Mercurial > dovecot > core-2.2
annotate src/plugins/acl/acl-backend-vfile.c @ 12777:988e363ac17d
acl: Added acl_backend_nonowner_lookups_rebuild()
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Fri, 04 Mar 2011 18:08:30 +0200 |
parents | 5b16b5436e4e |
children | 447bce266022 |
rev | line source |
---|---|
10582
615eef3139c2
Updated copyright notices to include year 2010.
Timo Sirainen <tss@iki.fi>
parents:
10410
diff
changeset
|
1 /* Copyright (c) 2006-2010 Dovecot authors, see the included COPYING file */ |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
2 |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
3 #include "lib.h" |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
4 #include "ioloop.h" |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
5 #include "array.h" |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
6 #include "bsearch-insert-pos.h" |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
7 #include "str.h" |
9658
f29a25420a82
acl: Support spaces in user/group identifiers.
Timo Sirainen <tss@iki.fi>
parents:
9609
diff
changeset
|
8 #include "strescape.h" |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
9 #include "istream.h" |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
10 #include "ostream.h" |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
11 #include "file-dotlock.h" |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
12 #include "nfs-workarounds.h" |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
13 #include "mail-storage-private.h" |
12586
a2780b694b2d
lib-storage: mailbox_alloc() now takes a virtual mailbox name and other related API changes.
Timo Sirainen <tss@iki.fi>
parents:
12295
diff
changeset
|
14 #include "mailbox-list-private.h" |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
15 #include "mail-namespace.h" |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
16 #include "acl-cache.h" |
5552
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
17 #include "acl-backend-vfile.h" |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
18 |
5537
ebffd0ccd22a
Added cache_secs parameter to vfile backend.
Timo Sirainen <tss@iki.fi>
parents:
5061
diff
changeset
|
19 #include <stdlib.h> |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
20 #include <fcntl.h> |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
21 #include <unistd.h> |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
22 #include <sys/stat.h> |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
23 |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
24 #define ACL_ESTALE_RETRY_COUNT NFS_ESTALE_RETRY_COUNT |
8899
0e0ce37ef99d
acl: Dropped default ACL cache timeout from 5 minutes to 30 seconds.
Timo Sirainen <tss@iki.fi>
parents:
8894
diff
changeset
|
25 #define ACL_VFILE_DEFAULT_CACHE_SECS 30 |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
26 |
5695
54c7e74ec973
Fix also ACL file stat() failing with EACCES.
Timo Sirainen <tss@iki.fi>
parents:
5694
diff
changeset
|
27 #define VALIDITY_MTIME_NOTFOUND 0 |
54c7e74ec973
Fix also ACL file stat() failing with EACCES.
Timo Sirainen <tss@iki.fi>
parents:
5694
diff
changeset
|
28 #define VALIDITY_MTIME_NOACCESS -1 |
54c7e74ec973
Fix also ACL file stat() failing with EACCES.
Timo Sirainen <tss@iki.fi>
parents:
5694
diff
changeset
|
29 |
4083
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
30 struct acl_vfile_validity { |
4289
58a7882ba128
Don't check ACL file's timestamp changes more often than once in a second.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4288
diff
changeset
|
31 time_t last_check; |
58a7882ba128
Don't check ACL file's timestamp changes more often than once in a second.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4288
diff
changeset
|
32 |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
33 time_t last_read_time; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
34 time_t last_mtime; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
35 off_t last_size; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
36 }; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
37 |
4083
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
38 struct acl_backend_vfile_validity { |
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
39 struct acl_vfile_validity global_validity, local_validity; |
8165
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
40 struct acl_vfile_validity mailbox_validity; |
4083
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
41 }; |
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
42 |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
43 struct acl_letter_map { |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
44 char letter; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
45 const char *name; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
46 }; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
47 |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
48 static const struct acl_letter_map acl_letter_map[] = { |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
49 { 'l', MAIL_ACL_LOOKUP }, |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
50 { 'r', MAIL_ACL_READ }, |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
51 { 'w', MAIL_ACL_WRITE }, |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
52 { 's', MAIL_ACL_WRITE_SEEN }, |
4236
789b586d9015
Letter ACLs were wrong.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4200
diff
changeset
|
53 { 't', MAIL_ACL_WRITE_DELETED }, |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
54 { 'i', MAIL_ACL_INSERT }, |
8428
1b7c0a216663
ACLs: Initial support for "post" right.
Timo Sirainen <tss@iki.fi>
parents:
8422
diff
changeset
|
55 { 'p', MAIL_ACL_POST }, |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
56 { 'e', MAIL_ACL_EXPUNGE }, |
4236
789b586d9015
Letter ACLs were wrong.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4200
diff
changeset
|
57 { 'k', MAIL_ACL_CREATE }, |
789b586d9015
Letter ACLs were wrong.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4200
diff
changeset
|
58 { 'x', MAIL_ACL_DELETE }, |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
59 { 'a', MAIL_ACL_ADMIN }, |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
60 { '\0', NULL } |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
61 }; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
62 |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
63 static struct dotlock_settings dotlock_set = { |
10410
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10306
diff
changeset
|
64 .timeout = 30, |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10306
diff
changeset
|
65 .stale_timeout = 120 |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
66 }; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
67 |
4964
3ed0749731d2
If debug is enabled, log some debugging messages. Also cleaned up the code
Timo Sirainen <tss@iki.fi>
parents:
4801
diff
changeset
|
68 static struct acl_backend *acl_backend_vfile_alloc(void) |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
69 { |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
70 struct acl_backend_vfile *backend; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
71 pool_t pool; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
72 |
4964
3ed0749731d2
If debug is enabled, log some debugging messages. Also cleaned up the code
Timo Sirainen <tss@iki.fi>
parents:
4801
diff
changeset
|
73 pool = pool_alloconly_create("ACL backend", 512); |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
74 backend = p_new(pool, struct acl_backend_vfile, 1); |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
75 backend->backend.pool = pool; |
4964
3ed0749731d2
If debug is enabled, log some debugging messages. Also cleaned up the code
Timo Sirainen <tss@iki.fi>
parents:
4801
diff
changeset
|
76 return &backend->backend; |
3ed0749731d2
If debug is enabled, log some debugging messages. Also cleaned up the code
Timo Sirainen <tss@iki.fi>
parents:
4801
diff
changeset
|
77 } |
3ed0749731d2
If debug is enabled, log some debugging messages. Also cleaned up the code
Timo Sirainen <tss@iki.fi>
parents:
4801
diff
changeset
|
78 |
3ed0749731d2
If debug is enabled, log some debugging messages. Also cleaned up the code
Timo Sirainen <tss@iki.fi>
parents:
4801
diff
changeset
|
79 static int |
3ed0749731d2
If debug is enabled, log some debugging messages. Also cleaned up the code
Timo Sirainen <tss@iki.fi>
parents:
4801
diff
changeset
|
80 acl_backend_vfile_init(struct acl_backend *_backend, const char *data) |
3ed0749731d2
If debug is enabled, log some debugging messages. Also cleaned up the code
Timo Sirainen <tss@iki.fi>
parents:
4801
diff
changeset
|
81 { |
3ed0749731d2
If debug is enabled, log some debugging messages. Also cleaned up the code
Timo Sirainen <tss@iki.fi>
parents:
4801
diff
changeset
|
82 struct acl_backend_vfile *backend = |
3ed0749731d2
If debug is enabled, log some debugging messages. Also cleaned up the code
Timo Sirainen <tss@iki.fi>
parents:
4801
diff
changeset
|
83 (struct acl_backend_vfile *)_backend; |
5537
ebffd0ccd22a
Added cache_secs parameter to vfile backend.
Timo Sirainen <tss@iki.fi>
parents:
5061
diff
changeset
|
84 const char *const *tmp; |
4964
3ed0749731d2
If debug is enabled, log some debugging messages. Also cleaned up the code
Timo Sirainen <tss@iki.fi>
parents:
4801
diff
changeset
|
85 |
5537
ebffd0ccd22a
Added cache_secs parameter to vfile backend.
Timo Sirainen <tss@iki.fi>
parents:
5061
diff
changeset
|
86 tmp = t_strsplit(data, ":"); |
5540
1216c0ebe492
acl_backend is now tied to mailbox_list instead of mail_storage.
Timo Sirainen <tss@iki.fi>
parents:
5537
diff
changeset
|
87 backend->global_dir = p_strdup_empty(_backend->pool, *tmp); |
5546 | 88 backend->cache_secs = ACL_VFILE_DEFAULT_CACHE_SECS; |
4964
3ed0749731d2
If debug is enabled, log some debugging messages. Also cleaned up the code
Timo Sirainen <tss@iki.fi>
parents:
4801
diff
changeset
|
89 |
5551
0e7a8c5c7c13
Don't break if empty data was given
Timo Sirainen <tss@iki.fi>
parents:
5546
diff
changeset
|
90 if (*tmp != NULL) |
0e7a8c5c7c13
Don't break if empty data was given
Timo Sirainen <tss@iki.fi>
parents:
5546
diff
changeset
|
91 tmp++; |
0e7a8c5c7c13
Don't break if empty data was given
Timo Sirainen <tss@iki.fi>
parents:
5546
diff
changeset
|
92 for (; *tmp != NULL; tmp++) { |
11086
260e190306b0
Started using str_to_*() functions instead of libc's ones.
Timo Sirainen <tss@iki.fi>
parents:
11069
diff
changeset
|
93 if (strncmp(*tmp, "cache_secs=", 11) == 0) { |
260e190306b0
Started using str_to_*() functions instead of libc's ones.
Timo Sirainen <tss@iki.fi>
parents:
11069
diff
changeset
|
94 if (str_to_uint(*tmp + 11, &backend->cache_secs) < 0) { |
260e190306b0
Started using str_to_*() functions instead of libc's ones.
Timo Sirainen <tss@iki.fi>
parents:
11069
diff
changeset
|
95 i_error("acl vfile: Invalid cache_secs value: %s", |
260e190306b0
Started using str_to_*() functions instead of libc's ones.
Timo Sirainen <tss@iki.fi>
parents:
11069
diff
changeset
|
96 *tmp + 11); |
260e190306b0
Started using str_to_*() functions instead of libc's ones.
Timo Sirainen <tss@iki.fi>
parents:
11069
diff
changeset
|
97 return -1; |
260e190306b0
Started using str_to_*() functions instead of libc's ones.
Timo Sirainen <tss@iki.fi>
parents:
11069
diff
changeset
|
98 } |
260e190306b0
Started using str_to_*() functions instead of libc's ones.
Timo Sirainen <tss@iki.fi>
parents:
11069
diff
changeset
|
99 } else { |
5537
ebffd0ccd22a
Added cache_secs parameter to vfile backend.
Timo Sirainen <tss@iki.fi>
parents:
5061
diff
changeset
|
100 i_error("acl vfile: Unknown parameter: %s", *tmp); |
ebffd0ccd22a
Added cache_secs parameter to vfile backend.
Timo Sirainen <tss@iki.fi>
parents:
5061
diff
changeset
|
101 return -1; |
ebffd0ccd22a
Added cache_secs parameter to vfile backend.
Timo Sirainen <tss@iki.fi>
parents:
5061
diff
changeset
|
102 } |
ebffd0ccd22a
Added cache_secs parameter to vfile backend.
Timo Sirainen <tss@iki.fi>
parents:
5061
diff
changeset
|
103 } |
ebffd0ccd22a
Added cache_secs parameter to vfile backend.
Timo Sirainen <tss@iki.fi>
parents:
5061
diff
changeset
|
104 if (_backend->debug) { |
10082
62b37dcf173e
Log debug-level messages with i_debug().
Pascal Volk <user@localhost.localdomain.org>
parents:
9936
diff
changeset
|
105 i_debug("acl vfile: Global ACL directory: %s", |
12295
00637db0e54c
acl: Avoid passing NULL parameter to printf %s when mail_debug=yes
Timo Sirainen <tss@iki.fi>
parents:
12293
diff
changeset
|
106 backend->global_dir == NULL ? "(none)" : |
10082
62b37dcf173e
Log debug-level messages with i_debug().
Pascal Volk <user@localhost.localdomain.org>
parents:
9936
diff
changeset
|
107 backend->global_dir); |
5537
ebffd0ccd22a
Added cache_secs parameter to vfile backend.
Timo Sirainen <tss@iki.fi>
parents:
5061
diff
changeset
|
108 } |
ebffd0ccd22a
Added cache_secs parameter to vfile backend.
Timo Sirainen <tss@iki.fi>
parents:
5061
diff
changeset
|
109 |
4964
3ed0749731d2
If debug is enabled, log some debugging messages. Also cleaned up the code
Timo Sirainen <tss@iki.fi>
parents:
4801
diff
changeset
|
110 _backend->cache = |
3ed0749731d2
If debug is enabled, log some debugging messages. Also cleaned up the code
Timo Sirainen <tss@iki.fi>
parents:
4801
diff
changeset
|
111 acl_cache_init(_backend, |
4083
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
112 sizeof(struct acl_backend_vfile_validity)); |
4964
3ed0749731d2
If debug is enabled, log some debugging messages. Also cleaned up the code
Timo Sirainen <tss@iki.fi>
parents:
4801
diff
changeset
|
113 return 0; |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
114 } |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
115 |
7469
ba634d2c0ab9
Fixed several memory leaks in ACL plugin.
Timo Sirainen <tss@iki.fi>
parents:
7317
diff
changeset
|
116 static void acl_backend_vfile_deinit(struct acl_backend *_backend) |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
117 { |
7469
ba634d2c0ab9
Fixed several memory leaks in ACL plugin.
Timo Sirainen <tss@iki.fi>
parents:
7317
diff
changeset
|
118 struct acl_backend_vfile *backend = |
ba634d2c0ab9
Fixed several memory leaks in ACL plugin.
Timo Sirainen <tss@iki.fi>
parents:
7317
diff
changeset
|
119 (struct acl_backend_vfile *)_backend; |
ba634d2c0ab9
Fixed several memory leaks in ACL plugin.
Timo Sirainen <tss@iki.fi>
parents:
7317
diff
changeset
|
120 |
ba634d2c0ab9
Fixed several memory leaks in ACL plugin.
Timo Sirainen <tss@iki.fi>
parents:
7317
diff
changeset
|
121 if (backend->acllist_pool != NULL) { |
ba634d2c0ab9
Fixed several memory leaks in ACL plugin.
