static uint64_t get_mailbox_id(const char *name) { uint64_t id, owner; auth_user_exists("testuser1",&owner); db_find_create_mailbox(name, BOX_COMMANDLINE, owner, &id); return id; }
END_TEST //int do_empty(const u64_t useridnr); START_TEST(test_do_empty) { u64_t user_idnr; auth_user_exists("nosuchuser",&user_idnr); //fail_unless(do_empty(user_idnr),"do_empty should have failed"); }
int MailboxState_getAcl(T M, uint64_t userid, struct ACLMap *map) { int i; volatile int t = DM_SUCCESS; gboolean gotrow = FALSE; uint64_t anyone; Connection_T c; ResultSet_T r; PreparedStatement_T s; g_return_val_if_fail(MailboxState_getId(M),DM_EGENERAL); if (! (auth_user_exists(DBMAIL_ACL_ANYONE_USER, &anyone))) return DM_EQUERY; c = db_con_get(); TRY s = db_stmt_prepare(c, "SELECT lookup_flag,read_flag,seen_flag," "write_flag,insert_flag,post_flag," "create_flag,delete_flag,deleted_flag,expunge_flag,administer_flag " "FROM %sacl " "WHERE mailbox_id = ? AND user_id = ?",DBPFX); db_stmt_set_u64(s, 1, MailboxState_getId(M)); db_stmt_set_u64(s, 2, userid); r = db_stmt_query(s); if (! db_result_next(r)) { /* else check the 'anyone' user */ db_stmt_set_u64(s, 2, anyone); r = db_stmt_query(s); if (db_result_next(r)) gotrow = TRUE; } else { gotrow = TRUE; } if (gotrow) { i = 0; map->lookup_flag = db_result_get_bool(r,i++); map->read_flag = db_result_get_bool(r,i++); map->seen_flag = db_result_get_bool(r,i++); map->write_flag = db_result_get_bool(r,i++); map->insert_flag = db_result_get_bool(r,i++); map->post_flag = db_result_get_bool(r,i++); map->create_flag = db_result_get_bool(r,i++); map->delete_flag = db_result_get_bool(r,i++); map->deleted_flag = db_result_get_bool(r,i++); map->expunge_flag = db_result_get_bool(r,i++); map->administer_flag = db_result_get_bool(r,i++); } CATCH(SQLException) LOG_SQLERROR; t = DM_EQUERY; FINALLY db_con_close(c); END_TRY; return t; }
END_TEST //int do_delete(const u64_t useridnr, const char * const user); START_TEST(test_do_delete) { int result; u64_t user_idnr; auth_user_exists("testadduser",&user_idnr); fail_unless(user_idnr > 0,"abort test_do_delete: can't find user_idnr"); result = do_delete(user_idnr, "testadduser"); fail_unless(result==0,"test_do_delete failed"); }
int auth_validate(ClientBase_T *ci, const char *username, const char *password, uint64_t * user_idnr) { char real_username[DM_USERNAME_LEN]; const char *tuser; int result; memset(real_username,0,sizeof(real_username)); assert(user_idnr != NULL); *user_idnr = 0; tuser = username; if (CONSTNULL(tuser) || CONSTNULL(password)) { if (ci && ci->auth) { // CRAM-MD5 tuser = (char *)Cram_getUsername(ci->auth); } else { TRACE(TRACE_DEBUG, "username or password is empty"); return FALSE; } } /* the shared mailbox user should not log in! */ if (strcmp(tuser, PUBLIC_FOLDER_USER) == 0) return 0; strncpy(real_username, tuser, DM_USERNAME_LEN-1); if (db_use_usermap()) { /* use usermap */ result = db_usermap_resolve(ci, tuser, real_username); if (result == DM_EGENERAL) return 0; if (result == DM_EQUERY) return DM_EQUERY; } /* lookup the user_idnr */ if (! auth_user_exists(real_username, user_idnr)) return FALSE; if (! db_user_active(*user_idnr)) return FALSE; int valid = 0; if (! (valid = db_user_validate(ci, "passwd", user_idnr, password))) { if ((valid = db_user_validate(ci, "spasswd", user_idnr, password))) db_user_security_trigger(*user_idnr); } if (! valid) *user_idnr = 0; return valid; }
