Example #1
0
static uint64_t get_mailbox_id(const char *name)
{
	uint64_t id, owner;
	auth_user_exists("testuser1",&owner);
	db_find_create_mailbox(name, BOX_COMMANDLINE, owner, &id);
	return id;
}
Example #2
0
END_TEST

//int do_empty(const u64_t useridnr);
START_TEST(test_do_empty)
{
	u64_t user_idnr;
	auth_user_exists("nosuchuser",&user_idnr);
	//fail_unless(do_empty(user_idnr),"do_empty should have failed");
}
Example #3
0
int MailboxState_getAcl(T M, uint64_t userid, struct ACLMap *map)
{
	int i;
	volatile int t = DM_SUCCESS;
	gboolean gotrow = FALSE;
	uint64_t anyone;
	Connection_T c; ResultSet_T r; PreparedStatement_T s;

	g_return_val_if_fail(MailboxState_getId(M),DM_EGENERAL); 

	if (! (auth_user_exists(DBMAIL_ACL_ANYONE_USER, &anyone)))
		return DM_EQUERY;

	c = db_con_get();
	TRY
		s = db_stmt_prepare(c, "SELECT lookup_flag,read_flag,seen_flag,"
			"write_flag,insert_flag,post_flag,"
			"create_flag,delete_flag,deleted_flag,expunge_flag,administer_flag "
			"FROM %sacl "
			"WHERE mailbox_id = ? AND user_id = ?",DBPFX);
		db_stmt_set_u64(s, 1, MailboxState_getId(M));
		db_stmt_set_u64(s, 2, userid);
		r = db_stmt_query(s);
		if (! db_result_next(r)) {
			/* else check the 'anyone' user */
			db_stmt_set_u64(s, 2, anyone);
			r = db_stmt_query(s);
			if (db_result_next(r))
				gotrow = TRUE;
		} else {
			gotrow = TRUE;
		}

		if (gotrow) {
			i = 0;
			map->lookup_flag	= db_result_get_bool(r,i++);
			map->read_flag		= db_result_get_bool(r,i++);
			map->seen_flag		= db_result_get_bool(r,i++);
			map->write_flag		= db_result_get_bool(r,i++);
			map->insert_flag	= db_result_get_bool(r,i++);
			map->post_flag		= db_result_get_bool(r,i++);
			map->create_flag	= db_result_get_bool(r,i++);
			map->delete_flag	= db_result_get_bool(r,i++);
			map->deleted_flag	= db_result_get_bool(r,i++);
			map->expunge_flag	= db_result_get_bool(r,i++);
			map->administer_flag	= db_result_get_bool(r,i++);
		}
	CATCH(SQLException)
		LOG_SQLERROR;
		t = DM_EQUERY;
	FINALLY
		db_con_close(c);
	END_TRY;

	return t;
}
Example #4
0
END_TEST

//int do_delete(const u64_t useridnr, const char * const user);
START_TEST(test_do_delete)
{
	int result;
	u64_t user_idnr;
	auth_user_exists("testadduser",&user_idnr);
	fail_unless(user_idnr > 0,"abort test_do_delete: can't find user_idnr");
	result = do_delete(user_idnr, "testadduser");
	fail_unless(result==0,"test_do_delete failed");
}
Example #5
0
int auth_validate(ClientBase_T *ci, const char *username, const char *password, uint64_t * user_idnr)
{
	char real_username[DM_USERNAME_LEN];
	const char *tuser;
	int result;

	memset(real_username,0,sizeof(real_username));

	assert(user_idnr != NULL);
	*user_idnr = 0;

	tuser = username;
	if (CONSTNULL(tuser) || CONSTNULL(password)) {
		if (ci && ci->auth) { // CRAM-MD5
			tuser = (char *)Cram_getUsername(ci->auth);
		} else {
			TRACE(TRACE_DEBUG, "username or password is empty");
			return FALSE;
		}
	}

	/* the shared mailbox user should not log in! */
	if (strcmp(tuser, PUBLIC_FOLDER_USER) == 0) return 0;

	strncpy(real_username, tuser, DM_USERNAME_LEN-1);
	if (db_use_usermap()) {  /* use usermap */
		result = db_usermap_resolve(ci, tuser, real_username);
		if (result == DM_EGENERAL)
			return 0;
		if (result == DM_EQUERY)
			return DM_EQUERY;
	}
	
	/* lookup the user_idnr */
	if (! auth_user_exists(real_username, user_idnr)) 
		return FALSE;

	if (! db_user_active(*user_idnr))
		return FALSE;

	int valid = 0;
	if (! (valid = db_user_validate(ci, "passwd", user_idnr, password))) {
		if ((valid = db_user_validate(ci, "spasswd", user_idnr, password))) 
			db_user_security_trigger(*user_idnr);
	}
	if (! valid)
		*user_idnr = 0;

	return valid;

