diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 09:51:24 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 09:51:24 +0000 |
commit | f7548d6d28c313cf80e6f3ef89aed16a19815df1 (patch) | |
tree | a3f6f2a3f247293bee59ecd28e8cd8ceb6ca064a /src/plugins/imap-acl | |
parent | Initial commit. (diff) | |
download | dovecot-f7548d6d28c313cf80e6f3ef89aed16a19815df1.tar.xz dovecot-f7548d6d28c313cf80e6f3ef89aed16a19815df1.zip |
Adding upstream version 1:2.3.19.1+dfsg1.upstream/1%2.3.19.1+dfsg1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/plugins/imap-acl')
-rw-r--r-- | src/plugins/imap-acl/Makefile.am | 31 | ||||
-rw-r--r-- | src/plugins/imap-acl/Makefile.in | 831 | ||||
-rw-r--r-- | src/plugins/imap-acl/imap-acl-plugin.c | 1128 | ||||
-rw-r--r-- | src/plugins/imap-acl/imap-acl-plugin.h | 12 |
4 files changed, 2002 insertions, 0 deletions
diff --git a/src/plugins/imap-acl/Makefile.am b/src/plugins/imap-acl/Makefile.am new file mode 100644 index 0000000..c683974 --- /dev/null +++ b/src/plugins/imap-acl/Makefile.am @@ -0,0 +1,31 @@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/lib \ + -I$(top_srcdir)/src/lib-mail \ + -I$(top_srcdir)/src/lib-imap \ + -I$(top_srcdir)/src/lib-index \ + -I$(top_srcdir)/src/lib-storage \ + -I$(top_srcdir)/src/lib-storage/index \ + -I$(top_srcdir)/src/lib-storage/index/imapc \ + -I$(top_srcdir)/src/imap \ + -I$(top_srcdir)/src/plugins/acl \ + -I$(top_srcdir)/src/lib-imap-client \ + -I$(top_srcdir)/src/lib-ssl-iostream + +imap_moduledir = $(moduledir) + +NOPLUGIN_LDFLAGS = +lib02_imap_acl_plugin_la_LDFLAGS = -module -avoid-version + +imap_module_LTLIBRARIES = \ + lib02_imap_acl_plugin.la + +if DOVECOT_PLUGIN_DEPS +lib02_imap_acl_plugin_la_LIBADD = \ + ../acl/lib01_acl_plugin.la +endif + +lib02_imap_acl_plugin_la_SOURCES = \ + imap-acl-plugin.c + +noinst_HEADERS = \ + imap-acl-plugin.h diff --git a/src/plugins/imap-acl/Makefile.in b/src/plugins/imap-acl/Makefile.in new file mode 100644 index 0000000..9f284af --- /dev/null +++ b/src/plugins/imap-acl/Makefile.in @@ -0,0 +1,831 @@ +# Makefile.in generated by automake 1.16.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2018 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + + +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/plugins/imap-acl +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/ac_checktype2.m4 \ + $(top_srcdir)/m4/ac_typeof.m4 $(top_srcdir)/m4/arc4random.m4 \ + $(top_srcdir)/m4/blockdev.m4 $(top_srcdir)/m4/c99_vsnprintf.m4 \ + $(top_srcdir)/m4/clock_gettime.m4 $(top_srcdir)/m4/crypt.m4 \ + $(top_srcdir)/m4/crypt_xpg6.m4 $(top_srcdir)/m4/dbqlk.m4 \ + $(top_srcdir)/m4/dirent_dtype.m4 $(top_srcdir)/m4/dovecot.m4 \ + $(top_srcdir)/m4/fd_passing.m4 $(top_srcdir)/m4/fdatasync.m4 \ + $(top_srcdir)/m4/flexible_array_member.m4 \ + $(top_srcdir)/m4/glibc.m4 $(top_srcdir)/m4/gmtime_max.m4 \ + $(top_srcdir)/m4/gmtime_tm_gmtoff.m4 \ + $(top_srcdir)/m4/ioloop.m4 $(top_srcdir)/m4/iovec.m4 \ + $(top_srcdir)/m4/ipv6.m4 $(top_srcdir)/m4/libcap.m4 \ + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/libwrap.m4 \ + $(top_srcdir)/m4/linux_mremap.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/mmap_write.m4 \ + $(top_srcdir)/m4/mntctl.m4 $(top_srcdir)/m4/modules.m4 \ + $(top_srcdir)/m4/notify.m4 $(top_srcdir)/m4/nsl.m4 \ + $(top_srcdir)/m4/off_t_max.m4 $(top_srcdir)/m4/pkg.m4 \ + $(top_srcdir)/m4/pr_set_dumpable.m4 \ + $(top_srcdir)/m4/q_quotactl.m4 $(top_srcdir)/m4/quota.m4 \ + $(top_srcdir)/m4/random.m4 $(top_srcdir)/m4/rlimit.m4 \ + $(top_srcdir)/m4/sendfile.m4 $(top_srcdir)/m4/size_t_signed.m4 \ + $(top_srcdir)/m4/sockpeercred.m4 $(top_srcdir)/m4/sql.m4 \ + $(top_srcdir)/m4/ssl.m4 $(top_srcdir)/m4/st_tim.m4 \ + $(top_srcdir)/m4/static_array.m4 $(top_srcdir)/m4/test_with.m4 \ + $(top_srcdir)/m4/time_t.m4 $(top_srcdir)/m4/typeof.m4 \ + $(top_srcdir)/m4/typeof_dev_t.m4 \ + $(top_srcdir)/m4/uoff_t_max.m4 $(top_srcdir)/m4/vararg.m4 \ + $(top_srcdir)/m4/want_apparmor.m4 \ + $(top_srcdir)/m4/want_bsdauth.m4 \ + $(top_srcdir)/m4/want_bzlib.m4 \ + $(top_srcdir)/m4/want_cassandra.m4 \ + $(top_srcdir)/m4/want_cdb.m4 \ + $(top_srcdir)/m4/want_checkpassword.m4 \ + $(top_srcdir)/m4/want_clucene.m4 $(top_srcdir)/m4/want_db.m4 \ + $(top_srcdir)/m4/want_gssapi.m4 $(top_srcdir)/m4/want_icu.m4 \ + $(top_srcdir)/m4/want_ldap.m4 $(top_srcdir)/m4/want_lua.m4 \ + $(top_srcdir)/m4/want_lz4.m4 $(top_srcdir)/m4/want_lzma.m4 \ + $(top_srcdir)/m4/want_mysql.m4 $(top_srcdir)/m4/want_pam.m4 \ + $(top_srcdir)/m4/want_passwd.m4 $(top_srcdir)/m4/want_pgsql.m4 \ + $(top_srcdir)/m4/want_prefetch.m4 \ + $(top_srcdir)/m4/want_shadow.m4 \ + $(top_srcdir)/m4/want_sodium.m4 $(top_srcdir)/m4/want_solr.m4 \ + $(top_srcdir)/m4/want_sqlite.m4 \ + $(top_srcdir)/m4/want_stemmer.m4 \ + $(top_srcdir)/m4/want_systemd.m4 \ + $(top_srcdir)/m4/want_textcat.m4 \ + $(top_srcdir)/m4/want_unwind.m4 $(top_srcdir)/m4/want_zlib.m4 \ + $(top_srcdir)/m4/want_zstd.m4 $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(noinst_HEADERS) \ + $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(imap_moduledir)" +LTLIBRARIES = $(imap_module_LTLIBRARIES) +@DOVECOT_PLUGIN_DEPS_TRUE@lib02_imap_acl_plugin_la_DEPENDENCIES = \ +@DOVECOT_PLUGIN_DEPS_TRUE@ ../acl/lib01_acl_plugin.la +am_lib02_imap_acl_plugin_la_OBJECTS = imap-acl-plugin.lo +lib02_imap_acl_plugin_la_OBJECTS = \ + $(am_lib02_imap_acl_plugin_la_OBJECTS) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +lib02_imap_acl_plugin_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) $(lib02_imap_acl_plugin_la_LDFLAGS) \ + $(LDFLAGS) -o $@ +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__maybe_remake_depfiles = depfiles +am__depfiles_remade = ./$(DEPDIR)/imap-acl-plugin.Plo +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(lib02_imap_acl_plugin_la_SOURCES) +DIST_SOURCES = $(lib02_imap_acl_plugin_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +HEADERS = $(noinst_HEADERS) +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ACLOCAL_AMFLAGS = @ACLOCAL_AMFLAGS@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +APPARMOR_LIBS = @APPARMOR_LIBS@ +AR = @AR@ +AUTH_CFLAGS = @AUTH_CFLAGS@ +AUTH_LIBS = @AUTH_LIBS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BINARY_CFLAGS = @BINARY_CFLAGS@ +BINARY_LDFLAGS = @BINARY_LDFLAGS@ +BISON = @BISON@ +CASSANDRA_CFLAGS = @CASSANDRA_CFLAGS@ +CASSANDRA_LIBS = @CASSANDRA_LIBS@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CDB_LIBS = @CDB_LIBS@ +CFLAGS = @CFLAGS@ +CLUCENE_CFLAGS = @CLUCENE_CFLAGS@ +CLUCENE_LIBS = @CLUCENE_LIBS@ +COMPRESS_LIBS = @COMPRESS_LIBS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CRYPT_LIBS = @CRYPT_LIBS@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DICT_LIBS = @DICT_LIBS@ +DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +FLEX = @FLEX@ +FUZZER_CPPFLAGS = @FUZZER_CPPFLAGS@ +FUZZER_LDFLAGS = @FUZZER_LDFLAGS@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +KRB5CONFIG = @KRB5CONFIG@ +KRB5_CFLAGS = @KRB5_CFLAGS@ +KRB5_LIBS = @KRB5_LIBS@ +LD = @LD@ +LDAP_LIBS = @LDAP_LIBS@ +LDFLAGS = @LDFLAGS@ +LD_NO_WHOLE_ARCHIVE = @LD_NO_WHOLE_ARCHIVE@ +LD_WHOLE_ARCHIVE = @LD_WHOLE_ARCHIVE@ +LIBCAP = @LIBCAP@ +LIBDOVECOT = @LIBDOVECOT@ +LIBDOVECOT_COMPRESS = @LIBDOVECOT_COMPRESS@ +LIBDOVECOT_DEPS = @LIBDOVECOT_DEPS@ +LIBDOVECOT_DSYNC = @LIBDOVECOT_DSYNC@ +LIBDOVECOT_LA_LIBS = @LIBDOVECOT_LA_LIBS@ +LIBDOVECOT_LDA = @LIBDOVECOT_LDA@ +LIBDOVECOT_LDAP = @LIBDOVECOT_LDAP@ +LIBDOVECOT_LIBFTS = @LIBDOVECOT_LIBFTS@ +LIBDOVECOT_LIBFTS_DEPS = @LIBDOVECOT_LIBFTS_DEPS@ +LIBDOVECOT_LOGIN = @LIBDOVECOT_LOGIN@ +LIBDOVECOT_LUA = @LIBDOVECOT_LUA@ +LIBDOVECOT_LUA_DEPS = @LIBDOVECOT_LUA_DEPS@ +LIBDOVECOT_SQL = @LIBDOVECOT_SQL@ +LIBDOVECOT_STORAGE = @LIBDOVECOT_STORAGE@ +LIBDOVECOT_STORAGE_DEPS = @LIBDOVECOT_STORAGE_DEPS@ +LIBEXTTEXTCAT_CFLAGS = @LIBEXTTEXTCAT_CFLAGS@ +LIBEXTTEXTCAT_LIBS = @LIBEXTTEXTCAT_LIBS@ +LIBICONV = @LIBICONV@ +LIBICU_CFLAGS = @LIBICU_CFLAGS@ +LIBICU_LIBS = @LIBICU_LIBS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBSODIUM_CFLAGS = @LIBSODIUM_CFLAGS@ +LIBSODIUM_LIBS = @LIBSODIUM_LIBS@ +LIBTIRPC_CFLAGS = @LIBTIRPC_CFLAGS@ +LIBTIRPC_LIBS = @LIBTIRPC_LIBS@ +LIBTOOL = @LIBTOOL@ +LIBUNWIND_CFLAGS = @LIBUNWIND_CFLAGS@ +LIBUNWIND_LIBS = @LIBUNWIND_LIBS@ +LIBWRAP_LIBS = @LIBWRAP_LIBS@ +LINKED_STORAGE_LDADD = @LINKED_STORAGE_LDADD@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBICONV = @LTLIBICONV@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +LUA_CFLAGS = @LUA_CFLAGS@ +LUA_LIBS = @LUA_LIBS@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MODULE_LIBS = @MODULE_LIBS@ +MODULE_SUFFIX = @MODULE_SUFFIX@ +MYSQL_CFLAGS = @MYSQL_CFLAGS@ +MYSQL_CONFIG = @MYSQL_CONFIG@ +MYSQL_LIBS = @MYSQL_LIBS@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NOPLUGIN_LDFLAGS = +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PANDOC = @PANDOC@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PGSQL_CFLAGS = @PGSQL_CFLAGS@ +PGSQL_LIBS = @PGSQL_LIBS@ +PG_CONFIG = @PG_CONFIG@ +PIE_CFLAGS = @PIE_CFLAGS@ +PIE_LDFLAGS = @PIE_LDFLAGS@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +QUOTA_LIBS = @QUOTA_LIBS@ +RANLIB = @RANLIB@ +RELRO_LDFLAGS = @RELRO_LDFLAGS@ +RPCGEN = @RPCGEN@ +RUN_TEST = @RUN_TEST@ +SED = @SED@ +SETTING_FILES = @SETTING_FILES@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SQLITE_CFLAGS = @SQLITE_CFLAGS@ +SQLITE_LIBS = @SQLITE_LIBS@ +SQL_CFLAGS = @SQL_CFLAGS@ +SQL_LIBS = @SQL_LIBS@ +SSL_CFLAGS = @SSL_CFLAGS@ +SSL_LIBS = @SSL_LIBS@ +STRIP = @STRIP@ +SYSTEMD_CFLAGS = @SYSTEMD_CFLAGS@ +SYSTEMD_LIBS = @SYSTEMD_LIBS@ +VALGRIND = @VALGRIND@ +VERSION = @VERSION@ +ZSTD_CFLAGS = @ZSTD_CFLAGS@ +ZSTD_LIBS = @ZSTD_LIBS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dict_drivers = @dict_drivers@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +moduledir = @moduledir@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +rundir = @rundir@ +runstatedir = @runstatedir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +sql_drivers = @sql_drivers@ +srcdir = @srcdir@ +ssldir = @ssldir@ +statedir = @statedir@ +sysconfdir = @sysconfdir@ +systemdservicetype = @systemdservicetype@ +systemdsystemunitdir = @systemdsystemunitdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/lib \ + -I$(top_srcdir)/src/lib-mail \ + -I$(top_srcdir)/src/lib-imap \ + -I$(top_srcdir)/src/lib-index \ + -I$(top_srcdir)/src/lib-storage \ + -I$(top_srcdir)/src/lib-storage/index \ + -I$(top_srcdir)/src/lib-storage/index/imapc \ + -I$(top_srcdir)/src/imap \ + -I$(top_srcdir)/src/plugins/acl \ + -I$(top_srcdir)/src/lib-imap-client \ + -I$(top_srcdir)/src/lib-ssl-iostream + +imap_moduledir = $(moduledir) +lib02_imap_acl_plugin_la_LDFLAGS = -module -avoid-version +imap_module_LTLIBRARIES = \ + lib02_imap_acl_plugin.la + +@DOVECOT_PLUGIN_DEPS_TRUE@lib02_imap_acl_plugin_la_LIBADD = \ +@DOVECOT_PLUGIN_DEPS_TRUE@ ../acl/lib01_acl_plugin.la + +lib02_imap_acl_plugin_la_SOURCES = \ + imap-acl-plugin.c + +noinst_HEADERS = \ + imap-acl-plugin.h + +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/plugins/imap-acl/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign src/plugins/imap-acl/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +install-imap_moduleLTLIBRARIES: $(imap_module_LTLIBRARIES) + @$(NORMAL_INSTALL) + @list='$(imap_module_LTLIBRARIES)'; test -n "$(imap_moduledir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(imap_moduledir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(imap_moduledir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(imap_moduledir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(imap_moduledir)"; \ + } + +uninstall-imap_moduleLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(imap_module_LTLIBRARIES)'; test -n "$(imap_moduledir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(imap_moduledir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(imap_moduledir)/$$f"; \ + done + +clean-imap_moduleLTLIBRARIES: + -test -z "$(imap_module_LTLIBRARIES)" || rm -f $(imap_module_LTLIBRARIES) + @list='$(imap_module_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + +lib02_imap_acl_plugin.la: $(lib02_imap_acl_plugin_la_OBJECTS) $(lib02_imap_acl_plugin_la_DEPENDENCIES) $(EXTRA_lib02_imap_acl_plugin_la_DEPENDENCIES) + $(AM_V_CCLD)$(lib02_imap_acl_plugin_la_LINK) -rpath $(imap_moduledir) $(lib02_imap_acl_plugin_la_OBJECTS) $(lib02_imap_acl_plugin_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imap-acl-plugin.Plo@am__quote@ # am--include-marker + +$(am__depfiles_remade): + @$(MKDIR_P) $(@D) + @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + +am--depfiles: $(am__depfiles_remade) + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) $(HEADERS) +installdirs: + for dir in "$(DESTDIR)$(imap_moduledir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-imap_moduleLTLIBRARIES clean-libtool \ + mostlyclean-am + +distclean: distclean-am + -rm -f ./$(DEPDIR)/imap-acl-plugin.Plo + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-imap_moduleLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f ./$(DEPDIR)/imap-acl-plugin.Plo + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-imap_moduleLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-am clean \ + clean-generic clean-imap_moduleLTLIBRARIES clean-libtool \ + cscopelist-am ctags ctags-am distclean distclean-compile \ + distclean-generic distclean-libtool distclean-tags distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-imap_moduleLTLIBRARIES install-info install-info-am \ + install-man install-pdf install-pdf-am install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ + uninstall-am uninstall-imap_moduleLTLIBRARIES + +.PRECIOUS: Makefile + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/plugins/imap-acl/imap-acl-plugin.c b/src/plugins/imap-acl/imap-acl-plugin.c new file mode 100644 index 0000000..5d1c3be --- /dev/null +++ b/src/plugins/imap-acl/imap-acl-plugin.c @@ -0,0 +1,1128 @@ +/* Copyright (c) 2008-2018 Dovecot authors, see the included COPYING file */ + +#include "imap-common.h" +#include "str.h" +#include "imap-quote.h" +#include "imap-resp-code.h" +#include "imap-commands.h" +#include "imapc-client.h" +#include "imapc-client-private.h" +#include "imapc-settings.h" +#include "imapc-storage.h" +#include "mail-storage.h" +#include "mail-namespace.h" +#include "mail-storage-private.h" +#include "module-context.h" +#include "acl-api.h" +#include "acl-storage.h" +#include "acl-plugin.h" +#include "imap-acl-plugin.h" + + +#define ERROR_NOT_ADMIN "["IMAP_RESP_CODE_NOPERM"] " \ + "You lack administrator privileges on this mailbox." + +#define IMAP_ACL_ANYONE "anyone" +#define IMAP_ACL_AUTHENTICATED "authenticated" +#define IMAP_ACL_OWNER "owner" +#define IMAP_ACL_GROUP_PREFIX "$" +#define IMAP_ACL_GROUP_OVERRIDE_PREFIX "!$" +#define IMAP_ACL_GLOBAL_PREFIX "#" + +#define IMAP_ACL_CONTEXT(obj) \ + MODULE_CONTEXT(obj, imap_acl_storage_module) +#define IMAP_ACL_CONTEXT_REQUIRE(obj) \ + MODULE_CONTEXT_REQUIRE(obj, imap_acl_storage_module) + +struct imap_acl_letter_map { + char letter; + const char *name; +}; + +static const struct imap_acl_letter_map imap_acl_letter_map[] = { + { 'l', MAIL_ACL_LOOKUP }, + { 'r', MAIL_ACL_READ }, + { 'w', MAIL_ACL_WRITE }, + { 's', MAIL_ACL_WRITE_SEEN }, + { 't', MAIL_ACL_WRITE_DELETED }, + { 'i', MAIL_ACL_INSERT }, + { 'p', MAIL_ACL_POST }, + { 'e', MAIL_ACL_EXPUNGE }, + { 'k', MAIL_ACL_CREATE }, + { 'x', MAIL_ACL_DELETE }, + { 'a', MAIL_ACL_ADMIN }, + { '\0', NULL } +}; + +struct imap_acl_storage { + union mail_storage_module_context module_ctx; + struct imapc_acl_context *iacl_ctx; +}; + +struct imap_acl_storage_module imap_acl_storage_module = + MODULE_CONTEXT_INIT(&mail_storage_module_register); + +const char *imap_acl_plugin_version = DOVECOT_ABI_VERSION; + +static struct module *imap_acl_module; +static imap_client_created_func_t *next_hook_client_created; + +enum imap_acl_cmd { + IMAP_ACL_CMD_MYRIGHTS = 0, + IMAP_ACL_CMD_GETACL, + IMAP_ACL_CMD_SETACL, + IMAP_ACL_CMD_DELETEACL, +}; + +const char *imapc_acl_cmd_names[] = { + "MYRIGHTS", "GETACL", "SETACL", "DELETEACL" +}; + +struct imapc_acl_context { + struct imapc_client *client; + enum imap_acl_cmd proxy_cmd; + struct mail_storage *storage; + struct imapc_mailbox *expected_box; + string_t *reply; +}; + +static int +acl_mailbox_open_as_admin(struct client_command_context *cmd, + struct mailbox *box, const char *name) +{ + enum mailbox_existence existence = MAILBOX_EXISTENCE_NONE; + int ret; + + if (ACL_USER_CONTEXT(cmd->client->user) == NULL) { + client_send_command_error(cmd, "ACLs disabled."); + return 0; + } + + if (mailbox_exists(box, TRUE, &existence) == 0 && + existence == MAILBOX_EXISTENCE_SELECT) { + ret = acl_mailbox_right_lookup(box, ACL_STORAGE_RIGHT_ADMIN); + if (ret > 0) + return ret; + } + + /* mailbox doesn't exist / not an administrator. */ + if (existence != MAILBOX_EXISTENCE_SELECT || + acl_mailbox_right_lookup(box, ACL_STORAGE_RIGHT_LOOKUP) <= 0) { + client_send_tagline(cmd, t_strdup_printf( + "NO ["IMAP_RESP_CODE_NONEXISTENT"] " + MAIL_ERRSTR_MAILBOX_NOT_FOUND, name)); + } else { + client_send_tagline(cmd, "NO "ERROR_NOT_ADMIN); + } + return 0; +} + +static const struct imap_acl_letter_map * +imap_acl_letter_map_find(const char *name) +{ + unsigned int i; + + for (i = 0; imap_acl_letter_map[i].name != NULL; i++) { + if (strcmp(imap_acl_letter_map[i].name, name) == 0) + return &imap_acl_letter_map[i]; + } + return NULL; +} + +static void +imap_acl_write_rights_list(string_t *dest, const char *const *rights) +{ + const struct imap_acl_letter_map *map; + unsigned int i; + size_t orig_len = str_len(dest); + bool append_c = FALSE, append_d = FALSE; + + for (i = 0; rights[i] != NULL; i++) { + /* write only letters */ + map = imap_acl_letter_map_find(rights[i]); + if (map != NULL) { + str_append_c(dest, map->letter); + if (map->letter == 'k' || map->letter == 'x') + append_c = TRUE; + if (map->letter == 't' || map->letter == 'e') + append_d = TRUE; + } + } + if (append_c) + str_append_c(dest, 'c'); + if (append_d) + str_append_c(dest, 'd'); + if (orig_len == str_len(dest)) + str_append(dest, "\"\""); +} + +static void +imap_acl_write_right(string_t *dest, string_t *tmp, + const struct acl_rights *right, bool neg) +{ + const char *const *rights = neg ? right->neg_rights : right->rights; + + str_truncate(tmp, 0); + if (neg) str_append_c(tmp,'-'); + if (right->global) + str_append(tmp, IMAP_ACL_GLOBAL_PREFIX); + switch (right->id_type) { + case ACL_ID_ANYONE: + str_append(tmp, IMAP_ACL_ANYONE); + break; + case ACL_ID_AUTHENTICATED: + str_append(tmp, IMAP_ACL_AUTHENTICATED); + break; + case ACL_ID_OWNER: + str_append(tmp, IMAP_ACL_OWNER); + break; + case ACL_ID_USER: + str_append(tmp, right->identifier); + break; + case ACL_ID_GROUP: + str_append(tmp, IMAP_ACL_GROUP_PREFIX); + str_append(tmp, right->identifier); + break; + case ACL_ID_GROUP_OVERRIDE: + str_append(tmp, IMAP_ACL_GROUP_OVERRIDE_PREFIX); + str_append(tmp, right->identifier); + break; + case ACL_ID_TYPE_COUNT: + i_unreached(); + } + + imap_append_astring(dest, str_c(tmp)); + str_append_c(dest, ' '); + imap_acl_write_rights_list(dest, rights); +} + +static bool +acl_rights_is_owner(struct acl_backend *backend, + const struct acl_rights *rights) +{ + switch (rights->id_type) { + case ACL_ID_OWNER: + return TRUE; + case ACL_ID_USER: + return acl_backend_user_name_equals(backend, + rights->identifier); + default: + return FALSE; + } +} + +static bool have_positive_owner_rights(struct acl_backend *backend, + struct acl_object *aclobj) +{ + struct acl_object_list_iter *iter; + struct acl_rights rights; + bool ret = FALSE; + + iter = acl_object_list_init(aclobj); + while (acl_object_list_next(iter, &rights)) { + if (acl_rights_is_owner(backend, &rights)) { + if (rights.rights != NULL) { + ret = TRUE; + break; + } + } + } + (void)acl_object_list_deinit(&iter); + return ret; +} + +static int +imap_acl_write_aclobj(string_t *dest, struct acl_backend *backend, + struct acl_object *aclobj, bool convert_owner, + bool add_default) +{ + struct acl_object_list_iter *iter; + struct acl_rights rights; + string_t *tmp; + const char *username; + size_t orig_len = str_len(dest); + bool seen_owner = FALSE, seen_positive_owner = FALSE; + int ret; + + username = acl_backend_get_acl_username(backend); + if (username == NULL) + convert_owner = FALSE; + + tmp = t_str_new(128); + iter = acl_object_list_init(aclobj); + while (acl_object_list_next(iter, &rights)) { + if (acl_rights_is_owner(backend, &rights)) { + if (rights.id_type == ACL_ID_OWNER && convert_owner) { + rights.id_type = ACL_ID_USER; + rights.identifier = username; + } + if (seen_owner && convert_owner) { + /* oops, we have both owner and user=myself. + can't do the conversion, so try again. */ + str_truncate(dest, orig_len); + return imap_acl_write_aclobj(dest, backend, + aclobj, FALSE, + add_default); + } + seen_owner = TRUE; + if (rights.rights != NULL) + seen_positive_owner = TRUE; + } + + if (rights.rights != NULL) { + str_append_c(dest, ' '); + imap_acl_write_right(dest, tmp, &rights, FALSE); + } + if (rights.neg_rights != NULL) { + str_append_c(dest, ' '); + imap_acl_write_right(dest, tmp, &rights, TRUE); + } + } + ret = acl_object_list_deinit(&iter); + + if (!seen_positive_owner && username != NULL && add_default) { + /* no positive owner rights returned, write default ACLs */ + i_zero(&rights); + if (!convert_owner) { + rights.id_type = ACL_ID_OWNER; + } else { + rights.id_type = ACL_ID_USER; + rights.identifier = username; + } + rights.rights = acl_object_get_default_rights(aclobj); + if (rights.rights != NULL) { + str_append_c(dest, ' '); + imap_acl_write_right(dest, tmp, &rights, FALSE); + } + } + return ret; +} + +static const char * +imapc_acl_get_mailbox_error(struct imapc_mailbox *mbox) +{ + enum mail_error err; + const char *error = mailbox_get_last_error(&mbox->box, &err); + const char *resp_code; + string_t *str = t_str_new(128); + + if (imapc_mail_error_to_resp_text_code(err, &resp_code)) + str_printfa(str, "[%s] ", resp_code); + str_append(str, error); + + return str_c(str); +} + +static void +imapc_acl_myrights_untagged_cb(const struct imapc_untagged_reply *reply, + struct imapc_storage_client *client) +{ + struct imap_acl_storage *iacl_storage = + IMAP_ACL_CONTEXT_REQUIRE(&client->_storage->storage); + struct imapc_acl_context *ctx = iacl_storage->iacl_ctx; + const char *value; + + if (!imap_arg_get_astring(&reply->args[0], &value) || + ctx->expected_box == NULL) + return; + + /* Untagged reply was not meant for this mailbox */ + if (!imapc_mailbox_name_equals(ctx->expected_box, value)) + return; + + /* copy rights from reply to string + <args[0](mailbox)> <args[1](rights)> */ + if (imap_arg_get_astring(&reply->args[1], &value)) { + str_append(ctx->reply, value); + } else { + /* Rights could not been parsed mark this + failed and clear the prepared reply. */ + str_truncate(ctx->reply, 0); + } + /* Just handle one untagged reply. */ + ctx->expected_box = NULL; +} + +static void +imapc_acl_getacl_untagged_cb(const struct imapc_untagged_reply *reply, + struct imapc_storage_client *client) +{ + struct imap_acl_storage *iacl_storage = + IMAP_ACL_CONTEXT_REQUIRE(&client->_storage->storage); + struct imapc_acl_context *ctx = iacl_storage->iacl_ctx; + const char *key, *value; + unsigned