int access_spob(struct query *q, char *argv[], client *cl)
{
- if (cl->users_id != *(int *)argv[0] || !strcmp(argv[1], "IMAP"))
+ EXEC SQL BEGIN DECLARE SECTION;
+ int id;
+ EXEC SQL END DECLARE SECTION;
+
+ if (!strcmp(argv[1], "IMAP"))
+ {
+ EXEC SQL SELECT owner INTO :id FROM filesys f
+ WHERE f.label = :argv[2] AND f.type = 'IMAP' AND
+ f.lockertype = 'USER';
+ if (cl->users_id != id)
+ return MR_PERM;
+ }
+ if (cl->users_id != *(int *)argv[0])
return MR_PERM;
else
return MR_SUCCESS;
int access_list(struct query *q, char *argv[], client *cl)
{
EXEC SQL BEGIN DECLARE SECTION;
- int list_id, acl_id, flags, gid, users_id;
+ int list_id, acl_id, flags, gid, users_id, member_id, member_acl_id;
+ int memacl_id;
char acl_type[LIST_ACL_TYPE_SIZE], name[LIST_NAME_SIZE], *newname;
+ char member_acl_type[LIST_ACL_TYPE_SIZE], memacl_type[LIST_ACL_TYPE_SIZE];
EXEC SQL END DECLARE SECTION;
int status;
list_id = *(int *)argv[0];
- EXEC SQL SELECT acl_id, acl_type, gid, publicflg, name
- INTO :acl_id, :acl_type, :gid, :flags, :name
+ member_id = *(int *)argv[2];
+ EXEC SQL SELECT acl_id, acl_type, memacl_id, memacl_type,
+ gid, publicflg, name
+ INTO :acl_id, :acl_type, :memacl_id, :memacl_type,
+ :gid, :flags, :name
FROM list
WHERE list_id = :list_id;
if (sqlca.sqlerrd[2] != 1)
return MR_INTERNAL;
- /* if amtl or dmfl and list is public allow client to add or delete self */
- if (((!strcmp("amtl", q->shortname) && flags) ||
- (!strcmp("dmfl", q->shortname))))
- {
- if (!strcmp("USER", argv[1]) && *(int *)argv[2] == cl->users_id)
- return MR_SUCCESS;
- if (!strcmp("KERBEROS", argv[1]) && *(int *)argv[2] == -cl->client_id)
- return MR_SUCCESS;
- } /* if update_list, don't allow them to change the GID or rename to
- a username other than their own */
- else if (!strcmp("ulis", q->shortname))
+ /* if update_list, don't allow them to change the GID or rename to a
+ username other than their own */
+ if (!strcmp("ulis", q->shortname))
{
if (!strcmp(argv[7], UNIQUE_GID))
{
if (gid != atoi(argv[7]))
return MR_PERM;
}
+
newname = argv[1];
+
+ if (!strcmp("ulis", q->shortname))
+ {
+ /* Check that it doesn't conflict with the Grouper namespace. */
+ if (strlen(newname) > 4 && isdigit(newname[2]) &&
+ isdigit(newname[3]) && newname[4] == '-')
+ {
+ if (!strncasecmp(newname, "fa", 2) ||
+ !strncasecmp(newname, "sp", 2) ||
+ !strncasecmp(newname, "su", 2) ||
+ !strncasecmp(newname, "ja", 2))
+ return MR_RESERVED;
+ }
+
+ /* Don't let anyone take owner-foo list names. They interact
+ * weirdly with the aliases automatically generated by
+ * mailhub.gen.
