void acl_computeRightsOnFolder(const char *folder, char *rights)
{
maildir_aclt_list l;
char *owner;
if (acl_read(&l, folder, &owner) < 0)
{
*rights=0;
return;
}
acl_computeRights(&l, rights, owner);
if (owner)
free(owner);
maildir_aclt_list_destroy(&l);
}
int acl_read2(maildir_aclt_list *l,
struct maildir_info *minfo,
char **owner)
{
int rc;
char *p;
if (minfo->mailbox_type == MAILBOXTYPE_OLDSHARED)
{
/* Legacy shared., punt. */
maildir_aclt_list_init(l);
if (maildir_aclt_list_add(l, "anyone",
ACL_LOOKUP ACL_READ
ACL_SEEN ACL_WRITE
ACL_INSERT
ACL_DELETEMSGS ACL_EXPUNGE, NULL) < 0
|| (*owner=strdup("vendor=courier.internal")) == NULL)
{
maildir_aclt_list_destroy(l);
return -1;
}
return 0;
}
if (minfo->homedir == NULL || minfo->maildir == NULL)
return -1;
p=maildir_name2dir(".", minfo->maildir);
if (!p)
return -1;
rc=maildir_acl_read(l, minfo->homedir,
strncmp(p, "./", 2) == 0 ? p+2:p);
free(p);
if (owner && rc == 0)
{
*owner=minfo->owner;
minfo->owner=NULL;
}
return rc;
}
void getacl()
{
maildir_aclt_list l;
char buf[2];
char *owner;
const char *a;
const char *editentity=cgi("editentity");
const char *editaccess=cgi("editaccess");
const char *entitytype="";
const char *entityval="";
int negate=0;
if (acl_read(&l, sqwebmail_folder, &owner) < 0)
{
printf("%s", getarg("ACL_noaccess"));
return;
}
strcpy(buf, ACL_ADMINISTER);
acl_computeRights(&l, buf, owner);
if (owner)
free(owner);
if (buf[0] == 0)
{
maildir_aclt_list_destroy(&l);
return;
}
printf("<form method=\"post\" name=\"form1\" action=\"");
output_scriptptr();
printf("\">");
output_scriptptrpostinfo();
printf("<input type=\"hidden\" name=\"update\" value=\"1\" />\n"
"<input type=\"hidden\" name=\"form\" value=\"acl\" />\n");
printf("<table class=\"folder-acl-list\"><tbody>"
"<tr><th align=\"left\">%s</th><th align=\"left\">%s</th></tr>\n",
getarg("ENTITY"),
getarg("ACCESSRIGHTS"));
maildir_aclt_list_enum(&l, getacl_cb, NULL);
if (*editentity == '-')
{
++editentity;
negate=1;
}
if (*editentity)
{
if (strncmp(editentity, "user="******"user";
entityval=editentity+5;
}
else if (strncmp(editentity, "group=", 6) == 0)
{
entitytype="group";
entityval=editentity+6;
}
else if (strcmp(editentity, "owner") == 0 ||
strcmp(editentity, "anonymous") == 0)
{
entitytype=editentity;
}
else
{
entitytype="other";
entityval=editentity;
}
}
printf("<tr><td colspan=\"2\"><hr width=\"90%%\" />");
printf("<table><tbody>\n");
printf("<tr><th colspan=\"2\" align=\"left\">%s</th></tr>\n",
getarg("UPDATEHDR"));
printf("<tr align=\"top\"><td>"
"<select name=\"negate\" id=\"negate\">\n"
"<option value=\"\" > </option>\n"
"<option value=\"-\" %s>-</option>\n"
"</select>\n"
"<select name=\"entitytype\" id=\"entitytype\" "
"onchange=\"javascript:updent()\" >\n"
"<option value=\"user\" %s >%s</option>\n"
"<option value=\"group\" %s >%s</option>\n"
"<option value=\"owner\" %s >%s</option>\n"
"<option value=\"anonymous\" %s >%s</option>\n"
"<option value=\"administrators\" %s >%s</option>\n"
"<option value=\"other\" %s >%s</option>\n"
"</select><input type=\"text\" name=\"entity\" "
" id=\"entity\" value=\"",
negate ? "selected=\"selected\"":"",
strcmp(entitytype, "user") == 0 ? "selected=\"selected\"":"",
getarg("USER"),
strcmp(entitytype, "group") == 0 ? "selected=\"selected\"":"",