int i; + + if (!imap_arg_get_astring(&reply->args[0], &value) || + ctx->expected_box == NULL) + return; + + /* Untagged reply was not meant for this mailbox */ + if (!imapc_mailbox_name_equals(ctx->expected_box, value)) + return; + + /* Parse key:value pairs of user:right and append them + to the prepared reply. */ + for (i = 1; reply->args[i].type != IMAP_ARG_EOL; i += 2) { + if (imap_arg_get_astring(&reply->args[i], &key) && + imap_arg_get_astring(&reply->args[i+1], &value)) { + str_append(iacl_storage->iacl_ctx->reply, key); + str_append_c(iacl_storage->iacl_ctx->reply, ' '); + str_append(iacl_storage->iacl_ctx->reply, value); + str_append_c(iacl_storage->iacl_ctx->reply, ' '); + } else { + /* Rights could not been parsed clear prepared reply. */ + str_truncate(ctx->reply, 0); + break; + } + } + /* Just handle one untagged reply. */ + ctx->expected_box = NULL; +} + +static struct imapc_acl_context * +imap_acl_cmd_context_alloc(struct imapc_mailbox *mbox) +{ + struct imapc_acl_context *iacl_ctx = + p_new(mbox->box.storage->pool, struct imapc_acl_context, 1); + iacl_ctx->reply = str_new(mbox->box.storage->pool, 128); + return iacl_ctx; +} + +static void imap_acl_cmd_context_init(struct imapc_acl_context *iacl_ctx, + struct imapc_mailbox *mbox, + enum imap_acl_cmd proxy_cmd) +{ + iacl_ctx->client = mbox->storage->client->client; + iacl_ctx->proxy_cmd = proxy_cmd; + iacl_ctx->expected_box = mbox; + str_truncate(iacl_ctx->reply, 0); +} + +static struct imapc_acl_context * +imap_acl_cmd_context_register(struct imapc_mailbox *mbox, enum imap_acl_cmd proxy_cmd) +{ + struct mailbox *box = &mbox->box; + struct imap_acl_storage *iacl_storage = IMAP_ACL_CONTEXT(box->storage); + + if (iacl_storage == NULL) { + iacl_storage = p_new(box->storage->pool, struct imap_acl_storage, 1); + MODULE_CONTEXT_SET(box->storage, imap_acl_storage_module, iacl_storage); + iacl_storage->iacl_ctx = imap_acl_cmd_context_alloc(mbox); + } + + imap_acl_cmd_context_init(iacl_storage->iacl_ctx, mbox, proxy_cmd); + + return iacl_storage->iacl_ctx; +} + +static const char *imap_acl_get_mailbox_name(const struct mail_namespace *ns, + const char *mailbox) +{ + /* Strip namespace prefix from mailbox name or append "INBOX" if + mailbox is "" and mailbox is in shared namespace. */ + + if (ns->prefix_len == 0) + return mailbox; + + i_assert(ns->prefix_len >= 1); + + if ((mailbox[ns->prefix_len-1] == '\0' || + mailbox[ns->prefix_len] == '\0') && + strncmp(mailbox, ns->prefix, ns->prefix_len-1) == 0 && + ns->type == MAIL_NAMESPACE_TYPE_SHARED) { + /* Given mailbox name does not contain an actual mailbox name + but just the namespace prefix so default to "INBOX". */ + return "INBOX"; + } + + if ((ns->flags & NAMESPACE_FLAG_INBOX_USER) != 0 && + strcasecmp(mailbox, "INBOX") == 0) { + /* For user INBOX always use INBOX and ignore namespace + prefix. */ + return "INBOX"; + } + + i_assert(strncmp(mailbox, ns->prefix, ns->prefix_len-1) == 0); + return mailbox+ns->prefix_len; +} + +static const char * +imapc_acl_prepare_cmd(string_t *reply_r, const char *mailbox, + const struct mail_namespace *ns, const char *cmd_args, + const enum imap_acl_cmd proxy_cmd) +{ + string_t *proxy_cmd_str = t_str_new(128); + /* Prepare proxy_cmd and untagged replies */ + switch (proxy_cmd) { + case IMAP_ACL_CMD_MYRIGHTS: + /* Prepare client untagged reply. */ + str_append(reply_r, "* MYRIGHTS "); + imap_append_astring(reply_r, mailbox); + str_append_c(reply_r, ' '); + + str_append(proxy_cmd_str, "MYRIGHTS "); + /* Strip namespace prefix. */ + imap_append_astring(proxy_cmd_str, + imap_acl_get_mailbox_name(ns, mailbox)); + break; + case IMAP_ACL_CMD_GETACL: + /* Prepare client untagged reply. */ + str_append(reply_r, "* ACL "); + imap_append_astring(reply_r, mailbox); + str_append_c(reply_r, ' '); + + str_append(proxy_cmd_str, "GETACL "); + imap_append_astring(proxy_cmd_str, + imap_acl_get_mailbox_name(ns, mailbox)); + break; + case IMAP_ACL_CMD_SETACL: + /* No contents in untagged replies for SETACL */ + str_append(proxy_cmd_str, "SETACL "); + imap_append_astring(proxy_cmd_str, + imap_acl_get_mailbox_name(ns, mailbox)); + + str_append_c(proxy_cmd_str, ' '); + str_append(proxy_cmd_str, cmd_args); + break; + case IMAP_ACL_CMD_DELETEACL: + /* No contents in untagged replies for DELETEACL */ + str_append(proxy_cmd_str, "DELETEACL "); + imap_append_astring(proxy_cmd_str, + imap_acl_get_mailbox_name(ns, mailbox)); + + str_append_c(proxy_cmd_str, ' '); + str_append(proxy_cmd_str, cmd_args); + break; + default: + i_unreached(); + } + return str_c(proxy_cmd_str); +} + +static struct imapc_command * +imapc_acl_simple_context_init(struct imapc_simple_context *ctx, + struct imapc_mailbox *mbox) +{ + imapc_simple_context_init(ctx, mbox->storage->client); + return imapc_client_cmd(mbox->storage->client->client, + imapc_simple_callback, ctx); +} + +static void imapc_acl_send_client_reply(struct imapc_acl_context *iacl_ctx, + struct client_command_context *orig_cmd, + const char *success_tagged_reply) +{ + if (str_len(iacl_ctx->reply) == 0) + client_send_tagline(orig_cmd, "NO "MAIL_ERRSTR_CRITICAL_MSG); + else { + client_send_line(orig_cmd->client, str_c(iacl_ctx->reply)); + client_send_tagline(orig_cmd, success_tagged_reply); + } +} + +static bool imap_acl_proxy_cmd(struct mailbox *box, + const char *mailbox, + const char *cmd_args, + const struct mail_namespace *ns, + struct client_command_context *orig_cmd, + const enum imap_acl_cmd proxy_cmd) +{ + struct imapc_acl_context *iacl_ctx; + struct imapc_simple_context ctx; + struct imapc_command *imapc_cmd; + const char *proxy_cmd_str; + + if (strcmp(box->storage->name, "imapc") != 0) { + /* Storage is not "imapc". */ + return FALSE; + } + + struct imapc_mailbox *mbox = IMAPC_MAILBOX(box); + if (!IMAPC_HAS_FEATURE(mbox->storage, IMAPC_FEATURE_ACL)) { + /* Storage