return ret;
}
+static bool client_is_allowed_command(const struct doveadm_settings *set,
+ const char *cmd_name)
+{
+ bool ret = FALSE;
+
+ if (*set->doveadm_allowed_commands == '\0')
+ return TRUE;
+
+ T_BEGIN {
+ const char *const *cmds =
+ t_strsplit(set->doveadm_allowed_commands, ",");
+ for (; *cmds != NULL; cmds++) {
+ if (strcmp(*cmds, cmd_name) == 0) {
+ ret = TRUE;
+ break;
+ }
+ }
+ } T_END;
+ return ret;
+}
+
static bool client_handle_command(struct client_connection *conn, char **args)
{
struct mail_storage_service_input input;
}
}
+ if (!client_is_allowed_command(conn->set, cmd_name)) {
+ i_error("doveadm client isn't allowed to use command: %s",
+ cmd_name);
+ return FALSE;
+ }
+
o_stream_cork(conn->output);
ret = doveadm_mail_cmd_server(cmd_name, conn->set, &input, argc, args);
if (ret)
DEF(SET_UINT, doveadm_worker_count),
DEF(SET_UINT, doveadm_proxy_port),
DEF(SET_STR, doveadm_password),
+ DEF(SET_STR, doveadm_allowed_commands),
{ SET_STRLIST, "plugin", offsetof(struct doveadm_settings, plugin_envs), NULL },
.doveadm_worker_count = 0,
.doveadm_proxy_port = 0,
.doveadm_password = "",
+ .doveadm_allowed_commands = "",
.plugin_envs = ARRAY_INIT
};
unsigned int doveadm_worker_count;
unsigned int doveadm_proxy_port;
const char *doveadm_password;
+ const char *doveadm_allowed_commands;
ARRAY_DEFINE(plugin_envs, const char *);
};
projects / thirdparty / dovecot / core.git / commitdiff
