[Dovecot] ACL plugin
Timo Sirainen
tss at iki.fi
Mon Sep 8 17:00:49 EEST 2008
On Mon, 2008-09-08 at 15:14 +0200, Matvey Soloviev wrote:
> Hello,
>
> I am working on implementing support for the RFC4314 ACL management commands
> and responses in the ACL plugin included with dovecot 1.1.2.
Sounds great. :) Did you also notice my "Initial support for shared
mailboxes" message from yesterday?
> (I verified the
> error persists with 1.1.3 though.) While the described objective is still in
> the works, I have stumbled upon what I believe to be a critical issue with
> the handling of negative rights in the present ACL plugin - to be precise,
> the cache component of it handles them in the exact same way as it does
> positive rights, thus granting rather than retracting the individual
> privileges.
I think the ACL plugin has currently been used only for some very basic
configurations and it's not very well tested. I guess test cases would
be nice, but the framework for easily doing that is still missing. Once
you've implemented support for the IMAP ACL commands I could add test
cases to imaptest (http://imapwiki.org/ImapTest).
> To fix this, go to src/plugins/acl/acl-cache.c:391. The line and the one
> following it should read
> p[j] |=
> obj_cache->my_neg_rights[i]->mask[j];
> Replace that to read
> p[j] &=
> ~obj_cache->my_neg_rights[i]->mask[j];
Thanks, fixed in v1.[012] code trees.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20080908/dfaafc2b/attachment.bin
More information about the dovecot
mailing list