mirror of
https://github.com/nitnelave/lldap.git
synced 2023-04-12 14:25:13 +00:00
ldap: Add support for password modify extension
This allows other systems (e.g. Authelia) to reset passwords for users.
This commit is contained in:
parent
31e1ff358b
commit
43ffeca24d
4
Cargo.lock
generated
4
Cargo.lock
generated
@ -1644,9 +1644,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "ldap3_server"
|
||||
version = "0.1.7"
|
||||
version = "0.1.9"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "3beb05c22d6cb1792389efb3e71ed90af6148b6f26d283db67322d356ab2556d"
|
||||
checksum = "092da326ef499380e33fc8213a621de7fb342d6cd112eb695e16161a0acb061a"
|
||||
dependencies = [
|
||||
"bytes",
|
||||
"lber",
|
||||
|
@ -26,7 +26,7 @@ futures-util = "*"
|
||||
hmac = "0.10"
|
||||
http = "*"
|
||||
jwt = "0.13"
|
||||
ldap3_server = "*"
|
||||
ldap3_server = ">=0.1.9"
|
||||
lldap_auth = { path = "../auth" }
|
||||
log = "*"
|
||||
orion = "0.16"
|
||||
|
@ -28,9 +28,18 @@ mockall::mock! {
|
||||
}
|
||||
#[async_trait]
|
||||
impl OpaqueHandler for TestOpaqueHandler {
|
||||
async fn login_start(&self, request: login::ClientLoginStartRequest) -> Result<login::ServerLoginStartResponse>;
|
||||
async fn login_finish(&self, request: login::ClientLoginFinishRequest ) -> Result<String>;
|
||||
async fn registration_start(&self, request: registration::ClientRegistrationStartRequest) -> Result<registration::ServerRegistrationStartResponse>;
|
||||
async fn registration_finish(&self, request: registration::ClientRegistrationFinishRequest ) -> Result<()>;
|
||||
async fn login_start(
|
||||
&self,
|
||||
request: login::ClientLoginStartRequest
|
||||
) -> Result<login::ServerLoginStartResponse>;
|
||||
async fn login_finish(&self, request: login::ClientLoginFinishRequest ) -> Result<String>;
|
||||
async fn registration_start(
|
||||
&self,
|
||||
request: registration::ClientRegistrationStartRequest
|
||||
) -> Result<registration::ServerRegistrationStartResponse>;
|
||||
async fn registration_finish(
|
||||
&self,
|
||||
request: registration::ClientRegistrationFinishRequest
|
||||
) -> Result<()>;
|
||||
}
|
||||
}
|
||||
|
@ -1,14 +1,19 @@
|
||||
use crate::domain::handler::{
|
||||
BackendHandler, BindRequest, Group, GroupIdAndName, LoginHandler, RequestFilter, User,
|
||||
use crate::domain::{
|
||||
handler::{
|
||||
BackendHandler, BindRequest, Group, GroupIdAndName, LoginHandler, RequestFilter, User,
|
||||
},
|
||||
opaque_handler::OpaqueHandler,
|
||||
};
|
||||
use anyhow::{bail, Result};
|
||||
use futures::stream::StreamExt;
|
||||
use futures_util::TryStreamExt;
|
||||
use ldap3_server::proto::{
|
||||
LdapBindCred, LdapBindRequest, LdapBindResponse, LdapExtendedResponse, LdapFilter, LdapOp,
|
||||
LdapPartialAttribute, LdapResult, LdapResultCode, LdapSearchRequest, LdapSearchResultEntry,
|
||||
LdapBindCred, LdapBindRequest, LdapBindResponse, LdapExtendedRequest, LdapExtendedResponse,
|
||||
LdapFilter, LdapOp, LdapPartialAttribute, LdapPasswordModifyRequest, LdapResult,
|
||||
LdapResultCode, LdapSearchRequest, LdapSearchResultEntry, LdapSearchScope,
|
||||
};
|
||||
use log::*;
|
||||
use std::convert::TryFrom;
|
||||
|
||||
fn make_dn_pair<I>(mut iter: I) -> Result<(String, String)>
|
||||
where
|
||||
