amorfo77/sogo
1
0
Fork 0
mirror of https://github.com/inverse-inc/sogo.git synced 2026-04-25 23:09:29 +00:00
Code Issues Projects Releases Wiki Activity

ActiveSync: can be controlled by module constraint

Browse Source 
Added 'ActiveSync' module constraint. If constraint is not
honored the ActiveSync request returns a forbidden (403).
This commit is contained in:
Javier Amor García
2015-06-18 18:19:02 +02:00
parent c0a22ead1d
commit 72aab7f83f
3 changed files with 31 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
ActiveSync/SOGoActiveSyncDispatcher.m
View File

@@ -2753,6 +2753,7 @@ static BOOL debugOn = NO;
NSAutoreleasePool *pool;
id builder, dom;
SEL aSelector;
id activeUser;
NSString *cmdName, *deviceId;
NSData *d;
@@ -2761,6 +2762,14 @@ static BOOL debugOn = NO;
ASSIGN(context, theContext);
activeUser = [context activeUser];
if (![activeUser canAccessModule: @"ActiveSync"])
{
[theResponse setStatus: 403];
[self logWithFormat: @"EAS - Forbidden access for user %@", [activeUser loginInDomain]];
return nil;
}
// Get the device ID, device type and "stash" them
deviceId = [[theRequest uri] deviceId];
[context setObject: deviceId forKey: @"DeviceId"];

2
SoObjects/SOGo/LDAPSource.m
View File

@@ -1167,6 +1167,8 @@ groupObjectClasses: (NSArray *) newGroupObjectClasses
intoLDIFRecord: (NSMutableDictionary *) ldifRecord];
[self _fillConstraints: ldapEntry forModule: @"Mail"
intoLDIFRecord: (NSMutableDictionary *) ldifRecord];
[self _fillConstraints: ldapEntry forModule: @"ActiveSync"
intoLDIFRecord: (NSMutableDictionary *) ldifRecord];
if (contactMapping)
[self _applyContactMappingToResult: ldifRecord];

33
SoObjects/SOGo/SOGoUserManager.m
View File

@@ -636,7 +636,7 @@ static Class NSNullK;
[currentSource setBindPassword: _pwd];
}
}
return checkOK;
}
@@ -729,6 +729,12 @@ static Class NSNullK;
NSNumber *isGroup;
NSArray *c_emails;
BOOL access;
NSEnumerator *enumerator;
NSString *access_type;
NSArray *access_types_list = [NSArray arrayWithObjects: @"CalendarAccess",
@"MailAccess",
@"ActiveSyncAccess",
nil];
emails = [NSMutableArray array];
cn = nil;
@@ -738,10 +744,10 @@ static Class NSNullK;
c_imaplogin = nil;
c_sievehostname = nil;
[currentUser setObject: [NSNumber numberWithBool: YES]
forKey: @"CalendarAccess"];
[currentUser setObject: [NSNumber numberWithBool: YES]
forKey: @"MailAccess"];
enumerator = [access_types_list objectEnumerator];
while ((access_type = [enumerator nextObject]) != nil)
[currentUser setObject: [NSNumber numberWithBool: YES]
forKey: access_type];
sogoSources = [[self authenticationSourceIDsInDomain: domain] objectEnumerator];
userEntry = nil;
@@ -768,14 +774,15 @@ static Class NSNullK;
c_imaplogin = [userEntry objectForKey: @"c_imaplogin"];
if (!c_sievehostname)
c_sievehostname = [userEntry objectForKey: @"c_sievehostname"];
access = [[userEntry objectForKey: @"CalendarAccess"] boolValue];
if (!access)
[currentUser setObject: [NSNumber numberWithBool: NO]
forKey: @"CalendarAccess"];
access = [[userEntry objectForKey: @"MailAccess"] boolValue];
if (!access)
[currentUser setObject: [NSNumber numberWithBool: NO]
forKey: @"MailAccess"];
enumerator = [access_types_list objectEnumerator];
while ((access_type = [enumerator nextObject]) != nil)
{
access = [[userEntry objectForKey: access_type] boolValue];
if (!access)
[currentUser setObject: [NSNumber numberWithBool: NO]
forKey: access_type];
}
// We check if it's a group
isGroup = [userEntry objectForKey: @"isGroup"];