acl-mailbox-list.c revision a8de8d06e459b4725cc4d1637a2baf00cab73924
76b43e4417bab52e913da39b5f5bc2a130d3f149Timo Sirainen/* Copyright (c) 2006-2008 Dovecot authors, see the included COPYING file */
2f122b4db3f0d4eeb59ff9d306e54b2009d72cf9Timo Sirainen struct mailbox_list_iterate_context *super_ctx;
8e371a3ce32bd64288786855b8ce0cb63f19f7d1Timo Sirainenstatic MODULE_CONTEXT_DEFINE_INIT(acl_mailbox_list_module,
e7ca5f820d6a1a8fe549a2966ac707a60e055ef4Timo Sirainenstruct acl_backend *acl_mailbox_list_get_backend(struct mailbox_list *list)
e7ca5f820d6a1a8fe549a2966ac707a60e055ef4Timo Sirainen struct acl_mailbox_list *alist = ACL_LIST_CONTEXT(list);
da9f6acdcb303d0fe5160b669668aedf39c8f45aTimo Sirainenacl_mailbox_list_have_right(struct mailbox_list *list, const char *name,
e7ca5f820d6a1a8fe549a2966ac707a60e055ef4Timo Sirainen unsigned int acl_storage_right_idx, bool *can_see_r)
da9f6acdcb303d0fe5160b669668aedf39c8f45aTimo Sirainen struct acl_mailbox_list *alist = ACL_LIST_CONTEXT(list);
da9f6acdcb303d0fe5160b669668aedf39c8f45aTimo Sirainen ret = acl_storage_rights_ctx_have_right(&alist->rights, name, FALSE,
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainenacl_mailbox_try_list_fast(struct acl_mailbox_list_iterate_context *ctx)
2f122b4db3f0d4eeb59ff9d306e54b2009d72cf9Timo Sirainen struct acl_mailbox_list *alist = ACL_LIST_CONTEXT(ctx->ctx.list);
2f122b4db3f0d4eeb59ff9d306e54b2009d72cf9Timo Sirainen struct acl_backend *backend = alist->rights.backend;
a81e49899669137f9d7d1ba4c3130c9389cee530Timo Sirainen const unsigned int *idxp;
2f122b4db3f0d4eeb59ff9d306e54b2009d72cf9Timo Sirainen struct acl_mailbox_list_context *nonowner_list_ctx;
ef50336eefcb9ba99f73c6af37420eaf8857a39bTimo Sirainen struct mail_namespace *ns = ctx->ctx.list->ns;
5707c94de29af4645a93e0d36ffa57af5537172cTimo Sirainen struct mailbox_list_iter_update_context update_ctx;
5707c94de29af4645a93e0d36ffa57af5537172cTimo Sirainen if ((ctx->ctx.flags & (MAILBOX_LIST_ITER_RAW_LIST |
a81e49899669137f9d7d1ba4c3130c9389cee530Timo Sirainen /* if this namespace's default rights contain LOOKUP, we'll need to
a81e49899669137f9d7d1ba4c3130c9389cee530Timo Sirainen go through all mailboxes in any case. */
a81e49899669137f9d7d1ba4c3130c9389cee530Timo Sirainen idxp = alist->rights.acl_storage_right_idx + ACL_STORAGE_RIGHT_LOOKUP;
2f122b4db3f0d4eeb59ff9d306e54b2009d72cf9Timo Sirainen if (acl_backend_get_default_rights(backend, &acl_mask) < 0 ||
a81e49899669137f9d7d1ba4c3130c9389cee530Timo Sirainen /* no LOOKUP right by default, we can optimize this */
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen if ((ctx->ctx.flags & MAILBOX_LIST_ITER_VIRTUAL_NAMES) != 0)
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen update_ctx.tree_ctx = mailbox_tree_init(ctx->sep);
a81e49899669137f9d7d1ba4c3130c9389cee530Timo Sirainen nonowner_list_ctx = acl_backend_nonowner_lookups_iter_init(backend);
a81e49899669137f9d7d1ba4c3130c9389cee530Timo Sirainen while ((ret = acl_backend_nonowner_lookups_iter_next(nonowner_list_ctx,
a81e49899669137f9d7d1ba4c3130c9389cee530Timo Sirainen name = mail_namespace_get_vname(ns, vname, name);
a81e49899669137f9d7d1ba4c3130c9389cee530Timo Sirainen acl_backend_nonowner_lookups_iter_deinit(&nonowner_list_ctx);
d92f33f13830ba23d814342bf3ea8db721a15bb1Timo Sirainenacl_mailbox_list_iter_init(struct mailbox_list *list,
d92f33f13830ba23d814342bf3ea8db721a15bb1Timo Sirainen const char *const *patterns,
2f122b4db3f0d4eeb59ff9d306e54b2009d72cf9Timo Sirainen struct acl_mailbox_list *alist = ACL_LIST_CONTEXT(list);
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen const char *p;
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen unsigned int i;
2f122b4db3f0d4eeb59ff9d306e54b2009d72cf9Timo Sirainen ctx = i_new(struct acl_mailbox_list_iterate_context, 1);
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen inboxcase = (list->ns->flags & NAMESPACE_FLAG_INBOX) != 0;
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen ctx->sep = (ctx->ctx.flags & MAILBOX_LIST_ITER_VIRTUAL_NAMES) != 0 ?
