From 2b40b53eec5ec1e88e732a2cb48db985617d33ab Mon Sep 17 00:00:00 2001 From: x2000habouzit Date: Wed, 10 Nov 2004 11:06:25 +0000 Subject: [PATCH] do not use tuples where not needed + don't be smart with the vhost detection ... if the users POSTS on the bad place, then 401-him. that's all --- scripts/mailman/mailman-rpc.py | 88 +++++++++++++++++++++--------------------- 1 file changed, 43 insertions(+), 45 deletions(-) diff --git a/scripts/mailman/mailman-rpc.py b/scripts/mailman/mailman-rpc.py index abffc75..c24ca66 100755 --- a/scripts/mailman/mailman-rpc.py +++ b/scripts/mailman/mailman-rpc.py @@ -18,7 +18,7 @@ #* Foundation, Inc., * #* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * #*************************************************************************** -# $Id: mailman-rpc.py,v 1.74 2004-11-10 10:59:10 x2000habouzit Exp $ +# $Id: mailman-rpc.py,v 1.75 2004-11-10 11:06:25 x2000habouzit Exp $ #*************************************************************************** import base64, MySQLdb, os, getopt, sys, MySQLdb.converters, sha, signal @@ -67,17 +67,15 @@ class BasicAuthXMLRPCRequestHandler(SimpleXMLRPCRequestHandler): # TODO: subclass in SimpleXMLRPCDispatcher and not here. new_params = list(params) new_params.insert(0,self.data[2]) - new_params.insert(0,self.data[0:2]) + new_params.insert(0,self.data[1]) + new_params.insert(0,self.data[0]) return self.server._dispatch(method,new_params) def do_POST(self): try: _, auth = self.headers["authorization"].split() uid, md5 = base64.decodestring(auth).strip().split(':') - try: - vhost = self.path.split('/')[1].lower() - except: - vhost = 'polytechnique.org' + vhost = self.path.split('/')[1].lower() self.data = self.getUser(uid,md5,vhost) if self.data is None: raise AuthFailed @@ -159,7 +157,7 @@ def to_forlife(email): # helpers on lists # -def get_list_info((userdesc,perms),mlist,front_page=0): +def get_list_info(userdesc,perms,mlist,front_page=0): members = mlist.getRegularMemberKeys() is_member = userdesc.address in members is_admin = mm_cfg.ADMIN_ML_OWNER in mlist.owner @@ -194,7 +192,7 @@ def get_list_info((userdesc,perms),mlist,front_page=0): return (details,members) return 0 -def get_options((userdesc,perms),vhost,listname,opts): +def get_options(userdesc,perms,vhost,listname,opts): try: mlist = MailList.MailList(vhost+'-'+listname,lock=0) except: @@ -208,12 +206,12 @@ def get_options((userdesc,perms),vhost,listname,opts): if type(v) is str: options[k] = quote(v) else: options[k] = v - details = get_list_info((userdesc,perms),mlist)[0] + details = get_list_info(userdesc,perms,mlist)[0] return (details,options) except: return 0 -def set_options((userdesc,perms),vhost,listname,opts,vals): +def set_options(userdesc,perms,vhost,listname,opts,vals): try: mlist = MailList.MailList(vhost+'-'+listname,lock=0) except: @@ -244,7 +242,7 @@ def set_options((userdesc,perms),vhost,listname,opts,vals): # users procedures for [ index.php ] # -def get_lists((userdesc,perms),vhost): +def get_lists(userdesc,perms,vhost): prefix = vhost.lower()+'-' names = Utils.list_names() names.sort() @@ -257,13 +255,13 @@ def get_lists((userdesc,perms),vhost): except: continue try: - details = get_list_info((userdesc,perms),mlist,1)[0] + details = get_list_info(userdesc,perms,mlist,1)[0] result.append(details) except: continue return result -def subscribe((userdesc,perms),vhost,listname): +def subscribe(userdesc,perms,vhost,listname): try: mlist = MailList.MailList(vhost+'-'+listname,lock=0) except: @@ -285,7 +283,7 @@ def subscribe((userdesc,perms),vhost,listname): mlist.Unlock() return result -def unsubscribe((userdesc,perms),vhost,listname): +def unsubscribe(userdesc,perms,vhost,listname): try: mlist = MailList.MailList(vhost+'-'+listname,lock=0) except: @@ -304,13 +302,13 @@ def