You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ponymail.apache.org by sebbASF <gi...@git.apache.org> on 2016/09/24 11:21:29 UTC
[GitHub] incubator-ponymail issue #140: Bug: lib/aaa.lua various bugs
GitHub user sebbASF opened an issue:
https://github.com/apache/incubator-ponymail/issues/140
Bug: lib/aaa.lua various bugs
getRights(): creates global variable 'uid'
Also it defaults to user.email if usr.uid does not exist, however the subsequent match() command will never match a valid email, so there's no point in the default.
This is example code, but it should still be bug-free as far as it goes.
Not sure why the match RE is not anchored. It would be faster to match, and would avoid having to check against the input. However that is not a bug, though it does make the code harder to follow.
----
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-ponymail issue #140: Bug: lib/aaa.lua various bugs
Posted by sebbASF <gi...@git.apache.org>.
Github user sebbASF commented on the issue:
https://github.com/apache/incubator-ponymail/issues/140
The remaining issue - overwrite of local customisation - is now in #292
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-ponymail issue #140: Bug: lib/aaa.lua various bugs
Posted by sebbASF <gi...@git.apache.org>.
Github user sebbASF commented on the issue:
https://github.com/apache/incubator-ponymail/issues/140
Yes, the current aaa.lua could be changed to delegate to a local file (e.g. aaa_local.lua) if present, and otherwise provide a blank function.
This would also be quite flexible, as the user could either install the aaa_local.lua file or indeed replace aaa.lua if they were not concerned about accidentally replacing it with a git pull.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-ponymail issue #140: Bug: lib/aaa.lua various bugs
Posted by sebbASF <gi...@git.apache.org>.
Github user sebbASF commented on the issue:
https://github.com/apache/incubator-ponymail/issues/140
I think it is doing harm, because it is misleading to users.
It's also the default for the Docker installation.
I think the simplest would be to move it to aaa_examples as an example of an LDAP module.
In any case, the bugs need to be fixed.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-ponymail issue #140: Bug: lib/aaa.lua various bugs
Posted by sebbASF <gi...@git.apache.org>.
Github user sebbASF commented on the issue:
https://github.com/apache/incubator-ponymail/issues/140
The getRights() function is passed an account structure generated by user.lua.
The usr parameter therefore has the form:
```
{
"credentials" : {
"altemail" : { },
"uid" : "abd",
"fullname" : "Joe Bloggs",
"email" : "abcd@apache.org",
},
"internal" : {
"oauth_used" : "localhost",
"cookie" : "xxx",
"ip" : "172.17.0.1",
"admin" : "true"
},
"cid" : "abcd"
}
```
However the code directly accesses usr.uid, usr.email and usr.admin.
Also the code accesses the global oauth_domain which is presumably meant to be internal.oauth_used.
This is very confusing for any wishing to use the module as a basis for their own implementation.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-ponymail issue #140: Bug: lib/aaa.lua various bugs
Posted by sebbASF <gi...@git.apache.org>.
Github user sebbASF commented on the issue:
https://github.com/apache/incubator-ponymail/issues/140
Partially addressed in d1eaa36b0
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-ponymail issue #140: Bug: lib/aaa.lua various bugs
Posted by sebbASF <gi...@git.apache.org>.
Github user sebbASF commented on the issue:
https://github.com/apache/incubator-ponymail/issues/140
The DockerFile will use this module by default, so ideally it needs to be functional
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-ponymail issue #140: Bug: lib/aaa.lua various bugs
Posted by Humbedooh <gi...@git.apache.org>.
Github user Humbedooh commented on the issue:
https://github.com/apache/incubator-ponymail/issues/140
yes, that's my thinking - we make a wrapper that essentially tries to load the _real_ AAA module, but if none is found, it just \u0155eturns a blank function, so it'll work with public email without any AAA lib present.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-ponymail issue #140: Bug: lib/aaa.lua various bugs
Posted by Humbedooh <gi...@git.apache.org>.
Github user Humbedooh commented on the issue:
https://github.com/apache/incubator-ponymail/issues/140
I agree it should be using the same standards as in the aaa_examples dir. However, it's not actively doing any harm as is. It is probably a file we should just change to be mostly empty with pointers to the examples directory, as it's not a file you'd want to update very often (as it's most likely changed on disk, so a git pull would cause harm). We can possibly change it to be a wrapper instead, that pulls in other AAA drivers (or tries to).
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-ponymail issue #140: Bug: lib/aaa.lua various bugs
Posted by sebbASF <gi...@git.apache.org>.
Github user sebbASF closed the issue at:
https://github.com/apache/incubator-ponymail/issues/140
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---