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen ctx->glob = imap_match_init_multiple(default_pool, patterns,
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen /* see if all patterns have only a single '*' and it's at the end.
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen we can use it to do some optimizations. */
81e6e1ef0feef60644a4c4b745d82a4c98223affTimo Sirainen (list->ns->flags & NAMESPACE_FLAG_AUTOCREATED) == 0) {
81e6e1ef0feef60644a4c4b745d82a4c98223affTimo Sirainen /* before listing anything add namespaces for all users
81e6e1ef0feef60644a4c4b745d82a4c98223affTimo Sirainen who may have visible mailboxes */
a81e49899669137f9d7d1ba4c3130c9389cee530Timo Sirainen /* Try to avoid reading ACLs from all mailboxes by getting a smaller
a81e49899669137f9d7d1ba4c3130c9389cee530Timo Sirainen list of mailboxes that have even potential to be visible. If we
a81e49899669137f9d7d1ba4c3130c9389cee530Timo Sirainen couldn't get such a list, we'll go through all mailboxes. */
61e84692827b6a64912343f515c984853021483aTimo Sirainenstatic const struct mailbox_info *
721f9e3d2ca029b6bca93396801f3131e4e0e5f4Timo Sirainenacl_mailbox_list_iter_next_info(struct acl_mailbox_list_iterate_context *ctx)
721f9e3d2ca029b6bca93396801f3131e4e0e5f4Timo Sirainen struct acl_mailbox_list *alist = ACL_LIST_CONTEXT(ctx->ctx.list);
5707c94de29af4645a93e0d36ffa57af5537172cTimo Sirainen info = alist->module_ctx.super.iter_next(ctx->super_ctx);
a81e49899669137f9d7d1ba4c3130c9389cee530Timo Sirainen /* if we've a list of mailboxes with LOOKUP rights, skip the
a81e49899669137f9d7d1ba4c3130c9389cee530Timo Sirainen mailboxes not in the list (since we know they can't be
a81e49899669137f9d7d1ba4c3130c9389cee530Timo Sirainen visible to us). */
a81e49899669137f9d7d1ba4c3130c9389cee530Timo Sirainen mailbox_tree_lookup(ctx->lookup_boxes, info->name) == NULL);
5707c94de29af4645a93e0d36ffa57af5537172cTimo Sirainenstatic const char *
5707c94de29af4645a93e0d36ffa57af5537172cTimo Sirainenacl_mailbox_list_iter_get_name(struct mailbox_list_iterate_context *ctx,
5707c94de29af4645a93e0d36ffa57af5537172cTimo Sirainen if ((ctx->flags & MAILBOX_LIST_ITER_VIRTUAL_NAMES) == 0)
5707c94de29af4645a93e0d36ffa57af5537172cTimo Sirainen /* Mailbox names contain namespace prefix,
5707c94de29af4645a93e0d36ffa57af5537172cTimo Sirainen except when listing INBOX. */
5707c94de29af4645a93e0d36ffa57af5537172cTimo Sirainen if (strncmp(name, ns->prefix, ns->prefix_len) == 0)
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Siraineniter_is_listing_all_children(struct acl_mailbox_list_iterate_context *ctx)
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen /* If all patterns (with '.' separator) are in "name*", "name.*" or
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen "%.*" style format, simple_star_glob=TRUE and we can easily test
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen this by simply checking if name/child mailbox matches. */
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen child = t_strdup_printf("%s%cx", ctx->info.name, ctx->sep);
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen imap_match(ctx->glob, child) == IMAP_MATCH_YES;
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Siraineniter_mailbox_has_visible_children(struct acl_mailbox_list_iterate_context *ctx)