@ -133,8 +138,12 @@ fn make_ldap_search_user_result_entry(
|
||||
fn get_group_attribute(group: &Group, base_dn_str: &str, attribute: &str) -> Result<Vec<String>> {
|
||||
match attribute {
|
||||
"objectClass" => Ok(vec!["groupOfUniqueNames".to_string()]),
|
||||
"dn" => Ok(vec![format!(
|
||||
"cn={},ou=groups,{}",
|
||||
group.display_name, base_dn_str
|
||||
)]),
|
||||
"cn" => Ok(vec![group.display_name.clone()]),
|
||||
"uniqueMember" => Ok(group
|
||||
"member" | "uniqueMember" => Ok(group
|
||||
.users
|
||||
.iter()
|
||||
.map(|u| format!("cn={},ou=people,{}", u, base_dn_str))
|
||||
@ -208,6 +217,19 @@ fn make_search_error(code: LdapResultCode, message: String) -> LdapOp {
|
||||
})
|
||||
}
|
||||
|
||||
fn make_extended_response(code: LdapResultCode, message: String) -> LdapOp {
|
||||
LdapOp::ExtendedResponse(LdapExtendedResponse {
|
||||
res: LdapResult {
|
||||
code,
|
||||
matcheddn: "".to_string(),
|
||||
message,
|
||||
referral: vec![],
|
||||
},
|
||||
name: None,
|
||||
value: None,
|
||||
})
|
||||
}
|
||||
|
||||
fn root_dse_response(base_dn: &str) -> LdapOp {
|
||||
LdapOp::SearchResultEntry(LdapSearchResultEntry {
|
||||
dn: "".to_string(),
|
||||
@ -240,7 +262,7 @@ fn root_dse_response(base_dn: &str) -> LdapOp {
|
||||
})
|
||||
}
|
||||
|
||||
pub struct LdapHandler<Backend: BackendHandler + LoginHandler> {
|
||||
pub struct LdapHandler<Backend: BackendHandler + LoginHandler + OpaqueHandler> {
|
||||
dn: String,
|
||||
backend_handler: Backend,
|
||||
pub base_dn: Vec<(String, String)>,
|
||||
@ -248,7 +270,7 @@ pub struct LdapHandler<Backend: BackendHandler + LoginHandler> {
|
||||
ldap_user_dn: String,
|
||||
}
|
||||
|
||||
impl<Backend: BackendHandler + LoginHandler> LdapHandler<Backend> {
|
||||
impl<Backend: BackendHandler + LoginHandler + OpaqueHandler> LdapHandler<Backend> {
|
||||
pub fn new(backend_handler: Backend, ldap_base_dn: String, ldap_user_dn: String) -> Self {
|
||||
Self {
|
||||
dn: "Unauthenticated".to_string(),
|
||||
@ -291,11 +313,73 @@ impl<Backend: BackendHandler + LoginHandler> LdapHandler<Backend> {
|
||||
}
|
||||
}
|
||||
|
||||
async fn change_password(&mut self, user: &str, password: &str) -> Result<()> {
|
||||
use lldap_auth::*;
|
||||
let mut rng = rand::rngs::OsRng;
|
||||
let registration_start_request =
|
||||
opaque::client::registration::start_registration(password, &mut rng)?;
|
||||
let req = registration::ClientRegistrationStartRequest {
|
||||
username: user.to_string(),
|
||||
registration_start_request: registration_start_request.message,
|
||||
};
|
||||
let registration_start_response = self.backend_handler.registration_start(req).await?;
|
||||
let registration_finish = opaque::client::registration::finish_registration(
|
||||
registration_start_request.state,
|
||||
registration_start_response.registration_response,
|
||||
&mut rng,
|
||||
)?;
|
||||
let req = registration::ClientRegistrationFinishRequest {
|
||||
server_data: registration_start_response.server_data,
|
||||
registration_upload: registration_finish.message,
|
||||
};
|
||||
self.backend_handler.registration_finish(req).await?;
|
||||
Ok(())
|
||||
}
|
||||
|
||||
async fn do_password_modification(
|
||||
&mut self,
|
||||
request: &LdapPasswordModifyRequest,
