|
|
cf58a5c |
--- cyrus-imapd-2.2.12/lib/acl_afs.c.orig 2005-07-14 17:12:53 +0300
|
|
|
cf58a5c |
+++ cyrus-imapd-2.2.12/lib/acl_afs.c 2005-07-14 17:17:44 +0300
|
|
|
cf58a5c |
@@ -119,12 +119,17 @@
|
|
|
cf58a5c |
char *thisid, *nextid;
|
|
|
cf58a5c |
int oldaccess = 0;
|
|
|
cf58a5c |
char *rights;
|
|
|
cf58a5c |
+ int identifier_found = 0;
|
|
|
cf58a5c |
+ int identifier_overridden = 0;
|
|
|
cf58a5c |
|
|
|
cf58a5c |
/* Convert 'identifier' into canonical form */
|
|
|
cf58a5c |
if (*identifier == '-') {
|
|
|
cf58a5c |
char *canonid = auth_canonifyid(identifier+1, 0);
|
|
|
cf58a5c |
- if (!canonid) {
|
|
|
cf58a5c |
+ if (!canonid && access != 0L) {
|
|
|
cf58a5c |
return -1;
|
|
|
cf58a5c |
+ } else if (!canonid && access == 0L) {
|
|
|
cf58a5c |
+ canonid = identifier+1;
|
|
|
cf58a5c |
+ identifier_overridden = 1;
|
|
|
cf58a5c |
}
|
|
|
cf58a5c |
newidentifier = xmalloc(strlen(canonid)+2);
|
|
|
cf58a5c |
newidentifier[0] = '-';
|
|
|
cf58a5c |
@@ -135,9 +140,15 @@
|
|
|
cf58a5c |
}
|
|
|
cf58a5c |
}
|
|
|
cf58a5c |
else {
|
|
|
cf58a5c |
+ newidentifier = xmalloc(strlen(identifier)+1);
|
|
|
cf58a5c |
+ strlcpy(newidentifier, identifier, strlen(identifier)+1);
|
|
|
cf58a5c |
+
|
|
|
cf58a5c |
identifier = auth_canonifyid(identifier, 0);
|
|
|
cf58a5c |
- if (!identifier) {
|
|
|
cf58a5c |
+ if (!identifier && access != 0L) {
|
|
|
cf58a5c |
return -1;
|
|
|
cf58a5c |
+ } else if(!identifier && access == 0L) {
|
|
|
cf58a5c |
+ identifier = newidentifier;
|
|
|
cf58a5c |
+ identifier_overridden = 1;
|
|
|
cf58a5c |
}
|
|
|
cf58a5c |
if (canonproc) {
|
|
|
cf58a5c |
access = canonproc(canonrock, identifier, access);
|
|
|
cf58a5c |
@@ -165,6 +176,7 @@
|
|
|
cf58a5c |
*nextid++ = '\0';
|
|
|
cf58a5c |
|
|
|
cf58a5c |
if (strcmp(identifier, thisid) == 0) {
|
|
|
cf58a5c |
+ identifier_found = 1;
|
|
|
cf58a5c |
oldaccess = cyrus_acl_strtomask(rights);
|
|
|
cf58a5c |
break;
|
|
|
cf58a5c |
}
|
|
|
cf58a5c |
@@ -172,6 +184,15 @@
|
|
|
cf58a5c |
nextid[-1] = '\t';
|
|
|
cf58a5c |
}
|
|
|
cf58a5c |
|
|
|
cf58a5c |
+ /*
|
|
|
cf58a5c |
+ * In case we have overridden the canonification of the
|
|
|
cf58a5c |
+ * identifier, but still the identifier does not exist in
|
|
|
cf58a5c |
+ * the mailboxdb, then return error as normally expected.
|
|
|
cf58a5c |
+ */
|
|
|
cf58a5c |
+ if(identifier_overridden && !identifier_found) {
|
|
|
cf58a5c |
+ return -1;
|
|
|
cf58a5c |
+ }
|
|
|
cf58a5c |
+
|
|
|
cf58a5c |
switch (mode) {
|
|
|
cf58a5c |
case ACL_MODE_SET:
|
|
|
cf58a5c |
break;
|