Does cyrus user need a shell?

2017-02-07 Thread Ondřej Surý via Cyrus-devel 
Hi,

a recent Debian bug sparkled a discussion whether cyrus (or other user
cyrus-imapd runs as) need a shell? Debian packages create a cyrus user
with disabled password, but nologin shell would add another layer on top
of that.

Cheers,
-- 
Ondřej Surý 
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware,
fast DNS(SEC) resolver
Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro
pečení chleba všeho druhu

Re: OpenSSL 1.1.0 patch for cyrus-imapd 2.5.x?

2016-11-06 Thread Ondřej Surý via Cyrus-devel 
Hi,

answering to myself - all it takes is to rename 'struct sched_param' to
something less generic as openssl 1.1.0 includes system sched.h.

diff --git a/imap/http_caldav_sched.h b/imap/http_caldav_sched.h
index 5d8b2a9..9b66b81 100644
--- a/imap/http_caldav_sched.h
+++ b/imap/http_caldav_sched.h
@@ -109,7 +109,7 @@ struct proplist {
 };
 
 /* Each calendar user address has the following scheduling protocol
 params */
-struct sched_param {
+struct caldav_sched_param {
 char *userid;  /* Userid corresponding to calendar address */ 
 char *server;  /* Remote server user lives on */
 unsigned port; /* Remote server port, default = 80 */

Cheers,
-- 
Ondřej Surý <ond...@sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware,
fast DNS(SEC) resolver
Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro
pečení chleba všeho druhu

On Sun, Nov 6, 2016, at 16:21, Ondřej Surý via Cyrus-devel wrote:
> Hi,
> 
> is there a patch for OpenSSL 1.1.0 support? I haven't found anything in
> the git, but perhaps
> somebody is already working on that?
> 
> Cheers,
> -- 
> Ondřej Surý <ond...@sury.org>
> Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
> Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware,
> fast DNS(SEC) resolver
> Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro
> pečení chleba všeho druhu

libical >= 2.0.0 support (patch)

2016-05-24 Thread Ondřej Surý via Cyrus-devel 
Hi,

Debian has recently switched to libical >= 2.0.0 that hides some
previously exported symbols.

I rewrote custom icalrecur_add_rule to reconstruct RRULE from XML or
JSON to be reparsed again with icalrecurrencetype_from_string(char *).

I understand this is not optimal, but I believe that simplicity of the
code outweights the speed.

And I suggest to drop support for libical << 2.0.0 for simplicity. And
in that case I will weed out the HAVE_ICAL_ macros and send another
patch with that (0018-* is just basic to get it compiled).

Please review (and apply) attached patch. I used buf_* functions to
reconstruct the cstring, but it desperately needs a review if I am using
those correctly and if it doesn't leak memory (it probably does? But in
that case json_x_value leaks it as well).

But hey it compiles! :)

Cheers,
-- 
Ondřej Surý 
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware,
fast DNS(SEC) resolver
Vše pro chleba (https://vseprochleba.cz) – Potřeby pro pečení chleba
všeho druhu
From: =?utf-8?q?Ond=C5=99ej_Sur=C3=BD?= 
Date: Mon, 23 May 2016 23:15:44 +0200
Subject: Replace the custom icalrecur_add_rule() with reconstructing RRULE
 and parsing it with standard icalrecurrencetype_from_string()

---
 imap/jcal.c |  22 ++--
 imap/xcal.c | 112 +++-
 2 files changed, 30 insertions(+), 104 deletions(-)

diff --git a/imap/jcal.c b/imap/jcal.c
index 52b2534..98f8f31 100644
--- a/imap/jcal.c
+++ b/imap/jcal.c
@@ -455,10 +455,6 @@ struct icalrecur_parser {
 };
 
 extern icalrecurrencetype_frequency icalrecur_string_to_freq(const char* str);
-extern void icalrecur_add_byrules(struct icalrecur_parser *parser, short *array,
-  int size, char* vals);
-extern void icalrecur_add_bydayrules(struct icalrecur_parser *parser,
- const char* vals);
 
 static const char *_json_x_value(json_t *jvalue)
 {
@@ -549,19 +545,23 @@ static icalvalue *json_object_to_icalvalue(json_t *jvalue,
 
