Revision 3f7a1eee
Added by Marc Dequènes almost 16 years ago
- ID 3f7a1eee88b3b787935ab307a5eb41ecea7c3466
| postman | ||
|---|---|---|
|
logger.level = Log4r::WARN
|
||
|
#logger.level = Log4r::DEBUG
|
||
|
|
||
|
class Person < ActiveLdap::Base
|
||
|
class LdapPerson < ActiveLdap::Base
|
||
|
ldap_mapping :dn_attribute => 'uid', :prefix => '', :classes => ['person', 'extInetOrgPerson']
|
||
|
end
|
||
|
|
||
|
class DnsDomain < ActiveLdap::Base
|
||
|
class LdapDnsDomain < ActiveLdap::Base
|
||
|
ldap_mapping :dn_attribute => 'cn', :prefix => '', :classes => ['genericDomain']
|
||
|
|
||
|
def managers
|
||
| ... | ... | |
|
|
||
|
ActiveLdap::Base.establish_connection(ldap_config)
|
||
|
|
||
|
class DnsDomain < Delegator
|
||
|
attr_reader :name
|
||
|
|
||
|
def initialize(name)
|
||
|
raise "invalid zone name" unless self.is_valid?(name)
|
||
|
|
||
|
# may not exist (if creating a new one)
|
||
|
begin
|
||
|
@ldap = LdapDnsDomain.find(name)
|
||
|
rescue
|
||
|
@ldap = nil
|
||
|
end
|
||
|
end
|
||
|
|
||
|
def self.is_valid?(name)
|
||
|
name =~ /^[a-z0-9.-]+\.[a-z]{2,4}$/
|
||
|
end
|
||
|
|
||
|
def is_valid?(name)
|
||
|
self.class.is_valid?(name)
|
||
|
end
|
||
|
|
||
|
def managed?
|
||
|
not @ldap.nil?
|
||
|
end
|
||
|
|
||
|
def __getobj__
|
||
|
@ldap
|
||
|
end
|
||
|
end
|
||
|
|
||
|
#Socket.gethostname
|
||
|
|
||
|
#
|
||
| ... | ... | |
|
# stop processing when detecting message signature
|
||
|
break if line == "-- "
|
||
|
|
||
|
logger.info "### Executing command: #{sline}"
|
||
|
execute_cmd(user, sline)
|
||
|
logger.info "Executing command: #{sline}"
|
||
|
begin
|
||
|
execute_cmd(user, sline)
|
||
|
rescue
|
||
|
logger.info "Command failed: " + $!
|
||
|
end
|
||
|
end
|
||
|
end
|
||
|
|
||
| ... | ... | |
|
case cmdline.shift.upcase
|
||
|
when "INFO"
|
||
|
if cmdline.empty?
|
||
|
list = DnsDomain.find(:all, :attribute => 'manager', :value => user.dn)
|
||
|
logger.info "### User is manager of the following zones: " + list.collect{|z| z.cn }.join(", ")
|
||
|
list = LdapDnsDomain.find(:all, :attribute => 'manager', :value => user.dn)
|
||
|
logger.info "User is manager of the following zones: " + list.collect{|z| z.cn }.join(", ")
|
||
|
else
|
||
|
ok = false
|
||
|
end
|
||
| ... | ... | |
|
case cmdline.shift.upcase
|
||
|
when "ZONE"
|
||
|
zone = cmdline.shift.downcase
|
||
|
if zone =~ /^[a-z0-9.-]+\.[a-z]{2,4}$/
|
||
|
logger.info "### User requesting zone content for '#{zone}'"
|
||
|
begin
|
||
|
domain = DnsDomain.find(zone)
|
||
|
if domain.managers.include? user.dn
|
||
|
logger.info "### User is manager of the zone"
|
||
|
else
|
||
|
logger.info "### User is not allowed to manage the zone"
|
||
|
end
|
||
|
rescue
|
||
|
logger.info "### Zone not managed"
|
||
|
dom = DnsDomain.new(zone)
|
||
|
logger.info "User requesting zone content for '#{zone}'"
|
||
|
if dom.managed?
|
||
|
if dom.managers.include? user.dn
|
||
|
logger.info "User is manager of the zone"
|
||
|
else
|
||
|
logger.info "User is not allowed to manage the zone"
|
||
|
end
|
||
|
else
|
||
|
logger.info "### Invalid zone name specified (#{zone})"
|
||
|
logger.info "Zone not managed"
|
||
|
end
|
||
|
else
|
||
|
ok = false
|
||
| ... | ... | |
|
end
|
||
|
|
||
|
if not ok
|
||
|
logger.info "### Command not recognized: #{cmdstr}"
|
||
|
logger.info "Command not recognized: #{cmdstr}"
|
||
|
end
|
||
|
end
|
||
|
end
|
||
| ... | ... | |
|
sig_check = mail.verify_pgp_signature()
|
||
|
if sig_check.status == 0
|
||
|
logger.info "Mail content was properly signed by key #{sig_check.fingerprint}"
|
||
|
list = Person.find(:all, :attribute => 'keyFingerPrint', :value => sig_check.fingerprint)
|
||
|
list = LdapPerson.find(:all, :attribute => 'keyFingerPrint', :value => sig_check.fingerprint)
|
||
|
case list.size
|
||
|
when 0
|
||
|
logger.info "Mail is from an unknow person"
|
||
|
logger.info "Mail is from an unknown person"
|
||
|
when 1
|
||
|
user = list.first
|
||
|
logger.info "Mail is from user #{user.uid} (#{user.cn})"
|
||
Also available in: Unified diff
[evol] add abstraction level above LDAP layer #1