plugins/acl/doveadm-acl.c

	doveadm-acl.c revision 6bd9ffc5d782e160c8542d53b26864ed973c8f66
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen/* Copyright (c) 2011 Dovecot authors, see the included COPYING file */
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen#include "lib.h"
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen#include "str.h"
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen#include "module-dir.h"
facd0971af3c905a3838ba14abc5682f285c9464Timo Sirainen#include "imap-util.h"
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen#include "acl-plugin.h"
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen#include "acl-api-private.h"
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen#include "acl-lookup-dict.h"
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen#include "doveadm-print.h"
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen#include "doveadm-mail.h"
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainenstruct doveadm_acl_cmd_context {
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    struct doveadm_mail_cmd_context ctx;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    bool get_match_me;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen};
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainenconst char *doveadm_acl_plugin_version = DOVECOT_VERSION;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainenvoid doveadm_acl_plugin_init(struct module *module);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainenvoid doveadm_acl_plugin_deinit(void);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainenstatic int
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainencmd_acl_mailbox_open(struct mail_user *user, const char *mailbox,
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen             struct mailbox **box_r)
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen{
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    struct acl_user *auser = ACL_USER_CONTEXT(user);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    struct mail_namespace *ns;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    struct mailbox *box;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    if (auser == NULL) {
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        i_error("ACL not enabled for %s", user->username);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        return -1;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    }
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    ns = mail_namespace_find(user->namespaces, mailbox);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    if (ns == NULL) {
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        i_error("No namespace found for mailbox %s", mailbox);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        return -1;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    }
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    box = mailbox_alloc(ns->list, mailbox,
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen                MAILBOX_FLAG_READONLY | MAILBOX_FLAG_KEEP_RECENT |
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen                MAILBOX_FLAG_IGNORE_ACLS);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    if (mailbox_open(box) < 0) {
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        i_error("Can't open mailbox %s: %s", mailbox,
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen            mailbox_get_last_error(box, NULL));
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        mailbox_free(&box);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        return -1;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    }
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    *box_r = box;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    return 0;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen}
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainenstatic void cmd_acl_get_right(const struct acl_rights *rights)
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen{
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    const char *id = "";
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    string_t *str;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    switch (rights->id_type) {
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    case ACL_ID_ANYONE:
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        id = ACL_ID_NAME_ANYONE;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        break;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    case ACL_ID_AUTHENTICATED:
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        id = ACL_ID_NAME_AUTHENTICATED;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        break;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    case ACL_ID_OWNER:
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        id = ACL_ID_NAME_OWNER;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        break;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    case ACL_ID_USER:
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        id = t_strconcat(ACL_ID_NAME_USER_PREFIX,
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen                 rights->identifier, NULL);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        break;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    case ACL_ID_GROUP:
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        id = t_strconcat(ACL_ID_NAME_GROUP_PREFIX,
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen                 rights->identifier, NULL);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        break;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    case ACL_ID_GROUP_OVERRIDE:
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        id = t_strconcat(ACL_ID_NAME_GROUP_OVERRIDE_PREFIX,
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen                 rights->identifier, NULL);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        break;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    case ACL_ID_TYPE_COUNT:
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        i_unreached();
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    }
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    doveadm_print(id);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    if (rights->global)
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        doveadm_print("global");
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    else
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        doveadm_print("");
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    str = t_str_new(256);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    if (rights->rights != NULL)
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        str_append(str, t_strarray_join(rights->rights, " "));
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    if (rights->neg_rights != NULL) {
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        if (str_len(str) > 0)
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen            str_append_c(str, ' ');
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        str_append_c(str, '-');
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        str_append(str, t_strarray_join(rights->neg_rights, " -"));
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    }
