dovecot-2.2: Removed ambiguous mail_user.admin flag. dsync shoul...

dovecot at dovecot.org dovecot at dovecot.org
Thu Apr 11 18:50:38 EEST 2013 

details:   http://hg.dovecot.org/dovecot-2.2/rev/7a7fa88aafe7
changeset: 16281:7a7fa88aafe7
user:      Timo Sirainen <tss at iki.fi>
date:      Thu Apr 11 18:50:25 2013 +0300
description:
Removed ambiguous mail_user.admin flag. dsync shouldn't sync mailboxes without +r ACL.

diffstat:

 src/doveadm/dsync/doveadm-dsync.c          |   5 +----
 src/lib-storage/mail-user.h                |   3 ---
 src/plugins/acl/acl-api.c                  |  22 +++++++++++++++-------
 src/plugins/acl/acl-attributes.c           |   8 ++++----
 src/plugins/imap-quota/imap-quota-plugin.c |   9 +++++----
 src/plugins/quota/quota.c                  |   4 ++--
 6 files changed, 27 insertions(+), 24 deletions(-)

diffs (174 lines):

diff -r 81a111f1c420 -r 7a7fa88aafe7 src/doveadm/dsync/doveadm-dsync.c
--- a/src/doveadm/dsync/doveadm-dsync.c	Thu Apr 11 17:35:31 2013 +0300
+++ b/src/doveadm/dsync/doveadm-dsync.c	Thu Apr 11 18:50:25 2013 +0300
@@ -320,7 +320,7 @@
 		ctx->ctx.exit_code = ret == -1 ? EX_TEMPFAIL : EX_CONFIG;
 		return -1;
 	}
-	user2->admin = TRUE;
+	user2->dsyncing = TRUE;
 
 	if (mail_namespaces_get_root_sep(user->namespaces) !=
 	    mail_namespaces_get_root_sep(user2->namespaces)) {
@@ -491,7 +491,6 @@
 	bool remote_errors_logged = FALSE;
 	int status = 0, ret = 0;
 
-	user->admin = TRUE;
 	user->dsyncing = TRUE;
 
 	if (ctx->namespace_prefix != NULL) {
@@ -922,8 +921,6 @@
 		ctx->output = _ctx->conn->output;
 		o_stream_nsend(ctx->output, "\n+\n", 3);
 	}
-
-	user->admin = TRUE;
 	user->dsyncing = TRUE;
 
 	i_set_failure_prefix("dsync-remote(%s): ", user->username);
diff -r 81a111f1c420 -r 7a7fa88aafe7 src/lib-storage/mail-user.h
--- a/src/lib-storage/mail-user.h	Thu Apr 11 17:35:31 2013 +0300
+++ b/src/lib-storage/mail-user.h	Thu Apr 11 18:50:25 2013 +0300
@@ -51,9 +51,6 @@
 	unsigned int nonexistent:1;
 	/* Either home is set or there is no home for the user. */
 	unsigned int home_looked_up:1;
-	/* User is an administrator. Allow operations not normally allowed
-	   for other people. */
-	unsigned int admin:1;
 	/* User is anonymous */
 	unsigned int anonymous:1;
 	/* This is an autocreated user (e.g. for shared namespace or
diff -r 81a111f1c420 -r 7a7fa88aafe7 src/plugins/acl/acl-api.c
--- a/src/plugins/acl/acl-api.c	Thu Apr 11 17:35:31 2013 +0300
+++ b/src/plugins/acl/acl-api.c	Thu Apr 11 18:50:25 2013 +0300
@@ -33,12 +33,7 @@
 {
 	struct acl_backend *backend = aclobj->backend;
 	const struct acl_mask *have_mask;
-
-	if (mailbox_list_get_user(aclobj->backend->list)->admin) {
-		/* admin user (especially dsync) can do anything regardless
-		   of ACLs */
-		return 1;
-	}
+	unsigned int read_idx;
 
 	if (backend->v.object_refresh_cache(aclobj) < 0)
 		return -1;
@@ -49,7 +44,20 @@
 			return -1;
 	}
 
-	return acl_cache_mask_isset(have_mask, right_idx);
+	if (acl_cache_mask_isset(have_mask, right_idx))
+		return 1;
+
+	if (mailbox_list_get_user(aclobj->backend->list)->dsyncing) {
+		/* when dsync is running on a shared mailbox, it must be able
+		   to do everything inside it. however, dsync shouldn't touch
+		   mailboxes where user doesn't have any read access, because
+		   that could make them readable on the replica. */
+		read_idx = acl_backend_lookup_right(aclobj->backend,
+						    MAIL_ACL_READ);
+		if (acl_cache_mask_isset(have_mask, read_idx))
+			return 1;
+	}
+	return 0;
 }
 
 const char *const *
diff -r 81a111f1c420 -r 7a7fa88aafe7 src/plugins/acl/acl-attributes.c
--- a/src/plugins/acl/acl-attributes.c	Thu Apr 11 17:35:31 2013 +0300
+++ b/src/plugins/acl/acl-attributes.c	Thu Apr 11 18:50:25 2013 +0300
@@ -24,12 +24,12 @@
 	const char *value_str, *id, *const *rights, *error;
 	struct acl_rights_update update;
 
