From: Timo Sirainen Date: Mon, 25 Jan 2010 18:40:25 +0000 (+0200) Subject: acl: Don't give admin rights to all owner mailboxes. X-Git-Tag: 2.0.beta2~35 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=68a6202f65e5070aad57a4dc00b781c3debc98a2;p=thirdparty%2Fdovecot%2Fcore.git acl: Don't give admin rights to all owner mailboxes. The SETACL IMAP command should already prevent this. If this situation is created by modifying dovecot-acl file manually, it's probably intentional. --HG-- branch : HEAD --- diff --git a/src/plugins/acl/acl-backend-vfile.c b/src/plugins/acl/acl-backend-vfile.c index f91fd91d93..a8fb685390 100644 --- a/src/plugins/acl/acl-backend-vfile.c +++ b/src/plugins/acl/acl-backend-vfile.c @@ -756,10 +756,9 @@ static void apply_owner_rights(struct acl_object *_aclobj) static void acl_backend_vfile_cache_rebuild(struct acl_object_vfile *aclobj) { - static const char *const admin_rights[] = { MAIL_ACL_ADMIN, NULL }; struct mail_namespace *ns; struct acl_object *_aclobj = &aclobj->aclobj; - struct acl_rights_update ru, ru2; + struct acl_rights_update ru; enum acl_modify_mode add_mode; const struct acl_rights *rights; unsigned int i, count; @@ -771,11 +770,6 @@ static void acl_backend_vfile_cache_rebuild(struct acl_object_vfile *aclobj) return; ns = mailbox_list_get_namespace(_aclobj->backend->list); - memset(&ru2, 0, sizeof(ru2)); - ru2.modify_mode = ACL_MODIFY_MODE_ADD; - ru2.rights.id_type = ACL_ID_OWNER; - ru2.rights.rights = admin_rights; - owner_applied = ns->type != NAMESPACE_PRIVATE; memset(&ru, 0, sizeof(ru)); @@ -806,20 +800,11 @@ static void acl_backend_vfile_cache_rebuild(struct acl_object_vfile *aclobj) can't mess things up via them */ first_global = FALSE; ru.neg_modify_mode = ACL_MODIFY_MODE_REPLACE; - - if (ns->type == NAMESPACE_PRIVATE) { - /* make sure owner has admin rights - (at least before global ACLs are applied) */ - acl_cache_update(_aclobj->backend->cache, - _aclobj->name, &ru2); - } } acl_cache_update(_aclobj->backend->cache, _aclobj->name, &ru); } if (!owner_applied && count > 0) apply_owner_rights(_aclobj); - else if (first_global && ns->type == NAMESPACE_PRIVATE) - acl_cache_update(_aclobj->backend->cache, _aclobj->name, &ru2); } static int acl_backend_vfile_object_refresh_cache(struct acl_object *_aclobj)