imap-acl-plugin.c revision e1203014de25c8c3d3975a9f4b4a04616df4bba2
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen/* Copyright (c) 2008 Dovecot authors, see the included COPYING file */
24fc71a693331ffe77e2b6d81c70aca6fa055e47Timo Sirainen#define ERROR_NOT_ADMIN "["IMAP_RESP_CODE_ACL"] " \
24fc71a693331ffe77e2b6d81c70aca6fa055e47Timo Sirainen "You lack administrator privileges on this mailbox."
24fc71a693331ffe77e2b6d81c70aca6fa055e47Timo Sirainen (MAILBOX_OPEN_READONLY | MAILBOX_OPEN_FAST | MAILBOX_OPEN_KEEP_RECENT)
7c5b51bdf43a98e12c654ad437e0b258c5fffbc1Timo Sirainenstatic const struct imap_acl_letter_map imap_acl_letter_map[] = {
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenstatic struct mailbox *
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenacl_mailbox_open_as_admin(struct client_command_context *cmd, const char *name)
5c1a8aee989af87bddefd71e2aa83aa2bd695155Timo Sirainen /* Force opening the mailbox so that we can give a nicer error message
0add8c99ca65e56dbf613595fc37c41aafff3f7fTimo Sirainen if mailbox isn't selectable but is listable. */
0add8c99ca65e56dbf613595fc37c41aafff3f7fTimo Sirainen box = mailbox_open(storage, name, NULL, ACL_MAILBOX_OPEN_FLAGS |
ec1e30ecc38f0deddaf655413cf02d5972ddbc70Timo Sirainen ret = acl_mailbox_right_lookup(box, ACL_STORAGE_RIGHT_ADMIN);
f99575e1d6cd251bd7b6d0654bd75b475e6a894cTimo Sirainen /* not an administrator. */
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen if (acl_mailbox_right_lookup(box, ACL_STORAGE_RIGHT_LOOKUP) <= 0) {
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen client_send_tagline(cmd, "NO "ERROR_NOT_ADMIN);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenstatic const struct imap_acl_letter_map *
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen unsigned int i;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen for (i = 0; imap_acl_letter_map[i].name != NULL; i++) {
93b29720c5141f787bd1861796867e4595c9d084Timo Sirainen if (strcmp(imap_acl_letter_map[i].name, name) == 0)
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenimap_acl_write_rights_list(string_t *dest, const char *const *rights)
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen unsigned int i;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen /* write only letters */
7c5b51bdf43a98e12c654ad437e0b258c5fffbc1Timo Sirainenimap_acl_write_right(string_t *dest, string_t *tmp,
7c5b51bdf43a98e12c654ad437e0b258c5fffbc1Timo Sirainen const char *const *rights = neg ? right->neg_rights : right->rights;
7c5b51bdf43a98e12c654ad437e0b258c5fffbc1Timo Sirainen str_append(tmp, IMAP_ACL_GROUP_OVERRIDE_PREFIX);
24fc71a693331ffe77e2b6d81c70aca6fa055e47Timo Sirainen imap_quote_append(dest, str_data(tmp), str_len(tmp), FALSE);
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainenstatic int imap_acl_write_aclobj(string_t *dest, struct acl_object *aclobj)
5a58037ad75b88356d82240fab2bc604de03107eTimo Sirainen while ((ret = acl_object_list_next(iter, &rights)) > 0) {
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen imap_acl_write_right(dest, tmp, &rights, FALSE);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen imap_acl_write_right(dest, tmp, &rights, TRUE);
024815ea2ffdda9ea79919f18e865663977f73eaTimo Sirainenstatic bool cmd_getacl(struct client_command_context *cmd)
f99575e1d6cd251bd7b6d0654bd75b475e6a894cTimo Sirainen unsigned int len;
7e94cf9d70ce9fdeccb7a85ff400b899e6386f36Timo Sirainen if (!client_read_string_args(cmd, 1, &mailbox)) {
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen client_send_command_error(cmd, "Invalid arguments.");
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen box = acl_mailbox_open_as_admin(cmd, mailbox);
7c5b51bdf43a98e12c654ad437e0b258c5fffbc1Timo Sirainen imap_quote_append_string(str, mailbox, FALSE);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen ret = imap_acl_write_aclobj(str, acl_mailbox_get_aclobj(box));
024815ea2ffdda9ea79919f18e865663977f73eaTimo Sirainen client_send_tagline(cmd, "OK Getacl completed.");
5529671faac3c5672a948be93091056736c7afffTimo Sirainen client_send_tagline(cmd, "NO "MAIL_ERRSTR_CRITICAL_MSG);
8e7da21696c9f8a6d5e601243fb6172ec85d47b2Timo Sirainenstatic bool cmd_myrights(struct client_command_context *cmd)
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen const char *const *rights;
7c5b51bdf43a98e12c654ad437e0b258c5fffbc1Timo Sirainen if (!client_read_string_args(cmd, 1, &mailbox)) {
b5ea11802f2bafbec06282a7b3b6704dc5fae584Timo Sirainen client_send_command_error(cmd, "Invalid arguments.");
b5ea11802f2bafbec06282a7b3b6704dc5fae584Timo Sirainen storage = client_find_storage(cmd, &real_mailbox);
24fc71a693331ffe77e2b6d81c70aca6fa055e47Timo Sirainen box = mailbox_open(storage, real_mailbox, NULL, ACL_MAILBOX_OPEN_FLAGS |
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen if (acl_object_get_my_rights(acl_mailbox_get_aclobj(box),
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen client_send_tagline(cmd, "NO "MAIL_ERRSTR_CRITICAL_MSG);
8e7da21696c9f8a6d5e601243fb6172ec85d47b2Timo Sirainen MAIL_ERRSTR_MAILBOX_NOT_FOUND, real_mailbox));