-	/* for now allow only admin (=dsync) to update ACLs this way.
+	/* for now allow only dsync to update ACLs this way.
 	   if this check is removed, it should be replaced by a setting, since
 	   some admins may still have configured Dovecot using dovecot-acl
 	   files directly that they don't want users to update. and in any case
 	   ACL_STORAGE_RIGHT_ADMIN must be checked then. */
-	if (!t->box->storage->user->admin) {
+	if (!t->box->storage->user->dsyncing) {
 		mail_storage_set_error(t->box->storage, MAIL_ERROR_PERM,
 				       MAIL_ERRSTR_NO_PERMISSION);
 		return -1;
@@ -64,7 +64,7 @@
 
 	memset(value_r, 0, sizeof(*value_r));
 
-	if (!box->storage->user->admin) {
+	if (!box->storage->user->dsyncing) {
 		mail_storage_set_error(box->storage, MAIL_ERROR_PERM,
 				       MAIL_ERRSTR_NO_PERMISSION);
 		return -1;
@@ -172,7 +172,7 @@
 	else {
 		aiter->super = abox->module_ctx.super.
 			attribute_iter_init(box, type, prefix);
-		if (box->storage->user->admin &&
+		if (box->storage->user->dsyncing &&
 		    type == MAIL_ATTRIBUTE_TYPE_SHARED &&
 		    strncmp(prefix, MAILBOX_ATTRIBUTE_PREFIX_ACL,
 			    strlen(prefix)) == 0) {
diff -r 81a111f1c420 -r 7a7fa88aafe7 src/plugins/imap-quota/imap-quota-plugin.c
--- a/src/plugins/imap-quota/imap-quota-plugin.c	Thu Apr 11 17:35:31 2013 +0300
+++ b/src/plugins/imap-quota/imap-quota-plugin.c	Thu Apr 11 18:50:25 2013 +0300
@@ -90,8 +90,7 @@
 		client_send_tagline(cmd, "OK No quota.");
 		return TRUE;
 	}
-	if (ns->owner != NULL && ns->owner != client->user &&
-	    !client->user->admin) {
+	if (ns->owner != NULL && ns->owner != client->user) {
 		client_send_tagline(cmd, "NO Not showing other users' quota.");
 		return TRUE;
 	}
@@ -131,7 +130,7 @@
 {
 	struct mail_user *owner = cmd->client->user;
         struct quota_root *root;
-	const char *root_name, *p;
+	const char *root_name;
 	string_t *quota_reply;
 
 	/* <quota root> */
@@ -139,10 +138,11 @@
 		return FALSE;
 
 	root = quota_root_lookup(cmd->client->user, root_name);
+#if 0
 	if (root == NULL && cmd->client->user->admin) {
 		/* we're an admin. see if there's a quota root for another
 		   user. */
-		p = strchr(root_name, QUOTA_USER_SEPARATOR);
+		const char *p = strchr(root_name, QUOTA_USER_SEPARATOR);
 		if (p != NULL) {
 			owner = mail_user_find(cmd->client->user,
 					       t_strdup_until(root_name, p));
@@ -150,6 +150,7 @@
 				quota_root_lookup(owner, p + 1);
 		}
 	}
+#endif
 	if (root == NULL) {
 		client_send_tagline(cmd, "NO Quota root doesn't exist.");
 		return TRUE;
diff -r 81a111f1c420 -r 7a7fa88aafe7 src/plugins/quota/quota.c
--- a/src/plugins/quota/quota.c	Thu Apr 11 17:35:31 2013 +0300
+++ b/src/plugins/quota/quota.c	Thu Apr 11 18:50:25 2013 +0300
@@ -997,8 +997,8 @@
 	ctx->bytes_ceil2 = (uint64_t)-1;
 	ctx->count_ceil = (uint64_t)-1;
 
-	if (box->storage->user->admin) {
-		/* ignore quota for admins */
+	if (box->storage->user->dsyncing) {
+		/* ignore quota for dsync */
 		ctx->limits_set = TRUE;
 	}
 	return ctx;

More information about the dovecot-cvs mailing list