is "imapc" but no proxying of ACL commands should + be done. */ + return FALSE; + } + + iacl_ctx = imap_acl_cmd_context_register(mbox, proxy_cmd); + + /* Register callbacks for untagged replies */ + imapc_storage_client_register_untagged(mbox->storage->client, "ACL", + imapc_acl_getacl_untagged_cb); + imapc_storage_client_register_untagged(mbox->storage->client, "MYRIGHTS", + imapc_acl_myrights_untagged_cb); + + imapc_cmd = imapc_acl_simple_context_init(&ctx, mbox); + + /* Prepare untagged replies and return proxy_cmd */ + proxy_cmd_str = imapc_acl_prepare_cmd(iacl_ctx->reply, mailbox, + ns, cmd_args, proxy_cmd); + + imapc_command_send(imapc_cmd, proxy_cmd_str); + imapc_simple_run(&ctx, &imapc_cmd); + + if (ctx.ret != 0) { + /* If the remote replied BAD or NO send NO. */ + client_send_tagline(orig_cmd, + t_strdup_printf("NO %s", imapc_acl_get_mailbox_error(mbox))); + } else { + /* Command was OK on remote backend, send untagged reply from + ctx.str and tagged reply. */ + switch (iacl_ctx->proxy_cmd) { + case IMAP_ACL_CMD_DELETEACL: + client_send_tagline(orig_cmd, "OK Deleteacl complete."); + break; + case IMAP_ACL_CMD_GETACL: + imapc_acl_send_client_reply(iacl_ctx, + orig_cmd, + "OK Getacl complete."); + break; + case IMAP_ACL_CMD_MYRIGHTS: + imapc_acl_send_client_reply(iacl_ctx, + orig_cmd, + "OK Myrights complete."); + break; + case IMAP_ACL_CMD_SETACL: + client_send_tagline(orig_cmd, "OK Setacl complete."); + break; + default: + i_unreached(); + } + } + + /* Unregister callbacks for untagged replies */ + imapc_storage_client_unregister_untagged(mbox->storage->client, "MYRIGHTS"); + imapc_storage_client_unregister_untagged(mbox->storage->client, "ACL"); + return TRUE; +} + +static void imap_acl_cmd_getacl(struct mailbox *box, struct mail_namespace *ns, + const char *mailbox, + struct client_command_context *cmd) +{ + struct acl_backend *backend; + string_t *str; + int ret; + + if (acl_mailbox_open_as_admin(cmd, box, mailbox) <= 0) + return; + + backend = acl_mailbox_list_get_backend(ns->list); + + str = t_str_new(128); + str_append(str, "* ACL "); + imap_append_astring(str, mailbox); + + ret = imap_acl_write_aclobj(str, backend, + acl_mailbox_get_aclobj(box), TRUE, + ns->type == MAIL_NAMESPACE_TYPE_PRIVATE); + if (ret > -1) { + client_send_line(cmd->client, str_c(str)); + client_send_tagline(cmd, "OK Getacl completed."); + } else { + client_send_tagline(cmd, "NO "MAIL_ERRSTR_CRITICAL_MSG); + } +} + +static bool cmd_getacl(struct client_command_context *cmd) +{ + struct mail_namespace *ns; + struct mailbox *box; + const char *mailbox, *orig_mailbox; + + if (!client_read_string_args(cmd, 1, &mailbox)) + return FALSE; + orig_mailbox = mailbox; + + ns = client_find_namespace(cmd, &mailbox); + if (ns == NULL) + return TRUE; + + box = mailbox_alloc(ns->list, mailbox, + MAILBOX_FLAG_READONLY | MAILBOX_FLAG_IGNORE_ACLS); + /* If the location is remote and imapc_feature acl is enabled, proxy the + command to the configured imapc location. */ + if (!imap_acl_proxy_cmd(box, orig_mailbox, NULL, ns, cmd, IMAP_ACL_CMD_GETACL)) + imap_acl_cmd_getacl(box, ns, orig_mailbox, cmd); + mailbox_free(&box); + return TRUE; +} + +static void imap_acl_cmd_myrights(struct mailbox *box, const char *mailbox, + struct client_command_context *cmd) +{ + const char *const *rights; + string_t *str = t_str_new(128); + + if (acl_object_get_my_rights(acl_mailbox_get_aclobj(box), + pool_datastack_create(), &rights) < 0) { + client_send_tagline(cmd, "NO "MAIL_ERRSTR_CRITICAL_MSG); + return; + } + + /* Post right alone doesn't give permissions to see if the mailbox + exists or not. Only mail deliveries care about that. */ + if (*rights == NULL || + (strcmp(*rights, MAIL_ACL_POST) == 0 && rights[1] == NULL)) { + client_send_tagline(cmd, t_strdup_printf( + "NO ["IMAP_RESP_CODE_NONEXISTENT"] " + MAIL_ERRSTR_MAILBOX_NOT_FOUND, mailbox)); + return; + } + + str_append(str, "* MYRIGHTS "); + imap_append_astring(str, mailbox); + str_append_c(str, ' '); + imap_acl_write_rights_list(str, rights); + + client_send_line(cmd->client, str_c(str)); + client_send_tagline(cmd, "OK Myrights completed."); +} + +static bool cmd_myrights(struct client_command_context *cmd) +{ + struct mail_namespace *ns; + struct mailbox *box; + const char *mailbox, *orig_mailbox; + + if (!client_read_string_args(cmd, 1, &mailbox)) + return FALSE; + orig_mailbox = mailbox; + + if (ACL_USER_CONTEXT(cmd->client->user) == NULL) { + client_send_command_error(cmd, "ACLs disabled."); + return TRUE; + } + + ns = client_find_namespace(cmd, &mailbox); + if (ns == NULL) + return TRUE; + + box = mailbox_alloc(ns->list, mailbox, + MAILBOX_FLAG_READONLY | MAILBOX_FLAG_IGNORE_ACLS); + + /* If the location is remote and imapc_feature acl is enabled, proxy the + command to the configured imapc location. */ + if (!imap_acl_proxy_cmd(box, orig_mailbox, NULL, ns, + cmd, IMAP_ACL_CMD_MYRIGHTS)) + imap_acl_cmd_myrights(box, orig_mailbox, cmd); + mailbox_free(&box); + return TRUE; +} + +static bool cmd_listrights(struct client_command_context *cmd) +{ + struct mailbox *box; + struct mail_namespace *ns; + const char *mailbox, *orig_mailbox, *identifier; + string_t *str; + + if (!client_read_string_args(cmd, 2, &mailbox, &identifier)) + return FALSE; + orig_mailbox = mailbox; + + ns = client_find_namespace(cmd, &mailbox); + if (ns == NULL) + return TRUE; + + box = mailbox_alloc(ns->list, mailbox, + MAILBOX_FLAG_READONLY | MAILBOX_FLAG_IGNORE_ACLS); + + str = t_str_new(128); + str_append(str, "* LISTRIGHTS "); + imap_append_astring(str, orig_mailbox); + str_append_c(str, ' '); + imap_append_astring(str, identifier); + str_append_c(str, ' '); + str_append(str, "\"\" l r w s t p i e k x a c d"); + + client_send_line(cmd->client, str_c(str)); + client_send_tagline(cmd, "OK