acl: When lookup ACLs are changed, make sure dovecot-acl-list is updated.

--HG--
branch : HEAD

diff --git a/src/plugins/acl/acl-api-private.h b/src/plugins/acl/acl-api-private.h
index ae5d691c990e06a4c6502f79abd0e3b1b3e682f6..bd2d70a61432c35d5fbdb1ecdac8f0002c057afc 100644 (file)
--- a/src/plugins/acl/acl-api-private.h
+++ b/src/plugins/acl/acl-api-private.h
@@ -82,5 +82,6 @@ acl_backend_mask_get_names(struct acl_backend *backend,
                           const struct acl_mask *mask, pool_t pool);
 int acl_backend_get_default_rights(struct acl_backend *backend,
                                   const struct acl_mask **mask_r);
+bool acl_rights_has_nonowner_lookup_changes(const struct acl_rights *rights);
 
 #endif

diff --git a/src/plugins/acl/acl-api.c b/src/plugins/acl/acl-api.c
index b70d2ad248a8c659babea27c8195810d18143c52..958af3eca4e52a3c154718cdba95bdcaf5930d8f 100644 (file)
--- a/src/plugins/acl/acl-api.c
+++ b/src/plugins/acl/acl-api.c
@@ -171,3 +171,22 @@ acl_backend_nonowner_lookups_iter_deinit(struct acl_mailbox_list_context **_ctx)
        *_ctx = NULL;
        ctx->backend->v.nonowner_lookups_iter_deinit(ctx);
 }
+
+bool acl_rights_has_nonowner_lookup_changes(const struct acl_rights *rights)
+{
+       const char *const *p;
+
+       if (rights->id_type == ACL_ID_OWNER) {
+               /* ignore owner rights */
+               return FALSE;
+       }
+
+       if (rights->rights == NULL)
+               return FALSE;
+
+       for (p = rights->rights; *p != NULL; p++) {
+               if (strcmp(*p, MAIL_ACL_LOOKUP) == 0)
+                       return TRUE;
+       }
+       return FALSE;
+}

diff --git a/src/plugins/acl/acl-backend-vfile-acllist.c b/src/plugins/acl/acl-backend-vfile-acllist.c
index f14887828789f67cc4b119f8e77d6fe02b256b01..aa720d8da7638f5fa21722affc0de41cf705ccd2 100644 (file)
--- a/src/plugins/acl/acl-backend-vfile-acllist.c
+++ b/src/plugins/acl/acl-backend-vfile-acllist.c
@@ -125,25 +125,6 @@ void acl_backend_vfile_acllist_refresh(struct acl_backend_vfile *backend)
        }
 }
 
-static bool rights_has_lookup_changes(const struct acl_rights *rights)
-{
-       const char *const *p;
-
-       if (rights->id_type == ACL_ID_OWNER) {
-               /* ignore owner rights */
-               return FALSE;
-       }
-
-       if (rights->rights == NULL)
-               return FALSE;
-
-       for (p = rights->rights; *p != NULL; p++) {
-               if (strcmp(*p, MAIL_ACL_LOOKUP) == 0)
-                       return TRUE;
-       }
-       return FALSE;
-}
-
 static int
 acllist_append(struct acl_backend_vfile *backend, struct ostream *output,
               struct mail_storage *storage, const char *name)
@@ -159,7 +140,7 @@ acllist_append(struct acl_backend_vfile *backend, struct ostream *output,
 
        iter = acl_object_list_init(aclobj);
        while ((ret = acl_object_list_next(iter, &rights)) > 0) {
-               if (rights_has_lookup_changes(&rights))
+               if (acl_rights_has_nonowner_lookup_changes(&rights))
                        break;
        }
        acl_object_list_deinit(&iter);

diff --git a/src/plugins/acl/acl-backend-vfile.c b/src/plugins/acl/acl-backend-vfile.c
index 27d18f8d58fefc363a1b060b6fedfaf94c497066..bf93d4b462c9a5ded065451c42fae1ce1704aa80 100644 (file)
--- a/src/plugins/acl/acl-backend-vfile.c
+++ b/src/plugins/acl/acl-backend-vfile.c
@@ -1092,6 +1092,8 @@ acl_backend_vfile_object_update(struct acl_object *_aclobj,
                                const struct acl_rights_update *update)
 {
        struct acl_object_vfile *aclobj = (struct acl_object_vfile *)_aclobj;
+       struct acl_backend_vfile *backend =
+               (struct acl_backend_vfile *)_aclobj->backend;
        const struct acl_rights *rights;
        struct dotlock *dotlock;
        const char *path;
@@ -1115,20 +1117,25 @@ acl_backend_vfile_object_update(struct acl_object *_aclobj,
        if (!changed) {
                file_dotlock_delete(&dotlock);
                return 0;
-       } else {
-               path = file_dotlock_get_lock_path(dotlock);
-               if (acl_backend_vfile_update_write(aclobj, fd, path) < 0) {
-                       file_dotlock_delete(&dotlock);
-                       acl_cache_flush(_aclobj->backend->cache, _aclobj->name);
-                       return -1;
-               }
-               acl_backend_vfile_update_cache(_aclobj, fd);
-               if (file_dotlock_replace(&dotlock, 0) < 0) {
-                       acl_cache_flush(_aclobj->backend->cache, _aclobj->name);
-                       return -1;
-               }
-               return 0;
        }
+
+       /* ACLs were really changed, write the new ones */
+       path = file_dotlock_get_lock_path(dotlock);
+       if (acl_backend_vfile_update_write(aclobj, fd, path) < 0) {
+               file_dotlock_delete(&dotlock);
+               acl_cache_flush(_aclobj->backend->cache, _aclobj->name);
+               return -1;
+       }
+       acl_backend_vfile_update_cache(_aclobj, fd);
+       if (file_dotlock_replace(&dotlock, 0) < 0) {
+               acl_cache_flush(_aclobj->backend->cache, _aclobj->name);
+               return -1;
+       }
+       /* make sure dovecot-acl-list gets updated if we added any
+          lookup rights. */
+       if (acl_rights_has_nonowner_lookup_changes(&update->rights))
+               (void)acl_backend_vfile_acllist_rebuild(backend);
+       return 0;
 }
 
 static struct acl_object_list_iter *