From: Aki Tuomi Date: Fri, 10 Nov 2023 13:23:50 +0000 (+0200) Subject: plugins: acl - Use acl_backend_init_auto() X-Git-Tag: 2.4.1~1159 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d3f051db77eae1190901d176bbd320a29a2ed586;p=thirdparty%2Fdovecot%2Fcore.git plugins: acl - Use acl_backend_init_auto() --- diff --git a/src/plugins/acl/acl-lookup-dict.c b/src/plugins/acl/acl-lookup-dict.c index 13ea42e997..1ad95d576b 100644 --- a/src/plugins/acl/acl-lookup-dict.c +++ b/src/plugins/acl/acl-lookup-dict.c @@ -4,6 +4,7 @@ #include "array.h" #include "str.h" #include "dict.h" +#include "settings.h" #include "mail-user.h" #include "mail-namespace.h" #include "acl-api-private.h" @@ -38,7 +39,6 @@ int acl_lookup_dict_init(struct mail_user *user, struct acl_lookup_dict **dict_r const char **error_r) { struct acl_lookup_dict *dict; - const char *uri; dict = i_new(struct acl_lookup_dict, 1); dict->user = user; @@ -47,21 +47,9 @@ int acl_lookup_dict_init(struct mail_user *user, struct acl_lookup_dict **dict_r event_add_category(dict->event, &event_category_acl); event_set_append_log_prefix(dict->event, "acl: "); - - uri = mail_user_plugin_getenv(user, "acl_shared_dict"); - if (uri != NULL) { - struct dict_legacy_settings dict_set; - - i_zero(&dict_set); - dict_set.base_dir = user->set->base_dir; - dict_set.event_parent = user->event; - if (dict_init_legacy(uri, &dict_set, &dict->dict, error_r) < 0) - return -1; - } else { - e_debug(dict->event, "No acl_shared_dict setting - " - "shared mailbox listing is disabled"); - } - return 0; + event_set_ptr(dict->event, SETTINGS_EVENT_FILTER_NAME, + "acl_sharing_map"); + return dict_init_auto(dict->event, &dict->dict, error_r); } void acl_lookup_dict_deinit(struct acl_lookup_dict **_dict) @@ -114,7 +102,6 @@ acl_rights_is_same_user(const struct acl_rights *right, struct mail_user *user) static int acl_lookup_dict_rebuild_add_backend(struct mail_namespace *ns, ARRAY_TYPE(const_string) *ids) { - struct acl_mailbox_list *alist = ACL_LIST_CONTEXT(ns->list); struct acl_backend *backend; struct acl_mailbox_list_context *ctx; struct acl_object *aclobj; @@ -125,11 +112,14 @@ static int acl_lookup_dict_rebuild_add_backend(struct mail_namespace *ns, int ret = 0; if ((ns->flags & NAMESPACE_FLAG_NOACL) != 0 || ns->owner == NULL || - alist == NULL || alist->ignore_acls) + ACL_LIST_CONTEXT(ns->list) == NULL) return 0; - id = t_str_new(128); backend = acl_mailbox_list_get_backend(ns->list); + if (backend->set->acl_ignore) + return 0; + + id = t_str_new(128); ctx = acl_backend_nonowner_lookups_iter_init(backend); while (acl_backend_nonowner_lookups_iter_next(ctx, &name)) { aclobj = acl_object_init_from_name(backend, name); diff --git a/src/plugins/acl/acl-mailbox-list.c b/src/plugins/acl/acl-mailbox-list.c index e18ac5cbd9..1393e83dc1 100644 --- a/src/plugins/acl/acl-mailbox-list.c +++ b/src/plugins/acl/acl-mailbox-list.c @@ -63,7 +63,7 @@ int acl_mailbox_list_have_right(struct mailbox_list *list, const char *name, struct acl_object *aclobj; int ret, ret2; - if (alist->ignore_acls) + if (backend->set->acl_ignore) return 1; aclobj = !parent ? @@ -110,7 +110,7 @@ acl_mailbox_try_list_fast(struct mailbox_list_iterate_context *_ctx) } /* If ACLs are ignored for this namespace don't try fast listing. */ - if (alist->ignore_acls) + if (backend->set->acl_ignore) return; /* if this namespace's default rights contain LOOKUP, we'll need to @@ -526,10 +526,25 @@ static void acl_storage_rights_ctx_init(struct acl_storage_rights_context *ctx, } } +static bool acl_list_init_backend(struct mailbox_list *list, + struct acl_backend **backend_r) +{ + const char *error; + int ret; + + if ((ret = acl_backend_init_auto(list, backend_r, &error)) < 0) + i_fatal("ACL backend initialization failed: %s", error); + return ret > 0; +} + static void acl_mailbox_list_init_shared(struct mailbox_list *list) { struct acl_mailbox_list *alist; struct mailbox_list_vfuncs *v = list->vlast; + struct acl_backend *backend; + + if (!acl_list_init_backend(list, &backend)) + return; alist = p_new(list->pool, struct acl_mailbox_list, 1); alist->module_ctx.super = *v; @@ -537,26 +552,19 @@ static void acl_mailbox_list_init_shared(struct mailbox_list *list) v->deinit = acl_mailbox_list_deinit; v->iter_init = acl_mailbox_list_iter_init_shared; - MODULE_CONTEXT_SET(list, acl_mailbox_list_module, alist); -} + acl_storage_rights_ctx_init(&alist->rights, backend); -static bool acl_namespace_is_ignored(struct mailbox_list *list) -{ - const char *value = - mail_user_plugin_getenv(list->ns->user, "acl_ignore_namespace"); - for (unsigned int i = 2; value != NULL; i++) { - if (wildcard_match(list->ns->prefix, value)) - return TRUE; - value = mail_user_plugin_getenv(list->ns->user, - t_strdup_printf("acl_ignore_namespace%u", i)); - } - return FALSE; + MODULE_CONTEXT_SET(list, acl_mailbox_list_module, alist); } static void acl_mailbox_list_init_default(struct mailbox_list *list) { struct mailbox_list_vfuncs *v = list->vlast; struct acl_mailbox_list *alist; + struct acl_backend *backend; + + if (!acl_list_init_backend(list, &backend)) + return; if (list->mail_set->mail_full_filesystem_access) { /* not necessarily, but safer to do this for now. */ @@ -571,8 +579,8 @@ static void acl_mailbox_list_init_default(struct mailbox_list *list) v->iter_init = acl_mailbox_list_iter_init; v->iter_next = acl_mailbox_list_iter_next; v->iter_deinit = acl_mailbox_list_iter_deinit; - if (acl_namespace_is_ignored(list)) - alist->ignore_acls = TRUE; + + acl_storage_rights_ctx_init(&alist->rights, backend); MODULE_CONTEXT_SET(list, acl_mailbox_list_module, alist); } diff --git a/src/plugins/acl/acl-mailbox.c b/src/plugins/acl/acl-mailbox.c index 2a6e788eb1..ae6c5d66e3 100644 --- a/src/plugins/acl/acl-mailbox.c +++ b/src/plugins/acl/acl-mailbox.c @@ -8,6 +8,7 @@ #include "array.h" #include "ioloop.h" #include "istream.h" +#include "settings.h" #include "mailbox-list-private.h" #include "acl-api-private.h" #include "acl-plugin.h" @@ -43,7 +44,7 @@ int acl_mailbox_right_lookup(struct mailbox *box, unsigned int right_idx) /* If acls are ignored for this namespace do not check if there are rights. */ - if (alist->ignore_acls) + if (alist->rights.backend->set->acl_ignore) return 1; ret = acl_object_have_right(abox->aclobj, @@ -617,20 +618,35 @@ static int acl_mailbox_get_status(struct mailbox *box, void acl_mailbox_allocated(struct mailbox *box) { struct acl_mailbox_list *alist = ACL_LIST_CONTEXT(box->list); + struct acl_settings *set; struct mailbox_vfuncs *v = box->vlast; struct acl_mailbox *abox; - bool ignore_acls = (box->flags & MAILBOX_FLAG_IGNORE_ACLS) != 0; + const char *error; + bool ignore_acls = FALSE; if (alist == NULL) { /* ACLs disabled */ return; } - if (mail_namespace_is_shared_user_root(box->list->ns) || alist->ignore_acls) { + /* get settings for mailbox */ + if (settings_get(box->event, &acl_setting_parser_info, 0, &set, + &error) < 0) { + mailbox_set_critical(box, "%s", error); + box->open_error = box->storage->error; + return; + } + + if ((box->flags & MAILBOX_FLAG_IGNORE_ACLS) != 0 || + set->acl_ignore) + ignore_acls = TRUE; + + if (mail_namespace_is_shared_user_root(box->list->ns)) { /* this is the root shared namespace, which itself doesn't have any existing mailboxes. */ ignore_acls = TRUE; } + settings_free(set); abox = p_new(box->pool, struct acl_mailbox, 1); abox->module_ctx.super = *v; diff --git a/src/plugins/acl/acl-plugin.c b/src/plugins/acl/acl-plugin.c index 8091af3903..441996e51d 100644 --- a/src/plugins/acl/acl-plugin.c +++ b/src/plugins/acl/acl-plugin.c @@ -12,7 +12,6 @@ const char *acl_plugin_version = DOVECOT_ABI_VERSION; static struct mail_storage_hooks acl_mail_storage_hooks = { .mail_user_created = acl_mail_user_created, .mailbox_list_created = acl_mailbox_list_created, - .mail_namespace_storage_added = acl_mail_namespace_storage_added, .mailbox_allocated = acl_mailbox_allocated, .mail_allocated = acl_mail_allocated }; diff --git a/src/plugins/acl/acl-plugin.h b/src/plugins/acl/acl-plugin.h index 257bcadad9..0138632ae4 100644 --- a/src/plugins/acl/acl-plugin.h +++ b/src/plugins/acl/acl-plugin.h @@ -44,6 +44,7 @@ struct acl_mailbox_list { struct acl_mailbox { union mailbox_module_context module_ctx; struct acl_object *aclobj; + const struct acl_settings *set; bool skip_acl_checks; bool acl_enabled; bool no_read_right; diff --git a/src/plugins/acl/acl-storage.c b/src/plugins/acl/acl-storage.c index b103530a97..7fc2030afc 100644 --- a/src/plugins/acl/acl-storage.c +++ b/src/plugins/acl/acl-storage.c @@ -29,13 +29,19 @@ static void acl_mail_user_create(struct mail_user *user, const char *env) struct mail_user_vfuncs *v = user->vlast; struct acl_user *auser; const char *error; + int ret; auser = p_new(user->pool, struct acl_user, 1); auser->module_ctx.super = *v; user->vlast = &auser->module_ctx.super; v->deinit = acl_user_deinit; - if (acl_lookup_dict_init(user, &auser->acl_lookup_dict, &error) < 0) { + if ((ret = acl_lookup_dict_init(user, &auser->acl_lookup_dict, &error)) < 0) { e_error(user->event, "acl: dict_init() failed: %s", error); + user->error = p_strdup(user->pool, error); + } else if (ret == 0) { + e_debug(user->event, "acl: Shared mailbox listing disabled: %s", error); + } else { + e_debug(user->event, "acl: Shared mailbox listing enabled"); } struct acl_settings *set = p_new(user->pool, struct acl_settings, 1);