 case ICAL_RECUR_VALUE:
 	if (json_is_object(jvalue)) {
-	struct icalrecurrencetype *rt = NULL;
+	struct icalrecurrencetype rt;
+	static struct buf buf = BUF_INITIALIZER;
 	const char *key;
 	json_t *val;
 
 	json_object_foreach(jvalue, key, val) {
-		rt = icalrecur_add_rule(, key, val,
-		(int (*)(void *)) _integer_value,
-		(const char * (*)(void *)) _x_value);
-		if (!rt) break;
+		buf_appendcstr(, (const char *)key);
+		buf_appendcstr(, "=");
+		buf_appendcstr(, (const char *)json_x_value(val));
+		buf_appendcstr(, ";");
 	}
 
-if (rt && rt->freq != ICAL_NO_RECURRENCE)
-		value = icalvalue_new_recur(*rt);
+	/* Now reparse it with libical function */
+	rt = icalrecurrencetype_from_string((const char *)buf_cstring());
+
+if (rt.freq != ICAL_NO_RECURRENCE)
+		value = icalvalue_new_recur(rt);
 	}
 	else
 	syslog(LOG_WARNING, "jCal object object expected");
diff --git a/imap/xcal.c b/imap/xcal.c
index e9f73b0..79f30ca 100644
--- a/imap/xcal.c
+++ b/imap/xcal.c
@@ -681,92 +681,6 @@ extern icalrecurrencetype_frequency icalrecur_string_to_freq(const char* str);
 #ifdef HAVE_RSCALE
 extern icalrecurrencetype_skip icalrecur_string_to_skip(const char* str);
 #endif
-extern void icalrecur_add_byrules(struct icalrecur_parser *parser, short *array,
-  int size, char* vals);
-extern void icalrecur_add_bydayrules(struct icalrecur_parser *parser,
- const char* vals);
-
-struct icalrecurrencetype *icalrecur_add_rule(struct icalrecurrencetype **rt,
-	  const char *rpart, void *data,
-	  int (*get_int)(void *),
-	  const char* (*get_str)(void *))
-{
-static struct icalrecur_parser parser;
-
-if (!*rt) {
-	/* Initialize */
-	*rt = 
-	icalrecurrencetype_clear(*rt);
-}
-
-if (!strcmp(rpart, "freq")) {
-	(*rt)->freq = icalrecur_string_to_freq(get_str(data));
-}
-#ifdef HAVE_RSCALE
-else if (!strcmp(rpart, "rscale")) {
-	(*rt)->rscale = icalmemory_tmp_copy(get_str(data));
-}
-else if (!strcmp(rpart, "skip")) {
-	(*rt)->skip = icalrecur_string_to_skip(get_str(data));
-}
-#endif
-else if (!strcmp(rpart, "count")) {
-	(*rt)->count = get_int(data);
-}
-else if (!strcmp(rpart, "until")) {
-	(*rt)->until = icaltime_from_string(get_str(data));
-}
-else if (!strcmp(rpart, "interval")) {
-	(*rt)->interval = get_int(data);
-	if ((*rt)->interval < 1) (*rt)->interval = 1;  /* MUST be >= 1 */
-}
-else if (!strcmp(rpart, "wkst")) {
-	(*rt)->week_start = icalrecur_string_to_weekday(get_str(data));
-}
-else if (!strcmp(rpart, "byday")) {
-	icalrecur_add_bydayrules(, get_str(data));
-}
-else {
-	int i;
-
-	for (i = 0; recurmap[i].str && strcmp(rpart, recurmap[i].str); i++);
-
-	if (recurmap[i].str) {
-	short *array =
-		(short *)((size_t) *rt + recurmap[i].offset);
-	int limit =

cyrus-imapd 3.0.0 next beta and release plan?

2015-12-22 Thread Ondřej Surý via Cyrus-devel 
Hey folks,

do you already have a release plan for cyrus-imapd 3.0.0? The next
Debian stable will freeze sometime next year, so I need to make a
decision whether I should make an effort to package 2.5.x, or just wait
for 3.0.0 final (if you release it in the first half of 2016).

Also next beta of 3.0.0 would be appreciated ;).

Cheers,
-- 
Ondřej Surý 
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server