[evolution-ews] Reject creating meetings organized by other users
- From: Milan Crha <mcrha src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [evolution-ews] Reject creating meetings organized by other users
- Date: Thu, 31 Oct 2019 10:14:46 +0000 (UTC)
commit 9070176add1b2823502699eff9f79955ede1ec6a
Author: Milan Crha <mcrha redhat com>
Date: Thu Oct 31 11:12:37 2019 +0100
Reject creating meetings organized by other users
The EWS protocol doesn't allow creating meetings organized by other
than the calendar owner [1], thus reject such attempt, to avoid eventual
data loss and stealing of the meeting.
[1] Even an older blog post, but still applicable:
https://blogs.msdn.microsoft.com/webdav_101/2011/09/28/howto-set-the-organizer-of-a-meeting-on-the-calendar-of-an-attendee-using-ews/
src/calendar/e-cal-backend-ews.c | 38 ++++++++++++++++++++++++++++++++------
1 file changed, 32 insertions(+), 6 deletions(-)
---
diff --git a/src/calendar/e-cal-backend-ews.c b/src/calendar/e-cal-backend-ews.c
index 25a62ab5..b476c0c4 100644
--- a/src/calendar/e-cal-backend-ews.c
+++ b/src/calendar/e-cal-backend-ews.c
@@ -1516,9 +1516,8 @@ ecb_ews_extract_item_id (ECalComponent *comp,
}
static gboolean
-ecb_ews_can_send_invitations (ECalBackendEws *cbews,
- guint32 opflags,
- ECalComponent *comp)
+ecb_ews_organizer_is_user (ECalBackendEws *cbews,
+ ECalComponent *comp)
{
ECalComponentOrganizer *organizer;
gboolean is_organizer = FALSE;
@@ -1526,9 +1525,6 @@ ecb_ews_can_send_invitations (ECalBackendEws *cbews,
g_return_val_if_fail (E_IS_CAL_BACKEND_EWS (cbews), FALSE);
g_return_val_if_fail (E_IS_CAL_COMPONENT (comp), FALSE);
- if ((opflags & E_CAL_OPERATION_FLAG_DISABLE_ITIP_MESSAGE) != 0)
- return FALSE;
-
if (!e_cal_component_has_organizer (comp))
return FALSE;
@@ -1547,6 +1543,18 @@ ecb_ews_can_send_invitations (ECalBackendEws *cbews,
is_organizer = user_email && g_ascii_strcasecmp (email, user_email) == 0;
g_free (user_email);
+
+ if (!is_organizer) {
+ GHashTable *aliases;
+
+ aliases = ecb_ews_get_mail_aliases (cbews);
+
+ if (aliases) {
+ is_organizer = g_hash_table_contains (aliases, email);
+
+ g_hash_table_unref (aliases);
+ }
+ }
}
e_cal_component_organizer_free (organizer);
@@ -1554,6 +1562,20 @@ ecb_ews_can_send_invitations (ECalBackendEws *cbews,
return is_organizer;
}
+static gboolean
+ecb_ews_can_send_invitations (ECalBackendEws *cbews,
+ guint32 opflags,
+ ECalComponent *comp)
+{
+ g_return_val_if_fail (E_IS_CAL_BACKEND_EWS (cbews), FALSE);
+ g_return_val_if_fail (E_IS_CAL_COMPONENT (comp), FALSE);
+
+ if ((opflags & E_CAL_OPERATION_FLAG_DISABLE_ITIP_MESSAGE) != 0)
+ return FALSE;
+
+ return ecb_ews_organizer_is_user (cbews, comp);
+}
+
static gboolean
ecb_ews_connect_sync (ECalMetaBackend *meta_backend,
const ENamedParameters *credentials,
@@ -2862,6 +2884,10 @@ ecb_ews_save_component_sync (ECalMetaBackend *meta_backend,
g_slist_free_full (existing, g_object_unref);
g_slist_free_full (changed_instances, change_data_free);
g_slist_free_full (removed_instances, g_object_unref);
+ } else if (e_cal_component_has_organizer (master) &&
+ !ecb_ews_organizer_is_user (cbews, master)) {
+ success = FALSE;
+ g_propagate_error (error, EC_ERROR_EX (E_CLIENT_ERROR_PERMISSION_DENIED, _("Cannot create
meetings organized by other users in an Exchange Web Services calendar.")));
} else {
GHashTable *removed_indexes;
EwsCalendarConvertData convert_data = { 0 };
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