+ */
+ if (!strncasecmp(newname, "owner-", 6))
+ return MR_RESERVED;
+ }
+
EXEC SQL SELECT users_id INTO :users_id FROM users
WHERE login = :newname;
if ((sqlca.sqlcode != SQL_NO_MATCH) && strcmp(strtrim(name), newname) &&
return MR_PERM;
}
- /* check for client in access control list */
- status = find_member(acl_type, acl_id, cl);
- if (!status)
+ /* check for client in access control list and return success right
+ * away if it's there. */
+ if (find_member(acl_type, acl_id, cl))
+ return MR_SUCCESS;
+
+ /* If not amtl, atml, or dmfl, we lose. */
+ if (strcmp(q->shortname, "amtl") && strcmp(q->shortname, "atml") &&
+ strcmp(q->shortname, "dmfl"))
return MR_PERM;
- return MR_SUCCESS;
+ if (find_member(memacl_type, memacl_id, cl))
+ return MR_SUCCESS;
+
+ if (flags || q->type == DELETE)
+ {
+ if (!strcmp("USER", argv[1]) && *(int *)argv[2] == cl->users_id)
+ return MR_SUCCESS;
+ if (!strcmp("KERBEROS", argv[1]) && *(int *)argv[2] == -cl->client_id)
+ return MR_SUCCESS;
+ if (!strcmp("LIST", argv[1]) && !strcmp("dmfl", q->shortname))
+ {
+ EXEC SQL SELECT acl_id, acl_type INTO :member_acl_id,
+ :member_acl_type
+ FROM list
+ WHERE list_id = :member_id;
+
+ if (find_member(member_acl_type, member_acl_id, cl))
+ return MR_SUCCESS;
+ }
+ }
+
+ /* Otherwise fail. */
+ return MR_PERM;
}
int access_visible_list(struct query *q, char *argv[], client *cl)
{
EXEC SQL BEGIN DECLARE SECTION;
- int list_id, acl_id, flags ;
- char acl_type[LIST_ACL_TYPE_SIZE];
+ int list_id, acl_id, memacl_id, flags ;
+ char acl_type[LIST_ACL_TYPE_SIZE], memacl_type[LIST_ACL_TYPE_SIZE];
EXEC SQL END DECLARE SECTION;
int status;
list_id = *(int *)argv[0];
- EXEC SQL SELECT hidden, acl_id, acl_type
- INTO :flags, :acl_id, :acl_type
+ EXEC SQL SELECT hidden, acl_id, acl_type, memacl_id, memacl_type
+ INTO :flags, :acl_id, :acl_type, :memacl_id, :memacl_type
FROM list
WHERE list_id = :list_id;
if (sqlca.sqlerrd[2] != 1)
/* check for client in access control list */
status = find_member(acl_type, acl_id, cl);
if (!status)
- return MR_PERM;
-
+ {
+ status = find_member(memacl_type, memacl_id, cl);
+ if (!status)
+ return MR_PERM;
+ }
return MR_SUCCESS;
}
int access_vis_list_by_name(struct query *q, char *argv[], client *cl)
{
EXEC SQL BEGIN DECLARE SECTION;
- int acl_id, flags, rowcount;
- char acl_type[LIST_ACL_TYPE_SIZE], *listname;
+ int acl_id, memacl_id, flags, rowcount;
+ char acl_type[LIST_ACL_TYPE_SIZE], memacl_type[LIST_ACL_TYPE_SIZE];
+ char *listname;
EXEC SQL END DECLARE SECTION;
int status;
listname = argv[0];
- EXEC SQL SELECT hidden, acl_id, acl_type INTO :flags, :acl_id, :acl_type
- FROM list WHERE name = :listname;
+ EXEC SQL SELECT hidden, acl_id, acl_type, memacl_id, memacl_type
+ INTO :flags, :acl_id, :acl_type, :memacl_id, :memacl_type
+ FROM list
+ WHERE name = :listname;
rowcount = sqlca.sqlerrd[2];
if (rowcount > 1)
/* check for client in access control list */
status = find_member(acl_type, acl_id, cl);
if (!status)
- return MR_PERM;
-
+ {
+ status = find_member(memacl_type, memacl_id, cl);
+ if (!status)
+ return MR_PERM;
+ }
return MR_SUCCESS;
}
else
return MR_PERM;
}
+
+/* access_zephyr */
+int access_zephyr(struct query *q, char *argv[], client *cl)
+{
+ EXEC SQL BEGIN DECLARE SECTION;
+ char type[ZEPHYR_OWNER_TYPE_SIZE];
+ char *class;
+ int id;
+ EXEC SQL END DECLARE SECTION;
+ int status;
+
+ class = argv[ZA_CLASS];
+ EXEC SQL SELECT owner_type, owner_id INTO :type, :id
+ FROM zephyr WHERE class = :class;
+ if (sqlca.sqlcode)
+ return MR_PERM;
+
+ status = find_member(type, id, cl);
+ if (status)
+ return MR_SUCCESS;
+ else
+ return MR_PERM;
+}
+