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    doveadm_print(str_c(str));
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen}
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainenstatic void cmd_acl_get_mailbox(struct doveadm_acl_cmd_context *ctx,
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen                struct mailbox *box)
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen{
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    struct acl_object *aclobj = acl_mailbox_get_aclobj(box);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    struct acl_backend *backend;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    struct acl_object_list_iter *iter;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    struct acl_rights rights;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    int ret;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    backend = acl_mailbox_list_get_backend(box->list);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    iter = acl_object_list_init(aclobj);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    while ((ret = acl_object_list_next(iter, &rights)) > 0) T_BEGIN {
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        if (!ctx->get_match_me ||
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen            acl_backend_rights_match_me(backend, &rights))
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen            cmd_acl_get_right(&rights);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    } T_END;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    acl_object_list_deinit(&iter);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    if (ret < 0)
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        i_error("ACL iteration failed");
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen}
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainenstatic void
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainencmd_acl_get_run(struct doveadm_mail_cmd_context *_ctx,
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        struct mail_user *user)
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen{
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    struct doveadm_acl_cmd_context *ctx =
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        (struct doveadm_acl_cmd_context *)_ctx;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    const char *mailbox = _ctx->args[0];
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    struct mailbox *box;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    if (cmd_acl_mailbox_open(user, mailbox, &box) < 0)
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        return;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    cmd_acl_get_mailbox(ctx, box);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    mailbox_free(&box);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen}
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainenstatic bool cmd_acl_get_parse_arg(struct doveadm_mail_cmd_context *_ctx, int c)
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen{
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    struct doveadm_acl_cmd_context *ctx =
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        (struct doveadm_acl_cmd_context *)_ctx;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    switch (c) {
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    case 'm':
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        ctx->get_match_me = TRUE;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        break;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    default:
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        return FALSE;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    }
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    return TRUE;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen}
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainenstatic void cmd_acl_get_init(struct doveadm_mail_cmd_context *ctx ATTR_UNUSED,
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen                 const char *const args[])
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen{
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    if (args[0] == NULL)
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        doveadm_mail_help_name("acl get");
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    doveadm_print_header("id", "ID", 0);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    doveadm_print_header("global", "Global", 0);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    doveadm_print_header("rights", "Rights", 0);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen}
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainenstatic struct doveadm_mail_cmd_context *
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainencmd_acl_get_alloc(void)
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen{
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    struct doveadm_acl_cmd_context *ctx;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    ctx = doveadm_mail_cmd_alloc(struct doveadm_acl_cmd_context);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    ctx->ctx.getopt_args = "m";
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    ctx->ctx.v.parse_arg = cmd_acl_get_parse_arg;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    ctx->ctx.v.run = cmd_acl_get_run;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    ctx->ctx.v.init = cmd_acl_get_init;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    doveadm_print_init(DOVEADM_PRINT_TYPE_TABLE);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    return &ctx->ctx;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen}
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainenstatic void
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainencmd_acl_rights_run(struct doveadm_mail_cmd_context *ctx, struct mail_user *user)
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen{
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    const char *mailbox = ctx->args[0];
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    struct mailbox *box;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    struct acl_object *aclobj;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    const char *const *rights;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    if (cmd_acl_mailbox_open(user, mailbox, &box) < 0)
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        return;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    aclobj = acl_mailbox_get_aclobj(box);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    if (acl_object_get_my_rights(aclobj, pool_datastack_create(),
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen                     &rights) < 0)
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        i_error("Failed to get rights");
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    else
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        doveadm_print(t_strarray_join(rights, " "));
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    mailbox_free(&box);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen}
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainenstatic void cmd_acl_rights_init(struct doveadm_mail_cmd_context *ctx ATTR_UNUSED,
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen                const char *const args[])
