From 945721f48f74d5cfffef7c7cf3a3d6bc2521f5dd Mon Sep 17 00:00:00 2001 From: ivan Date: Tue, 15 Jul 2003 13:16:32 +0000 Subject: import of rt 3.0.4 --- rt/lib/RT/Interface/Email/Auth/MailFrom.pm | 131 +++++++++++++++++++++++++++++ 1 file changed, 131 insertions(+) create mode 100644 rt/lib/RT/Interface/Email/Auth/MailFrom.pm (limited to 'rt/lib/RT/Interface/Email/Auth') diff --git a/rt/lib/RT/Interface/Email/Auth/MailFrom.pm b/rt/lib/RT/Interface/Email/Auth/MailFrom.pm new file mode 100644 index 000000000..eb778ff30 --- /dev/null +++ b/rt/lib/RT/Interface/Email/Auth/MailFrom.pm @@ -0,0 +1,131 @@ +# BEGIN LICENSE BLOCK +# +# Copyright (c) 1996-2003 Jesse Vincent +# +# (Except where explictly superceded by other copyright notices) +# +# This work is made available to you under the terms of Version 2 of +# the GNU General Public License. A copy of that license should have +# been provided with this software, but in any event can be snarfed +# from www.gnu.org. +# +# This work is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# Unless otherwise specified, all modifications, corrections or +# extensions to this work which alter its source code become the +# property of Best Practical Solutions, LLC when submitted for +# inclusion in the work. +# +# +# END LICENSE BLOCK +package RT::Interface::Email::Auth::MailFrom; +use RT::Interface::Email qw(ParseSenderAddressFromHead CreateUser); + +# This is what the ordinary, non-enhanced gateway does at the moment. + +sub GetCurrentUser { + my %args = ( Message => undef, + CurrentUser => undef, + AuthLevel => undef, + Ticket => undef, + Queue => undef, + Action => undef, + @_ ); + + # We don't need to do any external lookups + my ( $Address, $Name ) = ParseSenderAddressFromHead( $args{'Message'}->head ); + my $CurrentUser = RT::CurrentUser->new(); + $CurrentUser->LoadByEmail($Address); + + unless ( $CurrentUser->Id ) { + $CurrentUser->LoadByName($Address); + } + + if ( $CurrentUser->Id ) { + return ( $CurrentUser, 1 ); + } + + + + # If the user can't be loaded, we may need to create one. Figure out the acl situation. + my $unpriv = RT::Group->new($RT::SystemUser); + $unpriv->LoadSystemInternalGroup('Unprivileged'); + unless ( $unpriv->Id ) { + $RT::Logger->crit( "Auth::MailFrom couldn't find the 'Unprivileged' internal group" ); + return ( $args{'CurrentUser'}, -1 ); + } + + my $everyone = RT::Group->new($RT::SystemUser); + $everyone->LoadSystemInternalGroup('Everyone'); + unless ( $everyone->Id ) { + $RT::Logger->crit( "Auth::MailFrom couldn't find the 'Everyone' internal group"); + return ( $args{'CurrentUser'}, -1 ); + } + + # but before we do that, we need to make sure that the created user would have the right + # to do what we're doing. + if ( $args{'Ticket'} && $args{'Ticket'}->Id ) { + # We have a ticket. that means we're commenting or corresponding + if ( $args{'Action'} =~ /^comment$/i ) { + + # check to see whether "Everybody" or "Unprivileged users" can comment on tickets + unless ( $everyone->PrincipalObj->HasRight( + Object => $args{'Queue'}, + Right => 'CommentOnTicket' + ) + || $unpriv->PrincipalObj->HasRight( + Object => $args{'Queue'}, + Right => 'CommentOnTicket' + ) + ) { + return ( $args{'CurrentUser'}, 0 ); + } + } + elsif ( $args{'Action'} =~ /^correspond$/i ) { + + # check to see whether "Everybody" or "Unprivileged users" can correspond on tickets + unless ( $everyone->PrincipalObj->HasRight(Object => $args{'Queue'}, + Right => 'ReplyToTicket' + ) + || $unpriv->PrincipalObj->HasRight( + Object => $args{'Queue'}, + Right => 'ReplyToTicket' + ) + ) { + return ( $args{'CurrentUser'}, 0 ); + } + + } + else { + return ( $args{'CurrentUser'}, 0 ); + } + } + + # We're creating a ticket + elsif ( $args{'Queue'} && $args{'Queue'}->Id ) { + + # check to see whether "Everybody" or "Unprivileged users" can create tickets in this queue + unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'}, + Right => 'CreateTicket' ) + || $unpriv->PrincipalObj->HasRight( Object => $args{'Queue'}, + Right => 'CreateTicket' ) + ) { + return ( $args{'CurrentUser'}, 0 ); + } + + } + + $CurrentUser = CreateUser( undef, $Address, $Name, $args{'Message'} ); + + return ( $CurrentUser, 1 ); +} + +eval "require RT::Interface::Email::Auth::MailFrom_Vendor"; +die $@ if ($@ && $@ !