getarg("GROUP"),
strcmp(entitytype, "owner") == 0 ? "selected=\"selected\"":"",
getarg("OWNER"),
strcmp(entitytype, "anonymous") == 0 ? "selected=\"selected\"":"",
getarg("ANONYMOUS"),
strcmp(entitytype, "administrators") == 0 ? "selected=\"selected\"":"",
getarg("ADMINISTRATORS"),
strcmp(entitytype, "other") == 0 ? "selected=\"selected\"":"",
getarg("OTHER"));
p_ident_name(entityval);
printf("\"/></td><td><table><tbody>");
a=getarg("ACL_all");
while (*a)
{
char buf2[40];
sprintf(buf2, "ACL_%c", *a);
printf("<tr><td><input type=\"checkbox\" name=\"acl_%c\" "
"id=\"acl_%c\" %s />"
"</td><td>%s</td></tr>\n",
*a, *a,
strchr(editaccess, *a) ? "checked=\"checked\"":"",
getarg(buf2));
++a;
}
printf("</tbody></table></td></tr>\n"
"<tr><td> </td>"
"<td><input type=\"submit\" name=\"do.update\" value=\"%s\" />"
"</td>"
"</table></tbody></td></tr>\n",
getarg("UPDATE"));
printf("</tbody></table></form>\n");
}
static void doupdate()
{
maildir_aclt_list l;
char *owner;
char buf[2];
char *p;
struct maildir_info minfo;
if (maildir_info_imap_find(&minfo, sqwebmail_folder,
login_returnaddr()) < 0)
return;
if (acl_read2(&l, &minfo, &owner) < 0)
{
maildir_info_destroy(&minfo);
return;
}
strcpy(buf, ACL_ADMINISTER);
acl_computeRights(&l, buf, owner);
if (!*buf)
{
if (owner)
free(owner);
maildir_aclt_list_destroy(&l);
maildir_info_destroy(&minfo);
return;
}
if (*cgi("delentity"))
{
if (maildir_aclt_list_del(&l, cgi("delentity")))
printf("%s", getarg("ACL_failed"));
}
if (*cgi("do.update"))
{
char *entity=NULL;
const char *p;
char new_acl[40];
p=cgi("entitytype");
if (strcmp(p, "anonymous") == 0 ||
strcmp(p, "owner") == 0)
entity=strdup(p);
else if (strcmp(p, "user") == 0)
{
p=cgi("entity");
if (*p)
{
entity=malloc(sizeof("user="******"user="******"group") == 0)
{
p=cgi("entity");
if (*p)
{
entity=malloc(sizeof("group=")+strlen(p));
if (entity)
strcat(strcpy(entity, "group="), p);
}
}
else
{
entity=strdup(cgi("entity"));
}
if (*cgi("negate") == '-' && entity)
{
char *p=malloc(strlen(entity)+2);
if (p)
strcat(strcpy(p, "-"), entity);
free(entity);
entity=p;
}
if (entity)
{
char *val=
unicode_convert_toutf8(entity,
sqwebmail_content_charset,
NULL);
if (val)
{
free(entity);
entity=val;
}
}
p=getarg("ACL_all");
new_acl[0]=0;
while (*p && strlen(new_acl) < sizeof(new_acl)-2)
{
char b[40];
sprintf(b, "acl_%c", *p);
if (*cgi(b))
{
b[0]=*p;
b[1]=0;
strcat(new_acl, b);
}
++p;
}
if (!entity || !*entity ||
maildir_aclt_list_add(&l, entity, new_acl, NULL) < 0)
printf("%s", getarg("ACL_failed"));
if (entity)
free(entity);
}
p=maildir_name2dir(".", minfo.maildir);
if (p)
{
const char *err_ident;
if (maildir_acl_write(&l, minfo.homedir,
strncmp(p, "./", 2) == 0 ? p+2:p,
owner, &err_ident))
printf("%s", getarg("ACL_failed"));
free(p);
}
if (owner)
free(owner);
maildir_aclt_list_destroy(&l);
maildir_info_destroy(&minfo);
}
void listrights()
{
maildir_aclt_list l;
char buf[40];
char *owner;
if (*cgi("do.update") || *cgi("delentity"))
{
struct maildir_info minfo;
if (maildir_info_imap_find(&minfo, sqwebmail_folder,
login_returnaddr()) == 0)
{
if (minfo.homedir)
{
struct maildirwatch *w;
char *lock;
int tryanyway;
w=maildirwatch_alloc(minfo.homedir);
if (!w)
{
maildir_info_destroy(&minfo);
enomem();
return;
}
lock=maildir_lock(minfo.homedir, w,