unsubscribe((userdesc,perms),vhost,listname): # users procedures for [ index.php ] # -def get_members((userdesc,perms),vhost,listname): +def get_members(userdesc,perms,vhost,listname): try: mlist = MailList.MailList(vhost+'-'+listname,lock=0) except: return 0 try: - details,members = get_list_info((userdesc,perms),mlist) + details,members = get_list_info(userdesc,perms,mlist) members.sort() members = map(lambda member: (quote(mlist.getMemberName(member)) or '', member), members) return (details,members,mlist.owner) @@ -321,17 +319,17 @@ def get_members((userdesc,perms),vhost,listname): # users procedures for [ trombi.php ] # -def get_members_limit((userdesc,perms),vhost,listname,page,nb_per_page): +def get_members_limit(userdesc,perms,vhost,listname,page,nb_per_page): try: - members = get_members((userdesc,perms),vhost,listname)[1] + members = get_members(userdesc,perms,vhost,listname)[1] except: return 0 i = int(page) * int(nb_per_page) return (len(members), members[i:i+int(nb_per_page)]) -def get_owners((userdesc,perms),vhost,listname): +def get_owners(userdesc,perms,vhost,listname): try: - details,members,owners = get_members((userdesc,perms),vhost,listname) + details,members,owners = get_members(userdesc,perms,vhost,listname) except: return 0 return (details,owners) @@ -340,7 +338,7 @@ def get_owners((userdesc,perms),vhost,listname): # owners procedures [ admin.php ] # -def mass_subscribe((userdesc,perms),vhost,listname,users): +def mass_subscribe(userdesc,perms,vhost,listname,users): try: mlist = MailList.MailList(vhost+'-'+listname,lock=0) except: @@ -365,7 +363,7 @@ def mass_subscribe((userdesc,perms),vhost,listname,users): mlist.Unlock() return added -def mass_unsubscribe((userdesc,perms),vhost,listname,users): +def mass_unsubscribe(userdesc,perms,vhost,listname,users): try: mlist = MailList.MailList(vhost+'-'+listname,lock=0) except: @@ -382,7 +380,7 @@ def mass_unsubscribe((userdesc,perms),vhost,listname,users): mlist.Unlock() return users -def add_owner((userdesc,perms),vhost,listname,user): +def add_owner(userdesc,perms,vhost,listname,user): try: mlist = MailList.MailList(vhost+'-'+listname,lock=0) except: @@ -402,7 +400,7 @@ def add_owner((userdesc,perms),vhost,listname,user): mlist.Unlock() return True -def del_owner((userdesc,perms),vhost,listname,user): +def del_owner(userdesc,perms,vhost,listname,user): try: mlist = MailList.MailList(vhost+'-'+listname,lock=0) except: @@ -424,7 +422,7 @@ def del_owner((userdesc,perms),vhost,listname,user): # owners procedures [ admin.php ] # -def get_pending_ops((userdesc,perms),vhost,listname): +def get_pending_ops(userdesc,perms,vhost,listname): try: mlist = MailList.MailList(vhost+'-'+listname,lock=0) except: @@ -470,7 +468,7 @@ def get_pending_ops((userdesc,perms),vhost,listname): return (subs,helds) -def handle_request((userdesc,perms),vhost,listname,id,value,comment): +def handle_request(userdesc,perms,vhost,listname,id,value,comment): try: mlist = MailList.MailList(vhost+'-'+listname,lock=0) except: @@ -488,7 +486,7 @@ def handle_request((userdesc,perms),vhost,listname,id,value,comment): return 0 -def get_pending_mail((userdesc,perms),vhost,listname,id,raw=0): +def get_pending_mail(userdesc,perms,vhost,listname,id,raw=0): try: mlist = MailList.MailList(vhost+'-'+listname,lock=0) except: @@ -528,13 +526,13 @@ owner_opts = ['accept_these_nonmembers', 'admin_notify_mchanges', 'description', 'info', 'subject_prefix', 'goodbye_msg', 'send_goodbye_msg', \ 'subscribe_policy', 'welcome_msg'] -def get_owner_options((userdesc,perms),vhost,listname): - return get_options((userdesc,perms),vhost,listname,owner_opts) +def get_owner_options(userdesc,perms,vhost,listname): + return get_options(userdesc,perms,vhost,listname,owner_opts) -def set_owner_options((userdesc,perms),vhost,listname,values): - return