~ qr{^Can't locate RT/Interface/Email/Auth/MailFrom_Vendor.pm}); +eval "require RT::Interface::Email::Auth::MailFrom_Local"; +die $@ if ($@ && $@ !~ qr{^Can't locate RT/Interface/Email/Auth/MailFrom_Local.pm}); + +1; -- cgit v1.2.1 From c582e92888b4a5553e1b4e5214cf35217e4a0cf0 Mon Sep 17 00:00:00 2001 From: ivan Date: Thu, 11 Nov 2004 12:13:50 +0000 Subject: import rt 3.0.12 --- rt/lib/RT/Interface/Email/Auth/MailFrom.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'rt/lib/RT/Interface/Email/Auth') diff --git a/rt/lib/RT/Interface/Email/Auth/MailFrom.pm b/rt/lib/RT/Interface/Email/Auth/MailFrom.pm index eb778ff30..f71666b72 100644 --- a/rt/lib/RT/Interface/Email/Auth/MailFrom.pm +++ b/rt/lib/RT/Interface/Email/Auth/MailFrom.pm @@ -118,7 +118,7 @@ sub GetCurrentUser { } - $CurrentUser = CreateUser( undef, $Address, $Name, $args{'Message'} ); + $CurrentUser = CreateUser( undef, $Address, $Name, $Address, $args{'Message'} ); return ( $CurrentUser, 1 ); } -- cgit v1.2.1 From d39d52aac8f38ea9115628039f0df5aa3ac826de Mon Sep 17 00:00:00 2001 From: ivan Date: Fri, 3 Dec 2004 20:40:48 +0000 Subject: import rt 3.2.2 --- rt/lib/RT/Interface/Email/Auth/GnuPG.pm | 121 +++++++++++++++++++++++++++++ rt/lib/RT/Interface/Email/Auth/MailFrom.pm | 43 +++++++--- 2 files changed, 153 insertions(+), 11 deletions(-) create mode 100755 rt/lib/RT/Interface/Email/Auth/GnuPG.pm (limited to 'rt/lib/RT/Interface/Email/Auth') diff --git a/rt/lib/RT/Interface/Email/Auth/GnuPG.pm b/rt/lib/RT/Interface/Email/Auth/GnuPG.pm new file mode 100755 index 000000000..724b1b3fc --- /dev/null +++ b/rt/lib/RT/Interface/Email/Auth/GnuPG.pm @@ -0,0 +1,121 @@ +# {{{ BEGIN BPS TAGGED BLOCK +# +# COPYRIGHT: +# +# This software is Copyright (c) 1996-2004 Best Practical Solutions, LLC +# +# +# (Except where explicitly superseded by other copyright notices) +# +# +# LICENSE: +# +# This work is made available to you under the terms of Version 2 of +# the GNU General Public License. A copy of that license should have +# been provided with this software, but in any event can be snarfed +# from www.gnu.org. +# +# This work is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# +# +# CONTRIBUTION SUBMISSION POLICY: +# +# (The following paragraph is not intended to limit the rights granted +# to you to modify and distribute this software under the terms of +# the GNU General Public License and is only of importance to you if +# you choose to contribute your changes and enhancements to the +# community by submitting them to Best Practical Solutions, LLC.) +# +# By intentionally submitting any modifications, corrections or +# derivatives to this work, or any other work intended for use with +# Request Tracker, to Best Practical Solutions, LLC, you confirm that +# you are the copyright holder for those contributions and you grant +# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable, +# royalty-free, perpetual, license to use, copy, create derivative +# works based on those contributions, and sublicense and distribute +# those contributions and any derivatives thereof. +# +# }}} END BPS TAGGED BLOCK +# +package RT::Interface::Email::Auth::GnuPG; +use Mail::GnuPG; + +=head2 GetCurrentUser + +To use the gnupg-secured mail gateway, you need to do the following: + +Set up a gnupgp key directory with a pubring containing only the keys +you care about and specify the