Wesley Craig wrote:
Yeah, I have a mixed test cluster up, that I'm using to fix the various
xfer problems. Pass it along, and I'll test it.
Here it is. I removed all of legacy parameter crap. My new 'theory' is
to store and pass around ACLs including the legacy macros (in the same
manner as the GETACL response). The server then does the 'right thing'
when cresting the rights bitmask.
--
Kenneth Murchison
Systems Programmer
Project Cyrus Developer/Maintainer
Carnegie Mellon University
Index: imap/imapd.c
===================================================================
RCS file: /afs/andrew/system/cvs/src/cyrus/imap/imapd.c,v
retrieving revision 1.443.2.87
diff -u -r1.443.2.87 imapd.c
--- imap/imapd.c 2 Aug 2006 15:16:20 -0000 1.443.2.87
+++ imap/imapd.c 11 Aug 2006 15:12:09 -0000
@@ -5885,7 +5885,6 @@
int r, access;
char *acl;
char *rights, *nextid;
- char str[ACL_MAXSTR];
r = (*imapd_namespace.mboxname_tointernal)(&imapd_namespace, name,
imapd_userid, mailboxname);
@@ -5928,7 +5927,6 @@
prot_printf(imapd_out, " ");
printastring(acl);
prot_printf(imapd_out, " ");
- rights = cyrus_acl_masktostr(cyrus_acl_strtomask(rights), str, 1);
printastring(rights);
acl = nextid;
}
@@ -6001,11 +5999,11 @@
/* calculate optional rights */
cyrus_acl_masktostr(implicit ^ (canon_identifier ? ACL_FULL : 0),
- optional, 1);
+ optional);
/* build the rights string */
if (implicit) {
- cyrus_acl_masktostr(implicit, rightsdesc, 1);
+ cyrus_acl_masktostr(implicit, rightsdesc);
}
else {
strcpy(rightsdesc, "\"\"");
@@ -6080,7 +6078,7 @@
prot_printf(imapd_out, "* MYRIGHTS ");
printastring(name);
prot_printf(imapd_out, " ");
- printastring(cyrus_acl_masktostr(rights, str, 1));
+ printastring(cyrus_acl_masktostr(rights, str));
prot_printf(imapd_out, "\r\n%s OK %s\r\n", tag,
error_message(IMAP_OK_COMPLETED));
}
@@ -7934,7 +7932,7 @@
}
static int dumpacl(struct protstream *pin, struct protstream *pout,
- char *mailbox, char *acl_in, int send_legacy_acl)
+ char *mailbox, char *acl_in)
{
int r = 0;
int c; /* getword() returns an int */
@@ -7945,7 +7943,6 @@
char *acl_safe = acl_in ? xstrdup(acl_in) : NULL;
char *acl = acl_safe;
struct buf inbuf;
- char legacyacl[ACL_MAXSTR];
memset(&inbuf, 0, sizeof(struct buf));
@@ -7958,11 +7955,6 @@
if (!nextid) break;
*nextid++ = '\0';
- if (send_legacy_acl) {
- rights = cyrus_acl_masktostr(cyrus_acl_strtomask(rights),
- legacyacl, 1);
- }
-
snprintf(tag, sizeof(tag), "SACL%d", tagnum++);
prot_printf(pout, "%s SETACL {%d+}\r\n%s {%d+}\r\n%s {%d+}\r\n%s\r\n",
@@ -8146,7 +8138,7 @@
mailboxname);
}
if(!r) {
- r = dumpacl(be->in, be->out, name, acl, !CAPA(be, CAPA_ACLRIGHTS));
+ r = dumpacl(be->in, be->out, name, acl);
if(r) syslog(LOG_ERR, "Could not set remote acl on %s",
mailboxname);
}
Index: lib/acl.c
===================================================================
RCS file: /afs/andrew/system/cvs/src/cyrus/lib/acl.c,v
retrieving revision 1.10.4.1
diff -u -r1.10.4.1 acl.c
--- lib/acl.c 13 Dec 2005 19:36:10 -0000 1.10.4.1
+++ lib/acl.c 11 Aug 2006 15:12:09 -0000
@@ -41,6 +41,8 @@
*
* Author: Chris Newman
* Start Date: 6/28/93
+ *
+ * RFC 4314 support added by Ken Murchison
*/
#include <config.h>
@@ -53,12 +55,11 @@
int cyrus_acl_strtomask(const char *str)
{
const char *deleteright = libcyrus_config_getstring(CYRUSOPT_DELETERIGHT);
+ long legacy_create = 0;
+ long legacy_delete = 0;
long result = 0;
while (*str) {
- /* legacy DELETE right */
- if (*str == *deleteright) result |= ACL_DELETEMBOX;
-
switch (*str++) {
case 'l': result |= ACL_LOOKUP; break;
case 'r': result |= ACL_READ; break;
@@ -66,13 +67,18 @@
case 'w': result |= ACL_WRITE; break;
case 'i': result |= ACL_INSERT; break;
case 'p': result |= ACL_POST; break;
- case 'c': /* legacy CREATE macro */
+ case 'c': /* legacy CREATE macro - build member rights */
+ legacy_create = ACL_CREATE;
+ if (*deleteright == 'c') legacy_create |= ACL_DELETEMBOX;
+ break;
case 'k': result |= ACL_CREATE; break;
case 'x': result |= ACL_DELETEMBOX; break;
case 't': result |= ACL_DELETEMSG; break;
case 'e': result |= ACL_EXPUNGE; break;
- case 'd': /* legacy DELETE macro */
- result |= (ACL_DELETEMSG | ACL_EXPUNGE); break;
+ case 'd': /* legacy DELETE macro - build member rights */
+ legacy_delete = (ACL_DELETEMSG | ACL_EXPUNGE);
+ if (*deleteright == 'd') legacy_delete |= ACL_DELETEMBOX;
+ break;
case 'a': result |= ACL_ADMIN; break;
case '0': result |= ACL_USER0; break;
case '1': result |= ACL_USER1; break;
@@ -87,31 +93,29 @@
}
}
+ /* If the rights string contained a legacy macro, but none of its
+ member rights, then we add all of the member rights for the macro.