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen imap_quote_append_string(str, mailbox, FALSE);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen client_send_tagline(cmd, "OK Myrights completed.");
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenstatic bool cmd_listrights(struct client_command_context *cmd)
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen if (!client_read_string_args(cmd, 2, &mailbox, &identifier)) {
5a58037ad75b88356d82240fab2bc604de03107eTimo Sirainen client_send_command_error(cmd, "Invalid arguments.");
62950eeff28f00989a17b20eeade3af7e200c6bcTimo Sirainen box = acl_mailbox_open_as_admin(cmd, mailbox);
8e7da21696c9f8a6d5e601243fb6172ec85d47b2Timo Sirainen imap_quote_append_string(str, mailbox, FALSE);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen imap_quote_append_string(str, identifier, FALSE);
8e7da21696c9f8a6d5e601243fb6172ec85d47b2Timo Sirainen str_append(str, "\"\" l r w s t p i e k x a c d");
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen client_send_tagline(cmd, "OK Listrights completed.");
24fc71a693331ffe77e2b6d81c70aca6fa055e47Timo Sirainenimap_acl_letters_parse(const char *letters, const char *const **rights_r,
24fc71a693331ffe77e2b6d81c70aca6fa055e47Timo Sirainen const char **error_r)
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen unsigned int i;
f99575e1d6cd251bd7b6d0654bd75b475e6a894cTimo Sirainen for (i = 0; imap_acl_letter_map[i].name != NULL; i++) {
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen if (imap_acl_letter_map[i].letter == *letters) {
b0a446671b8f09a1d2ed1d8c86a47298309e989dTimo Sirainen *error_r = t_strdup_printf("Invalid ACL right: %c",
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenimap_acl_identifier_parse(const char *id, struct acl_rights *rights,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen *error_r = t_strdup_printf("Global ACLs can't be modified: %s",
24fc71a693331ffe77e2b6d81c70aca6fa055e47Timo Sirainen *error_r = "'anyone' identifier is disallowed";
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen } else if (strcmp(id, IMAP_ACL_AUTHENTICATED) == 0) {
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen *error_r = "'authenticated' identifier is disallowed";
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen rights->identifier = id + strlen(IMAP_ACL_GROUP_PREFIX);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen } else if (strncmp(id, IMAP_ACL_GROUP_OVERRIDE_PREFIX,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen strlen(IMAP_ACL_GROUP_OVERRIDE_PREFIX)) == 0) {
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenstatic bool cmd_setacl(struct client_command_context *cmd)
24fc71a693331ffe77e2b6d81c70aca6fa055e47Timo Sirainen const char *mailbox, *identifier, *rights, *error;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen if (!client_read_string_args(cmd, 3, &mailbox, &identifier, &rights) ||
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen client_send_command_error(cmd, "Invalid arguments.");
7797aa2479e99aeb71057b7a2584b2cb72e4d3f8Timo Sirainen if (imap_acl_identifier_parse(identifier, &update.rights,
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen if (imap_acl_letters_parse(rights, &update.rights.rights, &error) < 0) {
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainen box = acl_mailbox_open_as_admin(cmd, mailbox);
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen update.rights.neg_rights = update.rights.rights;
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen if (acl_object_update(acl_mailbox_get_aclobj(box), &update) < 0)
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen client_send_tagline(cmd, "NO "MAIL_ERRSTR_CRITICAL_MSG);
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen client_send_tagline(cmd, "OK Setacl complete.");
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainenstatic bool cmd_deleteacl(struct client_command_context *cmd)
24fc71a693331ffe77e2b6d81c70aca6fa055e47Timo Sirainen if (!client_read_string_args(cmd, 2, &mailbox, &identifier) ||
24fc71a693331ffe77e2b6d81c70aca6fa055e47Timo Sirainen client_send_command_error(cmd, "Invalid arguments.");
24fc71a693331ffe77e2b6d81c70aca6fa055e47Timo Sirainen update.neg_modify_mode = ACL_MODIFY_MODE_CLEAR;
24fc71a693331ffe77e2b6d81c70aca6fa055e47Timo Sirainen if (imap_acl_identifier_parse(identifier, &update.rights,
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainen box = acl_mailbox_open_as_admin(cmd, mailbox);
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainen if (acl_object_update(acl_mailbox_get_aclobj(box), &update) < 0)
24fc71a693331ffe77e2b6d81c70aca6fa055e47Timo Sirainen client_send_tagline(cmd, "NO "MAIL_ERRSTR_CRITICAL_MSG);
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainen client_send_tagline(cmd, "OK Deleteacl complete.");
24fc71a693331ffe77e2b6d81c70aca6fa055e47Timo Sirainen const char *env;
24fc71a693331ffe77e2b6d81c70aca6fa055e47Timo Sirainen str_append(capability_string, " ACL RIGHTS=texk");
24fc71a693331ffe77e2b6d81c70aca6fa055e47Timo Sirainen command_register("LISTRIGHTS", cmd_listrights, 0);
7797aa2479e99aeb71057b7a2584b2cb72e4d3f8Timo Sirainen command_register("MYRIGHTS", cmd_myrights, 0);