[Dovecot] ACL plugin
Matvey Soloviev
blackhole89 at gmail.com
Mon Sep 8 16:14:33 EEST 2008
Hello,
I am working on implementing support for the RFC4314 ACL management commands
and responses in the ACL plugin included with dovecot 1.1.2. (I verified the
error persists with 1.1.3 though.) While the described objective is still in
the works, I have stumbled upon what I believe to be a critical issue with
the handling of negative rights in the present ACL plugin - to be precise,
the cache component of it handles them in the exact same way as it does
positive rights, thus granting rather than retracting the individual
privileges.
To fix this, go to src/plugins/acl/acl-cache.c:391. The line and the one
following it should read
p[j] |=
obj_cache->my_neg_rights[i]->mask[j];
Replace that to read
p[j] &=
~obj_cache->my_neg_rights[i]->mask[j];
I hope this information is useful.
Regards,
M. Soloviev
More information about the dovecot
mailing list