dovecot-1.2: IMAP ACLs: Unless acl_anyone=allow, disallow adding...
dovecot at dovecot.org
dovecot at dovecot.org
Sun Nov 16 14:33:15 EET 2008
details: http://hg.dovecot.org/dovecot-1.2/rev/e758515bbbbf
changeset: 8424:e758515bbbbf
user: Timo Sirainen <tss at iki.fi>
date: Sun Nov 16 14:33:11 2008 +0200
description:
IMAP ACLs: Unless acl_anyone=allow, disallow adding "anyone" and "authenticated" identifiers.
diffstat:
1 file changed, 24 insertions(+), 6 deletions(-)
src/plugins/imap-acl/imap-acl-plugin.c | 30 ++++++++++++++++++++++++------
diffs (79 lines):
diff -r 1f93b1bd8a32 -r e758515bbbbf src/plugins/imap-acl/imap-acl-plugin.c
--- a/src/plugins/imap-acl/imap-acl-plugin.c Sun Nov 16 14:24:52 2008 +0200
+++ b/src/plugins/imap-acl/imap-acl-plugin.c Sun Nov 16 14:33:11 2008 +0200
@@ -45,6 +45,8 @@ static const struct imap_acl_letter_map
{ '\0', NULL }
};
+static bool acl_anyone_allow = FALSE;
+
static struct mailbox *
acl_mailbox_open_as_admin(struct client_command_context *cmd, const char *name)
{
@@ -310,7 +312,7 @@ imap_acl_letters_parse(const char *lette
static int
imap_acl_identifier_parse(const char *id, struct acl_rights *rights,
- const char **error_r)
+ bool check_anyone, const char **error_r)
{
if (strncmp(id, IMAP_ACL_GLOBAL_PREFIX,
strlen(IMAP_ACL_GLOBAL_PREFIX)) == 0) {
@@ -319,11 +321,19 @@ imap_acl_identifier_parse(const char *id
return -1;
}
- if (strcmp(id, IMAP_ACL_ANYONE) == 0)
+ if (strcmp(id, IMAP_ACL_ANYONE) == 0) {
+ if (!acl_anyone_allow && check_anyone) {
+ *error_r = "'anyone' identifier is disallowed";
+ return -1;
+ }
rights->id_type = ACL_ID_ANYONE;
- else if (strcmp(id, IMAP_ACL_AUTHENTICATED) == 0)
+ } else if (strcmp(id, IMAP_ACL_AUTHENTICATED) == 0) {
+ if (!acl_anyone_allow && check_anyone) {
+ *error_r = "'authenticated' identifier is disallowed";
+ return -1;
+ }
rights->id_type = ACL_ID_AUTHENTICATED;
- else if (strcmp(id, IMAP_ACL_OWNER) == 0)
+ } else if (strcmp(id, IMAP_ACL_OWNER) == 0)
rights->id_type = ACL_ID_OWNER;
else if (strncmp(id, IMAP_ACL_GROUP_PREFIX,
strlen(IMAP_ACL_GROUP_PREFIX)) == 0) {
@@ -360,7 +370,8 @@ static bool cmd_setacl(struct client_com
identifier++;
}
- if (imap_acl_identifier_parse(identifier, &update.rights, &error) < 0) {
+ if (imap_acl_identifier_parse(identifier, &update.rights,
+ TRUE, &error) < 0) {
client_send_command_error(cmd, error);
return TRUE;
}
@@ -422,7 +433,8 @@ static bool cmd_deleteacl(struct client_
identifier++;
}
- if (imap_acl_identifier_parse(identifier, &update.rights, &error) < 0) {
+ if (imap_acl_identifier_parse(identifier, &update.rights,
+ FALSE, &error) < 0) {
client_send_command_error(cmd, error);
return TRUE;
}
@@ -441,8 +453,14 @@ static bool cmd_deleteacl(struct client_
void imap_acl_plugin_init(void)
{
+ const char *env;
+
if (getenv("ACL") == NULL)
return;
+
+ env = getenv("ACL_ANYONE");
+ if (env != NULL)
+ acl_anyone_allow = strcmp(env, "allow") == 0;
str_append(capability_string, " ACL RIGHTS=texk");
More information about the dovecot-cvs
mailing list