diff --git a/ActiveSync/SOGoActiveSyncDispatcher.m b/ActiveSync/SOGoActiveSyncDispatcher.m index 7cd0e5c53..c2f64786e 100644 --- a/ActiveSync/SOGoActiveSyncDispatcher.m +++ b/ActiveSync/SOGoActiveSyncDispatcher.m @@ -2753,6 +2753,7 @@ static BOOL debugOn = NO; NSAutoreleasePool *pool; id builder, dom; SEL aSelector; + id activeUser; NSString *cmdName, *deviceId; NSData *d; @@ -2761,6 +2762,14 @@ static BOOL debugOn = NO; ASSIGN(context, theContext); + activeUser = [context activeUser]; + if (![activeUser canAccessModule: @"ActiveSync"]) + { + [theResponse setStatus: 403]; + [self logWithFormat: @"EAS - Forbidden access for user %@", [activeUser loginInDomain]]; + return nil; + } + // Get the device ID, device type and "stash" them deviceId = [[theRequest uri] deviceId]; [context setObject: deviceId forKey: @"DeviceId"]; diff --git a/SoObjects/SOGo/LDAPSource.m b/SoObjects/SOGo/LDAPSource.m index 3ca686386..d537c6aec 100644 --- a/SoObjects/SOGo/LDAPSource.m +++ b/SoObjects/SOGo/LDAPSource.m @@ -1167,6 +1167,8 @@ groupObjectClasses: (NSArray *) newGroupObjectClasses intoLDIFRecord: (NSMutableDictionary *) ldifRecord]; [self _fillConstraints: ldapEntry forModule: @"Mail" intoLDIFRecord: (NSMutableDictionary *) ldifRecord]; + [self _fillConstraints: ldapEntry forModule: @"ActiveSync" + intoLDIFRecord: (NSMutableDictionary *) ldifRecord]; if (contactMapping) [self _applyContactMappingToResult: ldifRecord]; diff --git a/SoObjects/SOGo/SOGoUserManager.m b/SoObjects/SOGo/SOGoUserManager.m index 86d198d2b..dcabeb492 100644 --- a/SoObjects/SOGo/SOGoUserManager.m +++ b/SoObjects/SOGo/SOGoUserManager.m @@ -636,7 +636,7 @@ static Class NSNullK; [currentSource setBindPassword: _pwd]; } } - + return checkOK; } @@ -729,6 +729,12 @@ static Class NSNullK; NSNumber *isGroup; NSArray *c_emails; BOOL access; + NSEnumerator *enumerator; + NSString *access_type; + NSArray *access_types_list = [NSArray arrayWithObjects: @"CalendarAccess", + @"MailAccess", + @"ActiveSyncAccess", + nil]; emails = [NSMutableArray array]; cn = nil; @@ -738,10 +744,10 @@ static Class NSNullK; c_imaplogin = nil; c_sievehostname = nil; - [currentUser setObject: [NSNumber numberWithBool: YES] - forKey: @"CalendarAccess"]; - [currentUser setObject: [NSNumber numberWithBool: YES] - forKey: @"MailAccess"]; + enumerator = [access_types_list objectEnumerator]; + while ((access_type = [enumerator nextObject]) != nil) + [currentUser setObject: [NSNumber numberWithBool: YES] + forKey: access_type]; sogoSources = [[self authenticationSourceIDsInDomain: domain] objectEnumerator]; userEntry = nil; @@ -768,14 +774,15 @@ static Class NSNullK; c_imaplogin = [userEntry objectForKey: @"c_imaplogin"]; if (!c_sievehostname) c_sievehostname = [userEntry objectForKey: @"c_sievehostname"]; - access = [[userEntry objectForKey: @"CalendarAccess"] boolValue]; - if (!access) - [currentUser setObject: [NSNumber numberWithBool: NO] - forKey: @"CalendarAccess"]; - access = [[userEntry objectForKey: @"MailAccess"] boolValue]; - if (!access) - [currentUser setObject: [NSNumber numberWithBool: NO] - forKey: @"MailAccess"]; + + enumerator = [access_types_list objectEnumerator]; + while ((access_type = [enumerator nextObject]) != nil) + { + access = [[userEntry objectForKey: access_type] boolValue]; + if (!access) + [currentUser setObject: [NSNumber numberWithBool: NO] + forKey: access_type]; + } // We check if it's a group isGroup = [userEntry objectForKey: @"isGroup"];