dovecot-1.2: acl: Default owner rights override anyone/authentic...
dovecot at dovecot.org
dovecot at dovecot.org
Sun Nov 16 14:06:19 EET 2008
details: http://hg.dovecot.org/dovecot-1.2/rev/2df1b964d32a
changeset: 8421:2df1b964d32a
user: Timo Sirainen <tss at iki.fi>
date: Sun Nov 16 14:06:15 2008 +0200
description:
acl: Default owner rights override anyone/authenticated/group rights.
diffstat:
3 files changed, 33 insertions(+), 4 deletions(-)
src/plugins/acl/acl-api-private.h | 1 +
src/plugins/acl/acl-backend-vfile.c | 31 +++++++++++++++++++++++++++++--
src/plugins/acl/acl-backend.c | 5 +++--
diffs (93 lines):
diff -r f60d9dd18722 -r 2df1b964d32a src/plugins/acl/acl-api-private.h
--- a/src/plugins/acl/acl-api-private.h Sun Nov 16 13:48:10 2008 +0200
+++ b/src/plugins/acl/acl-api-private.h Sun Nov 16 14:06:15 2008 +0200
@@ -52,6 +52,7 @@ struct acl_backend {
struct acl_object *default_aclobj;
struct acl_mask *default_aclmask;
+ const char *const *default_rights;
struct acl_backend_vfuncs v;
diff -r f60d9dd18722 -r 2df1b964d32a src/plugins/acl/acl-backend-vfile.c
--- a/src/plugins/acl/acl-backend-vfile.c Sun Nov 16 13:48:10 2008 +0200
+++ b/src/plugins/acl/acl-backend-vfile.c Sun Nov 16 14:06:15 2008 +0200
@@ -702,6 +702,20 @@ static void acl_backend_vfile_rights_sor
array_delete(&aclobj->rights, dest, count - dest);
}
+static void apply_owner_rights(struct acl_object *_aclobj)
+{
+ struct acl_rights_update ru;
+ const char *null = NULL;
+
+ memset(&ru, 0, sizeof(ru));
+ ru.modify_mode = ACL_MODIFY_MODE_REPLACE;
+ ru.neg_modify_mode = ACL_MODIFY_MODE_REPLACE;
+ ru.rights.id_type = ACL_ID_OWNER;
+ ru.rights.rights = _aclobj->backend->default_rights;
+ ru.rights.neg_rights = &null;
+ acl_cache_update(_aclobj->backend->cache, _aclobj->name, &ru);
+}
+
static void acl_backend_vfile_cache_rebuild(struct acl_object_vfile *aclobj)
{
static const char *const admin_rights[] = { MAIL_ACL_ADMIN, NULL };
@@ -710,7 +724,7 @@ static void acl_backend_vfile_cache_rebu
struct acl_rights_update ru, ru2;
const struct acl_rights *rights;
unsigned int i, count;
- bool first_global = TRUE;
+ bool owner_applied, first_global = TRUE;
acl_cache_flush(_aclobj->backend->cache, _aclobj->name);
@@ -723,9 +737,20 @@ static void acl_backend_vfile_cache_rebu
ru2.rights.id_type = ACL_ID_OWNER;
ru2.rights.rights = admin_rights;
+ owner_applied = ns->type != NAMESPACE_PRIVATE;
+
memset(&ru, 0, sizeof(ru));
rights = array_get(&aclobj->rights, &count);
for (i = 0; i < count; i++) {
+ if (!owner_applied &&
+ (rights[i].id_type >= ACL_ID_OWNER || rights[i].global)) {
+ owner_applied = TRUE;
+ if (rights[i].id_type != ACL_ID_OWNER) {
+ /* owner rights weren't explicitly specified.
+ replace all the current rights */
+ apply_owner_rights(_aclobj);
+ }
+ }
/* If [neg_]rights is NULL it needs to be ignored.
The easiest way to do that is to just mark it with
REMOVE mode */
@@ -749,7 +774,9 @@ static void acl_backend_vfile_cache_rebu
}
acl_cache_update(_aclobj->backend->cache, _aclobj->name, &ru);
}
- if (first_global && ns->type == NAMESPACE_PRIVATE)
+ if (!owner_applied && count > 0)
+ apply_owner_rights(_aclobj);
+ else if (first_global && ns->type == NAMESPACE_PRIVATE)
acl_cache_update(_aclobj->backend->cache, _aclobj->name, &ru2);
}
diff -r f60d9dd18722 -r 2df1b964d32a src/plugins/acl/acl-backend.c
--- a/src/plugins/acl/acl-backend.c Sun Nov 16 13:48:10 2008 +0200
+++ b/src/plugins/acl/acl-backend.c Sun Nov 16 14:06:15 2008 +0200
@@ -73,10 +73,11 @@ acl_backend_init(const char *data, struc
data);
} T_END;
+ backend->default_rights = owner ? owner_mailbox_rights :
+ non_owner_mailbox_rights;
backend->default_aclmask =
acl_cache_mask_init(backend->cache, backend->pool,
- owner ? owner_mailbox_rights :
- non_owner_mailbox_rights);
+ backend->default_rights);
backend->default_aclobj = acl_object_init_from_name(backend, NULL, "");
return backend;
More information about the dovecot-cvs
mailing list