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen{
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    if (args[0] == NULL)
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        doveadm_mail_help_name("acl rights");
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    doveadm_print_header("rights", "Rights", 0);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen}
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainenstatic struct doveadm_mail_cmd_context *
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainencmd_acl_rights_alloc(void)
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen{
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    struct doveadm_mail_cmd_context *ctx;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    ctx = doveadm_mail_cmd_alloc(struct doveadm_mail_cmd_context);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    ctx->v.run = cmd_acl_rights_run;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    ctx->v.init = cmd_acl_rights_init;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    doveadm_print_init(DOVEADM_PRINT_TYPE_TABLE);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    return ctx;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen}
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainenstatic void
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainencmd_acl_set_run(struct doveadm_mail_cmd_context *ctx, struct mail_user *user)
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen{
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    const char *mailbox = ctx->args[0], *id = ctx->args[1];
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    const char *const *rights = ctx->args + 2;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    ARRAY_TYPE(const_string) dest_rights, dest_neg_rights, *dest;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    struct mailbox *box;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    struct acl_object *aclobj;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    struct acl_rights_update update;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    unsigned int i, j;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    if (cmd_acl_mailbox_open(user, mailbox, &box) < 0)
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        return;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    memset(&update, 0, sizeof(update));
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    update.modify_mode = ACL_MODIFY_MODE_REPLACE;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    update.neg_modify_mode = ACL_MODIFY_MODE_REPLACE;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    if (acl_identifier_parse(id, &update.rights) < 0)
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        i_fatal("Invalid ID: %s", id);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    t_array_init(&dest_rights, 8);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    t_array_init(&dest_neg_rights, 8);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    for (i = 0; rights[i] != NULL; i++) {
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        const char *right = rights[i];
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        if (right[0] != '-')
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen            dest = &dest_rights;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        else {
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen            right++;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen            dest = &dest_neg_rights;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        }
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        if (strcmp(right, "all") != 0)
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen            array_append(dest, &right, 1);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        else {
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen            for (j = 0; all_mailbox_rights[j] != NULL; j++)
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen                array_append(dest, &all_mailbox_rights[j], 1);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        }
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    }
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    if (array_count(&dest_rights) > 0) {
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        (void)array_append_space(&dest_rights);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        update.rights.rights = array_idx(&dest_rights, 0);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    }
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    if (array_count(&dest_neg_rights) > 0) {
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        (void)array_append_space(&dest_neg_rights);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        update.rights.neg_rights = array_idx(&dest_neg_rights, 0);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    }
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    aclobj = acl_mailbox_get_aclobj(box);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    if (acl_object_update(aclobj, &update) < 0)
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        i_error("Failed to set ACL");
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    mailbox_free(&box);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen}
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainenstatic void cmd_acl_set_init(struct doveadm_mail_cmd_context *ctx ATTR_UNUSED,
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen                 const char *const args[])
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen{
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    if (str_array_length(args) < 3)
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        doveadm_mail_help_name("acl set");
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen}
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainenstatic struct doveadm_mail_cmd_context *
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainencmd_acl_set_alloc(void)
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen{
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    struct doveadm_mail_cmd_context *ctx;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    ctx = doveadm_mail_cmd_alloc(struct doveadm_mail_cmd_context);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    ctx->v.run = cmd_acl_set_run;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    ctx->v.init = cmd_acl_set_init;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    return ctx;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen}
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainenstatic void
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainencmd_acl_delete_run(struct doveadm_mail_cmd_context *ctx, struct mail_user *user)
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen{
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen    const char *mailbox = ctx->args[0], *id = ctx->args[1];
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen    struct mailbox *box;
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen    struct acl_object *aclobj;
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen    struct acl_rights_update update;
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen    if (cmd_acl_mailbox_open(user, mailbox, &box) < 0)
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen        return;