following in your SiteConfig.pm + +Set($RT::GPGKeyDir, "/path/to/keyring-directory"); +@RT::MailPlugins = qw(Auth::MailFrom Auth::GnuPG Filter::TakeAction); + + + +=cut + + + +sub GetCurrentUser { + my %args = ( + Message => undef, + RawMessageRef => undef, + CurrentUser => undef, + AuthLevel => undef, + Ticket => undef, + Queue => undef, + Action => undef, + @_ + ); + + my ( $val, $key, $address,$gpg ); + + eval { + + my $parser = RT::EmailParser->new(); + $parser->SmartParseMIMEEntityFromScalar(Message => ${$args{'RawMessageRef'}}, Decode => 0); + $gpg = Mail::GnuPG->new( keydir => $RT::GPGKeyDir ); + my $entity = $parser->Entity; + ( $val, $key, $address ) = $gpg->verify( $parser->Entity); + $RT::Logger->crit("Got $val - $key - $address"); + }; + + if ($@) { + $RT::Logger->crit($@); + } + + unless ($address) { + $RT::Logger->crit( "Couldn't find a valid signature" . join ( "\n", @{ $gpg->{'last_message'} } ) ); + return ( $args{'CurrentUser'}, $args{'AuthLevel'} ); + } + + my @addrs = Mail::Address->parse($address); + $address = $addrs[0]->address(); + + my $CurrentUser = RT::CurrentUser->new(); + $CurrentUser->LoadByEmail($address); + + if ( $CurrentUser->Id ) { + $RT::Logger->crit($address . " authenticated via PGP signature"); + return ( $CurrentUser, 2 ); + } + +} + +eval "require RT::Interface::Email::Auth::GnuPG_Vendor"; +die $@ + if ( $@ + && $@ !~ qr{^Can't locate RT/Interface/Email/Auth/GnuPG_Vendor.pm} ); +eval "require RT::Interface::Email::Auth::GnuPG_Local"; +die $@ + if ( $@ + && $@ !~ qr{^Can't locate RT/Interface/Email/Auth/GnuPG_Local.pm} ); + +1; diff --git a/rt/lib/RT/Interface/Email/Auth/MailFrom.pm b/rt/lib/RT/Interface/Email/Auth/MailFrom.pm index f71666b72..0efadb1cd 100644 --- a/rt/lib/RT/Interface/Email/Auth/MailFrom.pm +++ b/rt/lib/RT/Interface/Email/Auth/MailFrom.pm @@ -1,8 +1,14 @@ -# BEGIN LICENSE BLOCK +# {{{ BEGIN BPS TAGGED BLOCK # -# Copyright (c) 1996-2003 Jesse Vincent +# COPYRIGHT: +# +# This software is Copyright (c) 1996-2004 Best Practical Solutions, LLC +# # -# (Except where explictly superceded by other copyright notices) +# (Except where explicitly superseded by other copyright notices) +# +# +# LICENSE: # # This work is made available to you under the terms of Version 2 of # the GNU General Public License. A copy of that license should have @@ -14,13 +20,29 @@ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # -# Unless otherwise specified, all modifications, corrections or -# extensions to this work which alter its source code become the -# property of Best Practical Solutions, LLC when submitted for -# inclusion in the work. +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# # +# CONTRIBUTION SUBMISSION POLICY: # -# END LICENSE BLOCK +# (The following paragraph is not intended to limit the rights granted +# to you to modify and distribute this software under the terms of +# the GNU General Public License and is only of importance to you if +# you choose to contribute your changes and enhancements to the +# community by submitting them to Best Practical Solutions, LLC.) +# +# By intentionally submitting any modifications, corrections or +# derivatives to this work, or any other work intended for use with +# Request Tracker, to Best Practical Solutions, LLC, you confirm that +# you are the copyright holder for those contributions and you grant +# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable, +# royalty-free, perpetual, license to use, copy, create derivative +# works based on those contributions, and sublicense and distribute +# those contributions and any derivatives thereof. +# +# }}} END BPS TAGGED BLOCK package RT::Interface::Email::Auth::MailFrom; use RT::Interface::Email qw(ParseSenderAddressFromHead CreateUser); @@ -35,6 +57,7 @@ sub GetCurrentUser { Action => undef, @_ ); + # We don't need