbox.inc.php
View File

@ -2879,67 +2879,68 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
$_SESSION['return'][] = array( $_SESSION['return'][] = array(
'type' => 'danger', 'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
'msg' => 'access_denied' 'msg' => 'extended_sender_acl_denied'
); );
return false;
} }
$extra_acls = array_map('trim', preg_split( "/( |,|;|\n)/", $_data['extended_sender_acl'])); else {
foreach ($extra_acls as $i => &$extra_acl) { $extra_acls = array_map('trim', preg_split( "/( |,|;|\n)/", $_data['extended_sender_acl']));
if (empty($extra_acl)) { foreach ($extra_acls as $i => &$extra_acl) {
continue; if (empty($extra_acl)) {
} continue;
if (substr($extra_acl, 0, 1) === "@") { }
$extra_acl = ltrim($extra_acl, '@'); if (substr($extra_acl, 0, 1) === "@") {
} $extra_acl = ltrim($extra_acl, '@');
if (!filter_var($extra_acl, FILTER_VALIDATE_EMAIL) && !is_valid_domain_name($extra_acl)) { }
$_SESSION['return'][] = array( if (!filter_var($extra_acl, FILTER_VALIDATE_EMAIL) && !is_valid_domain_name($extra_acl)) {
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
'msg' => array('extra_acl_invalid', htmlspecialchars($extra_acl))
);
unset($extra_acls[$i]);
continue;
}
$domains = array_merge(mailbox('get', 'domains'), mailbox('get', 'alias_domains'));
if (filter_var($extra_acl, FILTER_VALIDATE_EMAIL)) {
$extra_acl_domain = idn_to_ascii(substr(strstr($extra_acl, '@'), 1), 0, INTL_IDNA_VARIANT_UTS46);
if (in_array($extra_acl_domain, $domains)) {
$_SESSION['return'][] = array( $_SESSION['return'][] = array(
'type' => 'danger', 'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
'msg' => array('extra_acl_invalid_domain', $extra_acl_domain) 'msg' => array('extra_acl_invalid', htmlspecialchars($extra_acl))
); );
unset($extra_acls[$i]); unset($extra_acls[$i]);
continue; continue;
} }
} $domains = array_merge(mailbox('get', 'domains'), mailbox('get', 'alias_domains'));
else { if (filter_var($extra_acl, FILTER_VALIDATE_EMAIL)) {
if (in_array($extra_acl, $domains)) { $extra_acl_domain = idn_to_ascii(substr(strstr($extra_acl, '@'), 1), 0, INTL_IDNA_VARIANT_UTS46);
$_SESSION['return'][] = array( if (in_array($extra_acl_domain, $domains)) {
'type' => 'danger', $_SESSION['return'][] = array(
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'type' => 'danger',
'msg' => array('extra_acl_invalid_domain', $extra_acl_domain) 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
); 'msg' => array('extra_acl_invalid_domain', $extra_acl_domain)
unset($extra_acls[$i]); );
continue; unset($extra_acls[$i]);
continue;
}
}
else {
if (in_array($extra_acl, $domains)) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
'msg' => array('extra_acl_invalid_domain', $extra_acl_domain)
);
unset($extra_acls[$i]);
continue;
}
$extra_acl = '@' . $extra_acl;
} }
$extra_acl = '@' . $extra_acl;
} }
} $extra_acls = array_filter($extra_acls);
$extra_acls = array_filter($extra_acls); $extra_acls = array_values($extra_acls);
$extra_acls = array_values($extra_acls); $extra_acls = array_unique($extra_acls);
$extra_acls = array_unique($extra_acls); $stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `external` = 1 AND `logged_in_as` = :username");
$stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `external` = 1 AND `logged_in_as` = :username");
$stmt->execute(array(
':username' => $username
));
foreach ($extra_acls as $sender_acl_external) {
$stmt = $pdo->prepare("INSERT INTO `sender_acl` (`send_as`, `logged_in_as`, `external`)
VALUES (:sender_acl, :username, 1)");
$stmt->execute(array( $stmt->execute(array(
':sender_acl' => $sender_acl_external,
':username' => $username ':username' => $username
)); ));
foreach ($extra_acls as $sender_acl_external) {
$stmt = $pdo->prepare("INSERT INTO `sender_acl` (`send_as`, `logged_in_as`, `external`)
VALUES (:sender_acl, :username, 1)");
$stmt->execute(array(
':sender_acl' => $sender_acl_external,
':username' => $username
));
}
} }
} }
if (isset($_data['sender_acl'])) { if (isset($_data['sender_acl'])) {

