Mercurial > dovecot > core-2.2
changeset 10584:667fea930ec3 HEAD
acl: Don't give admin rights to all owner mailboxes.
The SETACL IMAP command should already prevent this. If this situation is
created by modifying dovecot-acl file manually, it's probably intentional.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Mon, 25 Jan 2010 20:40:25 +0200 |
parents | 0ff07b4ad306 |
children | 941511db13c3 |
files | src/plugins/acl/acl-backend-vfile.c |
diffstat | 1 files changed, 1 insertions(+), 16 deletions(-) [+] |
line wrap: on
line diff
--- a/src/plugins/acl/acl-backend-vfile.c Mon Jan 25 20:24:54 2010 +0200 +++ b/src/plugins/acl/acl-backend-vfile.c Mon Jan 25 20:40:25 2010 +0200 @@ -756,10 +756,9 @@ static void acl_backend_vfile_cache_rebuild(struct acl_object_vfile *aclobj) { - static const char *const admin_rights[] = { MAIL_ACL_ADMIN, NULL }; struct mail_namespace *ns; struct acl_object *_aclobj = &aclobj->aclobj; - struct acl_rights_update ru, ru2; + struct acl_rights_update ru; enum acl_modify_mode add_mode; const struct acl_rights *rights; unsigned int i, count; @@ -771,11 +770,6 @@ return; ns = mailbox_list_get_namespace(_aclobj->backend->list); - memset(&ru2, 0, sizeof(ru2)); - ru2.modify_mode = ACL_MODIFY_MODE_ADD; - ru2.rights.id_type = ACL_ID_OWNER; - ru2.rights.rights = admin_rights; - owner_applied = ns->type != NAMESPACE_PRIVATE; memset(&ru, 0, sizeof(ru)); @@ -806,20 +800,11 @@ can't mess things up via them */ first_global = FALSE; ru.neg_modify_mode = ACL_MODIFY_MODE_REPLACE; - - if (ns->type == NAMESPACE_PRIVATE) { - /* make sure owner has admin rights - (at least before global ACLs are applied) */ - acl_cache_update(_aclobj->backend->cache, - _aclobj->name, &ru2); - } } acl_cache_update(_aclobj->backend->cache, _aclobj->name, &ru); } if (!owner_applied && count > 0) apply_owner_rights(_aclobj); - else if (first_global && ns->type == NAMESPACE_PRIVATE) - acl_cache_update(_aclobj->backend->cache, _aclobj->name, &ru2); } static int acl_backend_vfile_object_refresh_cache(struct acl_object *_aclobj)