a8de8d06e459b4725cc4d1637a2baf00cab73924Timo Sirainen unsigned int i, prefix_len;
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen /* do we have child mailboxes with LOOKUP right that don't match
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen the list pattern? */
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen /* we have a list of mailboxes with LOOKUP rights. before
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen starting the slow list iteration, check check first
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen if there even are any children with LOOKUP rights. */
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen node = mailbox_tree_lookup(ctx->lookup_boxes, ctx->info.name);
a8de8d06e459b4725cc4d1637a2baf00cab73924Timo Sirainen /* if mailbox name has '*' characters in it, they'll conflict with the
a8de8d06e459b4725cc4d1637a2baf00cab73924Timo Sirainen LIST wildcard. replace then with '%' and verify later that all
a8de8d06e459b4725cc4d1637a2baf00cab73924Timo Sirainen results have the correct prefix. */
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen flags = (ctx->ctx.flags & MAILBOX_LIST_ITER_VIRTUAL_NAMES) |
a8de8d06e459b4725cc4d1637a2baf00cab73924Timo Sirainen iter = mailbox_list_iter_init(ctx->ctx.list, str_c(pattern), flags);
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen while ((info = mailbox_list_iter_next(iter)) != NULL) {
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen if (imap_match(ctx->glob, info->name) == IMAP_MATCH_YES) {
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen /* at least one child matches also the original list
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen patterns. we don't need to show this mailbox. */
a8de8d06e459b4725cc4d1637a2baf00cab73924Timo Sirainen if (!stars || strncmp(info->name, prefix, prefix_len) == 0)
0b219481c3b695a18ba5801aa4843cf4d532dd86Timo Sirainenacl_mailbox_list_info_is_visible(struct acl_mailbox_list_iterate_context *ctx)
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen#define PRESERVE_MAILBOX_FLAGS (MAILBOX_SUBSCRIBED | MAILBOX_CHILD_SUBSCRIBED)
721f9e3d2ca029b6bca93396801f3131e4e0e5f4Timo Sirainen if ((ctx->ctx.flags & MAILBOX_LIST_ITER_RAW_LIST) != 0) {
721f9e3d2ca029b6bca93396801f3131e4e0e5f4Timo Sirainen /* skip ACL checks. */
5707c94de29af4645a93e0d36ffa57af5537172cTimo Sirainen acl_name = acl_mailbox_list_iter_get_name(&ctx->ctx, info->name);
da9f6acdcb303d0fe5160b669668aedf39c8f45aTimo Sirainen ret = acl_mailbox_list_have_right(ctx->ctx.list, acl_name,
721f9e3d2ca029b6bca93396801f3131e4e0e5f4Timo Sirainen /* no permission to see this mailbox */
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen if ((ctx->ctx.flags & MAILBOX_LIST_ITER_SELECT_SUBSCRIBED) != 0) {
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen /* we're listing subscribed mailboxes. this one or its child
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen is subscribed, so we'll need to list it. but since we don't
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen have LOOKUP right, we'll need to show it as nonexistent. */
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen i_assert((info->flags & PRESERVE_MAILBOX_FLAGS) != 0);
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen /* no child mailboxes match the list pattern(s), but mailbox