set_options((userdesc,perms),vhost,listname,owner_opts,values) +def set_owner_options(userdesc,perms,vhost,listname,values): + return set_options(userdesc,perms,vhost,listname,owner_opts,values) -def add_to_wl((userdesc,perms),vhost,listname,addr): +def add_to_wl(userdesc,perms,vhost,listname,addr): try: mlist = MailList.MailList(vhost+'-'+listname,lock=0) except: @@ -551,7 +549,7 @@ def add_to_wl((userdesc,perms),vhost,listname,addr): mlist.Unlock() return 0 -def del_from_wl((userdesc,perms),vhost,listname,addr): +def del_from_wl(userdesc,perms,vhost,listname,addr): try: mlist = MailList.MailList(vhost+'-'+listname,lock=0) except: @@ -568,7 +566,7 @@ def del_from_wl((userdesc,perms),vhost,listname,addr): mlist.Unlock() return 0 -def get_bogo_level((userdesc,perms),vhost,listname): +def get_bogo_level(userdesc,perms,vhost,listname): try: mlist = MailList.MailList(vhost+'-'+listname,lock=0) except: @@ -586,7 +584,7 @@ def get_bogo_level((userdesc,perms),vhost,listname): except: return 0 -def set_bogo_level((userdesc,perms),vhost,listname,level): +def set_bogo_level(userdesc,perms,vhost,listname,level): try: mlist = MailList.MailList(vhost+'-'+listname,lock=0) except: @@ -616,15 +614,15 @@ def set_bogo_level((userdesc,perms),vhost,listname,level): admin_opts = [ 'advertised', 'archive', 'default_member_moderation', \ 'generic_nonmember_action', 'max_message_size', 'msg_footer', 'msg_header'] -def get_admin_options((userdesc,perms),vhost,listname): +def get_admin_options(userdesc,perms,vhost,listname): if perms != 'admin': return 0 - return get_options((userdesc,perms),vhost,listname,admin_opts) + return get_options(userdesc,perms,vhost,listname,admin_opts) -def set_admin_options((userdesc,perms),vhost,listname,values): +def set_admin_options(userdesc,perms,vhost,listname,values): if perms != 'admin': return 0 - return set_options((userdesc,perms),vhost,listname,admin_opts,values) + return set_options(userdesc,perms,vhost,listname,admin_opts,values) #------------------------------------------------------------------------------- # admin procedures [ check.php ] @@ -671,7 +669,7 @@ check_opts = { 'unsubscribe_policy' : 0, } -def check_options((userdesc,perms),vhost,listname,correct=False): +def check_options(userdesc,perms,vhost,listname,correct=False): try: mlist = MailList.MailList(vhost+'-'+listname,lock=0) except: @@ -694,7 +692,7 @@ def check_options((userdesc,perms),vhost,listname,correct=False): if correct: mlist.Save() mlist.Unlock() - details = get_list_info((userdesc,perms),mlist)[0] + details = get_list_info(userdesc,perms,mlist)[0] return (details,options) except: if correct: mlist.Unlock() @@ -704,7 +702,7 @@ def check_options((userdesc,perms),vhost,listname,correct=False): # admin procedures [ soptions.php ] # -def get_all_lists((userdesc,perms),vhost): +def get_all_lists(userdesc,perms,vhost): prefix = vhost.lower()+'-' names = Utils.list_names() names.sort() @@ -715,7 +713,7 @@ def get_all_lists((userdesc,perms),vhost): result.append(name.replace(prefix,'')) return result -def create_list((userdesc,perms),vhost,listname,desc,advertise,modlevel,inslevel,owners,members): +def create_list(userdesc,perms,vhost,listname,desc,advertise,modlevel,inslevel,owners,members): if perms != 'admin': return 0 name = vhost.lower()+'-'+listname.lower(); @@ -764,8 +762,8 @@ def create_list((userdesc,perms),vhost,listname,desc,advertise,modlevel,inslevel mlist.Unlock() - check_options((userdesc,perms),vhost,listname.lower(),True) - mass_subscribe((userdesc,perms),vhost,listname.lower(),members) + check_options(userdesc,perms,vhost,listname.lower(),True) + mass_subscribe(userdesc,perms,vhost,listname.lower(),members) # avoid the "-1 mail to moderate" bug mlist = MailList.MailList(name) -- 2.1.4