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen    memset(&update, 0, sizeof(update));
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen    update.modify_mode = ACL_MODIFY_MODE_CLEAR;
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen    update.neg_modify_mode = ACL_MODIFY_MODE_CLEAR;
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen    if (acl_identifier_parse(id, &update.rights) < 0)
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen        i_fatal("Invalid ID: %s", id);
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen    aclobj = acl_mailbox_get_aclobj(box);
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen    if (acl_object_update(aclobj, &update) < 0)
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen        i_error("Failed to set ACL");
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen    mailbox_free(&box);
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen}
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainenstatic void cmd_acl_delete_init(struct doveadm_mail_cmd_context *ctx ATTR_UNUSED,
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen                const char *const args[])
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen{
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen    if (str_array_length(args) < 2)
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen        doveadm_mail_help_name("acl delete");
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen}
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainenstatic struct doveadm_mail_cmd_context *
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainencmd_acl_delete_alloc(void)
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen{
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen    struct doveadm_mail_cmd_context *ctx;
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen    ctx = doveadm_mail_cmd_alloc(struct doveadm_mail_cmd_context);
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen    ctx->v.run = cmd_acl_delete_run;
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen    ctx->v.init = cmd_acl_delete_init;
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen    return ctx;
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen}
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen
6bd9ffc5d782e160c8542d53b26864ed973c8f66Timo Sirainenstatic bool cmd_acl_debug_mailbox(struct mailbox *box, bool *retry_r)
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen{
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    struct mail_namespace *ns = mailbox_get_namespace(box);
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    struct acl_user *auser = ACL_USER_CONTEXT(ns->user);
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    struct acl_object *aclobj = acl_mailbox_get_aclobj(box);
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    struct acl_backend *backend = acl_mailbox_list_get_backend(box->list);
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    struct acl_mailbox_list_context *iter;
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    struct acl_lookup_dict_iter *diter;
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    const char *const *rights, *name;
7b39597853fc030086b5237169e677173f9aab62Timo Sirainen    enum mail_flags private_flags_mask;
facd0971af3c905a3838ba14abc5682f285c9464Timo Sirainen    string_t *str;
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    int ret;
6bd9ffc5d782e160c8542d53b26864ed973c8f66Timo Sirainen    bool all_ok = TRUE;
6bd9ffc5d782e160c8542d53b26864ed973c8f66Timo Sirainen
6bd9ffc5d782e160c8542d53b26864ed973c8f66Timo Sirainen    *retry_r = FALSE;
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen
7b39597853fc030086b5237169e677173f9aab62Timo Sirainen    private_flags_mask = mailbox_get_private_flags_mask(box);
7b39597853fc030086b5237169e677173f9aab62Timo Sirainen    if (private_flags_mask == 0)
facd0971af3c905a3838ba14abc5682f285c9464Timo Sirainen        i_info("All message flags are shared across users in mailbox");
facd0971af3c905a3838ba14abc5682f285c9464Timo Sirainen    else {
facd0971af3c905a3838ba14abc5682f285c9464Timo Sirainen        str = t_str_new(64);
7b39597853fc030086b5237169e677173f9aab62Timo Sirainen        imap_write_flags(str, private_flags_mask, NULL);
facd0971af3c905a3838ba14abc5682f285c9464Timo Sirainen        i_info("Per-user private flags in mailbox: %s", str_c(str));
facd0971af3c905a3838ba14abc5682f285c9464Timo Sirainen    }
facd0971af3c905a3838ba14abc5682f285c9464Timo Sirainen
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    /* check if user has lookup right */
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    if (acl_object_get_my_rights(aclobj, pool_datastack_create(),
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen                     &rights) < 0)
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen        i_fatal("Failed to get rights");
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    if (rights == NULL || rights[0] == NULL)
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen        i_info("User %s has no rights for mailbox", ns->user->username);
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    else {
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen        i_info("User %s has rights: %s",
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen               ns->user->username, t_strarray_join(rights, " "));
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    }
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    if (!str_array_find(rights, MAIL_ACL_LOOKUP)) {
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen        i_error("User %s is missing 'lookup' right",
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen            ns->user->username);
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen        return FALSE;
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    }
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    /* check if mailbox is listable */
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    if (ns->type == NAMESPACE_PRIVATE) {
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen        i_info("Mailbox in user's private namespace");
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen        return TRUE;
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    }
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    iter = acl_backend_nonowner_lookups_iter_init(backend);
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    while ((ret = acl_backend_nonowner_lookups_iter_next(iter, &name)) > 0) {
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen        if (strcmp(name, box->name) == 0)
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen            break;
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    }
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    acl_backend_nonowner_lookups_iter_deinit(&iter);
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    if (ret < 0)
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen        i_fatal("ACL non-owner iteration failed");
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    if (ret == 0) {
6bd9ffc5d782e160c8542d53b26864ed973c8f66Timo Sirainen        i_error("Mailbox not found from dovecot-acl-list, rebuilding");
6bd9ffc5d782e160c8542d53b26864ed973c8f66Timo Sirainen        if (acl_backend_nonowner_lookups_rebuild(backend) < 0)