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen has visible children. we'll need to show this as
ef893433824a4e9a8e423cfc493b8423ae32ef0fTimo Sirainen non-existent. */
721f9e3d2ca029b6bca93396801f3131e4e0e5f4Timo Sirainenstatic const struct mailbox_info *
721f9e3d2ca029b6bca93396801f3131e4e0e5f4Timo Sirainenacl_mailbox_list_iter_next(struct mailbox_list_iterate_context *_ctx)
721f9e3d2ca029b6bca93396801f3131e4e0e5f4Timo Sirainen struct acl_mailbox_list_iterate_context *ctx =
721f9e3d2ca029b6bca93396801f3131e4e0e5f4Timo Sirainen (struct acl_mailbox_list_iterate_context *)_ctx;
721f9e3d2ca029b6bca93396801f3131e4e0e5f4Timo Sirainen while ((info = acl_mailbox_list_iter_next_info(ctx)) != NULL) {
f9c7106cc05eedb57d1beee3ca3c47f49fafb172Timo Sirainen /* skip to next one */
2f122b4db3f0d4eeb59ff9d306e54b2009d72cf9Timo Sirainenacl_mailbox_list_iter_deinit(struct mailbox_list_iterate_context *_ctx)
2f122b4db3f0d4eeb59ff9d306e54b2009d72cf9Timo Sirainen struct acl_mailbox_list_iterate_context *ctx =
2f122b4db3f0d4eeb59ff9d306e54b2009d72cf9Timo Sirainen (struct acl_mailbox_list_iterate_context *)_ctx;
2f122b4db3f0d4eeb59ff9d306e54b2009d72cf9Timo Sirainen struct acl_mailbox_list *alist = ACL_LIST_CONTEXT(_ctx->list);
5707c94de29af4645a93e0d36ffa57af5537172cTimo Sirainen if (alist->module_ctx.super.iter_deinit(ctx->super_ctx) < 0)
f9c7106cc05eedb57d1beee3ca3c47f49fafb172Timo Sirainenstatic int acl_get_mailbox_name_status(struct mailbox_list *list,
2caa8fdbada1a0804fa978bdffb27c89e452933eTimo Sirainen struct acl_mailbox_list *alist = ACL_LIST_CONTEXT(list);
da9f6acdcb303d0fe5160b669668aedf39c8f45aTimo Sirainen ret = acl_mailbox_list_have_right(list, name, ACL_STORAGE_RIGHT_LOOKUP,
2d641a38497bc4f9fc9782968f3f7b754abdaed6Timo Sirainen /* If we have INSERT right for the mailbox, we'll need to
2d641a38497bc4f9fc9782968f3f7b754abdaed6Timo Sirainen reveal its existence so that APPEND and COPY works. */
8e371a3ce32bd64288786855b8ce0cb63f19f7d1Timo Sirainen if (alist->module_ctx.super.get_mailbox_name_status(list, name,
f9c7106cc05eedb57d1beee3ca3c47f49fafb172Timo Sirainen /* we shouldn't reveal this mailbox's existance */
f9c7106cc05eedb57d1beee3ca3c47f49fafb172Timo Sirainen /* have to check if we are allowed to see the parent */
da9f6acdcb303d0fe5160b669668aedf39c8f45aTimo Sirainen ret = acl_storage_rights_ctx_have_right(&alist->rights, name,
f9c7106cc05eedb57d1beee3ca3c47f49fafb172Timo Sirainen /* no permission to see the parent */
b039dabf4c53f72454e795930e7643b6e0e625f9Timo Sirainenacl_mailbox_list_delete(struct mailbox_list *list, const char *name)
b039dabf4c53f72454e795930e7643b6e0e625f9Timo Sirainen struct acl_mailbox_list *alist = ACL_LIST_CONTEXT(list);
da9f6acdcb303d0fe5160b669668aedf39c8f45aTimo Sirainen ret = acl_mailbox_list_have_right(list, name, ACL_STORAGE_RIGHT_DELETE,
ff7056842f14fd3b30a2d327dfab165b9d15dd30Timo Sirainen mailbox_list_set_error(list, MAIL_ERROR_NOTFOUND,
8e371a3ce32bd64288786855b8ce0cb63f19f7d1Timo Sirainen return alist->module_ctx.super.delete_mailbox(list, name);
b039dabf4c53f72454e795930e7643b6e0e625f9Timo Sirainenacl_mailbox_list_rename(struct mailbox_list *list,
b039dabf4c53f72454e795930e7643b6e0e625f9Timo Sirainen struct acl_mailbox_list *alist = ACL_LIST_CONTEXT(list);
