bcb4e51a409d94ae670de96afb8483a4f7855294Stephan Bosch/* Copyright (c) 2006-2018 Dovecot authors, see the included COPYING file */
7e1600ded6fe7e056cea3771bb28fc11d571f039Aki Tuomi union mailbox_list_iterate_module_context module_ctx;
2615df45a8027948a474abe5e817b34b0499c171Timo Sirainenstatic const char *acl_storage_right_names[ACL_STORAGE_RIGHT_COUNT] = {
3131b3878de3245db7552234e66d437e8fde9351Aki Tuomi MODULE_CONTEXT_REQUIRE(obj, acl_mailbox_list_module)
2615df45a8027948a474abe5e817b34b0499c171Timo Sirainenstruct acl_mailbox_list_module acl_mailbox_list_module =
2615df45a8027948a474abe5e817b34b0499c171Timo Sirainen MODULE_CONTEXT_INIT(&mailbox_list_module_register);
e7ca5f820d6a1a8fe549a2966ac707a60e055ef4Timo Sirainenstruct acl_backend *acl_mailbox_list_get_backend(struct mailbox_list *list)
5e10e813a3f0c0f568cf642dbdf440a40b183ae6Aki Tuomi struct acl_mailbox_list *alist = ACL_LIST_CONTEXT_REQUIRE(list);
2615df45a8027948a474abe5e817b34b0499c171Timo Sirainenint acl_mailbox_list_have_right(struct mailbox_list *list, const char *name,
2615df45a8027948a474abe5e817b34b0499c171Timo Sirainen bool parent, unsigned int acl_storage_right_idx,
5e10e813a3f0c0f568cf642dbdf440a40b183ae6Aki Tuomi struct acl_mailbox_list *alist = ACL_LIST_CONTEXT_REQUIRE(list);
2615df45a8027948a474abe5e817b34b0499c171Timo Sirainen struct acl_backend *backend = alist->rights.backend;
2615df45a8027948a474abe5e817b34b0499c171Timo Sirainen const unsigned int *idx_arr = alist->rights.acl_storage_right_idx;
2615df45a8027948a474abe5e817b34b0499c171Timo Sirainen ret = acl_object_have_right(aclobj, idx_arr[acl_storage_right_idx]);
2e295aaaf04febd3bb7be66cddd4d8ffa96fa5dcAki Tuomiacl_mailbox_try_list_fast(struct mailbox_list_iterate_context *_ctx)
5e10e813a3f0c0f568cf642dbdf440a40b183ae6Aki Tuomi struct acl_mailbox_list *alist = ACL_LIST_CONTEXT_REQUIRE(_ctx->list);
2f122b4db3f0d4eeb59ff9d306e54b2009d72cf9Timo Sirainen struct acl_backend *backend = alist->rights.backend;
2f122b4db3f0d4eeb59ff9d306e54b2009d72cf9Timo Sirainen struct acl_mailbox_list_context *nonowner_list_ctx;
5707c94de29af4645a93e0d36ffa57af5537172cTimo Sirainen struct mailbox_list_iter_update_context update_ctx;
36aa287d32a78048d66cff024a8f7e848c45a8bfTimo Sirainen /* mailboxes in public namespace should all be listable to
36aa287d32a78048d66cff024a8f7e848c45a8bfTimo Sirainen someone. we don't benefit from fast listing. */
a81e49899669137f9d7d1ba4c3130c9389cee530Timo Sirainen /* if this namespace's default rights contain LOOKUP, we'll need to
a81e49899669137f9d7d1ba4c3130c9389cee530Timo Sirainen go through all mailboxes in any case. */
a81e49899669137f9d7d1ba4c3130c9389cee530Timo Sirainen idxp = alist->rights.acl_storage_right_idx + ACL_STORAGE_RIGHT_LOOKUP;
2f122b4db3f0d4eeb59ff9d306e54b2009d72cf9Timo Sirainen if (acl_backend_get_default_rights(backend, &acl_mask) < 0 ||
a81e49899669137f9d7d1ba4c3130c9389cee530Timo Sirainen /* no LOOKUP right by default, we can optimize this */
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen update_ctx.tree_ctx = mailbox_tree_init(ctx->sep);
a81e49899669137f9d7d1ba4c3130c9389cee530Timo Sirainen nonowner_list_ctx = acl_backend_nonowner_lookups_iter_init(backend);
c7f6992db44e9cd33b3b0d754833a1503ee9a53fAki Tuomi while (acl_backend_nonowner_lookups_iter_next(nonowner_list_ctx,
bbc7e2c2e726cf84da49f4062d05b0c35a9377bdAki Tuomi if (acl_backend_nonowner_lookups_iter_deinit(&nonowner_list_ctx) >= 0)
cb5a43d2dd99db0037b3450701ed83df78bc90f5Timo Sirainenacl_mailbox_list_iter_init_shared(struct mailbox_list *list,
cb5a43d2dd99db0037b3450701ed83df78bc90f5Timo Sirainen const char *const *patterns,
5e10e813a3f0c0f568cf642dbdf440a40b183ae6Aki Tuomi struct acl_mailbox_list *alist = ACL_LIST_CONTEXT_REQUIRE(list);
