[ postfixadmin-Patches-3447294 ] Domain alias delete patch
Brought to you by:
christian_boltz,
gingerdog
Menu
▾
▴
[ postfixadmin-Patches-3447294 ] Domain alias delete patch
|
From: SourceForge.net <no...@so...> - 2012-04-30 00:53:15
|
Patches item #3447294, was opened at 2011-12-01 09:40 Message generated for change (Comment added) made by pcekper You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937966&aid=3447294&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: wide (w1d3) Assigned to: Nobody/Anonymous (nobody) Summary: Domain alias delete patch Initial Comment: Hi, in 2.3.4, only the global administrator is allowed to *delete* a domain alias, not the domain administrator - even though the domain administrator is allowed to *create* the alias. The attached patch for delete.php solves the problem for me.. but 1) I'm not a PHP programmer and 2) I have only limited knowledge of postfixadmin source code. So I ask for a qualified review.. Thank you. ---------------------------------------------------------------------- Comment By: Juan Augusto Rossi (pcekper) Date: 2012-04-29 17:53 Message: Hi, Patch looks good for me, I am going to apply it, it will be nice the check for the target domain too. Current verification in create-alias-domain.php if(!authentication_has_role ('global-admin') && !(check_owner ($SESSID_USERNAME, $fAliasDomain) && check_owner ($SESSID_USERNAME, $fTargetDomain))) { $error = 1; $tMessage = $PALANG['pCreate_alias_domain_error1']; } meaning that if if you are not global admin the domain admin needs to own both source and target domain. I agree with this policy, target domain should be checked, domain aliases are just for facilitating the config of a domain, mapping it to another already configured. I can imagine the following problem: domain.com aliased to gmail.com Any email addressed to domain.com, even if the account inexistent will be attempted to be delivered to gmail, this can be dangerous, I think it can generate backscatter. A domain catch all in a sense is similar but different, is a domain mapped to a set of email addresses, not the whole domain to another domain. ---------------------------------------------------------------------- Comment By: Christian Boltz (christian_boltz) Date: 2011-12-26 10:59 Message: The original idea is/was to allow deleting an alias domain only if you have permissions for both involved domains. It was never implemented with exactly this permission check, therefore we still have the superadmin check for it. Your patch looks good, but it checks only the "from" domain, not the target domain. OTOH, I'm not sure if the permission check for the target domain really makes sense - you can create and delete "normal" aliases without permission checks on the target side, why should we do it differently for alias domains? The only argument I can imagine is that you can't re-create the alias domain if you don't have permissions on the target domain, but, well, there's a reason why we have a "are you sure?" dialog before deletion happens ;-) What's your opinion on this? ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937966&aid=3447294&group_id=191583 |