b039dabf4c53f72454e795930e7643b6e0e625f9Timo Sirainen /* renaming requires rights to delete the old mailbox */
da9f6acdcb303d0fe5160b669668aedf39c8f45aTimo Sirainen ret = acl_mailbox_list_have_right(list, oldname,
ff7056842f14fd3b30a2d327dfab165b9d15dd30Timo Sirainen mailbox_list_set_error(list, MAIL_ERROR_NOTFOUND,
b039dabf4c53f72454e795930e7643b6e0e625f9Timo Sirainen /* and create the new one under the parent mailbox */
da9f6acdcb303d0fe5160b669668aedf39c8f45aTimo Sirainen ret = acl_storage_rights_ctx_have_right(&alist->rights, newname,
b039dabf4c53f72454e795930e7643b6e0e625f9Timo Sirainen /* Note that if the mailbox didn't have LOOKUP
b039dabf4c53f72454e795930e7643b6e0e625f9Timo Sirainen permission, this not reveals to user the mailbox's
b039dabf4c53f72454e795930e7643b6e0e625f9Timo Sirainen existence. Can't help it. */
8e371a3ce32bd64288786855b8ce0cb63f19f7d1Timo Sirainen return alist->module_ctx.super.rename_mailbox(list, oldname, newname);
f9c7106cc05eedb57d1beee3ca3c47f49fafb172Timo Sirainenvoid acl_mailbox_list_created(struct mailbox_list *list)
81e6e1ef0feef60644a4c4b745d82a4c98223affTimo Sirainen struct acl_user *auser = ACL_USER_CONTEXT(list->ns->user);
81e6e1ef0feef60644a4c4b745d82a4c98223affTimo Sirainen const char *current_username, *owner_username;
04870054863757edf048c81dcce3c5e7dec453cdTimo Sirainen if ((list->ns->flags & NAMESPACE_FLAG_INTERNAL) != 0) {
04870054863757edf048c81dcce3c5e7dec453cdTimo Sirainen /* no ACL checks for internal namespaces (deliver) */
a52bb32f47ea8e2c242189dcfe203a0749b62c77Timo Sirainen owner = strcmp(current_username, owner_username) == 0;
e7ca5f820d6a1a8fe549a2966ac707a60e055ef4Timo Sirainen /* We don't care about the username for non-private mailboxes.
e7ca5f820d6a1a8fe549a2966ac707a60e055ef4Timo Sirainen It's used only when checking if we're the mailbox owner. We never
e7ca5f820d6a1a8fe549a2966ac707a60e055ef4Timo Sirainen are for shared/public mailboxes. */
81e6e1ef0feef60644a4c4b745d82a4c98223affTimo Sirainen backend = acl_backend_init(auser->acl_env, list, current_username,
e7ca5f820d6a1a8fe549a2966ac707a60e055ef4Timo Sirainen if ((flags & MAILBOX_LIST_FLAG_FULL_FS_ACCESS) != 0) {
04870054863757edf048c81dcce3c5e7dec453cdTimo Sirainen /* not necessarily, but safer to do this for now. */
e7ca5f820d6a1a8fe549a2966ac707a60e055ef4Timo Sirainen "incompatible with ACLs");
f9c7106cc05eedb57d1beee3ca3c47f49fafb172Timo Sirainen alist = p_new(list->pool, struct acl_mailbox_list, 1);
2f122b4db3f0d4eeb59ff9d306e54b2009d72cf9Timo Sirainen list->v.iter_init = acl_mailbox_list_iter_init;
f9c7106cc05eedb57d1beee3ca3c47f49fafb172Timo Sirainen list->v.iter_next = acl_mailbox_list_iter_next;
2f122b4db3f0d4eeb59ff9d306e54b2009d72cf9Timo Sirainen list->v.iter_deinit = acl_mailbox_list_iter_deinit;
f9c7106cc05eedb57d1beee3ca3c47f49fafb172Timo Sirainen list->v.get_mailbox_name_status = acl_get_mailbox_name_status;
b039dabf4c53f72454e795930e7643b6e0e625f9Timo Sirainen list->v.delete_mailbox = acl_mailbox_list_delete;
b039dabf4c53f72454e795930e7643b6e0e625f9Timo Sirainen list->v.rename_mailbox = acl_mailbox_list_rename;
e7ca5f820d6a1a8fe549a2966ac707a60e055ef4Timo Sirainen acl_storage_rights_ctx_init(&alist->rights, backend);
e7ca5f820d6a1a8fe549a2966ac707a60e055ef4Timo Sirainen MODULE_CONTEXT_SET(list, acl_mailbox_list_module, alist);