imap_admins, lmtp_admins, [service]_admins?

ellie timoney ellie at fastmail.com
Thu Jun 16 21:00:28 EDT 2016


Or, actually, maybe I don't see it:

I can see how master/service.c loads the service name into config_ident.
 And I can see how config_getoverflowstring checks for that as a prefix.

But I still can't see any calls to read an admins value that actually
use config_getoverflowstring.  Everything I look at seems to be calling
through either a) global_authisa(..., IMAPOPT_ADMINS) directly -- which
uses config_getstring, not config_getoverflowstring; or through b)
mysasl_proxy_policy, which in turn just calls global_authisa anyway.

I suppose the thing to do here is test it from the outside rather than
tracing it from the inside.  Further into the rabbit hole...

But just quickly, on a hunch, a bit of history digging finds where we
started using global_authisa:
https://cgit.cyrus.foundation/cyrus-imapd/commit/?id=8d6cf338 -- which
is a very big commit, but, interestingly, contains:

>    -    imapd_userisadmin = authisa(imapd_authstate, "imap", "admins");
>    +    imapd_userisadmin = global_authisa(imapd_authstate, IMAPOPT_ADMINS);

Uh oh?

Okay now I'm actually going to try wrangling Cassandane into testing
whether an "imap_admins" setting does anything, because at the moment
it's looking a lot like this stopped existing ~2.2.

On Fri, Jun 17, 2016, at 09:58 AM, ellie timoney via Cyrus-devel wrote:
> Oh, right, yeah, I see it now.  Thanks
> 
> On Wed, Jun 15, 2016, at 10:48 PM, Ken Murchison wrote:
> > In config_getoverflowstring():
> > 
> >      /* First lookup <ident>_key, to see if we have a service-specific
> >       * override */
> > 
> >      if (config_ident) {
> >          if (snprintf(buf,sizeof(buf),"%s_%s",config_ident,key) == -1)
> >              fatal("key too long in config_getoverflowstring",
> >              EC_TEMPFAIL);
> > 
> >          lcase(buf);
> >          ret = hash_lookup(buf, &confighash);
> >      }
> > 
> > 
> > On 06/14/2016 09:35 PM, ellie timoney via Cyrus-devel wrote:
> > > Bits of our documentation refer to these various service-specific admins
> > > settings, and googling a bit I see a bunch of people using them in the
> > > imapd.confs they post when asking for help with stuff.
> > >
> > > But I went looking for where/how they're implemented (to see what was
> > > needed to support the same sort of thing for backups) and-- this
> > > functionality doesn't seem to exist anywhere in our source?  I was
> > > expecting to find something building a config key from a service name
> > > plus "admins" and then using config_getoverflowstring to check for it
> > > (like how the channel-specific config keys for sync_client work) but...
> > > nothing.
> > >
> > > Is this a thing that used to exist, and we've removed it at some point
> > > for some reason?  Is it a thing that was planned and documented, but
> > > never implemented?  Am I missing something?
> > 
> > -- 
> > Kenneth Murchison
> > Principal Systems Software Engineer
> > Carnegie Mellon University
> > 


More information about the Cyrus-devel mailing list