Timo Sirainen <tss@iki.fi>
parents:
7317
diff
changeset
|
122 array_free(&backend->acllist); |
ba634d2c0ab9
Fixed several memory leaks in ACL plugin.
Timo Sirainen <tss@iki.fi>
parents:
7317
diff
changeset
|
123 pool_unref(&backend->acllist_pool); |
ba634d2c0ab9
Fixed several memory leaks in ACL plugin.
Timo Sirainen <tss@iki.fi>
parents:
7317
diff
changeset
|
124 } |
ba634d2c0ab9
Fixed several memory leaks in ACL plugin.
Timo Sirainen <tss@iki.fi>
parents:
7317
diff
changeset
|
125 pool_unref(&backend->backend.pool); |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
126 } |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
127 |
8165
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
128 static const char * |
9434
e374a365521d
Initial commit for making mail_storage:mailbox_list to be from 1:1 to n:n.
Timo Sirainen <tss@iki.fi>
parents:
8907
diff
changeset
|
129 acl_backend_vfile_get_local_dir(struct acl_backend *backend, const char *name) |
8165
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
130 { |
9434
e374a365521d
Initial commit for making mail_storage:mailbox_list to be from 1:1 to n:n.
Timo Sirainen <tss@iki.fi>
parents:
8907
diff
changeset
|
131 struct mail_namespace *ns; |
11899
636d34f650c2
acl: If ACL file exists in mail root directory, use it as namespace's default ACLs.
Timo Sirainen <tss@iki.fi>
parents:
11447
diff
changeset
|
132 const char *dir, *inbox; |
636d34f650c2
acl: If ACL file exists in mail root directory, use it as namespace's default ACLs.
Timo Sirainen <tss@iki.fi>
parents:
11447
diff
changeset
|
133 |
636d34f650c2
acl: If ACL file exists in mail root directory, use it as namespace's default ACLs.
Timo Sirainen <tss@iki.fi>
parents:
11447
diff
changeset
|
134 if (*name == '\0') |
636d34f650c2
acl: If ACL file exists in mail root directory, use it as namespace's default ACLs.
Timo Sirainen <tss@iki.fi>
parents:
11447
diff
changeset
|
135 name = NULL; |
8165
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
136 |
9434
e374a365521d
Initial commit for making mail_storage:mailbox_list to be from 1:1 to n:n.
Timo Sirainen <tss@iki.fi>
parents:
8907
diff
changeset
|
137 ns = mailbox_list_get_namespace(backend->list); |
e374a365521d
Initial commit for making mail_storage:mailbox_list to be from 1:1 to n:n.
Timo Sirainen <tss@iki.fi>
parents:
8907
diff
changeset
|
138 if (mail_storage_is_mailbox_file(ns->storage)) { |
e374a365521d
Initial commit for making mail_storage:mailbox_list to be from 1:1 to n:n.
Timo Sirainen <tss@iki.fi>
parents:
8907
diff
changeset
|
139 dir = mailbox_list_get_path(ns->list, name, |
8165
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
140 MAILBOX_LIST_PATH_TYPE_CONTROL); |
9434
e374a365521d
Initial commit for making mail_storage:mailbox_list to be from 1:1 to n:n.
Timo Sirainen <tss@iki.fi>
parents:
8907
diff
changeset
|
141 } else { |
e374a365521d
Initial commit for making mail_storage:mailbox_list to be from 1:1 to n:n.
Timo Sirainen <tss@iki.fi>
parents:
8907
diff
changeset
|
142 dir = mailbox_list_get_path(ns->list, name, |
e374a365521d
Initial commit for making mail_storage:mailbox_list to be from 1:1 to n:n.
Timo Sirainen <tss@iki.fi>
parents:
8907
diff
changeset
|
143 MAILBOX_LIST_PATH_TYPE_MAILBOX); |
8165
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
144 } |
11943
ddf343de34a4
acl: Crashfix for handling namespaces that don't have a paths.
Timo Sirainen <tss@iki.fi>
parents:
11942
diff
changeset
|
145 if (name == NULL && dir != NULL) { |
11899
636d34f650c2
acl: If ACL file exists in mail root directory, use it as namespace's default ACLs.
Timo Sirainen <tss@iki.fi>
parents:
11447
diff
changeset
|
146 /* verify that the directory isn't same as INBOX's directory. |
636d34f650c2
acl: If ACL file exists in mail root directory, use it as namespace's default ACLs.
Timo Sirainen <tss@iki.fi>
parents:
11447
diff
changeset
|
147 this is mainly for Maildir. */ |
636d34f650c2
acl: If ACL file exists in mail root directory, use it as namespace's default ACLs.
Timo Sirainen <tss@iki.fi>
parents:
11447
diff
changeset
|
148 inbox = mailbox_list_get_path(ns->list, "INBOX", |
636d34f650c2
acl: If ACL file exists in mail root directory, use it as namespace's default ACLs.
Timo Sirainen <tss@iki.fi>
parents:
11447
diff
changeset
|
149 MAILBOX_LIST_PATH_TYPE_MAILBOX); |
636d34f650c2
acl: If ACL file exists in mail root directory, use it as namespace's default ACLs.
Timo Sirainen <tss@iki.fi>
parents:
11447
diff
changeset
|
150 if (strcmp(inbox, dir) == 0) { |
636d34f650c2
acl: If ACL file exists in mail root directory, use it as namespace's default ACLs.
Timo Sirainen <tss@iki.fi>
parents:
11447
diff
changeset
|
151 /* can't have default ACLs with this setup */ |
636d34f650c2
acl: If ACL file exists in mail root directory, use it as namespace's default ACLs.
Timo Sirainen <tss@iki.fi>
parents:
11447
diff
changeset
|
152 return NULL; |
636d34f650c2
acl: If ACL file exists in mail root directory, use it as namespace's default ACLs.
Timo Sirainen <tss@iki.fi>
parents:
11447
diff
changeset
|
153 } |
636d34f650c2
acl: If ACL file exists in mail root directory, use it as namespace's default ACLs.
Timo Sirainen <tss@iki.fi>
parents:
11447
diff
changeset
|
154 } |
8165
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
155 return dir; |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
156 } |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
157 |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
158 static struct acl_object * |
5540
1216c0ebe492
acl_backend is now tied to mailbox_list instead of mail_storage.
Timo Sirainen <tss@iki.fi>
parents:
5537
diff
changeset
|
159 acl_backend_vfile_object_init(struct acl_backend *_backend, |
9434
e374a365521d
Initial commit for making mail_storage:mailbox_list to be from 1:1 to n:n.
Timo Sirainen <tss@iki.fi>
parents:
8907
diff
changeset
|
160 const char *name) |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
161 { |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
162 struct acl_backend_vfile *backend = |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
163 (struct acl_backend_vfile *)_backend; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
164 struct acl_object_vfile *aclobj; |
12586
a2780b694b2d
lib-storage: mailbox_alloc() now takes a virtual mailbox name and other related API changes.
Timo Sirainen <tss@iki.fi>
parents:
12295
diff
changeset
|
165 const char *dir, *vname; |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
166 |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
167 aclobj = i_new(struct acl_object_vfile, 1); |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
168 aclobj->aclobj.backend = _backend; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
169 aclobj->aclobj.name = i_strdup(name); |
9936
6fac2ade5dd6
acl: Use namespace prefix when looking up global ACLs.
Timo Sirainen <tss@iki.fi>
parents:
9658
diff
changeset
|
170 |
6fac2ade5dd6
acl: Use namespace prefix when looking up global ACLs.
Timo Sirainen <tss@iki.fi>
parents:
9658
diff
changeset
|
171 if (backend->global_dir != NULL) T_BEGIN { |
12586
a2780b694b2d
lib-storage: mailbox_alloc() now takes a virtual mailbox name and other related API changes.
Timo Sirainen <tss@iki.fi>
parents:
12295
diff
changeset
|
172 vname = mailbox_list_get_vname(backend->backend.list, name); |
12217
ef94878e8573
acl: Reverted last change. It still allows reading the default ACL from .DEFAULT file.
Timo Sirainen <tss@iki.fi>
parents:
12216
diff
changeset
|
173 aclobj->global_path = i_strconcat(backend->global_dir, "/", |
12586
a2780b694b2d
lib-storage: mailbox_alloc() now takes a virtual mailbox name and other related API changes.
Timo Sirainen <tss@iki.fi>
parents:
12295
diff
changeset
|
174 vname, NULL); |
9936
6fac2ade5dd6
acl: Use namespace prefix when looking up global ACLs.
Timo Sirainen <tss@iki.fi>
parents:
9658
diff
changeset
|
175 } T_END; |
5047
e92b4ad15b70
Moved dovecot-acl file from control dir to mail directory, except with
Timo Sirainen <tss@iki.fi>
parents:
4964
diff
changeset
|
176 |
11899
636d34f650c2
acl: If ACL file exists in mail root directory, use it as namespace's default ACLs.
Timo Sirainen <tss@iki.fi>
parents:
11447
diff
changeset
|
177 dir = acl_backend_vfile_get_local_dir(_backend, name); |
8212 | 178 aclobj->local_path = dir == NULL ? NULL : |
179 i_strconcat(dir, "/"ACL_FILENAME, NULL); | |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
180 return &aclobj->aclobj; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
181 } |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
182 |
8165
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
183 static const char * |
9434
e374a365521d
Initial commit for making mail_storage:mailbox_list to be from 1:1 to n:n.
Timo Sirainen <tss@iki.fi>
parents:
8907
diff
changeset
|
184 get_parent_mailbox(struct acl_backend *backend, const char *name) |
8165
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
185 { |
11942
827ebadc5995
lib-storage: Removed mailbox_list_get_hierarchy_sep(). Its usage wasn't correct.
Timo Sirainen <tss@iki.fi>
parents:
11932
diff
changeset
|
186 struct mail_namespace *ns = mailbox_list_get_namespace(backend->list); |
8165
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
187 const char *p; |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
188 |
12586
a2780b694b2d
lib-storage: mailbox_alloc() now takes a virtual mailbox name and other related API changes.
Timo Sirainen <tss@iki.fi>
parents:
12295
diff
changeset
|
189 p = strrchr(name, mail_namespace_get_sep(ns)); |
8165
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
190 return p == NULL ? NULL : t_strdup_until(name, p); |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
191 } |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
192 |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
193 static int |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
194 acl_backend_vfile_exists(struct acl_backend_vfile *backend, const char *path, |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
195 struct acl_vfile_validity *validity) |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
196 { |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
197 struct stat st; |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
198 |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
199 if (validity->last_check + (time_t)backend->cache_secs > ioloop_time) { |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
200 /* use the cached value */ |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
201 return validity->last_mtime != VALIDITY_MTIME_NOTFOUND; |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
202 } |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
203 |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
204 validity->last_check = ioloop_time; |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
205 if (stat(path, &st) < 0) { |
8907
9c82d97a5431
acl: If a global ACL file "foo" exists, don't fail when trying to access mailbox "foo/bar".
Timo Sirainen <tss@iki.fi>
parents:
8899
diff
changeset
|
206 if (errno == ENOENT || errno == ENOTDIR) { |
8165
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
207 validity->last_mtime = VALIDITY_MTIME_NOTFOUND; |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
208 return 0; |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
209 } |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
210 if (errno == EACCES) { |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
211 validity->last_mtime = VALIDITY_MTIME_NOACCESS; |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
212 return 1; |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
213 } |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
214 i_error("stat(%s) failed: %m", path); |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
215 return -1; |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
216 } |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
217 validity->last_mtime = st.st_mtime; |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
218 validity->last_size = st.st_size; |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
219 return 1; |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
220 } |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
221 |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
222 static bool |
9434
e374a365521d
Initial commit for making mail_storage:mailbox_list to be from 1:1 to n:n.
Timo Sirainen <tss@iki.fi>
parents:
8907
diff
changeset
|
223 acl_backend_vfile_has_acl(struct acl_backend *_backend, const char *name) |
8165
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
224 { |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
225 struct acl_backend_vfile *backend = |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
226 (struct acl_backend_vfile *)_backend; |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
227 struct acl_backend_vfile_validity *old_validity, new_validity; |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
228 const char *path, *local_path, *global_path, *dir; |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
229 int ret; |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
230 |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
231 old_validity = acl_cache_get_validity(_backend->cache, name); |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
232 if (old_validity != NULL) |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
233 new_validity = *old_validity; |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
234 else |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
235 memset(&new_validity, 0, sizeof(new_validity)); |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
236 |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
237 /* See if the mailbox exists. If we wanted recursive lookups we could |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
238 skip this, but at least for now we assume that if an existing |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
239 mailbox has no ACL it's equivalent to default ACLs. */ |
9434
e374a365521d
Initial commit for making mail_storage:mailbox_list to be from 1:1 to n:n.
Timo Sirainen <tss@iki.fi>
parents:
8907
diff
changeset
|
240 path = mailbox_list_get_path(_backend->list, name, |
8165
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
241 MAILBOX_LIST_PATH_TYPE_MAILBOX); |
8212 | 242 ret = path == NULL ? 0 : |
243 acl_backend_vfile_exists(backend, path, | |
244 &new_validity.mailbox_validity); | |
11899
636d34f650c2
acl: If ACL file exists in mail root directory, use it as namespace's default ACLs.
Timo Sirainen <tss@iki.fi>
parents:
11447
diff
changeset
|
245 if (ret == 0 && |
636d34f650c2
acl: If ACL file exists in mail root directory, use it as namespace's default ACLs.
Timo Sirainen <tss@iki.fi>
parents:
11447
diff
changeset
|
246 (dir = acl_backend_vfile_get_local_dir(_backend, name)) != NULL) { |
8165
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
247 local_path = t_strconcat(dir, "/", name, NULL); |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
248 ret = acl_backend_vfile_exists(backend, local_path, |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
249 &new_validity.local_validity); |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
250 } |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
251 if (ret == 0 && backend->global_dir != NULL) { |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
252 global_path = t_strconcat(backend->global_dir, "/", name, NULL); |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
253 ret = acl_backend_vfile_exists(backend, global_path, |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
254 &new_validity.global_validity); |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
255 } |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
256 acl_cache_set_validity(_backend->cache, name, &new_validity); |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
257 return ret > 0; |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
258 } |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
259 |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
260 static struct acl_object * |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
261 acl_backend_vfile_object_init_parent(struct acl_backend *backend, |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
262 const char *child_name) |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
263 { |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
264 const char *parent; |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
265 |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
266 /* stop at the first parent that |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
267 a) has global ACL file |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
268 b) has local ACL file |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
269 c) exists */ |
9434
e374a365521d
Initial commit for making mail_storage:mailbox_list to be from 1:1 to n:n.
