From 1af1b8ea16604e703cdcc8c3de6bb0ca76a4c9f3 Mon Sep 17 00:00:00 2001
From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Mon, 27 Nov 2023 15:18:06 +0200
Subject: [PATCH] plugins: acl - Validate settings in config binary too

---
 src/plugins/acl/acl-rights.c   |  9 +++++++++
 src/plugins/acl/acl-rights.h   | 10 ++++++++++
 src/plugins/acl/acl-settings.c |  5 -----
 3 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/src/plugins/acl/acl-rights.c b/src/plugins/acl/acl-rights.c
index dcc0d94c85..f04c96bba7 100644
--- a/src/plugins/acl/acl-rights.c
+++ b/src/plugins/acl/acl-rights.c
@@ -3,9 +3,12 @@
 #include "lib.h"
 #include "array.h"
 #include "str.h"
+/* <settings checks> */
 #include "strescape.h"
+/* </settings checks> */
 #include "acl-api-private.h"
 
+/* <settings checks> */
 const struct acl_letter_map acl_letter_map[] = {
 	{ 'l', MAIL_ACL_LOOKUP },
 	{ 'r', MAIL_ACL_READ },
@@ -39,6 +42,8 @@ const char *const all_mailbox_rights[] = {
 static_assert(N_ELEMENTS(acl_letter_map) == N_ELEMENTS(all_mailbox_rights),
 	     "acl_letter_map size differs from all_mailbox_rights");
 
+/* </settings checks> */
+
 void acl_rights_write_id(string_t *dest, const struct acl_rights *right)
 {
 	switch (right->id_type) {
@@ -162,6 +167,7 @@ const char *acl_rights_export(const struct acl_rights *rights)
 	return str_c(str);
 }
 
+/* <settings checks> */
 int acl_rights_parse_line(const char *line, pool_t pool,
 			  struct acl_rights *rights_r, const char **error_r)
 {
@@ -207,6 +213,7 @@ int acl_rights_parse_line(const char *line, pool_t pool,
 	rights_r->identifier = p_strdup(pool, rights_r->identifier);
 	return 0;
 }
+/* </settings checks> */
 
 void acl_rights_dup(const struct acl_rights *src,
 		    pool_t pool, struct acl_rights *dest_r)
@@ -256,6 +263,7 @@ bool acl_rights_has_nonowner_lookup_changes(const struct acl_rights *rights)
 	return FALSE;
 }
 
+/* <settings checks> */
 int acl_identifier_parse(const char *line, struct acl_rights *rights)
 {
 	if (str_begins(line, ACL_ID_NAME_USER_PREFIX, &rights->identifier)) {
@@ -351,6 +359,7 @@ acl_right_names_parse(pool_t pool, const char *acl, const char **error_r)
 
 	return acl_right_names_alloc(pool, &rights, FALSE);
 }
+/* </settings checks> */
 
 void acl_right_names_write(string_t *dest, const char *const *rights)
 {
diff --git a/src/plugins/acl/acl-rights.h b/src/plugins/acl/acl-rights.h
index 6153d31004..88ef73e3b4 100644
--- a/src/plugins/acl/acl-rights.h
+++ b/src/plugins/acl/acl-rights.h
@@ -1,6 +1,8 @@
 #ifndef ACL_RIGHTS_H
 #define ACL_RIGHTS_H
 
+/* <settings checks> */
+
 /* Show mailbox in mailbox list. Allow subscribing to it. */
 #define MAIL_ACL_LOOKUP		"lookup"
 /* Allow opening mailbox for reading */
@@ -88,6 +90,8 @@ struct acl_rights {
 };
 ARRAY_DEFINE_TYPE(acl_rights, struct acl_rights);
 
+/* </settings checks> */
+
 struct acl_rights_update {
 	/* Holder for rights */
 	struct acl_rights rights;
@@ -110,8 +114,10 @@ void acl_rights_write_id(string_t *dest, const struct acl_rights *right);
    right. */
 bool acl_rights_has_nonowner_lookup_changes(const struct acl_rights *rights);
 
+/* <settings checks> */
 /* Parses identifier from line */
 int acl_identifier_parse(const char *line, struct acl_rights *rights);
+/* </settings checks> */
 
 int acl_rights_update_import(struct acl_rights_update *update,
 			     const char *id, const char *const *rights,
@@ -120,9 +126,11 @@ int acl_rights_update_import(struct acl_rights_update *update,
 /* Exports ACL rights to string */
 const char *acl_rights_export(const struct acl_rights *rights);
 
+/* <settings checks> */
 /* Parses line containing identifier and rights */
 int acl_rights_parse_line(const char *line, pool_t pool,
 			  struct acl_rights *rights_r, const char **error_r);
+/* </settings checks> */
 
 /* Duplicates a right */
 void acl_rights_dup(const struct acl_rights *src,
@@ -131,9 +139,11 @@ void acl_rights_dup(const struct acl_rights *src,
 /* Comparison for rights */
 int acl_rights_cmp(const struct acl_rights *r1, const struct acl_rights *r2);
 
+/* <settings checks> */
 /* Parses acl letter string to names */
 const char *const *
 acl_right_names_parse(pool_t pool, const char *acl, const char **error_r);
+/* </settings checks> */
 
 /* Writes acl names to destination string as acl letters */
 void acl_right_names_write(string_t *dest, const char *const *rights);
diff --git a/src/plugins/acl/acl-settings.c b/src/plugins/acl/acl-settings.c
index eeca4cabe7..fafd8e0ed9 100644
--- a/src/plugins/acl/acl-settings.c
+++ b/src/plugins/acl/acl-settings.c
@@ -93,10 +93,6 @@ const struct setting_parser_info acl_setting_parser_info = {
 /* <settings checks> */
 static bool acl_rights_settings_check(void *_set, pool_t pool, const char **error_r)
 {
-#ifdef CONFIG_BINARY
-	/* FIXME: validate syntax */
-	return TRUE;
-#else
 	struct acl_rights_settings *set = _set;
 	const char *const *right_names;
 	const char *id_str = set->id;
@@ -127,7 +123,6 @@ static bool acl_rights_settings_check(void *_set, pool_t pool, const char **erro
 		set->parsed->rights = right_names;
 	}
 	return TRUE;
-#endif
 }
 
 static bool acl_settings_check(void *_set ATTR_UNUSED, pool_t pool ATTR_UNUSED,
-- 
2.47.3