}
Example #6
0
//--------------------------------------------------------------------------------------//
void Http_getUsers(T R)
{
	struct evbuffer *buf;
	char *username = NULL;
	uint64_t id = 0;

	if (Request_getId(R)) {
		/* 
		 * id can be specified both by name and number
		 *
		 * C < /users/testuser1
		 * C < /users/123
		 *
		 */

		if ((id = strtoull(Request_getId(R), NULL, 10)))
			username = auth_get_userid(id);
		else if (auth_user_exists(Request_getId(R), &id))
			username = g_strdup(Request_getId(R));

		if (! (username && id))
			Request_error(R, HTTP_NOTFOUND, "User not found");
	}

	buf = evbuffer_new();
	if (Request_getMethod(R) == NULL) {
		GList *users = NULL;

		if (username) {
			MailboxState_T M;
			const char *mailbox;
			uint64_t mboxid;
			/* 
			 * retrieve user meta-data
			 * C < /users/testuser1

			 * create/delete mailbox for user
			 * POST C < /users/testuser1

			 */

			if ((mailbox = evhttp_find_header(Request_getPOST(R),"create"))) {
				const char *message;

				if (db_mailbox_create_with_parents(mailbox, BOX_COMMANDLINE, id, &mboxid, &message)) {
					Request_error(R, HTTP_BADREQUEST, message);
					evbuffer_free(buf);
					return;
				}
			}
			if ((mailbox = evhttp_find_header(Request_getPOST(R),"delete"))) {

				int access;

				/* check if there is an attempt to delete inbox */
				if (MATCH(mailbox, "INBOX")) {
					Request_error(R, HTTP_BADREQUEST, "NO cannot delete special mailbox INBOX");
					evbuffer_free(buf);
					return;
				}

				if (! (db_findmailbox(mailbox, id, &mboxid)) ) {
					Request_error(R, HTTP_NOTFOUND, "NO mailbox doesn't exists");
					evbuffer_free(buf);
					return;
				}

				/* Check if the user has ACL delete rights to this mailbox */
				M = MailboxState_new(mboxid);
				access = acl_has_right(M, id, ACL_RIGHT_DELETE);
				if (access != 1) {
					Request_error(R, HTTP_BADREQUEST, "NO permission denied");
					evbuffer_free(buf);
					return;
				}

				/* ok remove mailbox */
				if (db_delete_mailbox(mboxid, 0, 1)) {
					Request_error(R, HTTP_SERVUNAVAIL, "NO delete failed");
					evbuffer_free(buf);
					return;
				}
			}


			users = g_list_append_printf(users, "%s", username);
		} else {
			/* 
			 * list all users
			 * C < /users/
			 *
			 * create,edit,delete user
			 * POST C < /users/
			 */

			const char *user = NULL;

			if ((user = evhttp_find_header(Request_getPOST(R),"create"))) {
				const char *password, *encoding, *quota;
			       	password = evhttp_find_header(Request_getPOST(R), "password");
			       	encoding = evhttp_find_header(Request_getPOST(R), "encoding");
			       	quota    = evhttp_find_header(Request_getPOST(R), "quota");
				TRACE(TRACE_DEBUG, "create user: [%s] password: [%s] encoding [%s] quota [%s]", 
						user, password, encoding, quota);

			} else if ((user = evhttp_find_header(Request_getPOST(R),"edit"))) {
				TRACE(TRACE_DEBUG, "edit user: [%s]", user);

			} else if ((user = evhttp_find_header(Request_getPOST(R),"delete"))) {
				TRACE(TRACE_DEBUG, "delete user: [%s]", user);
			}

			users = auth_get_known_users();
		}

		Request_setContentType(R,"application/json; charset=utf-8");
		evbuffer_add_printf(buf, "{\"users\": {\n");
		while(users->data) {
			uint64_t id;
			if (auth_user_exists((char *)users->data, &id))
				evbuffer_add_printf(buf, "    \"%lu\":{\"name\":\"%s\"}", id, (char *)users->data);
			if (! g_list_next(users)) break;
			users = g_list_next(users);
			evbuffer_add_printf(buf,",\n");
		}
		evbuffer_add_printf(buf, "\n}}\n");
		g_list_destroy(users);

	} else if (MATCH(Request_getMethod(R),"mailboxes")) {
		GList *mailboxes = NULL;

		if (! username) {
			Request_error(R, HTTP_NOTFOUND, "User not found");
			evbuffer_free(buf);
			return;
		}

		/*
		 * list mailboxes for user
		 * GET C < /users/testuser1/mailboxes
		 *
		 */

		db_findmailbox_by_regex(id, "*", &mailboxes, FALSE);