cb5a43d2dd99db0037b3450701ed83df78bc90f5Timo Sirainen /* before listing anything add namespaces for all users
cb5a43d2dd99db0037b3450701ed83df78bc90f5Timo Sirainen who may have visible mailboxes */
cb5a43d2dd99db0037b3450701ed83df78bc90f5Timo Sirainen ctx = alist->module_ctx.super.iter_init(list, patterns, flags);
d92f33f13830ba23d814342bf3ea8db721a15bb1Timo Sirainenacl_mailbox_list_iter_init(struct mailbox_list *list,
d92f33f13830ba23d814342bf3ea8db721a15bb1Timo Sirainen const char *const *patterns,
5e10e813a3f0c0f568cf642dbdf440a40b183ae6Aki Tuomi struct acl_mailbox_list *alist = ACL_LIST_CONTEXT_REQUIRE(list);
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen const char *p;
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen unsigned int i;
7e1600ded6fe7e056cea3771bb28fc11d571f039Aki Tuomi _ctx = alist->module_ctx.super.iter_init(list, patterns, flags);
7e1600ded6fe7e056cea3771bb28fc11d571f039Aki Tuomi ctx = p_new(_ctx->pool, struct acl_mailbox_list_iterate_context, 1);
49b3aba19447f9d15fbe0506d81d6572b210a124Timo Sirainen if (list->ns->type != MAIL_NAMESPACE_TYPE_PRIVATE &&
49b3aba19447f9d15fbe0506d81d6572b210a124Timo Sirainen (list->ns->flags & NAMESPACE_FLAG_SUBSCRIPTIONS) != 0) {
49b3aba19447f9d15fbe0506d81d6572b210a124Timo Sirainen /* non-private namespace with subscriptions=yes. this could be
49b3aba19447f9d15fbe0506d81d6572b210a124Timo Sirainen a site-global subscriptions file, so hide subscriptions for
49b3aba19447f9d15fbe0506d81d6572b210a124Timo Sirainen mailboxes the user doesn't see. */
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen /* see if all patterns have only a single '*' and it's at the end.
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen we can use it to do some optimizations. */
7e1600ded6fe7e056cea3771bb28fc11d571f039Aki Tuomi MODULE_CONTEXT_SET(_ctx, acl_mailbox_list_module, ctx);
a81e49899669137f9d7d1ba4c3130c9389cee530Timo Sirainen /* Try to avoid reading ACLs from all mailboxes by getting a smaller
a81e49899669137f9d7d1ba4c3130c9389cee530Timo Sirainen list of mailboxes that have even potential to be visible. If we
a81e49899669137f9d7d1ba4c3130c9389cee530Timo Sirainen couldn't get such a list, we'll go through all mailboxes. */
61e84692827b6a64912343f515c984853021483aTimo Sirainenstatic const struct mailbox_info *
2e295aaaf04febd3bb7be66cddd4d8ffa96fa5dcAki Tuomiacl_mailbox_list_iter_next_info(struct mailbox_list_iterate_context *_ctx)
5e10e813a3f0c0f568cf642dbdf440a40b183ae6Aki Tuomi struct acl_mailbox_list *alist = ACL_LIST_CONTEXT_REQUIRE(_ctx->list);
7e1600ded6fe7e056cea3771bb28fc11d571f039Aki Tuomi while ((info = alist->module_ctx.super.iter_next(_ctx)) != NULL) {
a81e49899669137f9d7d1ba4c3130c9389cee530Timo Sirainen /* if we've a list of mailboxes with LOOKUP rights, skip the
a81e49899669137f9d7d1ba4c3130c9389cee530Timo Sirainen mailboxes not in the list (since we know they can't be
a81e49899669137f9d7d1ba4c3130c9389cee530Timo Sirainen visible to us). */
402e999a878e0cc41a0afb830fea0a93afc75f0dTimo Sirainen mailbox_tree_lookup(ctx->lookup_boxes, info->vname) != NULL)
925915badca5cf87bf45050c2fcc103534bef71aTimo Sirainen i_debug("acl: Mailbox not in dovecot-acl-list: %s",
5707c94de29af4645a93e0d36ffa57af5537172cTimo Sirainenstatic const char *
5707c94de29af4645a93e0d36ffa57af5537172cTimo Sirainenacl_mailbox_list_iter_get_name(struct mailbox_list_iterate_context *ctx,
c0a87e5f3316a57e6f915882fa1951d0fbb74a61Timo Sirainen name = mailbox_list_get_storage_name(ns->list, vname);
c0a87e5f3316a57e6f915882fa1951d0fbb74a61Timo Sirainen if (len > 0 && name[len-1] == mailbox_list_get_hierarchy_sep(ns->list)) {
d7d3f11df97aa1e816964399a07c2ef23e573abbTimo Sirainen /* name ends with separator. this can happen if doing e.g.
