static int
cmd_acl_mailbox_open(struct doveadm_mail_cmd_context *ctx,
struct mail_user *user, const char *mailbox,
struct mailbox **box_r)
{
struct acl_user *auser = ACL_USER_CONTEXT(user);
struct mail_namespace *ns;
struct mailbox *box;
if (auser == NULL) {
i_error("ACL not enabled for %s", user->username);
doveadm_mail_failed_error(ctx, MAIL_ERROR_NOTFOUND);
return -1;
}
ns = mail_namespace_find(user->namespaces, mailbox);
box = mailbox_alloc(ns->list, mailbox,
MAILBOX_FLAG_READONLY | MAILBOX_FLAG_IGNORE_ACLS);
if (mailbox_open(box) < 0) {
i_error("Can't open mailbox %s: %s", mailbox,
mailbox_get_last_error(box, NULL));
doveadm_mail_failed_mailbox(ctx, box);
mailbox_free(&box);
return -1;
}
*box_r = box;
return 0;
}
int acl_shared_namespaces_add(struct mail_namespace *ns)
{
struct acl_user *auser = ACL_USER_CONTEXT(ns->user);
struct acl_mailbox_list *alist = ACL_LIST_CONTEXT(ns->list);
struct mail_storage *storage = mail_namespace_get_default_storage(ns);
struct acl_lookup_dict_iter *iter;
const char *name;
i_assert(ns->type == MAIL_NAMESPACE_TYPE_SHARED);
i_assert(strcmp(storage->name, MAIL_SHARED_STORAGE_NAME) == 0);
if (ioloop_time < alist->last_shared_add_check + SHARED_NS_RETRY_SECS) {
/* already added, don't bother rechecking */
return 0;
}
alist->last_shared_add_check = ioloop_time;
iter = acl_lookup_dict_iterate_visible_init(auser->acl_lookup_dict);
while ((name = acl_lookup_dict_iterate_visible_next(iter)) != NULL) {
T_BEGIN {
acl_shared_namespace_add(ns, storage, name);
} T_END;
}
return acl_lookup_dict_iterate_visible_deinit(&iter);
}
static void acl_user_deinit(struct mail_user *user)
{
struct acl_user *auser = ACL_USER_CONTEXT(user);
acl_lookup_dict_deinit(&auser->acl_lookup_dict);
auser->module_ctx.super.deinit(user);
}
static int
cmd_acl_mailbox_open(struct mail_user *user, const char *mailbox,
struct mailbox **box_r)
{
struct acl_user *auser = ACL_USER_CONTEXT(user);
struct mail_namespace *ns;
struct mailbox *box;
const char *storage_name;
if (auser == NULL) {
i_error("ACL not enabled for %s", user->username);
return -1;
}
storage_name = mailbox;
ns = mail_namespace_find(user->namespaces, &storage_name);
if (ns == NULL) {
i_error("No namespace found for mailbox %s", mailbox);
return -1;
}
box = mailbox_alloc(ns->list, storage_name,
MAILBOX_FLAG_READONLY | MAILBOX_FLAG_KEEP_RECENT |
MAILBOX_FLAG_IGNORE_ACLS);
if (mailbox_open(box) < 0) {
i_error("Can't open mailbox %s: %s", mailbox,
mail_storage_get_last_error(box->storage, NULL));
mailbox_free(&box);
return -1;
}
*box_r = box;
return 0;
}
void acl_mail_namespace_storage_added(struct mail_namespace *ns)
{
struct acl_user *auser = ACL_USER_CONTEXT(ns->user);
struct acl_mailbox_list *alist = ACL_LIST_CONTEXT(ns->list);
struct acl_backend *backend;
const char *current_username, *owner_username;
bool owner = TRUE;
if (alist == NULL)
return;
owner_username = ns->user->username;
current_username = auser->acl_user;
if (current_username == NULL)
current_username = owner_username;
else
owner = strcmp(current_username, owner_username) == 0;
/* We don't care about the username for non-private mailboxes.
It's used only when checking if we're the mailbox owner. We never
are for shared/public mailboxes. */
if (ns->type != MAIL_NAMESPACE_TYPE_PRIVATE)
owner = FALSE;
/* we need to know the storage when initializing backend */
backend = acl_backend_init(auser->acl_env, ns->list, current_username,
auser->groups, owner);
if (backend == NULL)
i_fatal("ACL backend initialization failed");
acl_storage_rights_ctx_init(&alist->rights, backend);
}
void acl_mailbox_list_created(struct mailbox_list *list)
{
struct acl_user *auser = ACL_USER_CONTEXT(list->ns->user);
if (auser == NULL) {
/* ACLs disabled for this user */
} else if ((list->ns->flags & NAMESPACE_FLAG_NOACL) != 0) {
/* no ACL checks for internal namespaces (lda, shared) */
if (list->ns->type == MAIL_NAMESPACE_TYPE_SHARED)
acl_mailbox_list_init_shared(list);
} else if ((list->ns->flags & NAMESPACE_FLAG_UNUSABLE) != 0) {
/* this namespace is empty. don't attempt to lookup ACLs,
because they're not going to work anyway and we could
crash doing it. */
} else {
acl_mailbox_list_init_default(list);
}
}