dovecot-1.2: acl: Don't give admin rights to all owner mailboxes.
dovecot at dovecot.org
dovecot at dovecot.org
Fri Oct 1 17:46:41 EEST 2010
details: http://hg.dovecot.org/dovecot-1.2/rev/9e824012da57
changeset: 9616:9e824012da57
user: Timo Sirainen <tss at iki.fi>
date: Mon Jan 25 20:40:25 2010 +0200
description:
acl: Don't give admin rights to all owner mailboxes.
The SETACL IMAP command should already prevent this. If this situation is
created by modifying dovecot-acl file manually, it's probably intentional.
diffstat:
src/plugins/acl/acl-backend-vfile.c | 17 +----------------
1 files changed, 1 insertions(+), 16 deletions(-)
diffs (48 lines):
diff -r b7bca02d9ccd -r 9e824012da57 src/plugins/acl/acl-backend-vfile.c
--- a/src/plugins/acl/acl-backend-vfile.c Wed Sep 22 18:11:03 2010 +0100
+++ b/src/plugins/acl/acl-backend-vfile.c Mon Jan 25 20:40:25 2010 +0200
@@ -758,10 +758,9 @@
static void acl_backend_vfile_cache_rebuild(struct acl_object_vfile *aclobj)
{
- static const char *const admin_rights[] = { MAIL_ACL_ADMIN, NULL };
struct mail_namespace *ns;
struct acl_object *_aclobj = &aclobj->aclobj;
- struct acl_rights_update ru, ru2;
+ struct acl_rights_update ru;
enum acl_modify_mode add_mode;
const struct acl_rights *rights;
unsigned int i, count;
@@ -773,11 +772,6 @@
return;
ns = mailbox_list_get_namespace(_aclobj->backend->list);
- memset(&ru2, 0, sizeof(ru2));
- ru2.modify_mode = ACL_MODIFY_MODE_ADD;
- ru2.rights.id_type = ACL_ID_OWNER;
- ru2.rights.rights = admin_rights;
-
owner_applied = ns->type != NAMESPACE_PRIVATE;
memset(&ru, 0, sizeof(ru));
@@ -808,20 +802,11 @@
can't mess things up via them */
first_global = FALSE;
ru.neg_modify_mode = ACL_MODIFY_MODE_REPLACE;
-
- if (ns->type == NAMESPACE_PRIVATE) {
- /* make sure owner has admin rights
- (at least before global ACLs are applied) */
- acl_cache_update(_aclobj->backend->cache,
- _aclobj->name, &ru2);
- }
}
acl_cache_update(_aclobj->backend->cache, _aclobj->name, &ru);
}
if (!owner_applied && count > 0)
apply_owner_rights(_aclobj);
- else if (first_global && ns->type == NAMESPACE_PRIVATE)
- acl_cache_update(_aclobj->backend->cache, _aclobj->name, &ru2);
}
static int acl_backend_vfile_object_refresh_cache(struct acl_object *_aclobj)
More information about the dovecot-cvs
mailing list