dovecot-1.2: IMAP ACLs: Unless acl_anyone=allow, disallow adding...

dovecot at dovecot.org dovecot at dovecot.org
Sun Nov 16 14:33:15 EET 2008


details:   http://hg.dovecot.org/dovecot-1.2/rev/e758515bbbbf
changeset: 8424:e758515bbbbf
user:      Timo Sirainen <tss at iki.fi>
date:      Sun Nov 16 14:33:11 2008 +0200
description:
IMAP ACLs: Unless acl_anyone=allow, disallow adding "anyone" and "authenticated" identifiers.

diffstat:

1 file changed, 24 insertions(+), 6 deletions(-)
src/plugins/imap-acl/imap-acl-plugin.c |   30 ++++++++++++++++++++++++------

diffs (79 lines):

diff -r 1f93b1bd8a32 -r e758515bbbbf src/plugins/imap-acl/imap-acl-plugin.c
--- a/src/plugins/imap-acl/imap-acl-plugin.c	Sun Nov 16 14:24:52 2008 +0200
+++ b/src/plugins/imap-acl/imap-acl-plugin.c	Sun Nov 16 14:33:11 2008 +0200
@@ -45,6 +45,8 @@ static const struct imap_acl_letter_map 
 	{ '\0', NULL }
 };
 
+static bool acl_anyone_allow = FALSE;
+
 static struct mailbox *
 acl_mailbox_open_as_admin(struct client_command_context *cmd, const char *name)
 {
@@ -310,7 +312,7 @@ imap_acl_letters_parse(const char *lette
 
 static int
 imap_acl_identifier_parse(const char *id, struct acl_rights *rights,
-			  const char **error_r)
+			  bool check_anyone, const char **error_r)
 {
 	if (strncmp(id, IMAP_ACL_GLOBAL_PREFIX,
 		    strlen(IMAP_ACL_GLOBAL_PREFIX)) == 0) {
@@ -319,11 +321,19 @@ imap_acl_identifier_parse(const char *id
 		return -1;
 	}
 
-	if (strcmp(id, IMAP_ACL_ANYONE) == 0)
+	if (strcmp(id, IMAP_ACL_ANYONE) == 0) {
+		if (!acl_anyone_allow && check_anyone) {
+			*error_r = "'anyone' identifier is disallowed";
+			return -1;
+		}
 		rights->id_type = ACL_ID_ANYONE;
-	else if (strcmp(id, IMAP_ACL_AUTHENTICATED) == 0)
+	} else if (strcmp(id, IMAP_ACL_AUTHENTICATED) == 0) {
+		if (!acl_anyone_allow && check_anyone) {
+			*error_r = "'authenticated' identifier is disallowed";
+			return -1;
+		}
 		rights->id_type = ACL_ID_AUTHENTICATED;
-	else if (strcmp(id, IMAP_ACL_OWNER) == 0)
+	} else if (strcmp(id, IMAP_ACL_OWNER) == 0)
 		rights->id_type = ACL_ID_OWNER;
 	else if (strncmp(id, IMAP_ACL_GROUP_PREFIX,
 			 strlen(IMAP_ACL_GROUP_PREFIX)) == 0) {
@@ -360,7 +370,8 @@ static bool cmd_setacl(struct client_com
 		identifier++;
 	}
 
-	if (imap_acl_identifier_parse(identifier, &update.rights, &error) < 0) {
+	if (imap_acl_identifier_parse(identifier, &update.rights,
+				      TRUE, &error) < 0) {
 		client_send_command_error(cmd, error);
 		return TRUE;
 	}
@@ -422,7 +433,8 @@ static bool cmd_deleteacl(struct client_
 		identifier++;
 	}
 
-	if (imap_acl_identifier_parse(identifier, &update.rights, &error) < 0) {
+	if (imap_acl_identifier_parse(identifier, &update.rights,
+				      FALSE, &error) < 0) {
 		client_send_command_error(cmd, error);
 		return TRUE;
 	}
@@ -441,8 +453,14 @@ static bool cmd_deleteacl(struct client_
 
 void imap_acl_plugin_init(void)
 {
+	const char *env;
+
 	if (getenv("ACL") == NULL)
 		return;
+
+	env = getenv("ACL_ANYONE");
+	if (env != NULL)
+		acl_anyone_allow = strcmp(env, "allow") == 0;
 
 	str_append(capability_string, " ACL RIGHTS=texk");
 


More information about the dovecot-cvs mailing list