d7d3f11df97aa1e816964399a07c2ef23e573abbTimo Sirainen LIST "" foo/% and it lists "foo/". */
2e295aaaf04febd3bb7be66cddd4d8ffa96fa5dcAki Tuomiiter_is_listing_all_children(struct mailbox_list_iterate_context *_ctx)
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen /* If all patterns (with '.' separator) are in "name*", "name.*" or
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen "%.*" style format, simple_star_glob=TRUE and we can easily test
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen this by simply checking if name/child mailbox matches. */
402e999a878e0cc41a0afb830fea0a93afc75f0dTimo Sirainen child = t_strdup_printf("%s%cx", ctx->info.vname, ctx->sep);
2e295aaaf04febd3bb7be66cddd4d8ffa96fa5dcAki Tuomiiter_mailbox_has_visible_children(struct mailbox_list_iterate_context *_ctx,
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen /* do we have child mailboxes with LOOKUP right that don't match
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen the list pattern? */
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen /* we have a list of mailboxes with LOOKUP rights. before
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen starting the slow list iteration, check check first
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen if there even are any children with LOOKUP rights. */
402e999a878e0cc41a0afb830fea0a93afc75f0dTimo Sirainen node = mailbox_tree_lookup(ctx->lookup_boxes, ctx->info.vname);
a8de8d06e459b4725cc4d1637a2baf00cab73924Timo Sirainen /* if mailbox name has '*' characters in it, they'll conflict with the
a8de8d06e459b4725cc4d1637a2baf00cab73924Timo Sirainen LIST wildcard. replace then with '%' and verify later that all
a8de8d06e459b4725cc4d1637a2baf00cab73924Timo Sirainen results have the correct prefix. */
402e999a878e0cc41a0afb830fea0a93afc75f0dTimo Sirainen for (i = 0; ctx->info.vname[i] != '\0'; i++) {
402e999a878e0cc41a0afb830fea0a93afc75f0dTimo Sirainen if (i > 0 && ctx->info.vname[i-1] != ctx->sep)
2e295aaaf04febd3bb7be66cddd4d8ffa96fa5dcAki Tuomi iter = mailbox_list_iter_init(_ctx->list, str_c(pattern),
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen while ((info = mailbox_list_iter_next(iter)) != NULL) {
2e295aaaf04febd3bb7be66cddd4d8ffa96fa5dcAki Tuomi imap_match(_ctx->glob, info->vname) == IMAP_MATCH_YES) {
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen /* at least one child matches also the original list
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen patterns. we don't need to show this mailbox. */
402e999a878e0cc41a0afb830fea0a93afc75f0dTimo Sirainen if (!stars || strncmp(info->vname, prefix, prefix_len) == 0)
2e295aaaf04febd3bb7be66cddd4d8ffa96fa5dcAki Tuomiacl_mailbox_list_info_is_visible(struct mailbox_list_iterate_context *_ctx)
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen#define PRESERVE_MAILBOX_FLAGS (MAILBOX_SUBSCRIBED | MAILBOX_CHILD_SUBSCRIBED)
2e295aaaf04febd3bb7be66cddd4d8ffa96fa5dcAki Tuomi if ((_ctx->flags & MAILBOX_LIST_ITER_RAW_LIST) != 0) {
721f9e3d2ca029b6bca93396801f3131e4e0e5f4Timo Sirainen /* skip ACL checks. */
2e295aaaf04febd3bb7be66cddd4d8ffa96fa5dcAki Tuomi if ((_ctx->flags & MAILBOX_LIST_ITER_SELECT_SUBSCRIBED) != 0 &&