1
data/web/lang/lang.de-de.json
View File

@ -363,6 +363,7 @@
"domain_not_empty": "Domain %s ist nicht leer", "domain_not_empty": "Domain %s ist nicht leer",
"domain_not_found": "Domain %s nicht gefunden", "domain_not_found": "Domain %s nicht gefunden",
"domain_quota_m_in_use": "Domain-Speicherplatzlimit muss größer oder gleich %d MiB sein", "domain_quota_m_in_use": "Domain-Speicherplatzlimit muss größer oder gleich %d MiB sein",
"extended_sender_acl_denied": "Keine Rechte zum setzen von externen Absenderadressen",
"extra_acl_invalid": "Externe Absenderadresse \"%s\" ist ungültig", "extra_acl_invalid": "Externe Absenderadresse \"%s\" ist ungültig",
"extra_acl_invalid_domain": "Externe Absenderadresse \"%s\" verwendet eine ungültige Domain", "extra_acl_invalid_domain": "Externe Absenderadresse \"%s\" verwendet eine ungültige Domain",
"fido2_verification_failed": "FIDO2-Verifizierung fehlgeschlagen: %s", "fido2_verification_failed": "FIDO2-Verifizierung fehlgeschlagen: %s",

1
data/web/lang/lang.en-gb.json
View File

@ -363,6 +363,7 @@
"domain_not_empty": "Cannot remove non-empty domain %s", "domain_not_empty": "Cannot remove non-empty domain %s",
"domain_not_found": "Domain %s not found", "domain_not_found": "Domain %s not found",
"domain_quota_m_in_use": "Domain quota must be greater or equal to %s MiB", "domain_quota_m_in_use": "Domain quota must be greater or equal to %s MiB",
"extended_sender_acl_denied": "missing ACL to set external sender addresses",
"extra_acl_invalid": "External sender address \"%s\" is invalid", "extra_acl_invalid": "External sender address \"%s\" is invalid",
"extra_acl_invalid_domain": "External sender \"%s\" uses an invalid domain", "extra_acl_invalid_domain": "External sender \"%s\" uses an invalid domain",
"fido2_verification_failed": "FIDO2 verification failed: %s", "fido2_verification_failed": "FIDO2 verification failed: %s",

6
data/web/templates/edit/mailbox.twig
View File

@ -200,8 +200,10 @@
{% if sender_acl_handles.external_sender_aliases %} {% if sender_acl_handles.external_sender_aliases %}
{% set ext_sender_acl = sender_acl_handles.external_sender_aliases|join(', ') %} {% set ext_sender_acl = sender_acl_handles.external_sender_aliases|join(', ') %}
{% endif %} {% endif %}
<input type="text" class="form-control" name="extended_sender_acl" value="{{ ext_sender_acl }}" placeholder="user1@example.com, user2@example.org, @example.com, ..."> {% if acl.extend_sender_acl and acl.extend_sender_acl == 1 %}
<small class="text-muted">{{ lang.edit.extended_sender_acl_info|raw }}</small> <input type="text" class="form-control" name="extended_sender_acl" value="{{ ext_sender_acl }}" placeholder="user1@example.com, user2@example.org, @example.com, ...">
<small class="text-muted">{{ lang.edit.extended_sender_acl_info|raw }}</small>
{% endif %}
</div> </div>
</div> </div>
<div class="row"> <div class="row">