+ Otherwise, we ignore the legacy macro.
+ */
+ if (!(result & legacy_create)) result |= legacy_create;
+ if (!(result & legacy_delete)) result |= legacy_delete;
+
return (result);
}
/* convert an acl bit vector to a string
- *
- * The 'legacy' parameter is used to control whether we return
- * the legacy c/d macros when any of their member rights are set.
- * 'legacy' is enabled (1) for GETACL/LISTRIGHTS/MYRIGHTS responses
- * and disabled (0) for SETACL (when writing rights to disk).
*/
-char *cyrus_acl_masktostr(int acl, char *str, int legacy)
+char *cyrus_acl_masktostr(int acl, char *str)
{
char *pos = str;
- int legacy_create = 0, legacy_delete = 0;
+ const char *deleteright = libcyrus_config_getstring(CYRUSOPT_DELETERIGHT);
+ int legacy_create = ACL_CREATE;
+ int legacy_delete = (ACL_DELETEMSG | ACL_EXPUNGE);
- if (legacy) {
- const char *deleteright = libcyrus_config_getstring(CYRUSOPT_DELETERIGHT);
- legacy_create = ACL_CREATE;
- legacy_delete = (ACL_DELETEMSG | ACL_EXPUNGE);
-
- switch (*deleteright) {
- case 'c': legacy_create |= ACL_DELETEMBOX; break;
- case 'd': legacy_delete |= ACL_DELETEMBOX; break;
- default: /* XXX we have backwards compatibility problems */ break;
- }
+ switch (*deleteright) {
+ case 'c': legacy_create |= ACL_DELETEMBOX; break;
+ case 'd': legacy_delete |= ACL_DELETEMBOX; break;
+ default: /* XXX we have backwards compatibility problems */ break;
}
if (acl & ACL_LOOKUP) *pos++ = 'l';
Index: lib/acl.h
===================================================================
RCS file: /afs/andrew/system/cvs/src/cyrus/lib/acl.h,v
retrieving revision 1.14.4.2
diff -u -r1.14.4.2 acl.h
--- lib/acl.h 18 May 2006 18:04:52 -0000 1.14.4.2
+++ lib/acl.h 11 Aug 2006 15:12:09 -0000
@@ -93,7 +93,7 @@
* dst must have room for 32 characters (only 20 used currently)
* returns dst
*/
-extern char *cyrus_acl_masktostr(int acl, char *str, int legacy);
+extern char *cyrus_acl_masktostr(int acl, char *str);
/* cyrus_acl_myrights(acl)
* Calculate the set of rights the user in 'auth_state' has in the ACL 'acl'.
Index: lib/acl_afs.c
===================================================================
RCS file: /afs/andrew/system/cvs/src/cyrus/lib/acl_afs.c,v
retrieving revision 1.22.4.3
diff -u -r1.22.4.3 acl_afs.c
--- lib/acl_afs.c 13 Apr 2006 18:33:22 -0000 1.22.4.3
+++ lib/acl_afs.c 11 Aug 2006 15:12:09 -0000
@@ -206,7 +206,7 @@
strncpy(newacl, *acl, (thisid - *acl));
strcpy(newacl + (thisid - *acl), identifier);
strcat(newacl, "\t");
- (void) cyrus_acl_masktostr(access, newacl + strlen(newacl), 0);
+ (void) cyrus_acl_masktostr(access, newacl + strlen(newacl));
strcat(newacl, "\t");
strcat(newacl, nextid);
free(*acl);