2e295aaaf04febd3bb7be66cddd4d8ffa96fa5dcAki Tuomi (_ctx->flags & MAILBOX_LIST_ITER_RETURN_NO_FLAGS) != 0 &&
9d7718a765e54cc41d75e7a661a44b31a166e987Timo Sirainen /* don't waste time doing an ACL check. we're going to list
9d7718a765e54cc41d75e7a661a44b31a166e987Timo Sirainen all subscriptions anyway. */
9d7718a765e54cc41d75e7a661a44b31a166e987Timo Sirainen info->flags &= MAILBOX_SUBSCRIBED | MAILBOX_CHILD_SUBSCRIBED;
2e295aaaf04febd3bb7be66cddd4d8ffa96fa5dcAki Tuomi acl_name = acl_mailbox_list_iter_get_name(_ctx, info->vname);
2e295aaaf04febd3bb7be66cddd4d8ffa96fa5dcAki Tuomi ret = acl_mailbox_list_have_right(_ctx->list, acl_name, FALSE,
2e295aaaf04febd3bb7be66cddd4d8ffa96fa5dcAki Tuomi if ((_ctx->flags & MAILBOX_LIST_ITER_RETURN_NO_FLAGS) != 0) {
0a167fd961775cb203f862a3a6bc5e55ce8e76c9Timo Sirainen /* don't waste time checking if there are visible
0a167fd961775cb203f862a3a6bc5e55ce8e76c9Timo Sirainen children, but also don't return incorrect flags */
0a167fd961775cb203f862a3a6bc5e55ce8e76c9Timo Sirainen } else if ((info->flags & MAILBOX_CHILDREN) != 0 &&
2e295aaaf04febd3bb7be66cddd4d8ffa96fa5dcAki Tuomi !iter_mailbox_has_visible_children(_ctx, FALSE, FALSE)) {
721f9e3d2ca029b6bca93396801f3131e4e0e5f4Timo Sirainen /* no permission to see this mailbox */
2e295aaaf04febd3bb7be66cddd4d8ffa96fa5dcAki Tuomi if ((_ctx->flags & MAILBOX_LIST_ITER_SELECT_SUBSCRIBED) != 0) {
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen /* we're listing subscribed mailboxes. this one or its child
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen is subscribed, so we'll need to list it. but since we don't
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen have LOOKUP right, we'll need to show it as nonexistent. */
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen i_assert((info->flags & PRESERVE_MAILBOX_FLAGS) != 0);
49b3aba19447f9d15fbe0506d81d6572b210a124Timo Sirainen /* global subscriptions file. hide this entry if there
49b3aba19447f9d15fbe0506d81d6572b210a124Timo Sirainen are no visible subscribed children or if we're going
49b3aba19447f9d15fbe0506d81d6572b210a124Timo Sirainen to list the subscribed children anyway. */
49b3aba19447f9d15fbe0506d81d6572b210a124Timo Sirainen if ((info->flags & MAILBOX_CHILD_SUBSCRIBED) == 0)
2e295aaaf04febd3bb7be66cddd4d8ffa96fa5dcAki Tuomi !iter_mailbox_has_visible_children(_ctx, TRUE, TRUE))
49b3aba19447f9d15fbe0506d81d6572b210a124Timo Sirainen /* e.g. LSUB "" % with visible subscribed children */
2e295aaaf04febd3bb7be66cddd4d8ffa96fa5dcAki Tuomi iter_mailbox_has_visible_children(_ctx, TRUE, FALSE)) {
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen /* no child mailboxes match the list pattern(s), but mailbox
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen has visible children. we'll need to show this as
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen non-existent. */
ecff11c6c8418a365da4e2b154327d52de2aa563Timo Sirainen info->flags = MAILBOX_NONEXISTENT | MAILBOX_CHILDREN |
ab7687e9b029a16a6d4f4542943811262387ae87Timo Sirainenacl_mailbox_list_iter_check_autocreate_acls(struct mailbox_list_iterate_context *_ctx)
