[Dbmail-dev] [DBMail 0000424]: Shared mailboxes and their subfolders

Fri, 6 Oct 2006 23:33:51 +0200 (CEST) 

A NOTE has been added to this issue. 
====================================================================== 
http://www.dbmail.org/mantis/view.php?id=424 
====================================================================== 
Reported By:                windowsrefund
Assigned To:                
====================================================================== 
Project:                    DBMail
Issue ID:                   424
Category:                   IMAP daemon
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     new
target:                      
====================================================================== 
Date Submitted:             06-Oct-06 23:07 CEST
Last Modified:              06-Oct-06 23:33 CEST
====================================================================== 
Summary:                    Shared mailboxes and their subfolders
Description: 
Users access shared mail stored in #Users/$foo/INBOX

If the user attempts to create a subfolder of #Users/$foo, the MUA (TB in
this case) displays the folder and the operation appears to have been a
success.

The following record is created in dbmail_mailboxes:

mysql> select * from dbmail_mailboxes where name like '%foo'\G;
*************************** 1. row ***************************
 mailbox_idnr: 470
   owner_idnr: 168
         name: #Users/sysop/foo
    seen_flag: 1
answered_flag: 1
 deleted_flag: 1
 flagged_flag: 1
  recent_flag: 1
   draft_flag: 1
 no_inferiors: 0
    no_select: 0
   permission: 2

The user has also been subscribed to the mailbox:

mysql> select * from dbmail_subscription where mailbox_id = 470\G; * 1.
row *

 user_id: 168

mailbox_id: 470

The user attempts to access the newly created mailbox and receives an
error from the MUA about the mailbox not existing. This makes sense
because no record exists in the dbmail_acl table.

End result: End users can create mailboxes that they can not use.
Furthermore, even if a record was written to the dbmail_acl table, other
users who use the shared mailbox would not have the required ACLs on the
subfolder.
====================================================================== 

---------------------------------------------------------------------- 
 windowsrefund - 06-Oct-06 23:33  
---------------------------------------------------------------------- 
Additional Information was meant as a possible workaround. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
06-Oct-06 23:07 windowsrefund  New Issue                                    
06-Oct-06 23:33 windowsrefund  Note Added: 0001478                          
======================================================================

Reply via email to