imap_admins, lmtp_admins, [service]_admins?

Thu Jun 16 22:26:54 EDT 2016

Testing it with cassandane though, it does seem to actually work.

On Fri, Jun 17, 2016, at 11:00 AM, ellie timoney via Cyrus-devel wrote:
> Or, actually, maybe I don't see it:
> 
> I can see how master/service.c loads the service name into config_ident.
>  And I can see how config_getoverflowstring checks for that as a prefix.
> 
> But I still can't see any calls to read an admins value that actually
> use config_getoverflowstring.  Everything I look at seems to be calling
> through either a) global_authisa(..., IMAPOPT_ADMINS) directly -- which
> uses config_getstring, not config_getoverflowstring; or through b)
> mysasl_proxy_policy, which in turn just calls global_authisa anyway.
> 
> I suppose the thing to do here is test it from the outside rather than
> tracing it from the inside.  Further into the rabbit hole...
> 
> But just quickly, on a hunch, a bit of history digging finds where we
> started using global_authisa:
> https://cgit.cyrus.foundation/cyrus-imapd/commit/?id=8d6cf338 -- which
> is a very big commit, but, interestingly, contains:
> 
> >    -    imapd_userisadmin = authisa(imapd_authstate, "imap", "admins");
> >    +    imapd_userisadmin = global_authisa(imapd_authstate, IMAPOPT_ADMINS);
> 
> Uh oh?
> 
> Okay now I'm actually going to try wrangling Cassandane into testing
> whether an "imap_admins" setting does anything, because at the moment
> it's looking a lot like this stopped existing ~2.2.
> 
> On Fri, Jun 17, 2016, at 09:58 AM, ellie timoney via Cyrus-devel wrote:
> > Oh, right, yeah, I see it now.  Thanks
> > 
> > On Wed, Jun 15, 2016, at 10:48 PM, Ken Murchison wrote:
> > > In config_getoverflowstring():
> > > 
> > >      /* First lookup <ident>_key, to see if we have a service-specific
> > >       * override */
> > > 
> > >      if (config_ident) {
> > >          if (snprintf(buf,sizeof(buf),"%s_%s",config_ident,key) == -1)
> > >              fatal("key too long in config_getoverflowstring",
> > >              EC_TEMPFAIL);
> > > 
> > >          lcase(buf);
> > >          ret = hash_lookup(buf, &confighash);
> > >      }
> > > 
> > > 
> > > On 06/14/2016 09:35 PM, ellie timoney via Cyrus-devel wrote:
> > > > Bits of our documentation refer to these various service-specific admins
> > > > settings, and googling a bit I see a bunch of people using them in the
> > > > imapd.confs they post when asking for help with stuff.
> > > >
> > > > But I went looking for where/how they're implemented (to see what was
> > > > needed to support the same sort of thing for backups) and-- this
> > > > functionality doesn't seem to exist anywhere in our source?  I was
> > > > expecting to find something building a config key from a service name
> > > > plus "admins" and then using config_getoverflowstring to check for it
> > > > (like how the channel-specific config keys for sync_client work) but...
> > > > nothing.
> > > >
> > > > Is this a thing that used to exist, and we've removed it at some point
> > > > for some reason?  Is it a thing that was planned and documented, but
> > > > never implemented?  Am I missing something?
> > > 
> > > -- 
> > > Kenneth Murchison
> > > Principal Systems Software Engineer
> > > Carnegie Mellon University
> > > 