From: Markus Valentin <markus.valentin@open-xchange.com>
Date: Fri, 30 Apr 2021 09:34:51 +0000 (+0200)
Subject: acl: Prevent crashes with acl_ignore_namespace
X-Git-Tag: 2.3.15~27
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=af18bb0c8c4ffbd3a8008ce9fc7a58db5937b0a6;p=thirdparty%2Fdovecot%2Fcore.git

acl: Prevent crashes with acl_ignore_namespace

In case a namespace was ignored for ACLs an crash could occur because of
"Module context acl_storage_module missing". This panic is prevented by this
change.
---

diff --git a/src/plugins/acl/acl-mailbox-list.c b/src/plugins/acl/acl-mailbox-list.c
index 4158b6c5a3..579f43bf2f 100644
--- a/src/plugins/acl/acl-mailbox-list.c
+++ b/src/plugins/acl/acl-mailbox-list.c
@@ -64,6 +64,9 @@ int acl_mailbox_list_have_right(struct mailbox_list *list, const char *name,
 	struct acl_object *aclobj;
 	int ret, ret2;
 
+	if (alist->ignore_acls)
+		return 1;
+
 	aclobj = !parent ?
 		acl_object_init_from_name(backend, name) :
 		acl_object_init_from_parent(backend, name);
@@ -555,6 +558,8 @@ static void acl_mailbox_list_init_default(struct mailbox_list *list)
 	v->iter_init = acl_mailbox_list_iter_init;
 	v->iter_next = acl_mailbox_list_iter_next;
 	v->iter_deinit = acl_mailbox_list_iter_deinit;
+	if (acl_namespace_is_ignored(list))
+		alist->ignore_acls = TRUE;
 
 	MODULE_CONTEXT_SET(list, acl_mailbox_list_module, alist);
 }
@@ -605,7 +610,7 @@ void acl_mailbox_list_created(struct mailbox_list *list)
 		/* this namespace is empty. don't attempt to lookup ACLs,
 		   because they're not going to work anyway and we could
 		   crash doing it. */
-	} else if (!acl_namespace_is_ignored(list)) {
+	} else {
 		acl_mailbox_list_init_default(list);
 	}
 }
diff --git a/src/plugins/acl/acl-mailbox.c b/src/plugins/acl/acl-mailbox.c
index b682ddcd86..57ff423483 100644
--- a/src/plugins/acl/acl-mailbox.c
+++ b/src/plugins/acl/acl-mailbox.c
@@ -611,7 +611,7 @@ void acl_mailbox_allocated(struct mailbox *box)
 		return;
 	}
 
-	if (mail_namespace_is_shared_user_root(box->list->ns)) {
+	if (mail_namespace_is_shared_user_root(box->list->ns) || alist->ignore_acls) {
 		/* this is the root shared namespace, which itself doesn't
 		   have any existing mailboxes. */
 		ignore_acls = TRUE;
diff --git a/src/plugins/acl/acl-plugin.h b/src/plugins/acl/acl-plugin.h
index 96ed1e924d..6acfe897ac 100644
--- a/src/plugins/acl/acl-plugin.h
+++ b/src/plugins/acl/acl-plugin.h
@@ -39,6 +39,7 @@ struct acl_mailbox_list {
 	struct acl_storage_rights_context rights;
 
 	time_t last_shared_add_check;
+	bool ignore_acls;
 };
 
 struct acl_mailbox {