dovecot-1.2: acl: Don't give admin rights to all owner mailboxes.

dovecot at dovecot.org dovecot at dovecot.org
Fri Oct 1 17:46:41 EEST 2010 

details:   http://hg.dovecot.org/dovecot-1.2/rev/9e824012da57
changeset: 9616:9e824012da57
user:      Timo Sirainen <tss at iki.fi>
date:      Mon Jan 25 20:40:25 2010 +0200
description:
acl: Don't give admin rights to all owner mailboxes.
The SETACL IMAP command should already prevent this. If this situation is
created by modifying dovecot-acl file manually, it's probably intentional.

diffstat:

 src/plugins/acl/acl-backend-vfile.c |  17 +----------------
 1 files changed, 1 insertions(+), 16 deletions(-)

diffs (48 lines):

diff -r b7bca02d9ccd -r 9e824012da57 src/plugins/acl/acl-backend-vfile.c
--- a/src/plugins/acl/acl-backend-vfile.c	Wed Sep 22 18:11:03 2010 +0100
+++ b/src/plugins/acl/acl-backend-vfile.c	Mon Jan 25 20:40:25 2010 +0200
@@ -758,10 +758,9 @@
 
 static void acl_backend_vfile_cache_rebuild(struct acl_object_vfile *aclobj)
 {
-	static const char *const admin_rights[] = { MAIL_ACL_ADMIN, NULL };
 	struct mail_namespace *ns;
 	struct acl_object *_aclobj = &aclobj->aclobj;
-	struct acl_rights_update ru, ru2;
+	struct acl_rights_update ru;
 	enum acl_modify_mode add_mode;
 	const struct acl_rights *rights;
 	unsigned int i, count;
@@ -773,11 +772,6 @@
 		return;
 
 	ns = mailbox_list_get_namespace(_aclobj->backend->list);
-	memset(&ru2, 0, sizeof(ru2));
-	ru2.modify_mode = ACL_MODIFY_MODE_ADD;
-	ru2.rights.id_type = ACL_ID_OWNER;
-	ru2.rights.rights = admin_rights;
-
 	owner_applied = ns->type != NAMESPACE_PRIVATE;
 
 	memset(&ru, 0, sizeof(ru));
@@ -808,20 +802,11 @@
 			   can't mess things up via them */
 			first_global = FALSE;
 			ru.neg_modify_mode = ACL_MODIFY_MODE_REPLACE;
-
-			if (ns->type == NAMESPACE_PRIVATE) {
-				/* make sure owner has admin rights
-				   (at least before global ACLs are applied) */
-				acl_cache_update(_aclobj->backend->cache,
-						 _aclobj->name, &ru2);
-			}
 		}
 		acl_cache_update(_aclobj->backend->cache, _aclobj->name, &ru);
 	}
 	if (!owner_applied && count > 0)
 		apply_owner_rights(_aclobj);
-	else if (first_global && ns->type == NAMESPACE_PRIVATE)
-		acl_cache_update(_aclobj->backend->cache, _aclobj->name, &ru2);
 }
 
 static int acl_backend_vfile_object_refresh_cache(struct acl_object *_aclobj)

More information about the dovecot-cvs mailing list