Esempio n. 1
0
  static boolean checkCrossDomain(
      Provisioning prov, Domain granteeDomain, Domain targetDomain, Group grantedOn)
      throws ServiceException {

    // sanity check, should not happen
    // if we get here, the target can inherit rights from a group,
    // and it must be a domain-ed entry and have a domain
    if (targetDomain == null) return true; // let it through, or throw?

    Domain grantedOnTargetInDomain = grantedOn.getDomain();
    if (grantedOnTargetInDomain == null) {
      // really an error, can't find the domain for the DL
      // return false so ACL granted on this inherited DL target
      // will be ignored
      ZimbraLog.acl.warn(
          "cannot get domain for dl " + grantedOn.getName() + " for checking cross doamin right");
      return false;
    }

    // check if the authed admin is in the same domain of the target.
    // If it is, no issue
    if (targetDomain.getId().equals(granteeDomain.getId())) return true;

    // check if this inherited target is in the same domain as the
    // doamin fo the actual target entry.  If it is, no issue.
    if (targetDomain.getId().equals(grantedOnTargetInDomain.getId())) return true;

    return checkCrossDomainAdminRight(prov, granteeDomain, targetDomain, false);
  }
Esempio n. 2
0
 static boolean crossDomainOK(
     Provisioning prov,
     MailTarget grantee,
     Domain granteeDomain,
     Domain targetDomain,
     Group grantedOn)
     throws ServiceException {
   if (!CrossDomain.checkCrossDomain(prov, granteeDomain, targetDomain, grantedOn)) {
     sLog.info(
         "No cross domain right for %s on domain %s, skipping positive grants on dl %s",
         grantee.getName(), targetDomain.getName(), grantedOn.getName());
     return false;
   }
   return true;
 }