ab7687e9b029a16a6d4f4542943811262387ae87Timo Sirainen struct acl_mailbox_list_iterate_context *ctx =
ab7687e9b029a16a6d4f4542943811262387ae87Timo Sirainen if ((_ctx->flags & MAILBOX_LIST_ITER_RAW_LIST) != 0) {
ab7687e9b029a16a6d4f4542943811262387ae87Timo Sirainen /* skip ACL checks. */
ab7687e9b029a16a6d4f4542943811262387ae87Timo Sirainen box_sets = array_get(&_ctx->autocreate_ctx->box_sets, &count);
ab7687e9b029a16a6d4f4542943811262387ae87Timo Sirainen i_assert(array_count(&_ctx->autocreate_ctx->boxes) == count);
ab7687e9b029a16a6d4f4542943811262387ae87Timo Sirainen for (i = 0; i < count; ) {
ab7687e9b029a16a6d4f4542943811262387ae87Timo Sirainen acl_mailbox_list_iter_get_name(_ctx, box_sets[i]->name);
ab7687e9b029a16a6d4f4542943811262387ae87Timo Sirainen ret = acl_mailbox_list_have_right(_ctx->list, acl_name, FALSE,
ab7687e9b029a16a6d4f4542943811262387ae87Timo Sirainen /* no list right - remove the whole autobox */
ab7687e9b029a16a6d4f4542943811262387ae87Timo Sirainen array_delete(&_ctx->autocreate_ctx->box_sets, i, 1);
ab7687e9b029a16a6d4f4542943811262387ae87Timo Sirainen array_delete(&_ctx->autocreate_ctx->boxes, i, 1);
ab7687e9b029a16a6d4f4542943811262387ae87Timo Sirainen box_sets = array_get(&_ctx->autocreate_ctx->box_sets, &count);
721f9e3d2ca029b6bca93396801f3131e4e0e5f4Timo Sirainenstatic const struct mailbox_info *
721f9e3d2ca029b6bca93396801f3131e4e0e5f4Timo Sirainenacl_mailbox_list_iter_next(struct mailbox_list_iterate_context *_ctx)
721f9e3d2ca029b6bca93396801f3131e4e0e5f4Timo Sirainen struct acl_mailbox_list_iterate_context *ctx =
ab7687e9b029a16a6d4f4542943811262387ae87Timo Sirainen if (acl_mailbox_list_iter_check_autocreate_acls(_ctx) < 0) {
2e295aaaf04febd3bb7be66cddd4d8ffa96fa5dcAki Tuomi while ((info = acl_mailbox_list_iter_next_info(_ctx)) != NULL) {
f9c7106cc05eedb57d1beee3ca3c47f49fafb172Timo Sirainen /* skip to next one */
925915badca5cf87bf45050c2fcc103534bef71aTimo Sirainen i_debug("acl: No lookup right to mailbox: %s",
2f122b4db3f0d4eeb59ff9d306e54b2009d72cf9Timo Sirainenacl_mailbox_list_iter_deinit(struct mailbox_list_iterate_context *_ctx)
2f122b4db3f0d4eeb59ff9d306e54b2009d72cf9Timo Sirainen struct acl_mailbox_list_iterate_context *ctx =
5e10e813a3f0c0f568cf642dbdf440a40b183ae6Aki Tuomi struct acl_mailbox_list *alist = ACL_LIST_CONTEXT_REQUIRE(_ctx->list);
7e1600ded6fe7e056cea3771bb28fc11d571f039Aki Tuomi if (alist->module_ctx.super.iter_deinit(_ctx) < 0)
c22572f8d98de4d8bf3d017421ed9f534b69186bTimo Sirainenstatic void acl_mailbox_list_deinit(struct mailbox_list *list)
5e10e813a3f0c0f568cf642dbdf440a40b183ae6Aki Tuomi struct acl_mailbox_list *alist = ACL_LIST_CONTEXT_REQUIRE(list);
cb5a43d2dd99db0037b3450701ed83df78bc90f5Timo Sirainenstatic void acl_mailbox_list_init_shared(struct mailbox_list *list)
cb5a43d2dd99db0037b3450701ed83df78bc90f5Timo Sirainen alist = p_new(list->pool, struct acl_mailbox_list, 1);
539977f9257bd8985be5a8093658da266ae9cd19Timo Sirainen v->iter_init = acl_mailbox_list_iter_init_shared;
cb5a43d2dd99db0037b3450701ed83df78bc90f5Timo Sirainen MODULE_CONTEXT_SET(list, acl_mailbox_list_module, alist);
2615df45a8027948a474abe5e817b34b0499c171Timo Sirainenstatic void acl_storage_rights_ctx_init(struct acl_storage_rights_context *ctx,