Timo Sirainen <tss@iki.fi>
parents:
8907
diff
changeset
|
270 while ((parent = get_parent_mailbox(backend, child_name)) != NULL) { |
e374a365521d
Initial commit for making mail_storage:mailbox_list to be from 1:1 to n:n.
Timo Sirainen <tss@iki.fi>
parents:
8907
diff
changeset
|
271 if (acl_backend_vfile_has_acl(backend, parent)) |
8165
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
272 break; |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
273 child_name = parent; |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
274 } |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
275 if (parent == NULL) { |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
276 /* use the root */ |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
277 parent = ""; |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
278 } |
9434
e374a365521d
Initial commit for making mail_storage:mailbox_list to be from 1:1 to n:n.
Timo Sirainen <tss@iki.fi>
parents:
8907
diff
changeset
|
279 return acl_backend_vfile_object_init(backend, parent); |
8165
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
280 } |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
281 |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
282 static void acl_backend_vfile_object_deinit(struct acl_object *_aclobj) |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
283 { |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
284 struct acl_object_vfile *aclobj = (struct acl_object_vfile *)_aclobj; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
285 |
5552
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
286 if (array_is_created(&aclobj->rights)) |
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
287 array_free(&aclobj->rights); |
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
288 if (aclobj->rights_pool != NULL) |
6428
7cad076906eb
pool_unref() now takes ** pointer.
Timo Sirainen <tss@iki.fi>
parents:
6411
diff
changeset
|
289 pool_unref(&aclobj->rights_pool); |
5552
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
290 |
4083
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
291 i_free(aclobj->local_path); |
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
292 i_free(aclobj->global_path); |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
293 i_free(aclobj->aclobj.name); |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
294 i_free(aclobj); |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
295 } |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
296 |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
297 static const char *const * |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
298 acl_rights_alloc(pool_t pool, ARRAY_TYPE(const_string) *rights_arr, |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
299 bool dup_strings) |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
300 { |
9491
0059b2381024
Use array_sort() instead of qsort() wherever possible.
Timo Sirainen <tss@iki.fi>
parents:
9474
diff
changeset
|
301 const char **ret, *const *rights; |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
302 unsigned int i, dest, count; |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
303 |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
304 /* sort the rights first so we can easily drop duplicates */ |
9491
0059b2381024
Use array_sort() instead of qsort() wherever possible.
Timo Sirainen <tss@iki.fi>
parents:
9474
diff
changeset
|
305 array_sort(rights_arr, i_strcmp_p); |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
306 |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
307 /* @UNSAFE */ |
9491
0059b2381024
Use array_sort() instead of qsort() wherever possible.
Timo Sirainen <tss@iki.fi>
parents:
9474
diff
changeset
|
308 rights = array_get(rights_arr, &count); |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
309 ret = p_new(pool, const char *, count + 1); |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
310 if (count > 0) { |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
311 ret[0] = rights[0]; |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
312 for (i = dest = 1; i < count; i++) { |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
313 if (strcmp(rights[i-1], rights[i]) != 0) |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
314 ret[dest++] = rights[i]; |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
315 } |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
316 ret[dest] = NULL; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
317 if (dup_strings) { |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
318 for (i = 0; i < dest; i++) |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
319 ret[i] = p_strdup(pool, ret[i]); |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
320 } |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
321 } |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
322 return ret; |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
323 } |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
324 |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
325 static const char *const * |
5552
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
326 acl_parse_rights(pool_t pool, const char *acl, const char **error_r) |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
327 { |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
328 ARRAY_TYPE(const_string) rights; |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
329 const char *const *names; |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
330 unsigned int i; |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
331 |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
332 /* parse IMAP ACL list */ |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
333 while (*acl == ' ' || *acl == '\t') |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
334 acl++; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
335 |
4596
bf4e98a0de3f
Replaced ARRAY_CREATE() macro with [ipt]_array_init() macros. The macro
Timo Sirainen <tss@iki.fi>
parents:
4594
diff
changeset
|
336 t_array_init(&rights, 64); |
7317
92cd0509b2b9
Ignore spaces and TABs at the end of ACL lines.
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
337 while (*acl != '\0' && *acl != ' ' && *acl != '\t' && *acl != ':') { |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
338 for (i = 0; acl_letter_map[i].letter != '\0'; i++) { |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
339 if (acl_letter_map[i].letter == *acl) |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
340 break; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
341 } |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
342 |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
343 if (acl_letter_map[i].letter == '\0') { |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
344 *error_r = t_strdup_printf("Unknown ACL '%c'", *acl); |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
345 return NULL; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
346 } |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
347 |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
348 array_append(&rights, &acl_letter_map[i].name, 1); |
7317
92cd0509b2b9
Ignore spaces and TABs at the end of ACL lines.
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
349 acl++; |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
350 } |
7317
92cd0509b2b9
Ignore spaces and TABs at the end of ACL lines.
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
351 while (*acl == ' ' || *acl == '\t') acl++; |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
352 |
5552
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
353 if (*acl != '\0') { |
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
354 /* parse our own extended ACLs */ |
8455
645af8d240d6
acl: Fixes to handling extended ACL names.
Timo Sirainen <tss@iki.fi>
parents:
8439
diff
changeset
|
355 if (*acl != ':') { |
645af8d240d6
acl: Fixes to handling extended ACL names.
Timo Sirainen <tss@iki.fi>
parents:
8439
diff
changeset
|
356 *error_r = "Missing ':' prefix in ACL extensions"; |
645af8d240d6
acl: Fixes to handling extended ACL names.
Timo Sirainen <tss@iki.fi>
parents:
8439
diff
changeset
|
357 return NULL; |
645af8d240d6
acl: Fixes to handling extended ACL names.
Timo Sirainen <tss@iki.fi>
parents:
8439
diff
changeset
|
358 } |
5552
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
359 |
11447
484eb8f1f074
acl: Allow tabs between extended acl names.
Timo Sirainen <tss@iki.fi>
parents:
11086
diff
changeset
|
360 names = t_strsplit_spaces(acl + 1, ", \t"); |
5552
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
361 for (; *names != NULL; names++) { |
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
362 const char *name = p_strdup(pool, *names); |
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
363 array_append(&rights, &name, 1); |
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
364 } |
4288
1cb59399b395
NULL-terminate the parsed rights
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4236
diff
changeset
|
365 } |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
366 |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
367 return acl_rights_alloc(pool, &rights, FALSE); |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
368 } |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
369 |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
370 static int |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
371 acl_object_vfile_parse_line(struct acl_object_vfile *aclobj, bool global, |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
372 const char *path, const char *line, |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
373 unsigned int linenum) |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
374 { |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
375 struct acl_rights rights; |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
376 const char *p, *const *right_names, *error = NULL; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
377 |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
378 if (*line == '\0' || *line == '#') |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
379 return 0; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
380 |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
381 /* <id> [<imap acls>] [:<named acls>] */ |
9658
f29a25420a82
acl: Support spaces in user/group identifiers.
Timo Sirainen <tss@iki.fi>
parents:
9609
diff
changeset
|
382 if (*line == '"') { |
f29a25420a82
acl: Support spaces in user/group identifiers.
Timo Sirainen <tss@iki.fi>
parents:
9609
diff
changeset
|
383 for (p = line + 1; *p != '\0'; p++) { |
f29a25420a82
acl: Support spaces in user/group identifiers.
Timo Sirainen <tss@iki.fi>
parents:
9609
diff
changeset
|
384 if (*p == '\\' && p[1] != '\0') |
f29a25420a82
acl: Support spaces in user/group identifiers.
Timo Sirainen <tss@iki.fi>
parents:
9609
diff
changeset
|
385 p++; |
f29a25420a82
acl: Support spaces in user/group identifiers.
Timo Sirainen <tss@iki.fi>
parents:
9609
diff
changeset
|
386 else if (*p == '"') |
f29a25420a82
acl: Support spaces in user/group identifiers.
Timo Sirainen <tss@iki.fi>
parents:
9609
diff
changeset
|
387 break; |
f29a25420a82
acl: Support spaces in user/group identifiers.
Timo Sirainen <tss@iki.fi>
parents:
9609
diff
changeset
|
388 } |
f29a25420a82
acl: Support spaces in user/group identifiers.
Timo Sirainen <tss@iki.fi>
parents:
9609
diff
changeset
|
389 if (p[0] != '"' || (p[1] != ' ' && p[1] != '\0')) { |
f29a25420a82
acl: Support spaces in user/group identifiers.
Timo Sirainen <tss@iki.fi>
parents:
9609
diff
changeset
|
390 i_error("ACL file %s line %u: Invalid quoted ID", |
f29a25420a82
acl: Support spaces in user/group identifiers.
Timo Sirainen <tss@iki.fi>
parents:
9609
diff
changeset
|
391 path, linenum); |
f29a25420a82
acl: Support spaces in user/group identifiers.
Timo Sirainen <tss@iki.fi>
parents:
9609
diff
changeset
|
392 return -1; |
f29a25420a82
acl: Support spaces in user/group identifiers.
Timo Sirainen <tss@iki.fi>
parents:
9609
diff
changeset
|
393 } |
f29a25420a82
acl: Support spaces in user/group identifiers.
Timo Sirainen <tss@iki.fi>
parents:
9609
diff
changeset
|
394 line = t_strdup_until(line + 1, p); |
f29a25420a82
acl: Support spaces in user/group identifiers.
Timo Sirainen <tss@iki.fi>
parents:
9609
diff
changeset
|
395 line = str_unescape(t_strdup_noconst(line)); |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
396 p++; |
9658
f29a25420a82
acl: Support spaces in user/group identifiers.
Timo Sirainen <tss@iki.fi>
parents:
9609
diff
changeset
|
397 } else { |
f29a25420a82
acl: Support spaces in user/group identifiers.
Timo Sirainen <tss@iki.fi>
parents:
9609
diff
changeset
|
398 p = strchr(line, ' '); |
f29a25420a82
acl: Support spaces in user/group identifiers.
Timo Sirainen <tss@iki.fi>
parents:
9609
diff
changeset
|
399 if (p == NULL) |
f29a25420a82
acl: Support spaces in user/group identifiers.
Timo Sirainen <tss@iki.fi>
parents:
9609
diff
changeset
|
400 p = ""; |
f29a25420a82
acl: Support spaces in user/group identifiers.
Timo Sirainen <tss@iki.fi>
parents:
9609
diff
changeset
|
401 else { |
f29a25420a82
acl: Support spaces in user/group identifiers.
Timo Sirainen <tss@iki.fi>
parents:
9609
diff
changeset
|
402 line = t_strdup_until(line, p); |
f29a25420a82
acl: Support spaces in user/group identifiers.
Timo Sirainen <tss@iki.fi>
parents:
9609
diff
changeset
|
403 p++; |
f29a25420a82
acl: Support spaces in user/group identifiers.
Timo Sirainen <tss@iki.fi>
parents:
9609
diff
changeset
|
404 } |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
405 } |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
406 |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
407 memset(&rights, 0, sizeof(rights)); |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
408 rights.global = global; |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
409 |
5552
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
410 right_names = acl_parse_rights(aclobj->rights_pool, p, &error); |
8455
645af8d240d6
acl: Fixes to handling extended ACL names.
Timo Sirainen <tss@iki.fi>
parents:
8439
diff
changeset
|
411 if (*line != '-') |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
412 rights.rights = right_names; |
8455
645af8d240d6
acl: Fixes to handling extended ACL names.
Timo Sirainen <tss@iki.fi>
parents:
8439
diff
changeset
|
413 else { |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
414 line++; |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
415 rights.neg_rights = right_names; |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
416 } |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
417 |
12769
5b16b5436e4e
acl: Added doveadm plugin supporting acl get/set/rights commands.
Timo Sirainen <tss@iki.fi>
parents:
12630
diff
changeset
|
418 if (acl_identifier_parse(line, &rights) < 0) |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
419 error = t_strdup_printf("Unknown ID '%s'", line); |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
420 |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
421 if (error != NULL) { |
5540
1216c0ebe492
acl_backend is now tied to mailbox_list instead of mail_storage.
Timo Sirainen <tss@iki.fi>
parents:
5537
diff
changeset
|
422 i_error("ACL file %s line %u: %s", path, linenum, error); |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
423 return -1; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
424 } |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
425 |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
426 rights.identifier = p_strdup(aclobj->rights_pool, rights.identifier); |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
427 array_append(&aclobj->rights, &rights, 1); |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
428 return 0; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
429 } |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
430 |
10936
6b03aee63752
acl: Don't crash if opening dovecot-acl fails with EACCES.
Timo Sirainen <tss@iki.fi>
parents:
10584
diff
changeset
|
431 static void acl_backend_remove_all_access(struct acl_object_vfile *aclobj) |
5694
49412bd6b931
If dovecot-acl file can't be opened because of permission problems, treat it
Timo Sirainen <tss@iki.fi>
parents:
5552
diff
changeset
|
432 { |
10936
6b03aee63752
acl: Don't crash if opening dovecot-acl fails with EACCES.
Timo Sirainen <tss@iki.fi>
parents:
10584
diff
changeset
|
433 static const char *null = NULL; |
6b03aee63752
acl: Don't crash if opening dovecot-acl fails with EACCES.
Timo Sirainen <tss@iki.fi>
parents:
10584
diff
changeset
|
434 struct acl_rights rights; |
5694
49412bd6b931
If dovecot-acl file can't be opened because of permission problems, treat it
Timo Sirainen <tss@iki.fi>
parents:
5552
diff
changeset
|
435 |
49412bd6b931
If dovecot-acl file can't be opened because of permission problems, treat it
Timo Sirainen <tss@iki.fi>
parents:
5552
diff
changeset
|
436 memset(&rights, 0, sizeof(rights)); |
10936
6b03aee63752
acl: Don't crash if opening dovecot-acl fails with EACCES.
Timo Sirainen <tss@iki.fi>
parents:
10584
diff
changeset
|
437 rights.id_type = ACL_ID_ANYONE; |
6b03aee63752
acl: Don't crash if opening dovecot-acl fails with EACCES.
