Skip to Content.
Sympa Menu

devel - Re: [sympa-dev] bug correction in wwsympa (V3.3.5) ? et other wishes...

Subject: Developers of Sympa

List archive

Re: [sympa-dev] bug correction in wwsympa (V3.3.5) ? et other wishes...

Chronological Thread  
    < Chronological >       < Thread >
  • From: Olivier Salaun <address@concealed>
  • To: "Laurent.Aublet-Cuvelier" <address@concealed>
  • Cc: sympa-dev <address@concealed>
  • Subject: Re: [sympa-dev] bug correction in wwsympa (V3.3.5) ? et other wishes...
  • Date: Fri, 12 Jul 2002 12:28:40 +0200
Hi,

"Laurent.Aublet-Cuvelier" wrote:
>
> I just upgrade my sympa version from 3.3.4.b3 to 3.3.5 and I'm surprised
> not to see a bug correction I made in the former version.
> It is about scenarii test module, the authentication's methods do not
> appear in the web page) :
>
> PROMPT> diff wwsympa.fcgi.DIST.3.3.5 wwsympa.fcgi
> 4549c4549,4550
> < $param->{'auth_method'}{$a}{'define'}=1 ;
> ---
> > # $param->{'auth_method'}{$a}{'define'}=1 ;
> > $param->{'authmethod'}{$a}{'defined'}=1 ;

We've just applied your patch :
http://listes.cru.fr/cgi-bin/cvsweb.cgi/sympa/wwsympa/wwsympa.fcgi.diff?r1=1.268&r2=1.269&f=u

> In addition here some remark/wishes :
> A remark for beginning : commands sent by signed (X509) email, are OK
> even if the command is in the subject (which is part of the headers, so
> not protected by the signature). But I agree it would be a big job to
> change this

When Sympa.pl receives a command in a S/MIME signed message, it considers
it is authentified with 'smime' authentication method (for use in scenarios)
ONLY IF the command was found in the message body, not in the Subject header
field.
It sounds like what you expect...

> And a wish to continue : would it be easy to restrict the
> authentication method per user (I think doing it per list is far more
> difficult) ? I mean to restrict authentication to the use of a personal
> certificat for users who are listmaster for instance.
> [...]

Currently listmaster is considered as the owner of all lists, it allows
to write a single rule in scenarios (is_owner([list->name], [sender])...).
We plan to change this and add is_listmaster() rules to all existing scenario
so we could request a higher authenication method for listmasters in
scenarios.
Example :
is_owner([listname],[sender]) smtp,md5,smime -> do_it
is_listmaster([sender]) smime -> do_it
is_listmaster([sender]) smtp,md5 -> reject

--
Olivier Salaün
Comité Réseau des Universités

Archive powered by MHonArc 2.6.19+.

Top of Page