2615df45a8027948a474abe5e817b34b0499c171Timo Sirainen unsigned int i;
2615df45a8027948a474abe5e817b34b0499c171Timo Sirainen for (i = 0; i < ACL_STORAGE_RIGHT_COUNT; i++) {
cb5a43d2dd99db0037b3450701ed83df78bc90f5Timo Sirainenstatic void acl_mailbox_list_init_default(struct mailbox_list *list)
cb433472848dddf0a42aa7252eda6721559a7c72Timo Sirainen if (list->mail_set->mail_full_filesystem_access) {
cb433472848dddf0a42aa7252eda6721559a7c72Timo Sirainen /* not necessarily, but safer to do this for now. */
cb433472848dddf0a42aa7252eda6721559a7c72Timo Sirainen "incompatible with ACLs");
cb433472848dddf0a42aa7252eda6721559a7c72Timo Sirainen alist = p_new(list->pool, struct acl_mailbox_list, 1);
cb433472848dddf0a42aa7252eda6721559a7c72Timo Sirainen v->iter_deinit = acl_mailbox_list_iter_deinit;
cb433472848dddf0a42aa7252eda6721559a7c72Timo Sirainen MODULE_CONTEXT_SET(list, acl_mailbox_list_module, alist);
cb433472848dddf0a42aa7252eda6721559a7c72Timo Sirainenvoid acl_mail_namespace_storage_added(struct mail_namespace *ns)
cb433472848dddf0a42aa7252eda6721559a7c72Timo Sirainen struct acl_mailbox_list *alist = ACL_LIST_CONTEXT(ns->list);
81e6e1ef0feef60644a4c4b745d82a4c98223affTimo Sirainen const char *current_username, *owner_username;
88a4bd48b03c451596414c16f72c0f4cc31b4745Aki Tuomi struct acl_user *auser = ACL_USER_CONTEXT_REQUIRE(ns->user);
a52bb32f47ea8e2c242189dcfe203a0749b62c77Timo Sirainen owner = strcmp(current_username, owner_username) == 0;
e7ca5f820d6a1a8fe549a2966ac707a60e055ef4Timo Sirainen /* We don't care about the username for non-private mailboxes.
e7ca5f820d6a1a8fe549a2966ac707a60e055ef4Timo Sirainen It's used only when checking if we're the mailbox owner. We never
e7ca5f820d6a1a8fe549a2966ac707a60e055ef4Timo Sirainen are for shared/public mailboxes. */
cb433472848dddf0a42aa7252eda6721559a7c72Timo Sirainen /* we need to know the storage when initializing backend */
cb433472848dddf0a42aa7252eda6721559a7c72Timo Sirainen backend = acl_backend_init(auser->acl_env, ns->list, current_username,
e7ca5f820d6a1a8fe549a2966ac707a60e055ef4Timo Sirainen acl_storage_rights_ctx_init(&alist->rights, backend);
cb433472848dddf0a42aa7252eda6721559a7c72Timo Sirainenvoid acl_mailbox_list_created(struct mailbox_list *list)
cb433472848dddf0a42aa7252eda6721559a7c72Timo Sirainen struct acl_user *auser = ACL_USER_CONTEXT(list->ns->user);
0df9428baed48afaff90b4d4f03792d2fd756a43Timo Sirainen /* ACLs disabled for this user */
cb433472848dddf0a42aa7252eda6721559a7c72Timo Sirainen } else if ((list->ns->flags & NAMESPACE_FLAG_NOACL) != 0) {
dc7c35479b96456dcca68b7d8e1ae9b9beac1074Timo Sirainen /* no ACL checks for internal namespaces (lda, shared) */
3e0bae44b65f5c46989fcef3d1e07203f496327eTimo Sirainen if (list->ns->type == MAIL_NAMESPACE_TYPE_SHARED)
9b706b345064ce8e8a657f54633f009a101298eaTimo Sirainen } else if ((list->ns->flags & NAMESPACE_FLAG_UNUSABLE) != 0) {
9b706b345064ce8e8a657f54633f009a101298eaTimo Sirainen /* this namespace is empty. don't attempt to lookup ACLs,
9b706b345064ce8e8a657f54633f009a101298eaTimo Sirainen because they're not going to work anyway and we could
9b706b345064ce8e8a657f54633f009a101298eaTimo Sirainen crash doing it. */