Timo Sirainen <tss@iki.fi>
parents:
10584
diff
changeset
|
438 rights.rights = &null; |
6b03aee63752
acl: Don't crash if opening dovecot-acl fails with EACCES.
Timo Sirainen <tss@iki.fi>
parents:
10584
diff
changeset
|
439 array_append(&aclobj->rights, &rights, 1); |
6b03aee63752
acl: Don't crash if opening dovecot-acl fails with EACCES.
Timo Sirainen <tss@iki.fi>
parents:
10584
diff
changeset
|
440 |
6b03aee63752
acl: Don't crash if opening dovecot-acl fails with EACCES.
Timo Sirainen <tss@iki.fi>
parents:
10584
diff
changeset
|
441 rights.id_type = ACL_ID_OWNER; |
6b03aee63752
acl: Don't crash if opening dovecot-acl fails with EACCES.
Timo Sirainen <tss@iki.fi>
parents:
10584
diff
changeset
|
442 rights.rights = &null; |
6b03aee63752
acl: Don't crash if opening dovecot-acl fails with EACCES.
Timo Sirainen <tss@iki.fi>
parents:
10584
diff
changeset
|
443 array_append(&aclobj->rights, &rights, 1); |
5694
49412bd6b931
If dovecot-acl file can't be opened because of permission problems, treat it
Timo Sirainen <tss@iki.fi>
parents:
5552
diff
changeset
|
444 } |
49412bd6b931
If dovecot-acl file can't be opened because of permission problems, treat it
Timo Sirainen <tss@iki.fi>
parents:
5552
diff
changeset
|
445 |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
446 static int |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
447 acl_backend_vfile_read(struct acl_object_vfile *aclobj, |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
448 bool global, const char *path, |
4200
38a5e4396091
If storage separator is '/', it's possible that we're trying to open a
Timo Sirainen <tss@iki.fi>
parents:
4097
diff
changeset
|
449 struct acl_vfile_validity *validity, bool try_retry, |
38a5e4396091
If storage separator is '/', it's possible that we're trying to open a
Timo Sirainen <tss@iki.fi>
parents:
4097
diff
changeset
|
450 bool *is_dir_r) |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
451 { |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
452 struct istream *input; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
453 struct stat st; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
454 const char *line; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
455 unsigned int linenum; |
6997
0008fb28e62b
T_FRAME() changes caused infinite looping.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
456 int fd, ret = 0; |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
457 |
4200
38a5e4396091
If storage separator is '/', it's possible that we're trying to open a
Timo Sirainen <tss@iki.fi>
parents:
4097
diff
changeset
|
458 *is_dir_r = FALSE; |
38a5e4396091
If storage separator is '/', it's possible that we're trying to open a
Timo Sirainen <tss@iki.fi>
parents:
4097
diff
changeset
|
459 |
4083
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
460 fd = nfs_safe_open(path, O_RDONLY); |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
461 if (fd == -1) { |
8907
9c82d97a5431
acl: If a global ACL file "foo" exists, don't fail when trying to access mailbox "foo/bar".
Timo Sirainen <tss@iki.fi>
parents:
8899
diff
changeset
|
462 if (errno == ENOENT || errno == ENOTDIR) { |
5552
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
463 if (aclobj->aclobj.backend->debug) |
10082
62b37dcf173e
Log debug-level messages with i_debug().
Pascal Volk <user@localhost.localdomain.org>
parents:
9936
diff
changeset
|
464 i_debug("acl vfile: file %s not found", path); |
5695
54c7e74ec973
Fix also ACL file stat() failing with EACCES.
Timo Sirainen <tss@iki.fi>
parents:
5694
diff
changeset
|
465 validity->last_mtime = VALIDITY_MTIME_NOTFOUND; |
5694
49412bd6b931
If dovecot-acl file can't be opened because of permission problems, treat it
Timo Sirainen <tss@iki.fi>
parents:
5552
diff
changeset
|
466 } else if (errno == EACCES) { |
49412bd6b931
If dovecot-acl file can't be opened because of permission problems, treat it
Timo Sirainen <tss@iki.fi>
parents:
5552
diff
changeset
|
467 if (aclobj->aclobj.backend->debug) |
10082
62b37dcf173e
Log debug-level messages with i_debug().
Pascal Volk <user@localhost.localdomain.org>
parents:
9936
diff
changeset
|
468 i_debug("acl vfile: no access to file %s", |
62b37dcf173e
Log debug-level messages with i_debug().
Pascal Volk <user@localhost.localdomain.org>
parents:
9936
diff
changeset
|
469 path); |
4964
3ed0749731d2
If debug is enabled, log some debugging messages. Also cleaned up the code
Timo Sirainen <tss@iki.fi>
parents:
4801
diff
changeset
|
470 |
10936
6b03aee63752
acl: Don't crash if opening dovecot-acl fails with EACCES.
Timo Sirainen <tss@iki.fi>
parents:
10584
diff
changeset
|
471 acl_backend_remove_all_access(aclobj); |
5695
54c7e74ec973
Fix also ACL file stat() failing with EACCES.
Timo Sirainen <tss@iki.fi>
parents:
5694
diff
changeset
|
472 validity->last_mtime = VALIDITY_MTIME_NOACCESS; |
5694
49412bd6b931
If dovecot-acl file can't be opened because of permission problems, treat it
Timo Sirainen <tss@iki.fi>
parents:
5552
diff
changeset
|
473 } else { |
49412bd6b931
If dovecot-acl file can't be opened because of permission problems, treat it
Timo Sirainen <tss@iki.fi>
parents:
5552
diff
changeset
|
474 i_error("open(%s) failed: %m", path); |
49412bd6b931
If dovecot-acl file can't be opened because of permission problems, treat it
Timo Sirainen <tss@iki.fi>
parents:
5552
diff
changeset
|
475 return -1; |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
476 } |
5694
49412bd6b931
If dovecot-acl file can't be opened because of permission problems, treat it
Timo Sirainen <tss@iki.fi>
parents:
5552
diff
changeset
|
477 |
49412bd6b931
If dovecot-acl file can't be opened because of permission problems, treat it
Timo Sirainen <tss@iki.fi>
parents:
5552
diff
changeset
|
478 validity->last_size = 0; |
49412bd6b931
If dovecot-acl file can't be opened because of permission problems, treat it
Timo Sirainen <tss@iki.fi>
parents:
5552
diff
changeset
|
479 validity->last_read_time = ioloop_time; |
49412bd6b931
If dovecot-acl file can't be opened because of permission problems, treat it
Timo Sirainen <tss@iki.fi>
parents:
5552
diff
changeset
|
480 return 1; |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
481 } |
4200
38a5e4396091
If storage separator is '/', it's possible that we're trying to open a
Timo Sirainen <tss@iki.fi>
parents:
4097
diff
changeset
|
482 |
38a5e4396091
If storage separator is '/', it's possible that we're trying to open a
Timo Sirainen <tss@iki.fi>
parents:
4097
diff
changeset
|
483 if (fstat(fd, &st) < 0) { |
38a5e4396091
If storage separator is '/', it's possible that we're trying to open a
Timo Sirainen <tss@iki.fi>
parents:
4097
diff
changeset
|
484 if (errno == ESTALE && try_retry) { |
38a5e4396091
If storage separator is '/', it's possible that we're trying to open a
Timo Sirainen <tss@iki.fi>
parents:
4097
diff
changeset
|
485 (void)close(fd); |
38a5e4396091
If storage separator is '/', it's possible that we're trying to open a
Timo Sirainen <tss@iki.fi>
parents:
4097
diff
changeset
|
486 return 0; |
38a5e4396091
If storage separator is '/', it's possible that we're trying to open a
Timo Sirainen <tss@iki.fi>
parents:
4097
diff
changeset
|
487 } |
38a5e4396091
If storage separator is '/', it's possible that we're trying to open a
Timo Sirainen <tss@iki.fi>
parents:
4097
diff
changeset
|
488 |
5540
1216c0ebe492
acl_backend is now tied to mailbox_list instead of mail_storage.
Timo Sirainen <tss@iki.fi>
parents:
5537
diff
changeset
|
489 i_error("fstat(%s) failed: %m", path); |
4200
38a5e4396091
If storage separator is '/', it's possible that we're trying to open a
Timo Sirainen <tss@iki.fi>
parents:
4097
diff
changeset
|
490 (void)close(fd); |
38a5e4396091
If storage separator is '/', it's possible that we're trying to open a
Timo Sirainen <tss@iki.fi>
parents:
4097
diff
changeset
|
491 return -1; |
38a5e4396091
If storage separator is '/', it's possible that we're trying to open a
Timo Sirainen <tss@iki.fi>
parents:
4097
diff
changeset
|
492 } |
38a5e4396091
If storage separator is '/', it's possible that we're trying to open a
Timo Sirainen <tss@iki.fi>
parents:
4097
diff
changeset
|
493 if (S_ISDIR(st.st_mode)) { |
38a5e4396091
If storage separator is '/', it's possible that we're trying to open a
Timo Sirainen <tss@iki.fi>
parents:
4097
diff
changeset
|
494 /* we opened a directory. */ |
38a5e4396091
If storage separator is '/', it's possible that we're trying to open a
Timo Sirainen <tss@iki.fi>
parents:
4097
diff
changeset
|
495 *is_dir_r = TRUE; |
38a5e4396091
If storage separator is '/', it's possible that we're trying to open a
Timo Sirainen <tss@iki.fi>
parents:
4097
diff
changeset
|
496 (void)close(fd); |
38a5e4396091
If storage separator is '/', it's possible that we're trying to open a
Timo Sirainen <tss@iki.fi>
parents:
4097
diff
changeset
|
497 return 0; |
38a5e4396091
If storage separator is '/', it's possible that we're trying to open a
Timo Sirainen <tss@iki.fi>
parents:
4097
diff
changeset
|
498 } |
38a5e4396091
If storage separator is '/', it's possible that we're trying to open a
Timo Sirainen <tss@iki.fi>
parents:
4097
diff
changeset
|
499 |
5552
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
500 if (aclobj->aclobj.backend->debug) |
10082
62b37dcf173e
Log debug-level messages with i_debug().
Pascal Volk <user@localhost.localdomain.org>
parents:
9936
diff
changeset
|
501 i_debug("acl vfile: reading file %s", path); |
4964
3ed0749731d2
If debug is enabled, log some debugging messages. Also cleaned up the code
Timo Sirainen <tss@iki.fi>
parents:
4801
diff
changeset
|
502 |
6162
896cc473c1f0
Renamed i_stream_create_file() to i_stream_create_fd().
Timo Sirainen <tss@iki.fi>
parents:
6142
diff
changeset
|
503 input = i_stream_create_fd(fd, 4096, FALSE); |
8439
596a577698c1
Changed all config file readers to not ignore the last line if it's missing LF.
Timo Sirainen <tss@iki.fi>
parents:
8433
diff
changeset
|
504 i_stream_set_return_partial_line(input, TRUE); |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
505 linenum = 1; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
506 while ((line = i_stream_read_next_line(input)) != NULL) { |
7226
e6693a0ec8e1
Renamed T_FRAME_BEGIN/END to T_BEGIN/END. Removed T_FRAME() macro and
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
507 T_BEGIN { |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
508 ret = acl_object_vfile_parse_line(aclobj, global, |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
509 path, line, |
6940
414c9d631a81
Replaced t_push/t_pop calls with T_FRAME*() macros.
Timo Sirainen <tss@iki.fi>
parents:
6429
diff
changeset
|
510 linenum++); |
7226
e6693a0ec8e1
Renamed T_FRAME_BEGIN/END to T_BEGIN/END. Removed T_FRAME() macro and
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
511 } T_END; |
6940
414c9d631a81
Replaced t_push/t_pop calls with T_FRAME*() macros.
Timo Sirainen <tss@iki.fi>
parents:
6429
diff
changeset
|
512 if (ret < 0) |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
513 break; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
514 } |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
515 |
6997
0008fb28e62b
T_FRAME() changes caused infinite looping.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
516 if (ret < 0) { |
0008fb28e62b
T_FRAME() changes caused infinite looping.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
517 /* parsing failure */ |
0008fb28e62b
T_FRAME() changes caused infinite looping.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
518 } else if (input->stream_errno != 0) { |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
519 if (input->stream_errno == ESTALE && try_retry) |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
520 ret = 0; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
521 else { |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
522 ret = -1; |
5540
1216c0ebe492
acl_backend is now tied to mailbox_list instead of mail_storage.
Timo Sirainen <tss@iki.fi>
parents:
5537
diff
changeset
|
523 i_error("read(%s) failed: %m", path); |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
524 } |
6997
0008fb28e62b
T_FRAME() changes caused infinite looping.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
525 } else { |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
526 if (fstat(fd, &st) < 0) { |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
527 if (errno == ESTALE && try_retry) |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
528 ret = 0; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
529 else { |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
530 ret = -1; |
6997
0008fb28e62b
T_FRAME() changes caused infinite looping.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
531 i_error("fstat(%s) failed: %m", path); |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
532 } |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
533 } else { |
6997
0008fb28e62b
T_FRAME() changes caused infinite looping.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
534 ret = 1; |
4083
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
535 validity->last_read_time = ioloop_time; |
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
536 validity->last_mtime = st.st_mtime; |
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
537 validity->last_size = st.st_size; |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
538 } |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
539 } |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
540 |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
541 i_stream_unref(&input); |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
542 if (close(fd) < 0) { |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
543 if (errno == ESTALE && try_retry) |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
544 return 0; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
545 |
5540
1216c0ebe492
acl_backend is now tied to mailbox_list instead of mail_storage.
Timo Sirainen <tss@iki.fi>
parents:
5537
diff
changeset
|
546 i_error("close(%s) failed: %m", path); |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
547 return -1; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
548 } |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
549 return ret; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
550 } |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
551 |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
552 static int |
5552
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
553 acl_backend_vfile_read_with_retry(struct acl_object_vfile *aclobj, |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
554 bool global, const char *path, |
4083
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
555 struct acl_vfile_validity *validity) |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
556 { |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
557 unsigned int i; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
558 int ret; |
4200
38a5e4396091
If storage separator is '/', it's possible that we're trying to open a
Timo Sirainen <tss@iki.fi>
parents:
4097
diff
changeset
|
559 bool is_dir; |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
560 |
4097
8d37f7d2ec40
Global ACL dir is now optional.
Timo Sirainen <tss@iki.fi>
parents:
4083
diff
changeset
|
561 if (path == NULL) |
8d37f7d2ec40
Global ACL dir is now optional.