|
||||
) -> Vec<LdapOp> {
|
||||
match (&request.user_identity, &request.new_password) {
|
||||
(Some(user), Some(password)) => {
|
||||
match get_user_id_from_distinguished_name(user, &self.base_dn, &self.base_dn_str) {
|
||||
Ok(uid) => {
|
||||
if let Err(e) = self.change_password(&uid, password).await {
|
||||
vec![make_extended_response(
|
||||
LdapResultCode::Other,
|
||||
format!("Error while changing the password: {:#?}", e),
|
||||
)]
|
||||
} else {
|
||||
vec![make_extended_response(
|
||||
LdapResultCode::Success,
|
||||
"".to_string(),
|
||||
)]
|
||||
}
|
||||
}
|
||||
Err(e) => vec![make_extended_response(
|
||||
LdapResultCode::InvalidDNSyntax,
|
||||
format!("Invalid username: {} ({:#?})", user, e),
|
||||
)],
|
||||
}
|
||||
}
|
||||
_ => vec![make_extended_response(
|
||||
LdapResultCode::ConstraintViolation,
|
||||
"Missing either user_id or password".to_string(),
|
||||
)],
|
||||
}
|
||||
}
|
||||
|
||||
async fn do_extended_request(&mut self, request: &LdapExtendedRequest) -> Vec<LdapOp> {
|
||||
match LdapPasswordModifyRequest::try_from(request) {
|
||||
Ok(password_request) => self.do_password_modification(&password_request).await,
|
||||
Err(_) => vec![make_extended_response(
|
||||
LdapResultCode::UnwillingToPerform,
|
||||
format!("Unsupported extended operation: {}", &request.name),
|
||||
)],
|
||||
}
|
||||
}
|
||||
|
||||
pub async fn do_search(&mut self, request: &LdapSearchRequest) -> Vec<LdapOp> {
|
||||
info!(
|
||||
"Received search request with filters: {:?}",
|
||||
&request.filter
|
||||
);
|
||||
if self.dn != self.ldap_user_dn {
|
||||
return vec![make_search_error(
|
||||
LdapResultCode::InsufficentAccessRights,
|
||||
@ -474,16 +558,11 @@ impl<Backend: BackendHandler + LoginHandler> LdapHandler<Backend> {
|
||||
// No need to notify on unbind (per rfc4511)
|
||||
return None;
|
||||
}
|
||||
op => vec![LdapOp::ExtendedResponse(LdapExtendedResponse {
|
||||
res: LdapResult {
|
||||
code: LdapResultCode::UnwillingToPerform,
|
||||
matcheddn: "".to_string(),
|
||||
message: format!("Unsupported operation: {:#?}", op),
|
||||
referral: vec![],
|
||||
},
|
||||
name: None,
|
||||
value: None,
|
||||
})],
|
||||
LdapOp::ExtendedRequest(request) => self.do_extended_request(&request).await,
|
||||
op => vec![make_extended_response(
|
||||
LdapResultCode::UnwillingToPerform,
|
||||
format!("Unsupported operation: {:#?}", op),
|
||||
)],
|
||||
})
|
||||
}
|
||||
|
||||
@ -503,6 +582,7 @@ impl<Backend: BackendHandler + LoginHandler> LdapHandler<Backend> {
|
||||
bail!("Unsupported group filter: {:?}", filter)
|
||||
}
|
||||
}
|
||||
LdapFilter::And(v) if v.is_empty() => Ok(None),
|
||||
_ => bail!("Unsupported group filter: {:?}", filter),
|
||||
}
|
||||
}
|
||||
@ -562,17 +642,63 @@ impl<Backend: BackendHandler + LoginHandler> LdapHandler<Backend> {
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use super::*;
|
||||
use crate::domain::handler::{BindRequest, MockTestBackendHandler};
|
||||
use crate::domain::{error::Result, handler::*, opaque_handler::*};
|
||||
use async_trait::async_trait;
|
||||
use ldap3_server::proto::{LdapDerefAliases, LdapSearchScope};
|
||||
use mockall::predicate::eq;
|
||||
use std::collections::HashSet;
|
||||
use tokio;
|
||||
