Mercurial > dovecot > original-hg > dovecot-1.2
changeset 8424:e758515bbbbf HEAD
IMAP ACLs: Unless acl_anyone=allow, disallow adding "anyone" and "authenticated" identifiers.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Sun, 16 Nov 2008 14:33:11 +0200 |
parents | 1f93b1bd8a32 |
children | 65d005f2c28b |
files | src/plugins/imap-acl/imap-acl-plugin.c |
diffstat | 1 files changed, 24 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/src/plugins/imap-acl/imap-acl-plugin.c Sun Nov 16 14:24:52 2008 +0200 +++ b/src/plugins/imap-acl/imap-acl-plugin.c Sun Nov 16 14:33:11 2008 +0200 @@ -45,6 +45,8 @@ { '\0', NULL } }; +static bool acl_anyone_allow = FALSE; + static struct mailbox * acl_mailbox_open_as_admin(struct client_command_context *cmd, const char *name) { @@ -310,7 +312,7 @@ static int imap_acl_identifier_parse(const char *id, struct acl_rights *rights, - const char **error_r) + bool check_anyone, const char **error_r) { if (strncmp(id, IMAP_ACL_GLOBAL_PREFIX, strlen(IMAP_ACL_GLOBAL_PREFIX)) == 0) { @@ -319,11 +321,19 @@ return -1; } - if (strcmp(id, IMAP_ACL_ANYONE) == 0) + if (strcmp(id, IMAP_ACL_ANYONE) == 0) { + if (!acl_anyone_allow && check_anyone) { + *error_r = "'anyone' identifier is disallowed"; + return -1; + } rights->id_type = ACL_ID_ANYONE; - else if (strcmp(id, IMAP_ACL_AUTHENTICATED) == 0) + } else if (strcmp(id, IMAP_ACL_AUTHENTICATED) == 0) { + if (!acl_anyone_allow && check_anyone) { + *error_r = "'authenticated' identifier is disallowed"; + return -1; + } rights->id_type = ACL_ID_AUTHENTICATED; - else if (strcmp(id, IMAP_ACL_OWNER) == 0) + } else if (strcmp(id, IMAP_ACL_OWNER) == 0) rights->id_type = ACL_ID_OWNER; else if (strncmp(id, IMAP_ACL_GROUP_PREFIX, strlen(IMAP_ACL_GROUP_PREFIX)) == 0) { @@ -360,7 +370,8 @@ identifier++; } - if (imap_acl_identifier_parse(identifier, &update.rights, &error) < 0) { + if (imap_acl_identifier_parse(identifier, &update.rights, + TRUE, &error) < 0) { client_send_command_error(cmd, error); return TRUE; } @@ -422,7 +433,8 @@ identifier++; } - if (imap_acl_identifier_parse(identifier, &update.rights, &error) < 0) { + if (imap_acl_identifier_parse(identifier, &update.rights, + FALSE, &error) < 0) { client_send_command_error(cmd, error); return TRUE; } @@ -441,9 +453,15 @@ void imap_acl_plugin_init(void) { + const char *env; + if (getenv("ACL") == NULL) return; + env = getenv("ACL_ANYONE"); + if (env != NULL) + acl_anyone_allow = strcmp(env, "allow") == 0; + str_append(capability_string, " ACL RIGHTS=texk"); command_register("LISTRIGHTS", cmd_listrights, 0);