6
6
#include "mail-namespace.h"
7
7
#include "mailbox-list-private.h"
8
8
#include "acl-api-private.h"
9
#include "acl-lookup-dict.h"
9
10
#include "acl-plugin.h"
11
14
struct acl_storage_module acl_storage_module =
12
15
MODULE_CONTEXT_INIT(&mail_storage_module_register);
16
struct acl_user_module acl_user_module =
17
MODULE_CONTEXT_INIT(&mail_user_module_register);
14
19
static const char *acl_storage_right_names[ACL_STORAGE_RIGHT_COUNT] = {
96
102
struct acl_mail_storage *astorage = ACL_CONTEXT(storage);
97
103
struct mailbox *box;
104
enum acl_storage_rights save_right;
101
108
/* mailbox can be opened either for reading or appending new messages */
102
if ((flags & MAILBOX_OPEN_SAVEONLY) != 0) {
103
ret = acl_storage_have_right(storage, name,
104
ACL_STORAGE_RIGHT_INSERT,
109
if ((flags & MAILBOX_OPEN_IGNORE_ACLS) != 0) {
111
} else if ((flags & MAILBOX_OPEN_SAVEONLY) == 0) {
107
112
ret = acl_storage_have_right(storage, name,
108
113
ACL_STORAGE_RIGHT_READ,
116
save_right = (flags & MAILBOX_OPEN_POST_SESSION) != 0 ?
117
ACL_STORAGE_RIGHT_POST : ACL_STORAGE_RIGHT_INSERT;
118
ret = acl_storage_have_right(storage, name, save_right,
129
139
return acl_mailbox_open_box(box);
142
static void acl_mailbox_copy_acls_from_parent(struct mail_storage *storage,
145
struct acl_mail_storage *astorage = ACL_CONTEXT(storage);
146
struct acl_object *parent_aclobj, *child_aclobj;
147
struct acl_object_list_iter *iter;
148
struct acl_rights_update update;
150
memset(&update, 0, sizeof(update));
151
update.modify_mode = ACL_MODIFY_MODE_REPLACE;
152
update.neg_modify_mode = ACL_MODIFY_MODE_REPLACE;
154
child_aclobj = acl_object_init_from_name(astorage->rights.backend,
156
parent_aclobj = acl_object_init_from_parent(astorage->rights.backend,
158
iter = acl_object_list_init(parent_aclobj);
159
while (acl_object_list_next(iter, &update.rights) > 0) {
160
/* don't copy global ACL rights. */
161
if (!update.rights.global)
162
(void)acl_object_update(child_aclobj, &update);
164
acl_object_list_deinit(&iter);
165
acl_object_deinit(&parent_aclobj);
166
acl_object_deinit(&child_aclobj);
132
169
static int acl_mailbox_create(struct mail_storage *storage, const char *name,
156
return astorage->module_ctx.super.
157
mailbox_create(storage, name, directory);
193
if (astorage->module_ctx.super.
194
mailbox_create(storage, name, directory) < 0)
198
acl_mailbox_copy_acls_from_parent(storage, name);
160
202
void acl_mail_storage_created(struct mail_storage *storage)
162
204
struct acl_mail_storage *astorage;
163
205
struct acl_backend *backend;
165
astorage = p_new(storage->pool, struct acl_mail_storage, 1);
166
astorage->module_ctx.super = storage->v;
167
storage->v.destroy = acl_storage_destroy;
168
storage->v.mailbox_open = acl_mailbox_open;
169
storage->v.mailbox_create = acl_mailbox_create;
171
backend = acl_mailbox_list_get_backend(mail_storage_get_list(storage));
172
acl_storage_rights_ctx_init(&astorage->rights, backend);
174
MODULE_CONTEXT_SET(storage, acl_storage_module, astorage);
207
if ((storage->ns->flags & NAMESPACE_FLAG_NOACL) != 0) {
208
/* no ACL checks for internal namespaces (deliver) */
210
astorage = p_new(storage->pool, struct acl_mail_storage, 1);
211
astorage->module_ctx.super = storage->v;
212
storage->v.destroy = acl_storage_destroy;
213
storage->v.mailbox_open = acl_mailbox_open;
214
storage->v.mailbox_create = acl_mailbox_create;
216
backend = acl_mailbox_list_get_backend(mail_storage_get_list(storage));
217
acl_storage_rights_ctx_init(&astorage->rights, backend);
219
MODULE_CONTEXT_SET(storage, acl_storage_module, astorage);
176
222
if (acl_next_hook_mail_storage_created != NULL)
177
223
acl_next_hook_mail_storage_created(storage);
226
static void acl_user_deinit(struct mail_user *user)
228
struct acl_user *auser = ACL_USER_CONTEXT(user);
230
acl_lookup_dict_deinit(&auser->acl_lookup_dict);
231
auser->module_ctx.super.deinit(user);
234
void acl_mail_user_created(struct mail_user *user)
236
struct acl_user *auser;
239
auser = p_new(user->pool, struct acl_user, 1);
240
auser->module_ctx.super = user->v;
241
user->v.deinit = acl_user_deinit;
242
auser->acl_lookup_dict = acl_lookup_dict_init(user);
244
auser->acl_env = getenv("ACL");
245
i_assert(auser->acl_env != NULL);
246
auser->master_user = getenv("MASTER_USER");
248
env = getenv("ACL_GROUPS");
251
(const char *const *)p_strsplit(user->pool, env, ",");
254
MODULE_CONTEXT_SET(user, acl_user_module, auser);
256
if (acl_next_hook_mail_user_created != NULL)
257
acl_next_hook_mail_user_created(user);