Timo Sirainen <tss@iki.fi>
parents:
4083
diff
changeset
|
562 return 0; |
8d37f7d2ec40
Global ACL dir is now optional.
Timo Sirainen <tss@iki.fi>
parents:
4083
diff
changeset
|
563 |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
564 for (i = 0;; i++) { |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
565 ret = acl_backend_vfile_read(aclobj, global, path, validity, |
4200
38a5e4396091
If storage separator is '/', it's possible that we're trying to open a
Timo Sirainen <tss@iki.fi>
parents:
4097
diff
changeset
|
566 i < ACL_ESTALE_RETRY_COUNT, |
38a5e4396091
If storage separator is '/', it's possible that we're trying to open a
Timo Sirainen <tss@iki.fi>
parents:
4097
diff
changeset
|
567 &is_dir); |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
568 if (ret != 0) |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
569 break; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
570 |
4200
38a5e4396091
If storage separator is '/', it's possible that we're trying to open a
Timo Sirainen <tss@iki.fi>
parents:
4097
diff
changeset
|
571 if (is_dir) { |
38a5e4396091
If storage separator is '/', it's possible that we're trying to open a
Timo Sirainen <tss@iki.fi>
parents:
4097
diff
changeset
|
572 /* opened a directory. use dir/.DEFAULT instead */ |
38a5e4396091
If storage separator is '/', it's possible that we're trying to open a
Timo Sirainen <tss@iki.fi>
parents:
4097
diff
changeset
|
573 path = t_strconcat(path, "/.DEFAULT", NULL); |
38a5e4396091
If storage separator is '/', it's possible that we're trying to open a
Timo Sirainen <tss@iki.fi>
parents:
4097
diff
changeset
|
574 } else { |
38a5e4396091
If storage separator is '/', it's possible that we're trying to open a
Timo Sirainen <tss@iki.fi>
parents:
4097
diff
changeset
|
575 /* ESTALE - try again */ |
38a5e4396091
If storage separator is '/', it's possible that we're trying to open a
Timo Sirainen <tss@iki.fi>
parents:
4097
diff
changeset
|
576 } |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
577 } |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
578 |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
579 return ret <= 0 ? -1 : 0; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
580 } |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
581 |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
582 static int |
4083
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
583 acl_backend_vfile_refresh(struct acl_object *aclobj, const char *path, |
4289
58a7882ba128
Don't check ACL file's timestamp changes more often than once in a second.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4288
diff
changeset
|
584 struct acl_vfile_validity *validity) |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
585 { |
5537
ebffd0ccd22a
Added cache_secs parameter to vfile backend.
Timo Sirainen <tss@iki.fi>
parents:
5061
diff
changeset
|
586 struct acl_backend_vfile *backend = |
ebffd0ccd22a
Added cache_secs parameter to vfile backend.
Timo Sirainen <tss@iki.fi>
parents:
5061
diff
changeset
|
587 (struct acl_backend_vfile *)aclobj->backend; |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
588 struct stat st; |
9585
b64aa73a34dc
acl: dovecot-acl file caching fixes.
Timo Sirainen <tss@iki.fi>
parents:
9537
diff
changeset
|
589 int ret; |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
590 |
4083
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
591 if (validity == NULL) |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
592 return 1; |
4289
58a7882ba128
Don't check ACL file's timestamp changes more often than once in a second.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4288
diff
changeset
|
593 if (path == NULL || |
5983 | 594 validity->last_check + (time_t)backend->cache_secs > ioloop_time) |
4097
8d37f7d2ec40
Global ACL dir is now optional.
Timo Sirainen <tss@iki.fi>
parents:
4083
diff
changeset
|
595 return 0; |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
596 |
4289
58a7882ba128
Don't check ACL file's timestamp changes more often than once in a second.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4288
diff
changeset
|
597 validity->last_check = ioloop_time; |
9585
b64aa73a34dc
acl: dovecot-acl file caching fixes.
Timo Sirainen <tss@iki.fi>
parents:
9537
diff
changeset
|
598 ret = stat(path, &st); |
b64aa73a34dc
acl: dovecot-acl file caching fixes.
Timo Sirainen <tss@iki.fi>
parents:
9537
diff
changeset
|
599 if (ret == 0 && S_ISDIR(st.st_mode)) { |
b64aa73a34dc
acl: dovecot-acl file caching fixes.
Timo Sirainen <tss@iki.fi>
parents:
9537
diff
changeset
|
600 /* it's a directory. use dir/.DEFAULT instead */ |
b64aa73a34dc
acl: dovecot-acl file caching fixes.
Timo Sirainen <tss@iki.fi>
parents:
9537
diff
changeset
|
601 path = t_strconcat(path, "/.DEFAULT", NULL); |
b64aa73a34dc
acl: dovecot-acl file caching fixes.
Timo Sirainen <tss@iki.fi>
parents:
9537
diff
changeset
|
602 ret = stat(path, &st); |
b64aa73a34dc
acl: dovecot-acl file caching fixes.
Timo Sirainen <tss@iki.fi>
parents:
9537
diff
changeset
|
603 } |
b64aa73a34dc
acl: dovecot-acl file caching fixes.
Timo Sirainen <tss@iki.fi>
parents:
9537
diff
changeset
|
604 |
b64aa73a34dc
acl: dovecot-acl file caching fixes.
Timo Sirainen <tss@iki.fi>
parents:
9537
diff
changeset
|
605 if (ret < 0) { |
8907
9c82d97a5431
acl: If a global ACL file "foo" exists, don't fail when trying to access mailbox "foo/bar".
Timo Sirainen <tss@iki.fi>
parents:
8899
diff
changeset
|
606 if (errno == ENOENT || errno == ENOTDIR) { |
4083
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
607 /* if the file used to exist, we have to re-read it */ |
5695
54c7e74ec973
Fix also ACL file stat() failing with EACCES.
Timo Sirainen <tss@iki.fi>
parents:
5694
diff
changeset
|
608 return validity->last_mtime != VALIDITY_MTIME_NOTFOUND; |
4083
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
609 } |
5695
54c7e74ec973
Fix also ACL file stat() failing with EACCES.
Timo Sirainen <tss@iki.fi>
parents:
5694
diff
changeset
|
610 if (errno == EACCES) |
54c7e74ec973
Fix also ACL file stat() failing with EACCES.
Timo Sirainen <tss@iki.fi>
parents:
5694
diff
changeset
|
611 return validity->last_mtime != VALIDITY_MTIME_NOACCESS; |
5540
1216c0ebe492
acl_backend is now tied to mailbox_list instead of mail_storage.
Timo Sirainen <tss@iki.fi>
parents:
5537
diff
changeset
|
612 i_error("stat(%s) failed: %m", path); |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
613 return -1; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
614 } |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
615 |
4083
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
616 if (st.st_mtime == validity->last_mtime && |
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
617 st.st_size == validity->last_size) { |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
618 /* same timestamp, but if it was modified within the |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
619 same second we want to refresh it again later (but |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
620 do it only after a couple of seconds so we don't |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
621 keep re-reading it all the time within those |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
622 seconds) */ |
5983 | 623 time_t cache_secs = backend->cache_secs; |
5546 | 624 |
8165
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
625 if (validity->last_read_time != 0 && |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
626 (st.st_mtime < validity->last_read_time - cache_secs || |
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
627 ioloop_time - validity->last_read_time <= cache_secs)) |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
628 return 0; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
629 } |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
630 |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
631 return 1; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
632 } |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
633 |
5552
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
634 int acl_backend_vfile_object_get_mtime(struct acl_object *aclobj, |
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
635 time_t *mtime_r) |
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
636 { |
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
637 struct acl_backend_vfile_validity *validity; |
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
638 |
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
639 validity = acl_cache_get_validity(aclobj->backend->cache, aclobj->name); |
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
640 if (validity == NULL) |
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
641 return -1; |
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
642 |
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
643 if (validity->local_validity.last_mtime != 0) |
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
644 *mtime_r = validity->local_validity.last_mtime; |
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
645 else if (validity->global_validity.last_mtime != 0) |
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
646 *mtime_r = validity->global_validity.last_mtime; |
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
647 else |
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
648 *mtime_r = 0; |
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
649 return 0; |
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
650 } |
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
651 |
9491
0059b2381024
Use array_sort() instead of qsort() wherever possible.
Timo Sirainen <tss@iki.fi>
parents:
9474
diff
changeset
|
652 static int acl_rights_cmp(const struct acl_rights *r1, |
0059b2381024
Use array_sort() instead of qsort() wherever possible.
Timo Sirainen <tss@iki.fi>
parents:
9474
diff
changeset
|
653 const struct acl_rights *r2) |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
654 { |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
655 int ret; |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
656 |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
657 if (r1->global != r2->global) { |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
658 /* globals have higher priority than locals */ |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
659 return r1->global ? 1 : -1; |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
660 } |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
661 |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
662 ret = r1->id_type - r2->id_type; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
663 if (ret != 0) |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
664 return ret; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
665 |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
666 return null_strcmp(r1->identifier, r2->identifier); |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
667 } |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
668 |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
669 static void |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
670 acl_rights_merge(pool_t pool, const char *const **destp, const char *const *src, |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
671 bool dup_strings) |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
672 { |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
673 const char *const *dest = *destp; |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
674 ARRAY_TYPE(const_string) rights; |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
675 unsigned int i; |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
676 |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
677 t_array_init(&rights, 64); |
8415
d00c446a95df
ACL: Crashfix to previous change. Also fixes "-id" to work correctly with missing "id".
Timo Sirainen <tss@iki.fi>
parents:
8414
diff
changeset
|
678 if (dest != NULL) { |
d00c446a95df
ACL: Crashfix to previous change. Also fixes "-id" to work correctly with missing "id".
Timo Sirainen <tss@iki.fi>
parents:
8414
diff
changeset
|
679 for (i = 0; dest[i] != NULL; i++) |
d00c446a95df
ACL: Crashfix to previous change. Also fixes "-id" to work correctly with missing "id".
Timo Sirainen <tss@iki.fi>
parents:
8414
diff
changeset
|
680 array_append(&rights, &dest[i], 1); |
d00c446a95df
ACL: Crashfix to previous change. Also fixes "-id" to work correctly with missing "id".
Timo Sirainen <tss@iki.fi>
parents:
8414
diff
changeset
|
681 } |
d00c446a95df
ACL: Crashfix to previous change. Also fixes "-id" to work correctly with missing "id".
Timo Sirainen <tss@iki.fi>
parents:
8414
diff
changeset
|
682 if (src != NULL) { |
d00c446a95df
ACL: Crashfix to previous change. Also fixes "-id" to work correctly with missing "id".
Timo Sirainen <tss@iki.fi>
parents:
8414
diff
changeset
|
683 for (i = 0; src[i] != NULL; i++) |
d00c446a95df
ACL: Crashfix to previous change. Also fixes "-id" to work correctly with missing "id".
Timo Sirainen <tss@iki.fi>
parents:
8414
diff
changeset
|
684 array_append(&rights, &src[i], 1); |
d00c446a95df
ACL: Crashfix to previous change. Also fixes "-id" to work correctly with missing "id".
Timo Sirainen <tss@iki.fi>
parents:
8414
diff
changeset
|
685 } |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
686 |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
687 *destp = acl_rights_alloc(pool, &rights, dup_strings); |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
688 } |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
689 |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
690 static void acl_backend_vfile_rights_sort(struct acl_object_vfile *aclobj) |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
691 { |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
692 struct acl_rights *rights; |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
693 unsigned int i, dest, count; |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
694 |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
695 if (!array_is_created(&aclobj->rights)) |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
696 return; |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
697 |
9491
0059b2381024
Use array_sort() instead of qsort() wherever possible.
Timo Sirainen <tss@iki.fi>
parents:
9474
diff
changeset
|
698 array_sort(&aclobj->rights, acl_rights_cmp); |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
699 |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
700 /* merge identical identifiers */ |
9491
0059b2381024
Use array_sort() instead of qsort() wherever possible.
Timo Sirainen <tss@iki.fi>
parents:
9474
diff
changeset
|
701 rights = array_get_modifiable(&aclobj->rights, &count); |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
702 for (dest = 0, i = 1; i < count; i++) { |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
703 if (acl_rights_cmp(&rights[i], &rights[dest]) == 0) { |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
704 /* add i's rights to dest and delete i */ |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
705 acl_rights_merge(aclobj->rights_pool, |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
706 &rights[dest].rights, |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
707 rights[i].rights, FALSE); |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
708 acl_rights_merge(aclobj->rights_pool, |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
709 &rights[dest].neg_rights, |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
710 rights[i].neg_rights, FALSE); |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
711 } else { |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
712 if (++dest != i) |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
713 rights[dest] = rights[i]; |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
714 } |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
715 } |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
716 if (++dest != count) |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
717 array_delete(&aclobj->rights, dest, count - dest); |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
718 } |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
719 |
12218
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
720 static void apply_owner_default_rights(struct acl_object *_aclobj) |
8421
2df1b964d32a
acl: Default owner rights override anyone/authenticated/group rights.
Timo Sirainen <tss@iki.fi>
parents:
8420
diff
changeset
|
721 { |
2df1b964d32a
acl: Default owner rights override anyone/authenticated/group rights.
Timo Sirainen <tss@iki.fi>
parents:
8420
diff
changeset
|
722 struct acl_rights_update ru; |
2df1b964d32a
acl: Default owner rights override anyone/authenticated/group rights.
Timo Sirainen <tss@iki.fi>
parents:
8420
diff
changeset
|
723 const char *null = NULL; |
2df1b964d32a
acl: Default owner rights override anyone/authenticated/group rights.
Timo Sirainen <tss@iki.fi>
parents:
8420
diff
changeset
|
724 |
2df1b964d32a
acl: Default owner rights override anyone/authenticated/group rights.
Timo Sirainen <tss@iki.fi>
parents:
8420
diff
changeset
|
725 memset(&ru, 0, sizeof(ru)); |
2df1b964d32a
acl: Default owner rights override anyone/authenticated/group rights.
Timo Sirainen <tss@iki.fi>
parents:
8420
diff
changeset
|
726 ru.modify_mode = ACL_MODIFY_MODE_REPLACE; |
2df1b964d32a
acl: Default owner rights override anyone/authenticated/group rights.
