Ajout du support de liste blanche de groupes

tags/0.2.22
Daniel Berteaud 12 years ago
parent 74d999647f
commit 1591c16e95
  1. 12
      root/etc/e-smith/templates/usr/share/mozilla-mcd/conf.php/10All
  2. 14
      root/usr/share/mozilla-mcd/thunderbird.php

@ -7,12 +7,11 @@ my $ldapbase = esmith::util::ldapBase ($DomainName);
my $tbpref = ((${'mozilla-mcd'}{'TBEnforce'} || 'disabled') =~ m/^enabled|on|1|yes$/) ? "lockPref":"defaultPref"; my $tbpref = ((${'mozilla-mcd'}{'TBEnforce'} || 'disabled') =~ m/^enabled|on|1|yes$/) ? "lockPref":"defaultPref";
my $ffpref = ((${'mozilla-mcd'}{'FFEnforce'} || 'disabled') =~ m/^enabled|on|1|yes$/) ? "lockPref":"defaultPref"; my $ffpref = ((${'mozilla-mcd'}{'FFEnforce'} || 'disabled') =~ m/^enabled|on|1|yes$/) ? "lockPref":"defaultPref";
my $url = ${'mozilla-mcd'}{'HomeURL'} || 'https://auth.' . "$DomainName"; my $url = ${'mozilla-mcd'}{'HomeURL'} || 'https://auth.' . "$DomainName";
my $noenforcegroups = ${'mozilla-mcd'}{'NoEnforceGroups'} || ''; my @noenforcegroups = split( /[;,]/, (${'mozilla-mcd'}{'NoEnforceGroups'} || '') );
# Format as a PHP array my @wlgroups = split( /[;,]/, (${'mozilla-mcd'}{'WhiteListGroups'} || '') );
$noenforcegroups =~ s/^,+|,+$//g;
$noenforcegroups =~ s/^/'/g; my $noenforcegroups = join (',', @noenforcegroups);
$noenforcegroups =~ s/$/'/g; my $wlgroups = join (',', @wlgroups);
$noenforcegroups =~ s/[;,]/','/g;
$OUT .=<<"EOF"; $OUT .=<<"EOF";
@ -27,6 +26,7 @@ define('TB_PREF', '$tbpref');
define('FF_PREF', '$ffpref'); define('FF_PREF', '$ffpref');
define('HOME_URL', '$url'); define('HOME_URL', '$url');
\$NOENFORCEGROUPS = array($noenforcegroups); \$NOENFORCEGROUPS = array($noenforcegroups);
\$WHITELISTGROUPS = array($wlgroups);
EOF EOF

@ -41,6 +41,20 @@ if(isset($_SERVER['QUERY_STRING']) && preg_match('/^.+@' . DOMAIN . '$/', $_SERV
break; break;
} }
} }
// Stop here if the user is not part of the whitelist groups
if (count($WHITELISTGROUPS) > 0){
$conf = 0;
foreach ($user[0]['posixmemberof'] as $group){
if (in_array($group, $WHITELISTGROUPS)){
$conf = 1;
break;
}
}
if ($conf != 1){
header("HTTP/1.1 403 Forbidden");
exit;
}
}
} }
else { else {
// We've not received a valid email address // We've not received a valid email address

Loading…
Cancel
Save