to do any external lookups my ( $Address, $Name ) = ParseSenderAddressFromHead( $args{'Message'}->head ); my $CurrentUser = RT::CurrentUser->new(); @@ -71,7 +94,7 @@ sub GetCurrentUser { # We have a ticket. that means we're commenting or corresponding if ( $args{'Action'} =~ /^comment$/i ) { - # check to see whether "Everybody" or "Unprivileged users" can comment on tickets + # check to see whether "Everyone" or "Unprivileged users" can comment on tickets unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'}, Right => 'CommentOnTicket' @@ -110,8 +133,6 @@ sub GetCurrentUser { # check to see whether "Everybody" or "Unprivileged users" can create tickets in this queue unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'}, Right => 'CreateTicket' ) - || $unpriv->PrincipalObj->HasRight( Object => $args{'Queue'}, - Right => 'CreateTicket' ) ) { return ( $args{'CurrentUser'}, 0 ); } -- cgit v1.2.1 From d4d0590bef31071e8809ec046717444b95b3f30a Mon Sep 17 00:00:00 2001 From: ivan Date: Sat, 15 Oct 2005 09:11:20 +0000 Subject: import rt 3.4.4 --- rt/lib/RT/Interface/Email/Auth/GnuPG.pm | 6 ++--- rt/lib/RT/Interface/Email/Auth/MailFrom.pm | 36 +++++++++++++++++++++++++++--- 2 files changed, 36 insertions(+), 6 deletions(-) (limited to 'rt/lib/RT/Interface/Email/Auth') diff --git a/rt/lib/RT/Interface/Email/Auth/GnuPG.pm b/rt/lib/RT/Interface/Email/Auth/GnuPG.pm index 724b1b3fc..2dfada755 100755 --- a/rt/lib/RT/Interface/Email/Auth/GnuPG.pm +++ b/rt/lib/RT/Interface/Email/Auth/GnuPG.pm @@ -1,8 +1,8 @@ -# {{{ BEGIN BPS TAGGED BLOCK +# BEGIN BPS TAGGED BLOCK {{{ # # COPYRIGHT: # -# This software is Copyright (c) 1996-2004 Best Practical Solutions, LLC +# This software is Copyright (c) 1996-2005 Best Practical Solutions, LLC # # # (Except where explicitly superseded by other copyright notices) @@ -42,7 +42,7 @@ # works based on those contributions, and sublicense and distribute # those contributions and any derivatives thereof. # -# }}} END BPS TAGGED BLOCK +# END BPS TAGGED BLOCK }}} # package RT::Interface::Email::Auth::GnuPG; use Mail::GnuPG; diff --git a/rt/lib/RT/Interface/Email/Auth/MailFrom.pm b/rt/lib/RT/Interface/Email/Auth/MailFrom.pm index 0efadb1cd..ef315dd53 100644 --- a/rt/lib/RT/Interface/Email/Auth/MailFrom.pm +++ b/rt/lib/RT/Interface/Email/Auth/MailFrom.pm @@ -1,8 +1,8 @@ -# {{{ BEGIN BPS TAGGED BLOCK +# BEGIN BPS TAGGED BLOCK {{{ # # COPYRIGHT: # -# This software is Copyright (c) 1996-2004 Best Practical Solutions, LLC +# This software is Copyright (c) 1996-2005 Best Practical Solutions, LLC # # # (Except where explicitly superseded by other copyright notices) @@ -42,7 +42,7 @@ # works based on those contributions, and sublicense and distribute # those contributions and any derivatives thereof. # -# }}} END BPS TAGGED BLOCK +# END BPS TAGGED BLOCK }}} package RT::Interface::Email::Auth::MailFrom; use RT::Interface::Email qw(ParseSenderAddressFromHead CreateUser); @@ -121,6 +121,36 @@ sub GetCurrentUser { return ( $args{'CurrentUser'}, 0 ); } + } + elsif ( $args{'Action'} =~ /^take$/i ) { + + # check to see whether "Everybody" or "Unprivileged users" can correspond on tickets + unless ( $everyone->PrincipalObj->HasRight(Object => $args{'Queue'}, + Right => 'OwnTicket' + ) + || $unpriv->PrincipalObj->HasRight( + Object => $args{'Queue'}, + Right => 'OwnTicket' + ) + ) { + return ( $args{'CurrentUser'}, 0 ); + } + + } + elsif ( $args{'Action'} =~ /^resolve$/i ) { + + # check to see whether "Everybody" or "Unprivileged users" can correspond on tickets + unless ( $everyone->PrincipalObj->HasRight(Object => $args{'Queue'}, + Right => 'ModifyTicket' + ) + || $unpriv->PrincipalObj->HasRight( + Object => $args{'Queue'}, + Right => 'ModifyTicket' + ) + ) { + return ( $args{'CurrentUser'}, 0 ); + } + } else { return ( $args{'CurrentUser'}, 0 ); -- cgit v1.2.1