Some IMAP extensions use these commands to set/get their internal state.
This should be allowed even if full METADATA isn't enabled.
The initial plan was to restrict this in the lib-imap-storage layer, so it
would apply to everything using the imap-metadata API. This would have
affected for example accessing metadata in Sieve scripts, which could be
either good or bad. It might not be wanted to give users read access to
some metadata either, but admins really should be given the ability to
write Sieve scripts that access the metadata. However there's just no good
way to differentiate between admin-written (or tool-written) Sieve script
and user-written Sieve script.
Another issue is using metadata to configure virtual mailboxes. Currently
they're all admin-written and should be allowed to access metadata, but in
the future we might want to allow user-written virtual mailbox rules as
well.
So the end result at least for now is to just prevent IMAP GETMETADATA and
SETMETADATA specifically from accessing the non-validated attributes. Most
of the time there aren't any secrets in the metadata. In case there is,
users need to be prevented from accessing metadata via Sieve, and in such
systems users rarely have direct Sieve access anyway.
if (ctx->depth > 0)
ctx->iter_entry_prefix = str_new(cmd->pool, 128);
+ imap_metadata_transaction_validated_only(ctx->trans,
+ !cmd->client->set->imap_metadata);
if (!cmd_getmetadata_continue(cmd)) {
cmd->state = CLIENT_COMMAND_STATE_WAIT_OUTPUT;
if (!client_read_args(cmd, 0, 0, &args))
return FALSE;
- if (!cmd->client->imap_metadata_enabled) {
- client_send_command_error(cmd, "METADATA disabled.");
- return TRUE;
- }
-
ctx = p_new(cmd->pool, struct imap_getmetadata_context, 1);
ctx->cmd = cmd;
ctx->maxsize = (uint32_t)-1;
struct client_command_context *cmd = ctx->cmd;
struct client *client = cmd->client;
+ imap_metadata_transaction_validated_only(ctx->trans,
+ !cmd->client->set->imap_metadata);
/* we support large literals, so read the values from client
asynchronously the same way as APPEND does. */
client->input_lock = cmd;
return TRUE;
}
- if (!cmd->client->imap_metadata_enabled) {
- client_send_command_error(cmd, "METADATA disabled.");
- return TRUE;
- }
-
ctx = p_new(cmd->pool, struct imap_setmetadata_context, 1);
ctx->cmd = cmd;
ctx->cmd->context = ctx;
client_add_capability(client, "URLAUTH");
client_add_capability(client, "URLAUTH=BINARY");
}
- if (set->imap_metadata && *mail_set->mail_attribute_dict != '\0') {
- client->imap_metadata_enabled = TRUE;
+ if (set->imap_metadata && *mail_set->mail_attribute_dict != '\0')
client_add_capability(client, "METADATA");
- }
if (user_has_special_use_mailboxes(user)) {
/* Advertise SPECIAL-USE only if there are actually some
SPECIAL-USE flags in mailbox configuration. */
bool notify_immediate_expunges:1;
bool notify_count_changes:1;
bool notify_flag_changes:1;
- bool imap_metadata_enabled:1;
bool nonpermanent_modseqs:1;
bool state_import_bad_idle_done:1;
bool state_import_idle_continue:1;
projects / thirdparty / dovecot / core.git / commitdiff