|
||||
mockall::mock! {
|
||||
pub TestBackendHandler{}
|
||||
impl Clone for TestBackendHandler {
|
||||
fn clone(&self) -> Self;
|
||||
}
|
||||
#[async_trait]
|
||||
impl LoginHandler for TestBackendHandler {
|
||||
async fn bind(&self, request: BindRequest) -> Result<()>;
|
||||
}
|
||||
#[async_trait]
|
||||
impl BackendHandler for TestBackendHandler {
|
||||
async fn list_users(&self, filters: Option<RequestFilter>) -> Result<Vec<User>>;
|
||||
async fn list_groups(&self) -> Result<Vec<Group>>;
|
||||
async fn get_user_details(&self, user_id: &str) -> Result<User>;
|
||||
async fn get_group_details(&self, group_id: GroupId) -> Result<GroupIdAndName>;
|
||||
async fn get_user_groups(&self, user: &str) -> Result<HashSet<GroupIdAndName>>;
|
||||
async fn create_user(&self, request: CreateUserRequest) -> Result<()>;
|
||||
async fn update_user(&self, request: UpdateUserRequest) -> Result<()>;
|
||||
async fn update_group(&self, request: UpdateGroupRequest) -> Result<()>;
|
||||
async fn delete_user(&self, user_id: &str) -> Result<()>;
|
||||
async fn create_group(&self, group_name: &str) -> Result<GroupId>;
|
||||
async fn delete_group(&self, group_id: GroupId) -> Result<()>;
|
||||
async fn add_user_to_group(&self, user_id: &str, group_id: GroupId) -> Result<()>;
|
||||
async fn remove_user_from_group(&self, user_id: &str, group_id: GroupId) -> Result<()>;
|
||||
}
|
||||
#[async_trait]
|
||||
impl OpaqueHandler for TestBackendHandler {
|
||||
async fn login_start(
|
||||
&self,
|
||||
request: login::ClientLoginStartRequest
|
||||
) -> Result<login::ServerLoginStartResponse>;
|
||||
async fn login_finish(&self, request: login::ClientLoginFinishRequest) -> Result<String>;
|
||||
async fn registration_start(
|
||||
&self,
|
||||
request: registration::ClientRegistrationStartRequest
|
||||
) -> Result<registration::ServerRegistrationStartResponse>;
|
||||
async fn registration_finish(
|
||||
&self,
|
||||
request: registration::ClientRegistrationFinishRequest
|
||||
) -> Result<()>;
|
||||
}
|
||||
}
|
||||
|
||||
fn make_search_request<S: Into<String>>(
|
||||
base: &str,
|
||||
filter: LdapFilter,
|
||||
attrs: Vec<S>,
|
||||
) -> LdapSearchRequest {
|
||||
LdapSearchRequest {
|
||||
base: "ou=people,dc=example,dc=com".to_string(),
|
||||
base: base.to_string(),
|
||||
scope: LdapSearchScope::Base,
|
||||
aliases: LdapDerefAliases::Never,
|
||||
sizelimit: 0,
|
||||
@ -583,6 +709,13 @@ mod tests {
|
||||
}
|
||||
}
|
||||
|
||||
fn make_user_search_request<S: Into<String>>(
|
||||
filter: LdapFilter,
|
||||
attrs: Vec<S>,
|
||||
) -> LdapSearchRequest {
|
||||
make_search_request::<S>("ou=people,dc=example,dc=com", filter, attrs)
|
||||
}
|
||||
|
||||
async fn setup_bound_handler(
|
||||
mut mock: MockTestBackendHandler,
|
||||
) -> LdapHandler<MockTestBackendHandler> {
|
||||
@ -673,7 +806,7 @@ mod tests {
|
||||
LdapResultCode::Success
|
||||
);
|
||||
|
||||
let request = make_search_request::<String>(LdapFilter::And(vec![]), vec![]);
|
||||
let request = make_user_search_request::<String>(LdapFilter::And(vec![]), vec![]);
|
||||
assert_eq!(
|
||||
ldap_handler.do_search(&request).await,
|
||||
vec![make_search_error(
|
||||
@ -736,7 +869,7 @@ mod tests {
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