6bd9ffc5d782e160c8542d53b26864ed973c8f66Timo Sirainen            i_fatal("dovecot-acl-list rebuilding failed");
6bd9ffc5d782e160c8542d53b26864ed973c8f66Timo Sirainen        all_ok = FALSE;
6bd9ffc5d782e160c8542d53b26864ed973c8f66Timo Sirainen        *retry_r = TRUE;
6bd9ffc5d782e160c8542d53b26864ed973c8f66Timo Sirainen    } else {
6bd9ffc5d782e160c8542d53b26864ed973c8f66Timo Sirainen        i_info("Mailbox found from dovecot-acl-list");
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    }
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    if (ns->type == NAMESPACE_PUBLIC) {
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen        i_info("Mailbox is in public namespace");
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen        return TRUE;
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    }
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    if (!acl_lookup_dict_is_enabled(auser->acl_lookup_dict)) {
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen        i_error("acl_lookup_dict not enabled");
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen        return FALSE;
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    }
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    /* shared namespace. see if it's in acl lookup dict */
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    diter = acl_lookup_dict_iterate_visible_init(auser->acl_lookup_dict);
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    while ((name = acl_lookup_dict_iterate_visible_next(diter)) != NULL) {
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen        if (strcmp(name, ns->owner->username) == 0)
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen            break;
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    }
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    if (acl_lookup_dict_iterate_visible_deinit(&diter) < 0)
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen        i_fatal("ACL shared dict iteration failed");
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    if (name == NULL) {
6bd9ffc5d782e160c8542d53b26864ed973c8f66Timo Sirainen        i_error("User %s not found from ACL shared dict, rebuilding",
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen            ns->owner->username);
6bd9ffc5d782e160c8542d53b26864ed973c8f66Timo Sirainen        if (acl_lookup_dict_rebuild(auser->acl_lookup_dict) < 0)
6bd9ffc5d782e160c8542d53b26864ed973c8f66Timo Sirainen            i_fatal("ACL lookup dict rebuild failed");
6bd9ffc5d782e160c8542d53b26864ed973c8f66Timo Sirainen        all_ok = FALSE;
6bd9ffc5d782e160c8542d53b26864ed973c8f66Timo Sirainen        *retry_r = TRUE;
6bd9ffc5d782e160c8542d53b26864ed973c8f66Timo Sirainen    } else {
6bd9ffc5d782e160c8542d53b26864ed973c8f66Timo Sirainen        i_info("User %s found from ACL shared dict",
6bd9ffc5d782e160c8542d53b26864ed973c8f66Timo Sirainen               ns->owner->username);
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    }
6bd9ffc5d782e160c8542d53b26864ed973c8f66Timo Sirainen    return all_ok;
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen}
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainenstatic void
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainencmd_acl_debug_run(struct doveadm_mail_cmd_context *ctx, struct mail_user *user)
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen{
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    const char *mailbox = ctx->args[0];
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    struct mailbox *box;
6bd9ffc5d782e160c8542d53b26864ed973c8f66Timo Sirainen    bool ret, retry;
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    if (cmd_acl_mailbox_open(user, mailbox, &box) < 0)
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen        return;
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen
6bd9ffc5d782e160c8542d53b26864ed973c8f66Timo Sirainen    ret = cmd_acl_debug_mailbox(box, &retry);
6bd9ffc5d782e160c8542d53b26864ed973c8f66Timo Sirainen    if (!ret && retry) {
6bd9ffc5d782e160c8542d53b26864ed973c8f66Timo Sirainen        i_info("Retrying after rebuilds:");
6bd9ffc5d782e160c8542d53b26864ed973c8f66Timo Sirainen        ret = cmd_acl_debug_mailbox(box, &retry);
6bd9ffc5d782e160c8542d53b26864ed973c8f66Timo Sirainen    }
6bd9ffc5d782e160c8542d53b26864ed973c8f66Timo Sirainen    if (ret)
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen        i_info("Mailbox %s is visible in LIST", box->vname);
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    else
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen        i_info("Mailbox %s is NOT visible in LIST", box->vname);
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    mailbox_free(&box);
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen}
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainenstatic void cmd_acl_debug_init(struct doveadm_mail_cmd_context *ctx ATTR_UNUSED,
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen                   const char *const args[])
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen{
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    if (args[0] == NULL)
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen        doveadm_mail_help_name("acl debug");
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen}
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainenstatic struct doveadm_mail_cmd_context *
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainencmd_acl_debug_alloc(void)
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen{
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    struct doveadm_mail_cmd_context *ctx;
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    ctx = doveadm_mail_cmd_alloc(struct doveadm_mail_cmd_context);
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    ctx->v.run = cmd_acl_debug_run;
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    ctx->v.init = cmd_acl_debug_init;
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    return ctx;
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen}
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainenstatic struct doveadm_mail_cmd acl_commands[] = {
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    { cmd_acl_get_alloc, "acl get", "[-m] <mailbox>" },
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    { cmd_acl_rights_alloc, "acl rights", "<mailbox>" },
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    { cmd_acl_set_alloc, "acl set", "<mailbox> <id> <rights>" },
3aa600b8467f5cec0fd2e0a76c4815973ca61e1fTimo Sirainen    { cmd_acl_delete_alloc, "acl delete", "<mailbox> <id>" },
7c598f384223a1364e8040c1e2a4cad8d00edde6Timo Sirainen    { cmd_acl_debug_alloc, "acl debug", "<mailbox>" }
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen};
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainenvoid doveadm_acl_plugin_init(struct module *module ATTR_UNUSED)
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen{
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    unsigned int i;
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen    for (i = 0; i < N_ELEMENTS(acl_commands); i++)
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen        doveadm_mail_register_cmd(&acl_commands[i]);
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen}
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainenvoid doveadm_acl_plugin_deinit(void)
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen{
7d8afd1e15bdf23b5fd13aa9ac9606aca2797125Timo Sirainen}