Listrights completed."); + mailbox_free(&box); + return TRUE; +} + +static int +imap_acl_letters_parse(const char *letters, const char *const **rights_r, + const char **client_error_r) +{ + static const char *acl_k = MAIL_ACL_CREATE; + static const char *acl_x = MAIL_ACL_DELETE; + static const char *acl_e = MAIL_ACL_EXPUNGE; + static const char *acl_t = MAIL_ACL_WRITE_DELETED; + ARRAY_TYPE(const_string) rights; + unsigned int i; + + t_array_init(&rights, 64); + for (; *letters != '\0'; letters++) { + for (i = 0; imap_acl_letter_map[i].name != NULL; i++) { + if (imap_acl_letter_map[i].letter == *letters) { + array_push_back(&rights, + &imap_acl_letter_map[i].name); + break; + } + } + if (imap_acl_letter_map[i].name == NULL) { + /* Handling of obsolete rights as virtual + rights according to RFC 4314 */ + switch (*letters) { + case 'c': + array_push_back(&rights, &acl_k); + array_push_back(&rights, &acl_x); + break; + case 'd': + array_push_back(&rights, &acl_e); + array_push_back(&rights, &acl_t); + break; + default: + *client_error_r = t_strdup_printf( + "Invalid ACL right: %c", *letters); + return -1; + } + } + } + array_append_zero(&rights); + *rights_r = array_front(&rights); + return 0; +} + +static bool acl_anyone_allow(struct mail_user *user) +{ + const char *env; + + env = mail_user_plugin_getenv(user, "acl_anyone"); + return env != NULL && strcmp(env, "allow") == 0; +} + +static int +imap_acl_identifier_parse(struct client_command_context *cmd, + const char *id, struct acl_rights *rights, + bool check_anyone, const char **client_error_r) +{ + struct mail_user *user = cmd->client->user; + + if (str_begins(id, IMAP_ACL_GLOBAL_PREFIX)) { + *client_error_r = t_strdup_printf("Global ACLs can't be modified: %s", + id); + return -1; + } + + if (strcmp(id, IMAP_ACL_ANYONE) == 0) { + if (check_anyone && !acl_anyone_allow(user)) { + *client_error_r = "'anyone' identifier is disallowed"; + return -1; + } + rights->id_type = ACL_ID_ANYONE; + } else if (strcmp(id, IMAP_ACL_AUTHENTICATED) == 0) { + if (check_anyone && !acl_anyone_allow(user)) { + *client_error_r = "'authenticated' identifier is disallowed"; + return -1; + } + rights->id_type = ACL_ID_AUTHENTICATED; + } else if (strcmp(id, IMAP_ACL_OWNER) == 0) + rights->id_type = ACL_ID_OWNER; + else if (str_begins(id, IMAP_ACL_GROUP_PREFIX)) { + rights->id_type = ACL_ID_GROUP; + rights->identifier = id + strlen(IMAP_ACL_GROUP_PREFIX); + } else if (str_begins(id, IMAP_ACL_GROUP_OVERRIDE_PREFIX)) { + rights->id_type = ACL_ID_GROUP_OVERRIDE; + rights->identifier = id + + strlen(IMAP_ACL_GROUP_OVERRIDE_PREFIX); + } else { + rights->id_type = ACL_ID_USER; + rights->identifier = id; + } + return 0; +} + +static void imap_acl_update_ensure_keep_admins(struct acl_backend *backend, + struct acl_object *aclobj, + struct acl_rights_update *update) +{ + static const char *acl_admin = MAIL_ACL_ADMIN; + const char *const *rights = update->rights.rights; + const char *const *default_rights; + ARRAY_TYPE(const_string) new_rights; + unsigned int i; + + t_array_init(&new_rights, 64); + for (i = 0; rights[i] != NULL; i++) { + if (strcmp(rights[i], MAIL_ACL_ADMIN) == 0) + break; + array_push_back(&new_rights, &rights[i]); + } + + switch (update->modify_mode) { + case ACL_MODIFY_MODE_ADD: + if (have_positive_owner_rights(backend, aclobj)) + return; + + /* adding initial rights for a user. we need to add + the defaults also. don't worry about duplicates. */ + for (; rights[i] != NULL; i++) + array_push_back(&new_rights, &rights[i]); + default_rights = acl_object_get_default_rights(aclobj); + for (i = 0; default_rights[i] != NULL; i++) + array_push_back(&new_rights, &default_rights[i]); + break; + case ACL_MODIFY_MODE_REMOVE: + if (rights[i] == NULL) + return; + + /* skip over the ADMIN removal and add the rest */ + for (i++; rights[i] != NULL; i++) + array_push_back(&new_rights, &rights[i]); + break; + case ACL_MODIFY_MODE_REPLACE: + if (rights[i] != NULL) + return; + + /* add the missing ADMIN right */ + array_push_back(&new_rights, &acl_admin); + break; + default: + return; + } + array_append_zero(&new_rights); + update->rights.rights = array_front(&new_rights); +} + +static int +cmd_acl_mailbox_update(struct mailbox *box, + const struct acl_rights_update *update, + const char **client_error_r) +{ + struct mailbox_transaction_context *t; + int ret; + + if (mailbox_open(box) < 0) { + *client_error_r = mailbox_get_last_error(box, NULL); + return -1; + } + + t = mailbox_transaction_begin(box, MAILBOX_TRANSACTION_FLAG_EXTERNAL, + __func__); + ret = acl_mailbox_update_acl(t, update); + if (mailbox_transaction_commit(&t) < 0) + ret = -1; + *client_error_r = MAIL_ERRSTR_CRITICAL_MSG; + return ret; +} + +static void imap_acl_cmd_setacl(struct mailbox *box, struct mail_namespace *ns, + const char *mailbox, const char *identifier, + const char *rights, + struct client_command_context *cmd) +{ + struct acl_backend *backend; + struct acl_object *aclobj; + struct acl_rights_update update; + struct acl_rights *r; + const char *client_error; + bool negative = FALSE; + + i_zero(&update); + if (*identifier == '-') { + negative = TRUE; + identifier++; + } + + switch (*rights) { + case '-': + update.modify_mode = ACL_MODIFY_MODE_REMOVE; + rights++; + break; + case '+': + update.modify_mode = ACL_MODIFY_MODE_ADD; + rights++; + break; + default: + update.modify_mode = ACL_MODIFY_MODE_REPLACE; + break; + } + + if (imap_acl_identifier_parse(cmd, identifier, &update.rights, + TRUE, &client_error) < 0) { + client_send_command_error(cmd, client_error); + return; + } + if (imap_acl_letters_parse(rights, &update.rights.rights, &client_error) < 0) { + client_send_command_error(cmd, client_error); + return; + } + r = &update.rights; + + if (acl_mailbox_open_as_admin(cmd, box, mailbox) <= 0) + return; + + backend = acl_mailbox_list_get_backend(ns->list); + if (ns->type == MAIL_NAMESPACE_TYPE_PUBLIC && + r->id_type == ACL_ID_OWNER) { + client_send_tagline(cmd, "NO Public namespaces have no owner"); + return; + } + + aclobj = acl_mailbox_get_aclobj(box); + if (negative) { + update.neg_modify_mode = update.modify_mode; + update.modify_mode = ACL_MODIFY_MODE_REMOVE; + update.rights.neg_rights = update.rights.rights; + update.rights.rights = NULL; + } else if (ns->type == MAIL_NAMESPACE_TYPE_PRIVATE && + r->rights != NULL && + ((r->id_type == ACL_ID_USER && + acl_backend_user_name_equals(backend, r->identifier)) || + (r->id_type == ACL_ID_OWNER && + strcmp(acl_backend_get_acl_username(backend), + ns->user->username) == 0))) { + /* make sure client doesn't (accidentally) remove admin + privileges from its own mailboxes */ + imap_acl_update_ensure_keep_admins(backend, aclobj, &update); + } + + if (cmd_acl_mailbox_update(box, &update, &client_error) < 0) + client_send_tagline(cmd, t_strdup_printf("NO %s", client_error)); + else + client_send_tagline(cmd, "OK Setacl complete."); +} + +static bool cmd_setacl(struct client_command_context *cmd) +{ + struct mail_namespace *ns; + struct mailbox *box; + const char *mailbox, *orig_mailbox, *identifier, *rights; + string_t *proxy_cmd_args = t_str_new(64); + + if (!client_read_string_args(cmd, 3, &mailbox, &identifier, &rights)) + return FALSE; + orig_mailbox = mailbox; + + if (*identifier == '\0') { + client_send_command_error(cmd, "Invalid arguments."); + return TRUE; + } + + /* Keep original identifer for proxy_cmd_args */ + imap_append_astring(proxy_cmd_args, identifier); + str_append_c(proxy_cmd_args, ' '); + /* Append original rights for proxy_cmd_args */ + imap_append_astring(proxy_cmd_args, rights); + + ns = client_find_namespace(cmd, &mailbox); + if (ns == NULL) + return TRUE; + + box = mailbox_alloc(ns->list, mailbox, + MAILBOX_FLAG_READONLY | MAILBOX_FLAG_IGNORE_ACLS); + /* If the location is remote and imapc_feature acl is enabled, proxy the + command to the configured imapc location. */ + if (!imap_acl_proxy_cmd(box, orig_mailbox, str_c(proxy_cmd_args), + ns, cmd, IMAP_ACL_CMD_SETACL)) + imap_acl_cmd_setacl(box, ns, orig_mailbox, identifier, rights, cmd); + mailbox_free(&box); + return TRUE; +} + +static void imap_acl_cmd_deleteacl(struct mailbox *box, const char *mailbox, + const char *identifier, + struct client_command_context *cmd) +{ + struct acl_rights_update update; + const char *client_error; + + i_zero(&update); + if (*identifier != '-') + update.modify_mode = ACL_MODIFY_MODE_CLEAR; + else { + update.neg_modify_mode = ACL_MODIFY_MODE_CLEAR; + identifier++; + } + + if (imap_acl_identifier_parse(cmd, identifier, &update.rights, + FALSE, &client_error) < 0) { + client_send_command_error(cmd, client_error); + return; + } + + if (acl_mailbox_open_as_admin(cmd, box, mailbox) <= 0) + return; + + if (cmd_acl_mailbox_update(box, &update, &client_error) < 0) + client_send_tagline(cmd, t_strdup_printf("NO %s", client_error)); + else + client_send_tagline(cmd, "OK Deleteacl complete."); +} + +static bool cmd_deleteacl(struct client_command_context *cmd) +{ + struct mailbox *box; + struct mail_namespace *ns; + const char *mailbox, *orig_mailbox, *identifier; + string_t *proxy_cmd_args = t_str_new(64); + + if (!client_read_string_args(cmd, 2, &mailbox, &identifier)) + return FALSE; + orig_mailbox = mailbox; + + if (*identifier == '\0') { + client_send_command_error(cmd, "Invalid arguments."); + return TRUE; + } + + ns = client_find_namespace(cmd, &mailbox); + if (ns == NULL) + return TRUE; + + /* Escaped identifer for proxy_cmd_args */ + imap_append_astring(proxy_cmd_args, identifier); + + box = mailbox_alloc(ns->list, mailbox, + MAILBOX_FLAG_READONLY | MAILBOX_FLAG_IGNORE_ACLS); + + /* If the location is remote and imapc_feature acl is enabled, proxy the + command to the configured imapc location. */ + if (!imap_acl_proxy_cmd(box, orig_mailbox, str_c(proxy_cmd_args), + ns, cmd, IMAP_ACL_CMD_DELETEACL)) + imap_acl_cmd_deleteacl(box, orig_mailbox, identifier, cmd); + mailbox_free(&box); + return TRUE; +} + +static void imap_acl_client_created(struct client **client) +{ + if (mail_user_is_plugin_loaded((*client)->user, imap_acl_module)) { + client_add_capability(*client, "ACL"); + client_add_capability(*client, "RIGHTS=texk"); + } + + if (next_hook_client_created != NULL) + next_hook_client_created(client); +} + +void imap_acl_plugin_init(struct module *module) +{ + command_register("LISTRIGHTS", cmd_listrights, 0); + command_register("GETACL", cmd_getacl, 0); + command_register("MYRIGHTS", cmd_myrights, 0); + command_register("SETACL", cmd_setacl, 0); + command_register("DELETEACL", cmd_deleteacl, 0); + + imap_acl_module = module; + next_hook_client_created = + imap_client_created_hook_set(imap_acl_client_created); +} + +void imap_acl_plugin_deinit(void) +{ + command_unregister("GETACL"); + command_unregister("MYRIGHTS"); + command_unregister("SETACL"); + command_unregister("DELETEACL"); + command_unregister("LISTRIGHTS"); + + imap_client_created_hook_set(next_hook_client_created); +} + +const char *imap_acl_plugin_dependencies[] = { "acl", NULL }; +const char imap_acl_plugin_binary_dependency[] = "imap"; diff --git a/src/plugins/imap-acl/imap-acl-plugin.h b/src/plugins/imap-acl/imap-acl-plugin.h new file mode 100644 index 0000000..117e8fb --- /dev/null +++ b/src/plugins/imap-acl/imap-acl-plugin.h @@ -0,0 +1,12 @@ +#ifndef IMAP_ACL_PLUGIN_H +#define IMAP_ACL_PLUGIN_H + +extern const char *imap_acl_plugin_dependencies[]; +extern const char imap_acl_plugin_binary_dependency[]; + +extern MODULE_CONTEXT_DEFINE(imap_acl_storage_module, &mail_storage_module_register); + +void imap_acl_plugin_init(struct module *module); +void imap_acl_plugin_deinit(void); + +#endif |