[rt-users] prevent email ticket creation by new users?
Phil R Lawrence
prlawrence at Lehigh.EDU
Fri Jan 31 11:52:08 EST 2003
Phil Homewood wrote:
> Phil R Lawrence wrote:
>
>> [setting $LookupSenderInExternalDatabase and
>> $SenderMustExistInExternalDatabase to true while
>> keeping the stock LookupExternalUserInfo function] ...
>> certainly blocked the creation of new users... it also
>> disabled the ability for *anyone* [to] create tickets
>> via email
>
>
> Hmm. That shouldn't be the case; LookupExternalUserInfo as
> it ships should return success for everything.
And so it does. There is a logic flow bug in RT on this point... The
details are below, but I believe the fix is to strip out any logic from
rt-mailgate that concerns itself with the
$LookupSenderInExternalDatabase and $SenderMustExistInExternalDatabase
variables.
This would be my first patch to a system I'm only just learning, so
please check my findings!
GIVEN:
1. In config.pm we set
$LookupSenderInExternalDatabase = 1;
$SenderMustExistInExternalDatabase = 1;
and we leave the LookupExternalUserInfo function
stock (i.e. it always returns true)
2. rt-mailgate is invoked with an email from a known user
OBSERVE:
1. rt-mailgate calls RT::Interface::Email's GetCurrentUser
function
2. GetCurrentUser() invokes LookupExternalUserInfo() and
ends up with:
$UserFoundInExternalDatabase = 1
$Address = [email address]
$Username = [email address]
3. GetCurrentUser() manages to find the RT user with
either the LoadByName or the LoadByEmail method
4. GetCurrentUser() returns the user object to
rt-mailgate
5. rt-mailgate notes that
$LookupSenderInExternalDatabase = 1;
$SenderMustExistInExternalDatabase = 1;
and immediately throws up its hands, saying:
"RT couldn't find requestor via its external database
lookup"
BUT THIS IS WRONG. GetCurrentUser() is constrained by
$LookupSenderInExternalDatabase = 1;
$SenderMustExistInExternalDatabase = 1;
so rt-mailgate need not worry about it. GetCurrentUser() will bomb and
email a notice if the user can't be authenticated due to these settings
and the LookupExternalUserInfo function.
Phil
More information about the rt-users
mailing list