SOGoSpecialFoldersInRoot YES|NO - do special folders live under INBOX?
- corresponds to the Cyrus setting: "altnamespace: yes"
SOGoEnableSieveFolder YES|NO - should the Sieve folder be visible?
+
+SOGoInternetDetectQualifier
+- an EOQualifier to detect whether a set of HTTP headers is from the outside,
+ eg: "NOT (minequprovenance = 'intranet')"
+ -SOGoInternetDetectQualifier '"NOT (minequprovenance = \"intranet\")"'
+ Note: all header field names are lowercase
+ Testing: -SOGoInternetDetectQualifier '"host = \"agenor.opengroupware.org\""'
\ No newline at end of file
@implementation SOGoMailAccounts
+static EOQualifier *internetDetectQualifier = nil;
+static NSString *AgenorShareLoginMarker = @".-.";
+
++ (void)initialize {
+ NSUserDefaults *ud = [NSUserDefaults standardUserDefaults];
+ NSString *s;
+
+ if ((s = [ud stringForKey:@"SOGoInternetDetectQualifier"]) != nil) {
+ internetDetectQualifier =
+ [[EOQualifier qualifierWithQualifierFormat:s] retain];
+ if (internetDetectQualifier == nil)
+ NSLog(@"ERROR: could not parse qualifier: '%@'", s);
+ }
+ if (internetDetectQualifier == nil)
+ NSLog(@"SOGoMailAccounts: no 'SOGoInternetDetectQualifier' configured.");
+ else {
+ NSLog(@"SOGoMailAccounts: detect Internet access using: %@",
+ internetDetectQualifier);
+ }
+}
+
+/* detect webmail being accessed from the outside */
+
+- (BOOL)isInternetRequest {
+ WORequest *rq;
+
+ rq = [[(WOApplication *)[WOApplication application] context] request];
+ if (rq == nil) {
+ [self logWithFormat:
+ @"ERROR: got no WORequest for checking Internet headers!"];
+ return NO;
+ }
+
+ return [(id<EOQualifierEvaluation>)internetDetectQualifier
+ evaluateWithObject:[rq headers]];
+}
+
/* listing the available mailboxes */
- (NSArray *)toManyRelationshipKeys {
uid = [[self container] davDisplayName]; /* the uid part of the URL */
account = [um getIMAPAccountStringForUID:uid];
- shares = [um getSharedMailboxAccountStringsForUID:uid];
-
if (account != nil) account = [NSArray arrayWithObject:account];
+ if ([self isInternetRequest]) /* only show primary mailbox in Internet */
+ return account;
+
+ shares = [um getSharedMailboxAccountStringsForUID:uid];
return ([shares count] == 0)
? account
: [account arrayByAddingObjectsFromArray:shares];
if ((obj = [super lookupName:_key inContext:_ctx acquire:NO]))
return obj;
- if ([self isValidMailAccountName:_key])
+ if ([self isValidMailAccountName:_key]) {
+ /* forbid shares for requests coming from the Internet */
+ if ([self isInternetRequest]) {
+ if ([_key rangeOfString:AgenorShareLoginMarker].length > 0) {
+ return [NSException exceptionWithHTTPStatus:403 /* Forbidden */
+ reason:
+ @"Access to shares forbidden from the Internet"];
+ }
+ }
+
return [self mailAccountWithName:_key inContext:_ctx];
+ }
/* return 404 to stop acquisition */
return [NSException exceptionWithHTTPStatus:404 /* Not Found */];
internetDetectQualifier =
[[EOQualifier qualifierWithQualifierFormat:s] retain];
if (internetDetectQualifier == nil)
- NSLog(@"ERROR: could not parse qualifier: '%@'", s);
+ NSLog(@"UIxMailEditor: could not parse qualifier: '%@'", s);
}
if (internetDetectQualifier == nil)
- NSLog(@"Note: no 'SOGoInternetDetectQualifier' configured.");
- else
- NSLog(@"Note: detect Internet access using: %@", internetDetectQualifier);
+ NSLog(@"UIxMailEditor: no 'SOGoInternetDetectQualifier' configured.");
+ else {
+ NSLog(@"UIxMailEditor: detect Internet access using: %@",
+ internetDetectQualifier);
+ }
internetMailHeaders =
[[ud dictionaryForKey:@"SOGoInternetMailHeaders"] copy];
/* detect webmail being accessed from the outside */
- (BOOL)isInternetRequest {
- // TODO: make configurable! (eg allow specification of a qualifier)
WORequest *rq;
rq = [[self context] request];
projects / scalable-opengroupware.org / commitdiff