Timo Sirainen <tss@iki.fi>
parents:
8420
diff
changeset
|
727 ru.neg_modify_mode = ACL_MODIFY_MODE_REPLACE; |
2df1b964d32a
acl: Default owner rights override anyone/authenticated/group rights.
Timo Sirainen <tss@iki.fi>
parents:
8420
diff
changeset
|
728 ru.rights.id_type = ACL_ID_OWNER; |
2df1b964d32a
acl: Default owner rights override anyone/authenticated/group rights.
Timo Sirainen <tss@iki.fi>
parents:
8420
diff
changeset
|
729 ru.rights.rights = _aclobj->backend->default_rights; |
2df1b964d32a
acl: Default owner rights override anyone/authenticated/group rights.
Timo Sirainen <tss@iki.fi>
parents:
8420
diff
changeset
|
730 ru.rights.neg_rights = &null; |
2df1b964d32a
acl: Default owner rights override anyone/authenticated/group rights.
Timo Sirainen <tss@iki.fi>
parents:
8420
diff
changeset
|
731 acl_cache_update(_aclobj->backend->cache, _aclobj->name, &ru); |
2df1b964d32a
acl: Default owner rights override anyone/authenticated/group rights.
Timo Sirainen <tss@iki.fi>
parents:
8420
diff
changeset
|
732 } |
2df1b964d32a
acl: Default owner rights override anyone/authenticated/group rights.
Timo Sirainen <tss@iki.fi>
parents:
8420
diff
changeset
|
733 |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
734 static void acl_backend_vfile_cache_rebuild(struct acl_object_vfile *aclobj) |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
735 { |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
736 struct acl_object *_aclobj = &aclobj->aclobj; |
10584
667fea930ec3
acl: Don't give admin rights to all owner mailboxes.
Timo Sirainen <tss@iki.fi>
parents:
10582
diff
changeset
|
737 struct acl_rights_update ru; |
10306
b55069127635
acl: Merge group rights if user belongs to more than one.
Timo Sirainen <tss@iki.fi>
parents:
10082
diff
changeset
|
738 enum acl_modify_mode add_mode; |
12218
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
739 const struct acl_rights *rights, *prev_match = NULL; |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
740 unsigned int i, count; |
12218
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
741 bool first_global = TRUE; |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
742 |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
743 acl_cache_flush(_aclobj->backend->cache, _aclobj->name); |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
744 |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
745 if (!array_is_created(&aclobj->rights)) |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
746 return; |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
747 |
12218
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
748 /* Rights are sorted by their 1) locals first, globals next, |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
749 2) acl_id_type. We'll apply only the rights matching ourself. |
8421
2df1b964d32a
acl: Default owner rights override anyone/authenticated/group rights.
Timo Sirainen <tss@iki.fi>
parents:
8420
diff
changeset
|
750 |
12218
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
751 Every time acl_id_type or local/global changes, the new ACLs will |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
752 replace all of the existing ACLs. Basically this means that if |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
753 user belongs to multiple matching groups or group-overrides, their |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
754 ACLs are merged. In all other situations the ACLs are replaced |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
755 (because there aren't duplicate rights entries and a user can't |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
756 match multiple usernames). */ |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
757 memset(&ru, 0, sizeof(ru)); |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
758 rights = array_get(&aclobj->rights, &count); |
12218
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
759 if (!acl_backend_user_is_owner(_aclobj->backend)) |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
760 i = 0; |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
761 else { |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
762 /* we're the owner. skip over all rights entries until we |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
763 reach ACL_ID_OWNER or higher, or alternatively when we |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
764 reach a global ACL (even ACL_ID_ANYONE overrides owner's |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
765 rights if it's global) */ |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
766 for (i = 0; i < count; i++) { |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
767 if (rights[i].id_type >= ACL_ID_OWNER || |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
768 rights[i].global) |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
769 break; |
8421
2df1b964d32a
acl: Default owner rights override anyone/authenticated/group rights.
Timo Sirainen <tss@iki.fi>
parents:
8420
diff
changeset
|
770 } |
12218
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
771 apply_owner_default_rights(_aclobj); |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
772 /* now continue applying the rest of the rights, |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
773 if there are any */ |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
774 } |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
775 for (; i < count; i++) { |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
776 if (!acl_backend_rights_match_me(_aclobj->backend, &rights[i])) |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
777 continue; |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
778 |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
779 if (prev_match == NULL || |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
780 prev_match->id_type != rights[i].id_type || |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
781 prev_match->global != rights[i].global) { |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
782 /* replace old ACLs */ |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
783 add_mode = ACL_MODIFY_MODE_REPLACE; |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
784 } else { |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
785 /* merging to existing ACLs */ |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
786 i_assert(rights[i].id_type == ACL_ID_GROUP || |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
787 rights[i].id_type == ACL_ID_GROUP_OVERRIDE); |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
788 add_mode = ACL_MODIFY_MODE_ADD; |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
789 } |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
790 prev_match = &rights[i]; |
90642b388d7e
acl: Fixed the logic of merging multiple ACLs.
Timo Sirainen <tss@iki.fi>
parents:
12217
diff
changeset
|
791 |
8415
d00c446a95df
ACL: Crashfix to previous change. Also fixes "-id" to work correctly with missing "id".
Timo Sirainen <tss@iki.fi>
parents:
8414
diff
changeset
|
792 /* If [neg_]rights is NULL it needs to be ignored. |
d00c446a95df
ACL: Crashfix to previous change. Also fixes "-id" to work correctly with missing "id".
Timo Sirainen <tss@iki.fi>
parents:
8414
diff
changeset
|
793 The easiest way to do that is to just mark it with |
d00c446a95df
ACL: Crashfix to previous change. Also fixes "-id" to work correctly with missing "id".
Timo Sirainen <tss@iki.fi>
parents:
8414
diff
changeset
|
794 REMOVE mode */ |
d00c446a95df
ACL: Crashfix to previous change. Also fixes "-id" to work correctly with missing "id".
Timo Sirainen <tss@iki.fi>
parents:
8414
diff
changeset
|
795 ru.modify_mode = rights[i].rights == NULL ? |
10306
b55069127635
acl: Merge group rights if user belongs to more than one.
Timo Sirainen <tss@iki.fi>
parents:
10082
diff
changeset
|
796 ACL_MODIFY_MODE_REMOVE : add_mode; |
8415
d00c446a95df
ACL: Crashfix to previous change. Also fixes "-id" to work correctly with missing "id".
Timo Sirainen <tss@iki.fi>
parents:
8414
diff
changeset
|
797 ru.neg_modify_mode = rights[i].neg_rights == NULL ? |
10306
b55069127635
acl: Merge group rights if user belongs to more than one.
Timo Sirainen <tss@iki.fi>
parents:
10082
diff
changeset
|
798 ACL_MODIFY_MODE_REMOVE : add_mode; |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
799 ru.rights = rights[i]; |
8415
d00c446a95df
ACL: Crashfix to previous change. Also fixes "-id" to work correctly with missing "id".
Timo Sirainen <tss@iki.fi>
parents:
8414
diff
changeset
|
800 if (rights[i].global && first_global) { |
d00c446a95df
ACL: Crashfix to previous change. Also fixes "-id" to work correctly with missing "id".
Timo Sirainen <tss@iki.fi>
parents:
8414
diff
changeset
|
801 /* first global: reset negative ACLs so local ACLs |
d00c446a95df
ACL: Crashfix to previous change. Also fixes "-id" to work correctly with missing "id".
Timo Sirainen <tss@iki.fi>
parents:
8414
diff
changeset
|
802 can't mess things up via them */ |
d00c446a95df
ACL: Crashfix to previous change. Also fixes "-id" to work correctly with missing "id".
Timo Sirainen <tss@iki.fi>
parents:
8414
diff
changeset
|
803 first_global = FALSE; |
d00c446a95df
ACL: Crashfix to previous change. Also fixes "-id" to work correctly with missing "id".
Timo Sirainen <tss@iki.fi>
parents:
8414
diff
changeset
|
804 ru.neg_modify_mode = ACL_MODIFY_MODE_REPLACE; |
d00c446a95df
ACL: Crashfix to previous change. Also fixes "-id" to work correctly with missing "id".
Timo Sirainen <tss@iki.fi>
parents:
8414
diff
changeset
|
805 } |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
806 acl_cache_update(_aclobj->backend->cache, _aclobj->name, &ru); |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
807 } |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
808 } |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
809 |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
810 static int acl_backend_vfile_object_refresh_cache(struct acl_object *_aclobj) |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
811 { |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
812 struct acl_object_vfile *aclobj = (struct acl_object_vfile *)_aclobj; |
5552
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
813 struct acl_backend_vfile *backend = |
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
814 (struct acl_backend_vfile *)_aclobj->backend; |
4289
58a7882ba128
Don't check ACL file's timestamp changes more often than once in a second.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4288
diff
changeset
|
815 struct acl_backend_vfile_validity *old_validity; |
4083
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
816 struct acl_backend_vfile_validity validity; |
5552
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
817 time_t mtime; |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
818 int ret; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
819 |
4083
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
820 old_validity = acl_cache_get_validity(_aclobj->backend->cache, |
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
821 _aclobj->name); |
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
822 ret = acl_backend_vfile_refresh(_aclobj, aclobj->global_path, |
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
823 old_validity == NULL ? NULL : |
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
824 &old_validity->global_validity); |
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
825 if (ret == 0) { |
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
826 ret = acl_backend_vfile_refresh(_aclobj, aclobj->local_path, |
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
827 old_validity == NULL ? NULL : |
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
828 &old_validity->local_validity); |
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
829 } |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
830 if (ret <= 0) |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
831 return ret; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
832 |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
833 /* either global or local ACLs changed, need to re-read both */ |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
834 if (!array_is_created(&aclobj->rights)) { |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
835 aclobj->rights_pool = |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
836 pool_alloconly_create("acl rights", 256); |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
837 i_array_init(&aclobj->rights, 16); |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
838 } else { |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
839 array_clear(&aclobj->rights); |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
840 p_clear(aclobj->rights_pool); |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
841 } |
4083
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
842 |
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
843 memset(&validity, 0, sizeof(validity)); |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
844 if (acl_backend_vfile_read_with_retry(aclobj, TRUE, aclobj->global_path, |
4083
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
845 &validity.global_validity) < 0) |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
846 return -1; |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
847 if (acl_backend_vfile_read_with_retry(aclobj, FALSE, aclobj->local_path, |
4083
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
848 &validity.local_validity) < 0) |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
849 return -1; |
4083
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
850 |
8414
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
851 acl_backend_vfile_rights_sort(aclobj); |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
852 /* update cache only after we've successfully read everything */ |
d486dfe02c1e
Global ACLs now override all local ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8212
diff
changeset
|
853 acl_backend_vfile_cache_rebuild(aclobj); |
4083
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
854 acl_cache_set_validity(_aclobj->backend->cache, |
ed4f01bb4701
Don't keep acl_objects permanently in memory. Moved cache validity information into cache records. Some other cleanups and fixes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4077
diff
changeset
|
855 _aclobj->name, &validity); |
5552
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
856 |
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
857 if (acl_backend_vfile_object_get_mtime(_aclobj, &mtime) == 0) |
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
858 acl_backend_vfile_acllist_verify(backend, _aclobj->name, mtime); |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
859 return 0; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
860 } |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
861 |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
862 static int acl_backend_vfile_update_begin(struct acl_object_vfile *aclobj, |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
863 struct dotlock **dotlock_r) |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
864 { |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
865 struct acl_object *_aclobj = &aclobj->aclobj; |
9537
b373de4973cd
Whenever file's group changing fails, show the group origin in the error message.
Timo Sirainen <tss@iki.fi>
parents:
9504
diff
changeset
|
866 const char *gid_origin; |
12630
82f984d7a241
lib-storage: Merged returning dir mode into mailbox_list_get_[root_]permissions().
Timo Sirainen <tss@iki.fi>
parents:
12586
diff
changeset
|
867 mode_t file_mode, dir_mode; |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
868 gid_t gid; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
869 int fd; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
870 |
11932
ad0ef9c40381
acl: Give a better error message when trying to update ACLs for object without local path.
Timo Sirainen <tss@iki.fi>
parents:
11899
diff
changeset
|
871 if (aclobj->local_path == NULL) { |
ad0ef9c40381
acl: Give a better error message when trying to update ACLs for object without local path.
Timo Sirainen <tss@iki.fi>
parents:
11899
diff
changeset
|
872 i_error("Can't update acl object '%s': No local acl file path", |
ad0ef9c40381
acl: Give a better error message when trying to update ACLs for object without local path.
Timo Sirainen <tss@iki.fi>
parents:
11899
diff
changeset
|
873 aclobj->aclobj.name); |
ad0ef9c40381
acl: Give a better error message when trying to update ACLs for object without local path.
Timo Sirainen <tss@iki.fi>
parents:
11899
diff
changeset
|
874 return -1; |
ad0ef9c40381
acl: Give a better error message when trying to update ACLs for object without local path.
Timo Sirainen <tss@iki.fi>
parents:
11899
diff
changeset
|
875 } |
ad0ef9c40381
acl: Give a better error message when trying to update ACLs for object without local path.
Timo Sirainen <tss@iki.fi>
parents:
11899
diff
changeset
|
876 |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
877 /* first lock the ACL file */ |
8767
e82e0a6b9399
Create all mail/index files'/dirs' permissions based on the mailbox directory.
Timo Sirainen <tss@iki.fi>
parents:
8756
diff
changeset
|
878 mailbox_list_get_permissions(_aclobj->backend->list, _aclobj->name, |
12630
82f984d7a241
lib-storage: Merged returning dir mode into mailbox_list_get_[root_]permissions().
Timo Sirainen <tss@iki.fi>
parents:
12586
diff
changeset
|
879 &file_mode, &dir_mode, &gid, &gid_origin); |
9537
b373de4973cd
Whenever file's group changing fails, show the group origin in the error message.
Timo Sirainen <tss@iki.fi>
parents:
9504
diff
changeset
|
880 fd = file_dotlock_open_group(&dotlock_set, aclobj->local_path, 0, |
12630
82f984d7a241
lib-storage: Merged returning dir mode into mailbox_list_get_[root_]permissions().
Timo Sirainen <tss@iki.fi>
parents:
12586
diff
changeset
|
881 file_mode, gid, gid_origin, dotlock_r); |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
882 if (fd == -1) { |
9537
b373de4973cd
Whenever file's group changing fails, show the group origin in the error message.
