mail-crypt-acl-plugin.c revision c1ab825edf003f5cfc6c31730442f36a17209101
2454dfa32c93c20a8522c6ed42fe057baaac9f9aStephan Bosch/* Copyright (c) 2015-2017 Dovecot authors, see the included COPYING file */
bf132be3fe1c9e8de84f10d0b05c0b46ca542ac4Timo Sirainen MODULE_CONTEXT(obj, mail_crypt_acl_mailbox_list_module)
bf132be3fe1c9e8de84f10d0b05c0b46ca542ac4Timo Sirainenstatic MODULE_CONTEXT_DEFINE_INIT(mail_crypt_acl_mailbox_list_module,
bf132be3fe1c9e8de84f10d0b05c0b46ca542ac4Timo Sirainenvoid mail_crypt_acl_plugin_init(struct module *module);
bf132be3fe1c9e8de84f10d0b05c0b46ca542ac4Timo Sirainenmail_crypt_acl_has_user_read_right(struct acl_object *aclobj,
3858a7a5da361c35f1e6e50c8e3214dc0cf379d6Phil Carmody const char **error_r)
bf132be3fe1c9e8de84f10d0b05c0b46ca542ac4Timo Sirainen ret = str_array_find(rights.rights, MAIL_ACL_READ) ? 1 : 0;
bf132be3fe1c9e8de84f10d0b05c0b46ca542ac4Timo Sirainenstatic int mail_crypt_acl_has_nonuser_read_right(struct acl_object *aclobj,
bf132be3fe1c9e8de84f10d0b05c0b46ca542ac4Timo Sirainen const char **error_r)
bf132be3fe1c9e8de84f10d0b05c0b46ca542ac4Timo Sirainen str_array_find(rights.rights, MAIL_ACL_READ)) {
bf132be3fe1c9e8de84f10d0b05c0b46ca542ac4Timo Sirainenmail_crypt_acl_unset_private_keys(struct mailbox *src_box,
bf132be3fe1c9e8de84f10d0b05c0b46ca542ac4Timo Sirainen const char **error_r)
bf132be3fe1c9e8de84f10d0b05c0b46ca542ac4Timo Sirainen *error_r = t_strdup_printf("mail-crypt-acl-plugin: "
bf132be3fe1c9e8de84f10d0b05c0b46ca542ac4Timo Sirainen "mailbox_open(%s) failed: %s",
bf132be3fe1c9e8de84f10d0b05c0b46ca542ac4Timo Sirainen if (mail_crypt_box_get_pvt_digests(src_box, pool_datastack_create(),
bf132be3fe1c9e8de84f10d0b05c0b46ca542ac4Timo Sirainen *error_r = t_strdup_printf("mail-crypt-acl-plugin: "
bf132be3fe1c9e8de84f10d0b05c0b46ca542ac4Timo Sirainen "Failed to lookup public key digests: %s",
bf132be3fe1c9e8de84f10d0b05c0b46ca542ac4Timo Sirainen const char *const *hash;
bf132be3fe1c9e8de84f10d0b05c0b46ca542ac4Timo Sirainen const char *ptr;
bf132be3fe1c9e8de84f10d0b05c0b46ca542ac4Timo Sirainen /* if the id contains username part, skip to key public id */
bf132be3fe1c9e8de84f10d0b05c0b46ca542ac4Timo Sirainen if ((ret = mail_crypt_box_unset_shared_key(t, ptr, dest_user,
bf132be3fe1c9e8de84f10d0b05c0b46ca542ac4Timo Sirainen } else if (mailbox_transaction_commit(&t) < 0) {
bf132be3fe1c9e8de84f10d0b05c0b46ca542ac4Timo Sirainen *error_r = t_strdup_printf("mail-crypt-acl-plugin: "
4c1a936be3273581135eb9ba7a1cbcdb1ffd6cc6Timo Sirainen "mailbox_transaction_commit(%s) failed: %s",
4c1a936be3273581135eb9ba7a1cbcdb1ffd6cc6Timo Sirainenmail_crypt_acl_user_create(struct mail_user *user, const char *dest_username,
bf132be3fe1c9e8de84f10d0b05c0b46ca542ac4Timo Sirainen struct mail_storage_service_user **dest_service_user_r,
bf132be3fe1c9e8de84f10d0b05c0b46ca542ac4Timo Sirainen const char **error_r)
4c1a936be3273581135eb9ba7a1cbcdb1ffd6cc6Timo Sirainen const struct mail_storage_service_input *old_input;
bf132be3fe1c9e8de84f10d0b05c0b46ca542ac4Timo Sirainen service_ctx = mail_storage_service_user_get_service_ctx(user->_service_user);
4c1a936be3273581135eb9ba7a1cbcdb1ffd6cc6Timo Sirainen old_input = mail_storage_service_user_get_input(user->_service_user);
bf132be3fe1c9e8de84f10d0b05c0b46ca542ac4Timo Sirainen if ((cur_ioloop_ctx = io_loop_get_current_context(current_ioloop)) != NULL)
bf132be3fe1c9e8de84f10d0b05c0b46ca542ac4Timo Sirainen input.flags_override_add = MAIL_STORAGE_SERVICE_FLAG_NO_PLUGINS |
bf132be3fe1c9e8de84f10d0b05c0b46ca542ac4Timo Sirainen ret = mail_storage_service_lookup_next(service_ctx, &input,
bf132be3fe1c9e8de84f10d0b05c0b46ca542ac4Timo Sirainenmail_crypt_acl_update_private_key(struct mailbox *src_box,
bd1e1a9720ce4617f7d97be75cffc45e905bb791Phil Carmody const char **error_r)
bf132be3fe1c9e8de84f10d0b05c0b46ca542ac4Timo Sirainen return mail_crypt_acl_unset_private_keys(src_box,
error_r);
} else if (ret < 0) {
} else if (ret == 0) {
struct mailbox_transaction_context *t =
if (ret >= 0) {
if (mailbox_transaction_commit(&t) < 0) {
return ret;
const char *error;
const char *username;
bool have_rights;
int ret = 0;
bool disallow_insecure =
case ACL_ID_USER:
if (ret < 0) {
error);
if (ret > 0)
if (ret <= 0) {
&error)) < 0) {
error);
case ACL_ID_OWNER:
case ACL_ID_ANYONE:
case ACL_ID_AUTHENTICATED:
case ACL_ID_GROUP:
case ACL_ID_GROUP_OVERRIDE:
if (disallow_insecure) {
NULL,
TRUE,
&error)) < 0) {
error);
case ACL_ID_TYPE_COUNT:
i_unreached();
return ret;
void mail_crypt_acl_plugin_deinit(void)