dovecot-2.0: doveadm: Added doveadm_allowed_commands setting, wh...

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot-2.0/rev/c67ba5bf1ba9
changeset: 12817:c67ba5bf1ba9
user:      Timo Sirainen <tss at iki.fi>
date:      Fri May 20 14:21:51 2011 +0300
description:
doveadm: Added doveadm_allowed_commands setting, which is used by doveadm server.

diffstat:

 src/doveadm/client-connection.c |  27 +++++++++++++++++++++++++++
 src/doveadm/doveadm-settings.c  |   2 ++
 src/doveadm/doveadm-settings.h  |   1 +
 3 files changed, 30 insertions(+), 0 deletions(-)

diffs (74 lines):

diff -r c46b1ce45cd1 -r c67ba5bf1ba9 src/doveadm/client-connection.c
--- a/src/doveadm/client-connection.c	Fri May 20 14:20:46 2011 +0300
+++ b/src/doveadm/client-connection.c	Fri May 20 14:21:51 2011 +0300
@@ -111,6 +111,27 @@
 	return ret;
 }
 
+static bool client_is_allowed_command(const struct doveadm_settings *set,
+				      const char *cmd_name)
+{
+	bool ret = FALSE;
+
+	if (*set->doveadm_allowed_commands == '\0')
+		return TRUE;
+
+	T_BEGIN {
+		const char *const *cmds =
+			t_strsplit(set->doveadm_allowed_commands, ",");
+		for (; *cmds != NULL; cmds++) {
+			if (strcmp(*cmds, cmd_name) == 0) {
+				ret = TRUE;
+				break;
+			}
+		}
+	} T_END;
+	return ret;
+}
+
 static bool client_handle_command(struct client_connection *conn, char **args)
 {
 	struct mail_storage_service_input input;
@@ -152,6 +173,12 @@
 		}
 	}
 
+	if (!client_is_allowed_command(conn->set, cmd_name)) {
+		i_error("doveadm client isn't allowed to use command: %s",
+			cmd_name);
+		return FALSE;
+	}
+
 	o_stream_cork(conn->output);
 	ret = doveadm_mail_cmd_server(cmd_name, conn->set, &input, argc, args);
 	if (ret)
diff -r c46b1ce45cd1 -r c67ba5bf1ba9 src/doveadm/doveadm-settings.c
--- a/src/doveadm/doveadm-settings.c	Fri May 20 14:20:46 2011 +0300
+++ b/src/doveadm/doveadm-settings.c	Fri May 20 14:21:51 2011 +0300
@@ -59,6 +59,7 @@
 	DEF(SET_UINT, doveadm_worker_count),
 	DEF(SET_UINT, doveadm_proxy_port),
 	DEF(SET_STR, doveadm_password),
+	DEF(SET_STR, doveadm_allowed_commands),
 
 	{ SET_STRLIST, "plugin", offsetof(struct doveadm_settings, plugin_envs), NULL },
 
@@ -73,6 +74,7 @@
 	.doveadm_worker_count = 0,
 	.doveadm_proxy_port = 0,
 	.doveadm_password = "",
+	.doveadm_allowed_commands = "",
 
 	.plugin_envs = ARRAY_INIT
 };
diff -r c46b1ce45cd1 -r c67ba5bf1ba9 src/doveadm/doveadm-settings.h
--- a/src/doveadm/doveadm-settings.h	Fri May 20 14:20:46 2011 +0300
+++ b/src/doveadm/doveadm-settings.h	Fri May 20 14:21:51 2011 +0300
@@ -9,6 +9,7 @@
 	unsigned int doveadm_worker_count;
 	unsigned int doveadm_proxy_port;
 	const char *doveadm_password;
+	const char *doveadm_allowed_commands;
 
 	ARRAY_DEFINE(plugin_envs, const char *);
 };