dovecot-2.0: acl: Don't give admin rights to all owner mailboxes.

Mon Jan 25 20:40:32 EET 2010

details:   http://hg.dovecot.org/dovecot-2.0/rev/667fea930ec3
changeset: 10584:667fea930ec3
user:      Timo Sirainen <tss at iki.fi>
date:      Mon Jan 25 20:40:25 2010 +0200
description:
acl: Don't give admin rights to all owner mailboxes.
The SETACL IMAP command should already prevent this. If this situation is
created by modifying dovecot-acl file manually, it's probably intentional.

diffstat:

1 file changed, 1 insertion(+), 16 deletions(-)
src/plugins/acl/acl-backend-vfile.c |   17 +----------------

diffs (48 lines):

diff -r 0ff07b4ad306 -r 667fea930ec3 src/plugins/acl/acl-backend-vfile.c

--- a/src/plugins/acl/acl-backend-vfile.c	Mon Jan 25 20:24:54 2010 +0200
+++ b/src/plugins/acl/acl-backend-vfile.c	Mon Jan 25 20:40:25 2010 +0200
@@ -756,10 +756,9 @@ static void apply_owner_rights(struct ac
 
 static void acl_backend_vfile_cache_rebuild(struct acl_object_vfile *aclobj)
 {
-	static const char *const admin_rights[] = { MAIL_ACL_ADMIN, NULL };
 	struct mail_namespace *ns;
 	struct acl_object *_aclobj = &aclobj->aclobj;
-	struct acl_rights_update ru, ru2;
+	struct acl_rights_update ru;
 	enum acl_modify_mode add_mode;
 	const struct acl_rights *rights;
 	unsigned int i, count;
@@ -771,11 +770,6 @@ static void acl_backend_vfile_cache_rebu
 		return;
 
 	ns = mailbox_list_get_namespace(_aclobj->backend->list);
-	memset(&ru2, 0, sizeof(ru2));
-	ru2.modify_mode = ACL_MODIFY_MODE_ADD;
-	ru2.rights.id_type = ACL_ID_OWNER;
-	ru2.rights.rights = admin_rights;
-
 	owner_applied = ns->type != NAMESPACE_PRIVATE;
 
 	memset(&ru, 0, sizeof(ru));
@@ -806,20 +800,11 @@ static void acl_backend_vfile_cache_rebu
 			   can't mess things up via them */
 			first_global = FALSE;
 			ru.neg_modify_mode = ACL_MODIFY_MODE_REPLACE;
-
-			if (ns->type == NAMESPACE_PRIVATE) {
-				/* make sure owner has admin rights
-				   (at least before global ACLs are applied) */
-				acl_cache_update(_aclobj->backend->cache,
-						 _aclobj->name, &ru2);
-			}
 		}
 		acl_cache_update(_aclobj->backend->cache, _aclobj->name, &ru);
 	}
 	if (!owner_applied && count > 0)
 		apply_owner_rights(_aclobj);
-	else if (first_global && ns->type == NAMESPACE_PRIVATE)
-		acl_cache_update(_aclobj->backend->cache, _aclobj->name, &ru2);
 }
 
 static int acl_backend_vfile_object_refresh_cache(struct acl_object *_aclobj)
