[Dovecot] v1.2 can't set ACL to empty string
Bernhard Herzog
bh at intevation.de
Fri Feb 20 18:48:52 EET 2009
On 18.02.2009, Sascha Wilde wrote:
> according to RfC4314 the rights argument to the setacl command might be
> an empty string ("zero right characters"):
>
> The third argument is a string containing an optional plus ("+") or
> minus ("-") prefix, followed by zero or more rights characters.
>
> existing clients (horde in particular) actually use this to remove all
> rights from an user.
>
> Currently dovecot 1.2 does not accept an empty rights string as argument
> to setacl. Bernhard Herzog will look into this.
Below is a patch that fixes this. SETACL with an empty string as rights will
be equivalent to DELETEACL with the same identifier.
While testing this, I noticed two other problems in the imap-acl plugin, both
related to negative ACL entries. If an ACL contains both negative and
positive entries for the same identifier, no space is output in the the
GETACL response, leading to something like e.g.
* ACL "INBOX/foo" "someuser" lrs-"someuser" w
The second problem is that the "-" is not inside the double quotes.
Bernhard
Here's the patch (not an attachment to avoid a mailman bug that breaks
signatures):
diff -r 13e1c379ab63 src/plugins/imap-acl/imap-acl-plugin.c
--- a/src/plugins/imap-acl/imap-acl-plugin.c Thu Feb 19 13:08:50 2009 -0500
+++ b/src/plugins/imap-acl/imap-acl-plugin.c Fri Feb 20 17:08:33 2009 +0100
@@ -375,7 +375,7 @@ static bool cmd_setacl(struct client_com
bool negative = FALSE;
if (!client_read_string_args(cmd, 3, &mailbox, &identifier, &rights) ||
- *identifier == '\0' || *rights == '\0') {
+ *identifier == '\0') {
client_send_command_error(cmd, "Invalid arguments.");
return TRUE;
}
@@ -414,7 +414,19 @@ static bool cmd_setacl(struct client_com
if (box == NULL)
return TRUE;
- if (negative) {
+ if (update.rights.rights[0] == NULL) {
+ if (negative) {
+ update.modify_mode = 0;
+ update.rights.rights = NULL;
+ update.neg_modify_mode = ACL_MODIFY_MODE_CLEAR;
+ update.rights.neg_rights = NULL;
+ } else {
+ update.modify_mode = ACL_MODIFY_MODE_CLEAR;
+ update.rights.rights = NULL;
+ update.neg_modify_mode = 0;
+ update.rights.neg_rights = NULL;
+ }
+ } else if (negative) {
update.neg_modify_mode = update.modify_mode;
update.modify_mode = ACL_MODIFY_MODE_REMOVE;
update.rights.neg_rights = update.rights.rights;
--
Bernhard Herzog | ++49-541-335 08 30 | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
Url : http://dovecot.org/pipermail/dovecot/attachments/20090220/d3a59eeb/attachment.bin
More information about the dovecot
mailing list