Timo Sirainen <tss@iki.fi>
parents:
9504
diff
changeset
|
883 i_error("file_dotlock_open(%s) failed: %m", aclobj->local_path); |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
884 return -1; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
885 } |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
886 |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
887 /* locked successfully, re-read the existing file to make sure we |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
888 don't lose any changes. */ |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
889 acl_cache_flush(_aclobj->backend->cache, _aclobj->name); |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
890 if (acl_backend_vfile_object_refresh_cache(_aclobj) < 0) { |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
891 file_dotlock_delete(dotlock_r); |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
892 return -1; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
893 } |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
894 return fd; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
895 } |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
896 |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
897 static bool modify_right_list(pool_t pool, |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
898 const char *const **rightsp, |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
899 const char *const *modify_rights, |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
900 enum acl_modify_mode modify_mode) |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
901 { |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
902 const char *const *old_rights = *rightsp; |
11069
960a01833e4c
acl: Updating empty ACL to empty triggered unnecessary disk write.
Timo Sirainen <tss@iki.fi>
parents:
10936
diff
changeset
|
903 const char *const *new_rights = NULL; |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
904 const char *null = NULL; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
905 ARRAY_TYPE(const_string) rights; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
906 unsigned int i, j; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
907 |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
908 if (modify_rights == NULL && modify_mode != ACL_MODIFY_MODE_CLEAR) { |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
909 /* nothing to do here */ |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
910 return FALSE; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
911 } |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
912 |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
913 switch (modify_mode) { |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
914 case ACL_MODIFY_MODE_REMOVE: |
9504
e8b202fe3ef8
acl: Handle empty rights (no rights) properly.
Timo Sirainen <tss@iki.fi>
parents:
9491
diff
changeset
|
915 if (old_rights == NULL || *old_rights == NULL) { |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
916 /* nothing to do */ |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
917 return FALSE; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
918 } |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
919 t_array_init(&rights, 64); |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
920 for (i = 0; old_rights[i] != NULL; i++) { |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
921 for (j = 0; modify_rights[j] != NULL; j++) { |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
922 if (strcmp(old_rights[i], modify_rights[j]) == 0) |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
923 break; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
924 } |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
925 if (modify_rights[j] == NULL) |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
926 array_append(&rights, &old_rights[i], 1); |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
927 } |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
928 new_rights = &null; |
9474
836646906a63
acl: Don't assert-crash if removing all rights.
Timo Sirainen <tss@iki.fi>
parents:
9434
diff
changeset
|
929 modify_rights = array_count(&rights) == 0 ? NULL : |
836646906a63
acl: Don't assert-crash if removing all rights.
Timo Sirainen <tss@iki.fi>
parents:
9434
diff
changeset
|
930 array_idx(&rights, 0); |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
931 acl_rights_merge(pool, &new_rights, modify_rights, TRUE); |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
932 break; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
933 case ACL_MODIFY_MODE_ADD: |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
934 new_rights = old_rights; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
935 acl_rights_merge(pool, &new_rights, modify_rights, TRUE); |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
936 break; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
937 case ACL_MODIFY_MODE_REPLACE: |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
938 new_rights = &null; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
939 acl_rights_merge(pool, &new_rights, modify_rights, TRUE); |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
940 break; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
941 case ACL_MODIFY_MODE_CLEAR: |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
942 if (*rightsp == NULL) { |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
943 /* ACL didn't exist before either */ |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
944 return FALSE; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
945 } |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
946 *rightsp = NULL; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
947 return TRUE; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
948 } |
11069
960a01833e4c
acl: Updating empty ACL to empty triggered unnecessary disk write.
Timo Sirainen <tss@iki.fi>
parents:
10936
diff
changeset
|
949 i_assert(new_rights != NULL); |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
950 *rightsp = new_rights; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
951 |
9504
e8b202fe3ef8
acl: Handle empty rights (no rights) properly.
Timo Sirainen <tss@iki.fi>
parents:
9491
diff
changeset
|
952 if (old_rights == NULL) |
11069
960a01833e4c
acl: Updating empty ACL to empty triggered unnecessary disk write.
Timo Sirainen <tss@iki.fi>
parents:
10936
diff
changeset
|
953 return new_rights[0] != NULL; |
9504
e8b202fe3ef8
acl: Handle empty rights (no rights) properly.
Timo Sirainen <tss@iki.fi>
parents:
9491
diff
changeset
|
954 |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
955 /* see if anything changed */ |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
956 for (i = 0; old_rights[i] != NULL && new_rights[i] != NULL; i++) { |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
957 if (strcmp(old_rights[i], new_rights[i]) != 0) |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
958 return TRUE; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
959 } |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
960 return old_rights[i] != NULL || new_rights[i] != NULL; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
961 } |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
962 |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
963 static bool |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
964 vfile_object_modify_right(struct acl_object_vfile *aclobj, unsigned int idx, |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
965 const struct acl_rights_update *update) |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
966 { |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
967 struct acl_rights *right; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
968 bool c1, c2; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
969 |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
970 right = array_idx_modifiable(&aclobj->rights, idx); |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
971 c1 = modify_right_list(aclobj->rights_pool, &right->rights, |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
972 update->rights.rights, update->modify_mode); |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
973 c2 = modify_right_list(aclobj->rights_pool, &right->neg_rights, |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
974 update->rights.neg_rights, |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
975 update->neg_modify_mode); |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
976 |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
977 if (right->rights == NULL && right->neg_rights == NULL) { |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
978 /* this identifier no longer exists */ |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
979 array_delete(&aclobj->rights, idx, 1); |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
980 c1 = TRUE; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
981 } |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
982 return c1 || c2; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
983 } |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
984 |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
985 static bool |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
986 vfile_object_add_right(struct acl_object_vfile *aclobj, unsigned int idx, |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
987 const struct acl_rights_update *update) |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
988 { |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
989 struct acl_rights right; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
990 |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
991 if (update->modify_mode == ACL_MODIFY_MODE_REMOVE && |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
992 update->neg_modify_mode == ACL_MODIFY_MODE_REMOVE) { |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
993 /* nothing to do */ |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
994 return FALSE; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
995 } |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
996 |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
997 memset(&right, 0, sizeof(right)); |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
998 right.id_type = update->rights.id_type; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
999 right.identifier = p_strdup(aclobj->rights_pool, |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1000 update->rights.identifier); |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1001 array_insert(&aclobj->rights, idx, &right, 1); |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1002 return vfile_object_modify_right(aclobj, idx, update); |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1003 } |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1004 |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1005 static void vfile_write_rights_list(string_t *dest, const char *const *rights) |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1006 { |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1007 char c2[2]; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1008 unsigned int i, j, pos; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1009 |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1010 c2[1] = '\0'; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1011 pos = str_len(dest); |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1012 for (i = 0; rights[i] != NULL; i++) { |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1013 /* use letters if possible */ |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1014 for (j = 0; acl_letter_map[j].name != NULL; j++) { |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1015 if (strcmp(rights[i], acl_letter_map[j].name) == 0) { |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1016 c2[0] = acl_letter_map[j].letter; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1017 str_insert(dest, pos, c2); |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1018 pos++; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1019 break; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1020 } |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1021 } |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1022 if (acl_letter_map[j].name == NULL) { |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1023 /* fallback to full name */ |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1024 str_append_c(dest, ' '); |
8455
645af8d240d6
acl: Fixes to handling extended ACL names.
Timo Sirainen <tss@iki.fi>
parents:
8439
diff
changeset
|
1025 str_append(dest, rights[i]); |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1026 } |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1027 } |
8455
645af8d240d6
acl: Fixes to handling extended ACL names.
Timo Sirainen <tss@iki.fi>
parents:
8439
diff
changeset
|
1028 if (pos + 1 < str_len(dest)) { |
645af8d240d6
acl: Fixes to handling extended ACL names.
Timo Sirainen <tss@iki.fi>
parents:
8439
diff
changeset
|
1029 c2[0] = ':'; |
645af8d240d6
acl: Fixes to handling extended ACL names.
Timo Sirainen <tss@iki.fi>
parents:
8439
diff
changeset
|
1030 str_insert(dest, pos + 1, c2); |
645af8d240d6
acl: Fixes to handling extended ACL names.
Timo Sirainen <tss@iki.fi>
parents:
8439
diff
changeset
|
1031 } |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1032 } |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1033 |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1034 static void |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1035 vfile_write_right(string_t *dest, const struct acl_rights *right, |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1036 bool neg) |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1037 { |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1038 const char *const *rights = neg ? right->neg_rights : right->rights; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1039 |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1040 if (neg) str_append_c(dest,'-'); |
8433
dfe39e9a9e78
Initial support for LISTing users with shared mailboxes.
Timo Sirainen <tss@iki.fi>
parents:
8430
diff
changeset
|
1041 acl_rights_write_id(dest, right); |
9658
f29a25420a82
acl: Support spaces in user/group identifiers.
Timo Sirainen <tss@iki.fi>
parents:
9609
diff
changeset
|
1042 |
f29a25420a82
acl: Support spaces in user/group identifiers.
Timo Sirainen <tss@iki.fi>
parents:
9609
diff
changeset
|
1043 if (strchr(str_c(dest), ' ') != NULL) T_BEGIN { |
f29a25420a82
acl: Support spaces in user/group identifiers.
Timo Sirainen <tss@iki.fi>
parents:
9609
diff
changeset
|
1044 /* need to escape it */ |
f29a25420a82
acl: Support spaces in user/group identifiers.
Timo Sirainen <tss@iki.fi>
parents:
9609
diff
changeset
|
1045 const char *escaped = t_strdup(str_escape(str_c(dest))); |
f29a25420a82
acl: Support spaces in user/group identifiers.
Timo Sirainen <tss@iki.fi>
parents:
9609
diff
changeset
|
1046 str_truncate(dest, 0); |
f29a25420a82
acl: Support spaces in user/group identifiers.
Timo Sirainen <tss@iki.fi>
parents:
9609
diff
changeset
|
1047 str_printfa(dest, "\"%s\"", escaped); |
f29a25420a82
acl: Support spaces in user/group identifiers.
Timo Sirainen <tss@iki.fi>
parents:
9609
diff
changeset
|
1048 } T_END; |
f29a25420a82
acl: Support spaces in user/group identifiers.
Timo Sirainen <tss@iki.fi>
parents:
9609
diff
changeset
|
1049 |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1050 str_append_c(dest, ' '); |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1051 vfile_write_rights_list(dest, rights); |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1052 str_append_c(dest, '\n'); |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1053 } |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1054 |
4801
53b73f19a652
Fixed some warnings with older gccs.
Timo Sirainen <tss@iki.fi>
parents:
4596
diff
changeset
|
1055 static int |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1056 acl_backend_vfile_update_write(struct acl_object_vfile *aclobj, |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1057 int fd, const char *path) |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
1058 { |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1059 struct ostream *output; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1060 string_t *str; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1061 const struct acl_rights *rights; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1062 unsigned int i, count; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1063 int ret = 0; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1064 |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1065 output = o_stream_create_fd_file(fd, 0, FALSE); |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1066 o_stream_cork(output); |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1067 |
9658
f29a25420a82
acl: Support spaces in user/group identifiers.
Timo Sirainen <tss@iki.fi>
parents:
9609
diff
changeset
|
1068 str = str_new(default_pool, 256); |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1069 /* rights are sorted with globals at the end, so we can stop at the |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1070 first global */ |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1071 rights = array_get(&aclobj->rights, &count); |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1072 for (i = 0; i < count && !rights[i].global; i++) { |
12769
5b16b5436e4e
acl: Added doveadm plugin supporting acl get/set/rights commands.
Timo Sirainen <tss@iki.fi>
parents:
12630
diff
changeset
|
1073 if (rights[i].rights != NULL) { |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1074 vfile_write_right(str, &rights[i], FALSE); |
12769
5b16b5436e4e
acl: Added doveadm plugin supporting acl get/set/rights commands.
Timo Sirainen <tss@iki.fi>
parents:
12630
diff
changeset
|
1075 o_stream_send(output, str_data(str), str_len(str)); |
5b16b5436e4e
acl: Added doveadm plugin supporting acl get/set/rights commands.
Timo Sirainen <tss@iki.fi>
parents:
12630
diff
changeset
|
1076 str_truncate(str, 0); |
5b16b5436e4e
acl: Added doveadm plugin supporting acl get/set/rights commands.
Timo Sirainen <tss@iki.fi>
parents:
12630
diff
changeset
|
1077 } |
5b16b5436e4e
acl: Added doveadm plugin supporting acl get/set/rights commands.
Timo Sirainen <tss@iki.fi>
parents:
12630
diff
changeset
|
1078 if (rights[i].neg_rights != NULL) { |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1079 vfile_write_right(str, &rights[i], TRUE); |
12769
5b16b5436e4e
acl: Added doveadm plugin supporting acl get/set/rights commands.
Timo Sirainen <tss@iki.fi>
parents:
12630
diff
changeset
|
1080 o_stream_send(output, str_data(str), str_len(str)); |
5b16b5436e4e
acl: Added doveadm plugin supporting acl get/set/rights commands.
Timo Sirainen <tss@iki.fi>
parents:
12630
diff
changeset
|
1081 str_truncate(str, 0); |
5b16b5436e4e
acl: Added doveadm plugin supporting acl get/set/rights commands.
Timo Sirainen <tss@iki.fi>
parents:
12630
diff
changeset
|
1082 } |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1083 } |
9658
f29a25420a82
acl: Support spaces in user/group identifiers.
Timo Sirainen <tss@iki.fi>
parents:
9609
diff
changeset
|
1084 str_free(&str); |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1085 if (o_stream_flush(output) < 0) { |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1086 i_error("write(%s) failed: %m", path); |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1087 ret = -1; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1088 } |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1089 o_stream_destroy(&output); |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1090 /* we really don't want to lose ACL files' contents, so fsync() always |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1091 before renaming */ |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1092 if (fsync(fd) < 0) { |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1093 i_error("fsync(%s) failed: %m", path); |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1094 ret = -1; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1095 } |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1096 return ret; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1097 } |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1098 |
8422
6d97abf20724
acl: After updating ACLs, try to avoid re-reading the ACLs on next access.
Timo Sirainen <tss@iki.fi>
parents:
8421
diff
changeset
|
1099 static void acl_backend_vfile_update_cache(struct acl_object *_aclobj, int fd) |
6d97abf20724
acl: After updating ACLs, try to avoid re-reading the ACLs on next access.