//--------------------------------------------------------------------------------------// void Http_getUsers(T R) { struct evbuffer *buf; char *username = NULL; uint64_t id = 0; if (Request_getId(R)) { /* * id can be specified both by name and number * * C < /users/testuser1 * C < /users/123 * */ if ((id = strtoull(Request_getId(R), NULL, 10))) username = auth_get_userid(id); else if (auth_user_exists(Request_getId(R), &id)) username = g_strdup(Request_getId(R)); if (! (username && id)) Request_error(R, HTTP_NOTFOUND, "User not found"); } buf = evbuffer_new(); if (Request_getMethod(R) == NULL) { GList *users = NULL; if (username) { MailboxState_T M; const char *mailbox; uint64_t mboxid; /* * retrieve user meta-data * C < /users/testuser1 * create/delete mailbox for user * POST C < /users/testuser1 */ if ((mailbox = evhttp_find_header(Request_getPOST(R),"create"))) { const char *message; if (db_mailbox_create_with_parents(mailbox, BOX_COMMANDLINE, id, &mboxid, &message)) { Request_error(R, HTTP_BADREQUEST, message); evbuffer_free(buf); return; } } if ((mailbox = evhttp_find_header(Request_getPOST(R),"delete"))) { int access; /* check if there is an attempt to delete inbox */ if (MATCH(mailbox, "INBOX")) { Request_error(R, HTTP_BADREQUEST, "NO cannot delete special mailbox INBOX"); evbuffer_free(buf); return; } if (! (db_findmailbox(mailbox, id, &mboxid)) ) { Request_error(R, HTTP_NOTFOUND, "NO mailbox doesn't exists"); evbuffer_free(buf); return; } /* Check if the user has ACL delete rights to this mailbox */ M = MailboxState_new(mboxid); access = acl_has_right(M, id, ACL_RIGHT_DELETE); if (access != 1) { Request_error(R, HTTP_BADREQUEST, "NO permission denied"); evbuffer_free(buf); return; } /* ok remove mailbox */ if (db_delete_mailbox(mboxid, 0, 1)) { Request_error(R, HTTP_SERVUNAVAIL, "NO delete failed"); evbuffer_free(buf); return; } } users = g_list_append_printf(users, "%s", username); } else { /* * list all users * C < /users/ * * create,edit,delete user * POST C < /users/ */ const char *user = NULL; if ((user = evhttp_find_header(Request_getPOST(R),"create"))) { const char *password, *encoding, *quota; password = evhttp_find_header(Request_getPOST(R), "password"); encoding = evhttp_find_header(Request_getPOST(R), "encoding"); quota = evhttp_find_header(Request_getPOST(R), "quota"); TRACE(TRACE_DEBUG, "create user: [%s] password: [%s] encoding [%s] quota [%s]", user, password, encoding, quota); } else if ((user = evhttp_find_header(Request_getPOST(R),"edit"))) { TRACE(TRACE_DEBUG, "edit user: [%s]", user); } else if ((user = evhttp_find_header(Request_getPOST(R),"delete"))) { TRACE(TRACE_DEBUG, "delete user: [%s]", user); } users = auth_get_known_users(); } Request_setContentType(R,"application/json; charset=utf-8"); evbuffer_add_printf(buf, "{\"users\": {\n"); while(users->data) { uint64_t id; if (auth_user_exists((char *)users->data, &id)) evbuffer_add_printf(buf, " \"%lu\":{\"name\":\"%s\"}", id, (char *)users->data); if (! g_list_next(users)) break; users = g_list_next(users); evbuffer_add_printf(buf,",\n"); } evbuffer_add_printf(buf, "\n}}\n"); g_list_destroy(users); } else if (MATCH(Request_getMethod(R),"mailboxes")) { GList *mailboxes = NULL; if (! username) { Request_error(R, HTTP_NOTFOUND, "User not found"); evbuffer_free(buf); return; } /* * list mailboxes for user * GET C < /users/testuser1/mailboxes * */ db_findmailbox_by_regex(id, "*", &mailboxes, FALSE); Request_setContentType(R,"application/json; charset=utf-8"); evbuffer_add_printf(buf, "{\"mailboxes\": {\n"); while (mailboxes->data) { MailboxState_T b = MailboxState_new(*((uint64_t *)mailboxes->data)); MailboxState_setOwner(b, id); //if (MailboxState_reload(b) == DM_SUCCESS) evbuffer_add_printf(buf, " \"%lu\":{\"name\":\"%s\",\"exists\":%u}", MailboxState_getId(b), MailboxState_getName(b), MailboxState_getExists(b)); MailboxState_free(&b); if (! g_list_next(mailboxes)) break; mailboxes = g_list_next(mailboxes); evbuffer_add_printf(buf,",\n"); } evbuffer_add_printf(buf, "\n}}\n"); } if (EVBUFFER_LENGTH(buf)) Request_send(R, HTTP_OK, "OK", buf); else Request_error(R, HTTP_SERVUNAVAIL, "Server error"); if (username) g_free(username); evbuffer_free(buf); }
static void init_testuser1(void) { uint64_t user_idnr; if (! (auth_user_exists("testuser1",&user_idnr))) auth_adduser("testuser1","test", "md5", 101, 1024000, &user_idnr); }
static int do_export(char *user, char *base_mailbox, char *basedir, char *outfile, char *search, int delete_after_dump, int recursive) { u64_t user_idnr = 0, owner_idnr = 0, mailbox_idnr = 0; char *dumpfile = NULL, *mailbox = NULL, *search_mailbox = NULL, *dir = NULL; GList *children = NULL; int result = 0; /* Verify the existence of this user */ if (! auth_user_exists(user, &user_idnr)) { qerrorf("Error: user [%s] does not exist.\n", user); result = -1; goto cleanup; } mailbox = g_new0(char, IMAP_MAX_MAILBOX_NAMELEN); if (!base_mailbox) { /* Always recursive without a mailbox base */ search_mailbox = g_strdup("*"); } else if (recursive) { /* Base and everything below */ search_mailbox = g_strdup_printf("%s*", base_mailbox); } else if (!recursive) { /* Should yield same results as plain db_findmailbox */ search_mailbox = g_strdup_printf("%s", base_mailbox); } /* FIXME: What are the possible error conditions here? */ db_findmailbox_by_regex(user_idnr, search_mailbox, &children, 0); /* Decision process for basedir vs. outfile: * If we're dumping one mailbox for one user, it goes to * stdout. If we've been given -o -, dump everything to * stdout (e.g., one giant mbox). If we've been given foo */ if (!outfile && !basedir) { /* Default is to use basedir of . */ basedir = "."; } else if (outfile) { /* Everything goes into this one file */ dumpfile = outfile; } children = g_list_first(children); qerrorf("Exporting [%u] mailboxes for [%s]\n", g_list_length(children), user); while (children) { mailbox_idnr = *(u64_t *)children->data; db_getmailboxname(mailbox_idnr, user_idnr, mailbox); if (! db_get_mailbox_owner(mailbox_idnr, &owner_idnr)) { qerrorf("Error checking mailbox ownership"); goto cleanup; } if (owner_idnr == user_idnr) { if (basedir) { /* Prepare the directory */ dumpfile = g_strdup_printf("%s/%s/%s.mbox", basedir, user, mailbox); dir = g_path_get_dirname(dumpfile); if (g_mkdir_with_parents(dir, 0700)) { qerrorf("can't create directory [%s]\n", dir); result = -1; goto cleanup; } } qerrorf(" export mailbox %s -> %s\n", mailbox, dumpfile); if ((result = mailbox_dump(mailbox_idnr, dumpfile, search, delete_after_dump)) != 0) { qerrorf("error exporting mailbox %s -> %s\n", mailbox, dumpfile); goto cleanup; } if (delete_after_dump) db_update("UPDATE %smailboxes SET seq=seq+1 WHERE mailbox_idnr=%d",DBPFX,mailbox_idnr); if (basedir) { g_free(dir); g_free(dumpfile); } } if (! g_list_next(children)) break; children = g_list_next(children); } cleanup: g_list_destroy(children); g_free(search_mailbox); g_free(mailbox); return result; }