		Request_setContentType(R,"application/json; charset=utf-8");
		evbuffer_add_printf(buf, "{\"mailboxes\": {\n");
		while (mailboxes->data) {
			MailboxState_T b = MailboxState_new(*((uint64_t *)mailboxes->data));
			MailboxState_setOwner(b, id);
			//if (MailboxState_reload(b) == DM_SUCCESS)
			evbuffer_add_printf(buf, "    \"%lu\":{\"name\":\"%s\",\"exists\":%u}", MailboxState_getId(b), MailboxState_getName(b), MailboxState_getExists(b));
			MailboxState_free(&b);
			if (! g_list_next(mailboxes)) break;
			mailboxes = g_list_next(mailboxes);
			evbuffer_add_printf(buf,",\n");
		}
		evbuffer_add_printf(buf, "\n}}\n");
	} 

	if (EVBUFFER_LENGTH(buf))
		Request_send(R, HTTP_OK, "OK", buf);
	else		
		Request_error(R, HTTP_SERVUNAVAIL, "Server error");

	if (username) g_free(username);
	evbuffer_free(buf);
}
Example #7
0
static void init_testuser1(void) 
{
        uint64_t user_idnr;
	if (! (auth_user_exists("testuser1",&user_idnr)))
		auth_adduser("testuser1","test", "md5", 101, 1024000, &user_idnr);
}
Example #8
0
static int do_export(char *user, char *base_mailbox, char *basedir, char *outfile, char *search, int delete_after_dump, int recursive)
{
	u64_t user_idnr = 0, owner_idnr = 0, mailbox_idnr = 0;
	char *dumpfile = NULL, *mailbox = NULL, *search_mailbox = NULL, *dir = NULL;
	GList *children = NULL;
	int result = 0;

	/* Verify the existence of this user */
	if (! auth_user_exists(user, &user_idnr)) {
		qerrorf("Error: user [%s] does not exist.\n", user);
		result = -1;
		goto cleanup;
	}

	mailbox = g_new0(char, IMAP_MAX_MAILBOX_NAMELEN);

	if (!base_mailbox) {
		/* Always recursive without a mailbox base */
		search_mailbox = g_strdup("*");
	} else if (recursive) {
		/* Base and everything below */
		search_mailbox = g_strdup_printf("%s*", base_mailbox);
	} else if (!recursive) {
		/* Should yield same results as plain db_findmailbox */
		search_mailbox = g_strdup_printf("%s", base_mailbox);
	}

	/* FIXME: What are the possible error conditions here? */
	db_findmailbox_by_regex(user_idnr, search_mailbox, &children, 0);

	/* Decision process for basedir vs. outfile:
	 *   If we're dumping one mailbox for one user, it goes to
	 *   stdout.  If we've been given -o -, dump everything to
	 *   stdout (e.g., one giant mbox).  If we've been given foo
	 */

	if (!outfile && !basedir) {
		/* Default is to use basedir of . */
		basedir = ".";
	} else if (outfile) {
		/* Everything goes into this one file */
		dumpfile = outfile;
	}

	children = g_list_first(children);

	qerrorf("Exporting [%u] mailboxes for [%s]\n", g_list_length(children), user);

	while (children) {
		mailbox_idnr = *(u64_t *)children->data;
		db_getmailboxname(mailbox_idnr, user_idnr, mailbox);			
		if (! db_get_mailbox_owner(mailbox_idnr, &owner_idnr)) {
			qerrorf("Error checking mailbox ownership");
			goto cleanup;
		}
		if (owner_idnr == user_idnr) {
			if (basedir) {
				/* Prepare the directory */
				dumpfile = g_strdup_printf("%s/%s/%s.mbox", basedir, user, mailbox);

				dir = g_path_get_dirname(dumpfile);
				if (g_mkdir_with_parents(dir, 0700)) {
					qerrorf("can't create directory [%s]\n", dir);
					result = -1;
					goto cleanup;
				}
			}

			qerrorf(" export mailbox %s -> %s\n", mailbox, dumpfile);
			if ((result = mailbox_dump(mailbox_idnr, dumpfile, search, delete_after_dump)) != 0) {
				qerrorf("error exporting mailbox %s -> %s\n", mailbox, dumpfile);
				goto cleanup;
			}

			if (delete_after_dump) db_update("UPDATE %smailboxes SET seq=seq+1 WHERE mailbox_idnr=%d",DBPFX,mailbox_idnr);

			if (basedir) {
				g_free(dir);
				g_free(dumpfile);
			}
		}
		if (! g_list_next(children)) break;
		children = g_list_next(children);
	}

cleanup:
	g_list_destroy(children);
	g_free(search_mailbox);
	g_free(mailbox);

	return result;
}