&tryanyway);
maildir_info_destroy(&minfo);
if (lock == NULL)
{
if (!tryanyway)
{
printf("%s",
getarg("ACL_noaccess"));
return;
}
}
doupdate();
if (lock)
{
unlink(lock);
free(lock);
}
maildirwatch_free(w);
}
}
}
if (acl_read(&l, sqwebmail_folder, &owner) < 0)
{
printf("%s", getarg("ACL_cantread"));
return;
}
buf[0]=0;
strncat(buf, getarg("ACL_all"), sizeof(buf)-2);
acl_computeRights(&l, buf, owner);
maildir_aclt_list_destroy(&l);
if (owner)
free(owner);
if (!maildir_acl_canlistrights(buf))
{
printf("%s", getarg("ACL_cantread"));
return;
}
showrights(buf);
}
int main(int argc, char *argv[])
{
const char *cmd;
const char *maildir;
const char *folder;
if (argc < 3)
usage();
cmd=argv[1];
if (strcmp(cmd, resetcmd) &&
strcmp(cmd, listcmd) &&
strcmp(cmd, setcmd) &&
strcmp(cmd, deletecmd) &&
strcmp(cmd, computecmd))
usage();
maildir=argv[2];
if (strcmp(cmd, resetcmd) == 0)
{
if (maildir_acl_reset(maildir))
{
perror(maildir);
exit(1);
}
exit(0);
}
if (argc < 4)
usage();
folder=argv[3];
if (strcmp(folder, INBOX) &&
strncmp(folder, INBOX ".", sizeof(INBOX ".")-1))
{
errno=EINVAL;
perror(folder);
exit(1);
}
folder += sizeof(INBOX)-1;
if (!*folder)
folder=".";
if (strcmp(cmd, listcmd) == 0)
{
maildir_aclt_list l;
if (maildir_acl_read(&l, maildir, folder) ||
maildir_aclt_list_enum(&l, acl_list, NULL))
{
perror(maildir);
exit(1);
}
maildir_aclt_list_destroy(&l);
exit(0);
}
if (strcmp(cmd, setcmd) == 0)
{
maildir_aclt_list l;
maildir_aclt a;
const char *identifier;
const char *rights;
const char *err_failedrights;
if (argc < 6)
usage();
identifier=argv[4];
rights=argv[5];
if (maildir_acl_read(&l, maildir, folder))
{
perror(maildir);
exit(1);
}
if (*rights == '+')
{
if (maildir_aclt_init(&a, NULL,
maildir_aclt_list_find(&l,
identifier
)) ||
maildir_aclt_add(&a, rights+1, NULL))
{
perror(argv[0]);
exit(1);
}
} else if (*rights == '-')
{
if (maildir_aclt_init(&a, NULL,
maildir_aclt_list_find(&l,
identifier
)) ||
maildir_aclt_del(&a, rights+1, NULL))
{
perror(argv[0]);
exit(1);
}
}
else if (maildir_aclt_init(&a, rights, NULL))
{
perror(argv[0]);
exit (1);
}
if (maildir_aclt_list_add(&l, identifier, NULL, &a))
{
perror(argv[0]);
exit(1);
}
if (maildir_acl_write(&l, maildir, folder, "owner",
&err_failedrights))
{
if (err_failedrights)
{
fprintf(stderr,
"Trying to set invalid access"
" rights for %s\n",
err_failedrights);
}
else perror(maildir);
exit(1);
}
}
if (strcmp(cmd, deletecmd) == 0)
{
maildir_aclt_list l;
const char *identifier;
const char *err_failedrights;
if (argc < 5)
usage();
identifier=argv[4];
if (maildir_acl_read(&l, maildir, folder))
{
perror(maildir);
exit(1);
}
if (maildir_aclt_list_del(&l, identifier))
{
perror(maildir);
exit(1);
}
if (maildir_acl_write(&l, maildir, folder, "owner",
&err_failedrights))
{
if (err_failedrights)
{
fprintf(stderr,
"Trying to set invalid access"
" rights for %s\n",
err_failedrights);
}
else perror(maildir);
exit(1);
}
}
if (strcmp(cmd, computecmd) == 0)
{
maildir_aclt_list l;
maildir_aclt a;
struct computeinfo ci;
ci.argc=argc;
ci.argv=argv;
if (argc < 5)
usage();
if (maildir_acl_read(&l, maildir, folder))
{
perror(maildir);
exit(1);
}
if (maildir_acl_compute(&a, &l, isme, &ci))
{
perror(maildir);
exit(1);
}
printf("%s\n", maildir_aclt_ascstr(&a));
}
return (0);
}
