Calendar and addressbook sharing and reconstruct

Tue, 12 May 2015 17:42:07 -0700 

I just discovered that reconstruct wiped the existing ACLs on calendar and 
addressbook mailboxes.

Actually, I'd seen it before, but I only just tracked it down:

brong.net!user.masteruser_brongnet.#calendars.Default: update acl from header 
admin     lrswipkxtecdan  anyone  p       masteruser_brong...@brong.net   
lrwixtecda9     br...@brong.net lrwited9         => 
masteruser_brong...@brong.net       lrswipkxtecdn   adminlrswipkxtecdan     
anyone  p       

There I go losing my ACL again.  It turns out that the reason was API abuse:

/*
 * Change the ACL for mailbox 'name'.  We already have it locked
 * and have written the backup copy to the header, so there's
 * nothing left but to write the mailboxes.db.
 *
 * 1. Start transaction
 * 2. Set db entry
 * 3. Commit transaction
 * 4. Change mupdate entry 
 *
 */
EXPORTED int
mboxlist_sync_setacls(const char *name, const char *newacl)

...

Except, we weren't writing the backup copy to the header.  Over in sync_support 
we do:

    /* always take the ACL from the master, it's not versioned */
    if (strcmp(mailbox->acl, acl)) {
>-------mailbox_set_acl(mailbox, acl, 0);
>-------r = mboxlist_sync_setacls(mboxname, acl);
>-------if (r) goto done;
    }

And of course in mboxlist_set_acl we call mailbox_set_acl, but we were missing 
it from the DAV code.

The fix is simple:

commit ddae480b906f7652b36634654a47e89273b76a22
Author: Bron Gondwana <br...@fastmail.fm>
Date:   Wed May 13 09:49:29 2015 +1000

    dav: set ACLs down to mailbox cyrus.header as well as mboxlist

diff --git a/imap/http_dav.c b/imap/http_dav.c
index 4a83e51..79e93fe 100644
--- a/imap/http_dav.c
+++ b/imap/http_dav.c
@@ -2993,6 +2993,7 @@ int meth_acl(struct transaction_t *txn, void *params)
        }
     }
 
+    mailbox_set_acl(mailbox, buf_cstring(&acl), 1);
     r = mboxlist_sync_setacls(txn->req_tgt.mbentry->name, buf_cstring(&acl));
     if (r) {
        syslog(LOG_ERR, "mboxlist_setacl(%s) failed: %s",

...

And now I need to fix all FastMail's production.  Anyone else who has used the 
DAV ACL
commands will have to do the same.  My planned fix is to just go over every 
mailbox and
read the existing ACL and write it back.  This will cause a read from 
mailboxes.db followed
by a write to both mailboxes.db AND cyrus.header.

Bron.

-- 
  Bron Gondwana
  br...@fastmail.fm

Reply via email to