async fn test_search() {
|
||||
async fn test_search_users() {
|
||||
let mut mock = MockTestBackendHandler::new();
|
||||
mock.expect_list_users().times(1).return_once(|_| {
|
||||
Ok(vec![
|
||||
@ -759,7 +892,7 @@ mod tests {
|
||||
])
|
||||
});
|
||||
let mut ldap_handler = setup_bound_handler(mock).await;
|
||||
let request = make_search_request(
|
||||
let request = make_user_search_request(
|
||||
LdapFilter::And(vec![]),
|
||||
vec!["objectClass", "dn", "uid", "mail", "givenName", "sn", "cn"],
|
||||
);
|
||||
@ -847,6 +980,126 @@ mod tests {
|
||||
);
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
async fn test_search_groups() {
|
||||
let mut mock = MockTestBackendHandler::new();
|
||||
mock.expect_list_groups().times(1).return_once(|| {
|
||||
Ok(vec![
|
||||
Group {
|
||||
id: GroupId(1),
|
||||
display_name: "group_1".to_string(),
|
||||
users: vec!["bob".to_string(), "john".to_string()],
|
||||
},
|
||||
Group {
|
||||
id: GroupId(3),
|
||||
display_name: "bestgroup".to_string(),
|
||||
users: vec!["john".to_string()],
|
||||
},
|
||||
])
|
||||
});
|
||||
let mut ldap_handler = setup_bound_handler(mock).await;
|
||||
let request = make_search_request(
|
||||
"ou=groups,dc=example,dc=com",
|
||||
LdapFilter::And(vec![]),
|
||||
vec!["objectClass", "dn", "cn", "uniqueMember"],
|
||||
);
|
||||
assert_eq!(
|
||||
ldap_handler.do_search(&request).await,
|
||||
vec![
|
||||
LdapOp::SearchResultEntry(LdapSearchResultEntry {
|
||||
dn: "cn=group_1,ou=groups,dc=example,dc=com".to_string(),
|
||||
attributes: vec![
|
||||
LdapPartialAttribute {
|
||||
atype: "objectClass".to_string(),
|
||||
vals: vec!["groupOfUniqueNames".to_string(),]
|
||||
},
|
||||
LdapPartialAttribute {
|
||||
atype: "dn".to_string(),
|
||||
vals: vec!["cn=group_1,ou=groups,dc=example,dc=com".to_string()]
|
||||
},
|
||||
LdapPartialAttribute {
|
||||
atype: "cn".to_string(),
|
||||
vals: vec!["group_1".to_string()]
|
||||
},
|
||||
LdapPartialAttribute {
|
||||
atype: "uniqueMember".to_string(),
|
||||
vals: vec![
|
||||
"cn=bob,ou=people,dc=example,dc=com".to_string(),
|
||||
"cn=john,ou=people,dc=example,dc=com".to_string(),
|
||||
]
|
||||
},
|
||||
],
|
||||
}),
|
||||
LdapOp::SearchResultEntry(LdapSearchResultEntry {
|
||||
dn: "cn=bestgroup,ou=groups,dc=example,dc=com".to_string(),
|
||||
attributes: vec![
|
||||
LdapPartialAttribute {
|
||||
atype: "objectClass".to_string(),
|
||||
vals: vec!["groupOfUniqueNames".to_string(),]
|
||||
},
|
||||
LdapPartialAttribute {
|
||||
atype: "dn".to_string(),
|
||||
vals: vec!["cn=bestgroup,ou=groups,dc=example,dc=com".to_string()]
|
||||
},
|
||||
LdapPartialAttribute {
|
||||
atype: "cn".to_string(),
|
||||
vals: vec!["bestgroup".to_string()]
|
||||
},
|
||||
LdapPartialAttribute {
|
||||
atype: "uniqueMember".to_string(),
|
||||
vals: vec!["cn=john,ou=people,dc=example,dc=com".to_string()]
|
||||
},
|
||||
],
|
||||
}),
|
||||
make_search_success(),
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
async fn test_search_groups_filter() {
|
||||
let mut mock = MockTestBackendHandler::new();
|
||||
mock.expect_get_user_groups()
|
||||
.with(eq("bob"))
|
||||
.times(1)
|
||||
.return_once(|_| {
|
||||
let mut set = HashSet::new();
|
||||
