acl-mailbox-list.c revision a8de8d06e459b4725cc4d1637a2baf00cab73924
/* Copyright (c) 2006-2008 Dovecot authors, see the included COPYING file */
#include "lib.h"
#include "array.h"
#include "str.h"
#include "imap-match.h"
#include "mailbox-tree.h"
#include "mail-namespace.h"
#include "mailbox-list-private.h"
#include "acl-api-private.h"
#include "acl-cache.h"
#include "acl-shared-storage.h"
#include "acl-plugin.h"
#define ACL_LIST_CONTEXT(obj) \
#define MAILBOX_FLAG_MATCHED 0x40000000
struct acl_mailbox_list {
struct acl_storage_rights_context rights;
};
struct acl_mailbox_list_iterate_context {
struct mailbox_list_iterate_context ctx;
struct mailbox_list_iterate_context *super_ctx;
struct mailbox_tree_context *lookup_boxes;
struct mailbox_info info;
struct imap_match_glob *glob;
char sep;
unsigned int simple_star_glob:1;
};
{
}
static int
unsigned int acl_storage_right_idx, bool *can_see_r)
{
int ret;
if (ret < 0)
return ret;
}
static void
{
const unsigned int *idxp;
const char *name;
int ret;
return;
/* if this namespace's default rights contain LOOKUP, we'll need to
go through all mailboxes in any case. */
return;
/* no LOOKUP right by default, we can optimize this */
&name)) > 0) {
}
if (ret == 0)
else
}
static struct mailbox_list_iterate_context *
const char *const *patterns,
enum mailbox_list_iter_flags flags)
{
struct acl_mailbox_list_iterate_context *ctx;
const char *p;
unsigned int i;
bool inboxcase;
/* see if all patterns have only a single '*' and it's at the end.
we can use it to do some optimizations. */
break;
}
}
/* before listing anything add namespaces for all users
who may have visible mailboxes */
}
/* Try to avoid reading ACLs from all mailboxes by getting a smaller
list of mailboxes that have even potential to be visible. If we
couldn't get such a list, we'll go through all mailboxes. */
T_BEGIN {
} T_END;
}
static const struct mailbox_info *
{
const struct mailbox_info *info;
do {
return NULL;
/* if we've a list of mailboxes with LOOKUP rights, skip the
mailboxes not in the list (since we know they can't be
visible to us). */
return info;
}
static const char *
const char *name)
{
return name;
/* Mailbox names contain namespace prefix,
except when listing INBOX. */
}
static bool
{
const char *child;
/* If all patterns (with '.' separator) are in "name*", "name.*" or
"%.*" style format, simple_star_glob=TRUE and we can easily test
return ctx->simple_star_glob &&
}
static bool
{
struct mailbox_list_iterate_context *iter;
const struct mailbox_info *info;
enum mailbox_list_iter_flags flags;
const char *prefix;
unsigned int i, prefix_len;
/* do we have child mailboxes with LOOKUP right that don't match
the list pattern? */
/* we have a list of mailboxes with LOOKUP rights. before
starting the slow list iteration, check check first
if there even are any children with LOOKUP rights. */
struct mailbox_node *node;
return FALSE;
}
/* if mailbox name has '*' characters in it, they'll conflict with the
LIST wildcard. replace then with '%' and verify later that all
results have the correct prefix. */
else {
}
}
/* at least one child matches also the original list
patterns. we don't need to show this mailbox. */
break;
}
}
(void)mailbox_list_iter_deinit(&iter);
return ret;
}
static int
{
const char *acl_name;
int ret;
/* skip ACL checks. */
return 1;
}
NULL);
if (ret != 0)
return ret;
/* no permission to see this mailbox */
/* we're listing subscribed mailboxes. this one or its child
is subscribed, so we'll need to list it. but since we don't
have LOOKUP right, we'll need to show it as nonexistent. */
return 1;
}
if (!iter_is_listing_all_children(ctx) &&
/* no child mailboxes match the list pattern(s), but mailbox
has visible children. we'll need to show this as
non-existent. */
return 1;
}
return 0;
}
static const struct mailbox_info *
{
struct acl_mailbox_list_iterate_context *ctx =
(struct acl_mailbox_list_iterate_context *)_ctx;
const struct mailbox_info *info;
int ret;
T_BEGIN {
} T_END;
if (ret > 0)
break;
if (ret < 0) {
return NULL;
}
/* skip to next one */
}
}
static int
{
struct acl_mailbox_list_iterate_context *ctx =
(struct acl_mailbox_list_iterate_context *)_ctx;
ret = -1;
return ret;
}
const char *name,
enum mailbox_name_status *status)
{
int ret;
NULL);
if (ret < 0)
return -1;
if (ret == 0) {
/* If we have INSERT right for the mailbox, we'll need to
reveal its existence so that APPEND and COPY works. */
NULL);
if (ret < 0)
return -1;
}
status) < 0)
return -1;
if (ret > 0)
return 0;
/* we shouldn't reveal this mailbox's existance */
switch (*status) {
case MAILBOX_NAME_EXISTS:
break;
case MAILBOX_NAME_VALID:
case MAILBOX_NAME_INVALID:
break;
case MAILBOX_NAME_NOINFERIORS:
/* have to check if we are allowed to see the parent */
T_BEGIN {
} T_END;
if (ret < 0) {
return -1;
}
if (ret == 0) {
/* no permission to see the parent */
}
break;
}
return 0;
}
static int
{
bool can_see;
int ret;
&can_see);
if (ret <= 0) {
if (ret < 0)
return -1;
if (can_see) {
} else {
}
return -1;
}
}
static int
{
bool can_see;
int ret;
/* renaming requires rights to delete the old mailbox */
if (ret <= 0) {
if (ret < 0)
return -1;
if (can_see) {
} else {
}
return 0;
}
/* and create the new one under the parent mailbox */
T_BEGIN {
} T_END;
if (ret <= 0) {
if (ret == 0) {
/* Note that if the mailbox didn't have LOOKUP
permission, this not reveals to user the mailbox's
existence. Can't help it. */
} else {
}
return -1;
}
}
{
struct acl_mailbox_list *alist;
struct acl_backend *backend;
struct mail_namespace *ns;
enum mailbox_list_flags flags;
const char *current_username, *owner_username;
/* no ACL checks for internal namespaces (deliver) */
return;
}
if (current_username == NULL)
else
/* We don't care about the username for non-private mailboxes.
It's used only when checking if we're the mailbox owner. We never
i_fatal("ACL backend initialization failed");
if ((flags & MAILBOX_LIST_FLAG_FULL_FS_ACCESS) != 0) {
/* not necessarily, but safer to do this for now. */
i_fatal("mail_full_filesystem_access=yes is "
"incompatible with ACLs");
}
}