Timo Sirainen <tss@iki.fi>
parents:
8421
diff
changeset
|
1100 { |
6d97abf20724
acl: After updating ACLs, try to avoid re-reading the ACLs on next access.
Timo Sirainen <tss@iki.fi>
parents:
8421
diff
changeset
|
1101 struct acl_backend_vfile_validity *validity; |
6d97abf20724
acl: After updating ACLs, try to avoid re-reading the ACLs on next access.
Timo Sirainen <tss@iki.fi>
parents:
8421
diff
changeset
|
1102 struct stat st; |
6d97abf20724
acl: After updating ACLs, try to avoid re-reading the ACLs on next access.
Timo Sirainen <tss@iki.fi>
parents:
8421
diff
changeset
|
1103 |
6d97abf20724
acl: After updating ACLs, try to avoid re-reading the ACLs on next access.
Timo Sirainen <tss@iki.fi>
parents:
8421
diff
changeset
|
1104 if (fstat(fd, &st) < 0) { |
6d97abf20724
acl: After updating ACLs, try to avoid re-reading the ACLs on next access.
Timo Sirainen <tss@iki.fi>
parents:
8421
diff
changeset
|
1105 /* we'll just recalculate or fail it later */ |
6d97abf20724
acl: After updating ACLs, try to avoid re-reading the ACLs on next access.
Timo Sirainen <tss@iki.fi>
parents:
8421
diff
changeset
|
1106 acl_cache_flush(_aclobj->backend->cache, _aclobj->name); |
6d97abf20724
acl: After updating ACLs, try to avoid re-reading the ACLs on next access.
Timo Sirainen <tss@iki.fi>
parents:
8421
diff
changeset
|
1107 return; |
6d97abf20724
acl: After updating ACLs, try to avoid re-reading the ACLs on next access.
Timo Sirainen <tss@iki.fi>
parents:
8421
diff
changeset
|
1108 } |
6d97abf20724
acl: After updating ACLs, try to avoid re-reading the ACLs on next access.
Timo Sirainen <tss@iki.fi>
parents:
8421
diff
changeset
|
1109 |
6d97abf20724
acl: After updating ACLs, try to avoid re-reading the ACLs on next access.
Timo Sirainen <tss@iki.fi>
parents:
8421
diff
changeset
|
1110 validity = acl_cache_get_validity(_aclobj->backend->cache, |
6d97abf20724
acl: After updating ACLs, try to avoid re-reading the ACLs on next access.
Timo Sirainen <tss@iki.fi>
parents:
8421
diff
changeset
|
1111 _aclobj->name); |
6d97abf20724
acl: After updating ACLs, try to avoid re-reading the ACLs on next access.
Timo Sirainen <tss@iki.fi>
parents:
8421
diff
changeset
|
1112 validity->local_validity.last_read_time = ioloop_time; |
6d97abf20724
acl: After updating ACLs, try to avoid re-reading the ACLs on next access.
Timo Sirainen <tss@iki.fi>
parents:
8421
diff
changeset
|
1113 validity->local_validity.last_mtime = st.st_mtime; |
6d97abf20724
acl: After updating ACLs, try to avoid re-reading the ACLs on next access.
Timo Sirainen <tss@iki.fi>
parents:
8421
diff
changeset
|
1114 validity->local_validity.last_size = st.st_size; |
6d97abf20724
acl: After updating ACLs, try to avoid re-reading the ACLs on next access.
Timo Sirainen <tss@iki.fi>
parents:
8421
diff
changeset
|
1115 } |
6d97abf20724
acl: After updating ACLs, try to avoid re-reading the ACLs on next access.
Timo Sirainen <tss@iki.fi>
parents:
8421
diff
changeset
|
1116 |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1117 static int |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1118 acl_backend_vfile_object_update(struct acl_object *_aclobj, |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1119 const struct acl_rights_update *update) |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1120 { |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1121 struct acl_object_vfile *aclobj = (struct acl_object_vfile *)_aclobj; |
8430
23aee2534249
acl: When lookup ACLs are changed, make sure dovecot-acl-list is updated.
Timo Sirainen <tss@iki.fi>
parents:
8428
diff
changeset
|
1122 struct acl_backend_vfile *backend = |
23aee2534249
acl: When lookup ACLs are changed, make sure dovecot-acl-list is updated.
Timo Sirainen <tss@iki.fi>
parents:
8428
diff
changeset
|
1123 (struct acl_backend_vfile *)_aclobj->backend; |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1124 struct dotlock *dotlock; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1125 const char *path; |
9609 | 1126 unsigned int i; |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1127 int fd; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1128 bool changed; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1129 |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1130 /* global ACLs can't be updated here */ |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1131 i_assert(!update->rights.global); |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1132 |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1133 fd = acl_backend_vfile_update_begin(aclobj, &dotlock); |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1134 if (fd == -1) |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1135 return -1; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1136 |
9609 | 1137 if (!array_bsearch_insert_pos(&aclobj->rights, &update->rights, |
1138 acl_rights_cmp, &i)) | |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1139 changed = vfile_object_add_right(aclobj, i, update); |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1140 else |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1141 changed = vfile_object_modify_right(aclobj, i, update); |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1142 if (!changed) { |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1143 file_dotlock_delete(&dotlock); |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1144 return 0; |
8430
23aee2534249
acl: When lookup ACLs are changed, make sure dovecot-acl-list is updated.
Timo Sirainen <tss@iki.fi>
parents:
8428
diff
changeset
|
1145 } |
23aee2534249
acl: When lookup ACLs are changed, make sure dovecot-acl-list is updated.
Timo Sirainen <tss@iki.fi>
parents:
8428
diff
changeset
|
1146 |
23aee2534249
acl: When lookup ACLs are changed, make sure dovecot-acl-list is updated.
Timo Sirainen <tss@iki.fi>
parents:
8428
diff
changeset
|
1147 /* ACLs were really changed, write the new ones */ |
23aee2534249
acl: When lookup ACLs are changed, make sure dovecot-acl-list is updated.
Timo Sirainen <tss@iki.fi>
parents:
8428
diff
changeset
|
1148 path = file_dotlock_get_lock_path(dotlock); |
23aee2534249
acl: When lookup ACLs are changed, make sure dovecot-acl-list is updated.
Timo Sirainen <tss@iki.fi>
parents:
8428
diff
changeset
|
1149 if (acl_backend_vfile_update_write(aclobj, fd, path) < 0) { |
23aee2534249
acl: When lookup ACLs are changed, make sure dovecot-acl-list is updated.
Timo Sirainen <tss@iki.fi>
parents:
8428
diff
changeset
|
1150 file_dotlock_delete(&dotlock); |
23aee2534249
acl: When lookup ACLs are changed, make sure dovecot-acl-list is updated.
Timo Sirainen <tss@iki.fi>
parents:
8428
diff
changeset
|
1151 acl_cache_flush(_aclobj->backend->cache, _aclobj->name); |
23aee2534249
acl: When lookup ACLs are changed, make sure dovecot-acl-list is updated.
Timo Sirainen <tss@iki.fi>
parents:
8428
diff
changeset
|
1152 return -1; |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1153 } |
8430
23aee2534249
acl: When lookup ACLs are changed, make sure dovecot-acl-list is updated.
Timo Sirainen <tss@iki.fi>
parents:
8428
diff
changeset
|
1154 acl_backend_vfile_update_cache(_aclobj, fd); |
23aee2534249
acl: When lookup ACLs are changed, make sure dovecot-acl-list is updated.
Timo Sirainen <tss@iki.fi>
parents:
8428
diff
changeset
|
1155 if (file_dotlock_replace(&dotlock, 0) < 0) { |
23aee2534249
acl: When lookup ACLs are changed, make sure dovecot-acl-list is updated.
Timo Sirainen <tss@iki.fi>
parents:
8428
diff
changeset
|
1156 acl_cache_flush(_aclobj->backend->cache, _aclobj->name); |
23aee2534249
acl: When lookup ACLs are changed, make sure dovecot-acl-list is updated.
Timo Sirainen <tss@iki.fi>
parents:
8428
diff
changeset
|
1157 return -1; |
23aee2534249
acl: When lookup ACLs are changed, make sure dovecot-acl-list is updated.
Timo Sirainen <tss@iki.fi>
parents:
8428
diff
changeset
|
1158 } |
12094
cbc30c72b3ce
acl: Make sure acl-list and dict is rebuild when replacing/clearing ACLs
Timo Sirainen <tss@iki.fi>
parents:
11943
diff
changeset
|
1159 /* make sure dovecot-acl-list gets updated if we changed any |
8430
23aee2534249
acl: When lookup ACLs are changed, make sure dovecot-acl-list is updated.
Timo Sirainen <tss@iki.fi>
parents:
8428
diff
changeset
|
1160 lookup rights. */ |
12094
cbc30c72b3ce
acl: Make sure acl-list and dict is rebuild when replacing/clearing ACLs
Timo Sirainen <tss@iki.fi>
parents:
11943
diff
changeset
|
1161 if (acl_rights_has_nonowner_lookup_changes(&update->rights) || |
cbc30c72b3ce
acl: Make sure acl-list and dict is rebuild when replacing/clearing ACLs
Timo Sirainen <tss@iki.fi>
parents:
11943
diff
changeset
|
1162 update->modify_mode == ACL_MODIFY_MODE_REPLACE || |
cbc30c72b3ce
acl: Make sure acl-list and dict is rebuild when replacing/clearing ACLs
Timo Sirainen <tss@iki.fi>
parents:
11943
diff
changeset
|
1163 update->modify_mode == ACL_MODIFY_MODE_CLEAR) |
8430
23aee2534249
acl: When lookup ACLs are changed, make sure dovecot-acl-list is updated.
Timo Sirainen <tss@iki.fi>
parents:
8428
diff
changeset
|
1164 (void)acl_backend_vfile_acllist_rebuild(backend); |
23aee2534249
acl: When lookup ACLs are changed, make sure dovecot-acl-list is updated.
Timo Sirainen <tss@iki.fi>
parents:
8428
diff
changeset
|
1165 return 0; |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
1166 } |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
1167 |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
1168 static struct acl_object_list_iter * |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1169 acl_backend_vfile_object_list_init(struct acl_object *_aclobj) |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
1170 { |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1171 struct acl_object_vfile *aclobj = |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1172 (struct acl_object_vfile *)_aclobj; |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
1173 struct acl_object_list_iter *iter; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
1174 |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
1175 iter = i_new(struct acl_object_list_iter, 1); |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1176 iter->aclobj = _aclobj; |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1177 |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1178 if (!array_is_created(&aclobj->rights)) { |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1179 /* we may have the object cached, but we don't have all the |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1180 rights read into memory */ |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1181 acl_cache_flush(_aclobj->backend->cache, _aclobj->name); |
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1182 } |
5552
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
1183 |
8418
29b1ec15880a
Added IMAP ACL commands with ability to modify ACLs.
Timo Sirainen <tss@iki.fi>
parents:
8415
diff
changeset
|
1184 if (_aclobj->backend->v.object_refresh_cache(_aclobj) < 0) |
5552
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
1185 iter->failed = TRUE; |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
1186 return iter; |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
1187 } |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
1188 |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
1189 static int |
5552
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
1190 acl_backend_vfile_object_list_next(struct acl_object_list_iter *iter, |
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
1191 struct acl_rights *rights_r) |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
1192 { |
5552
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
1193 struct acl_object_vfile *aclobj = |
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
1194 (struct acl_object_vfile *)iter->aclobj; |
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
1195 const struct acl_rights *rights; |
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
1196 |
8756
be1d1c722c92
imap-acl: GETACL: Convert "owner" to the actual username whenever possible.
Timo Sirainen <tss@iki.fi>
parents:
8590
diff
changeset
|
1197 if (iter->idx == array_count(&aclobj->rights)) |
be1d1c722c92
imap-acl: GETACL: Convert "owner" to the actual username whenever possible.
Timo Sirainen <tss@iki.fi>
parents:
8590
diff
changeset
|
1198 return 0; |
5552
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
1199 |
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
1200 rights = array_idx(&aclobj->rights, iter->idx++); |
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
1201 *rights_r = *rights; |
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
1202 return 1; |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
1203 } |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
1204 |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
1205 static void |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
1206 acl_backend_vfile_object_list_deinit(struct acl_object_list_iter *iter) |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
1207 { |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
1208 i_free(iter); |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
1209 } |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
1210 |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
1211 struct acl_backend_vfuncs acl_backend_vfile = { |
4964
3ed0749731d2
If debug is enabled, log some debugging messages. Also cleaned up the code
Timo Sirainen <tss@iki.fi>
parents:
4801
diff
changeset
|
1212 acl_backend_vfile_alloc, |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
1213 acl_backend_vfile_init, |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
1214 acl_backend_vfile_deinit, |
5552
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
1215 acl_backend_vfile_nonowner_iter_init, |
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
1216 acl_backend_vfile_nonowner_iter_next, |
71b5fd371b9a
Create dovecot-acl-list file that lists all mailboxes where non-owner has
Timo Sirainen <tss@iki.fi>
parents:
5551
diff
changeset
|
1217 acl_backend_vfile_nonowner_iter_deinit, |
12777
988e363ac17d
acl: Added acl_backend_nonowner_lookups_rebuild()
Timo Sirainen <tss@iki.fi>
parents:
12769
diff
changeset
|
1218 acl_backend_vfile_nonowner_lookups_rebuild, |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
1219 acl_backend_vfile_object_init, |
8165
459c4c496983
acl: Fixed handling 'k' right. Although box/child creation was prevented, box/child/child wasn't.
Timo Sirainen <tss@iki.fi>
parents:
7469
diff
changeset
|
1220 acl_backend_vfile_object_init_parent, |
4077
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
1221 acl_backend_vfile_object_deinit, |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
1222 acl_backend_vfile_object_refresh_cache, |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
1223 acl_backend_vfile_object_update, |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
1224 acl_backend_vfile_object_list_init, |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
1225 acl_backend_vfile_object_list_next, |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
1226 acl_backend_vfile_object_list_deinit |
73573b9ecb00
Added initial support for ACLs. Currently supports reading the ACLs from files. Since no proper support for shared folders exist yet, this is mostly intended to be used only for preventing users from fully accessing the mailboxes they'd otherwise have full access to. It anyway does support "master user" having different ACLs to mailboxes.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
1227 }; |