set.insert(GroupIdAndName(GroupId(1), "group_1".to_string()));
|
||||
Ok(set)
|
||||
});
|
||||
mock.expect_list_users()
|
||||
.with(eq(Some(RequestFilter::MemberOfId(GroupId(1)))))
|
||||
.times(1)
|
||||
.return_once(|_| {
|
||||
Ok(vec![User {
|
||||
user_id: "bob".to_string(),
|
||||
..Default::default()
|
||||
}])
|
||||
});
|
||||
let mut ldap_handler = setup_bound_handler(mock).await;
|
||||
let request = make_search_request(
|
||||
"ou=groups,dc=example,dc=com",
|
||||
LdapFilter::Equality(
|
||||
"uniqueMember".to_string(),
|
||||
"cn=bob,ou=people,dc=example,dc=com".to_string(),
|
||||
),
|
||||
vec!["cn"],
|
||||
);
|
||||
assert_eq!(
|
||||
ldap_handler.do_search(&request).await,
|
||||
vec![
|
||||
LdapOp::SearchResultEntry(LdapSearchResultEntry {
|
||||
dn: "cn=group_1,ou=groups,dc=example,dc=com".to_string(),
|
||||
attributes: vec![LdapPartialAttribute {
|
||||
atype: "cn".to_string(),
|
||||
vals: vec!["group_1".to_string()]
|
||||
},],
|
||||
}),
|
||||
make_search_success(),
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
async fn test_search_filters() {
|
||||
let mut mock = MockTestBackendHandler::new();
|
||||
@ -860,7 +1113,7 @@ mod tests {
|
||||
.times(1)
|
||||
.return_once(|_| Ok(vec![]));
|
||||
let mut ldap_handler = setup_bound_handler(mock).await;
|
||||
let request = make_search_request(
|
||||
let request = make_user_search_request(
|
||||
LdapFilter::And(vec![LdapFilter::Or(vec![LdapFilter::Not(Box::new(
|
||||
LdapFilter::Equality("uid".to_string(), "bob".to_string()),
|
||||
))])]),
|
||||
@ -875,7 +1128,7 @@ mod tests {
|
||||
#[tokio::test]
|
||||
async fn test_search_unsupported_filters() {
|
||||
let mut ldap_handler = setup_bound_handler(MockTestBackendHandler::new()).await;
|
||||
let request = make_search_request(
|
||||
let request = make_user_search_request(
|
||||
LdapFilter::Substring(
|
||||
"uid".to_string(),
|
||||
ldap3_server::proto::LdapSubstringFilter::default(),
|
||||
|
@ -1,6 +1,10 @@
|
||||
use crate::domain::handler::{BackendHandler, LoginHandler};
|
||||
use crate::infra::configuration::Configuration;
|
||||
use crate::infra::ldap_handler::LdapHandler;
|
||||
use crate::{
|
||||
domain::{
|
||||
handler::{BackendHandler, LoginHandler},
|
||||
opaque_handler::OpaqueHandler,
|
||||
},
|
||||
infra::{configuration::Configuration, ldap_handler::LdapHandler},
|
||||
};
|
||||
use actix_rt::net::TcpStream;
|
||||
use actix_server::ServerBuilder;
|
||||
use actix_service::{fn_service, ServiceFactoryExt};
|
||||
@ -17,7 +21,7 @@ async fn handle_incoming_message<Backend>(
|
||||
session: &mut LdapHandler<Backend>,
|
||||
) -> Result<bool>
|
||||
where
|
||||
Backend: BackendHandler + LoginHandler,
|
||||
Backend: BackendHandler + LoginHandler + OpaqueHandler,
|
||||
{
|
||||
use futures_util::SinkExt;
|
||||
let msg = msg.map_err(|e| anyhow!("Error while receiving LDAP op: {:#}", e))?;
|
||||
@ -51,7 +55,7 @@ pub fn build_ldap_server<Backend>(
|
||||
server_builder: ServerBuilder,
|
||||
) -> Result<ServerBuilder>
|
||||
where
|
||||
Backend: BackendHandler + LoginHandler + 'static,
|
||||
Backend: BackendHandler + LoginHandler + OpaqueHandler + 'static,
|
||||
{
|
||||
use futures_util::StreamExt;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user