[Dbmail-dev] [DBMail 0000424]: Shared mailboxes and their subfolders

Tue, 10 Oct 2006 21:48:54 +0200 (CEST) 

A NOTE has been added to this issue. 
====================================================================== 
http://www.dbmail.org/mantis/view.php?id=424 
====================================================================== 
Reported By:                windowsrefund
Assigned To:                aaron
====================================================================== 
Project:                    DBMail
Issue ID:                   424
Category:                   IMAP daemon
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     assigned
target:                      
====================================================================== 
Date Submitted:             06-Oct-06 23:07 CEST
Last Modified:              10-Oct-06 21:48 CEST
====================================================================== 
Summary:                    Shared mailboxes and their subfolders
Description: 
Users access shared mail stored in #Users/$foo/INBOX

If the user attempts to create a subfolder of #Users/$foo, the MUA (TB in
this case) displays the folder and the operation appears to have been a
success.

The following record is created in dbmail_mailboxes:

mysql> select * from dbmail_mailboxes where name like '%foo'\G;
*************************** 1. row ***************************
 mailbox_idnr: 470
   owner_idnr: 168
         name: #Users/sysop/foo
    seen_flag: 1
answered_flag: 1
 deleted_flag: 1
 flagged_flag: 1
  recent_flag: 1
   draft_flag: 1
 no_inferiors: 0
    no_select: 0
   permission: 2

The user has also been subscribed to the mailbox:

mysql> select * from dbmail_subscription where mailbox_id = 470\G; * 1.
row *

 user_id: 168

mailbox_id: 470

The user attempts to access the newly created mailbox and receives an
error from the MUA about the mailbox not existing. This makes sense
because no record exists in the dbmail_acl table.

End result: End users can create mailboxes that they can not use.
Furthermore, even if a record was written to the dbmail_acl table, other
users who use the shared mailbox would not have the required ACLs on the
subfolder.
====================================================================== 

---------------------------------------------------------------------- 
 windowsrefund - 06-Oct-06 23:33  
---------------------------------------------------------------------- 
Additional Information was meant as a possible workaround. 

---------------------------------------------------------------------- 
 windowsrefund - 06-Oct-06 23:50  
---------------------------------------------------------------------- 
I just verified that cyrus imapd's ACLs are maintained on newly created
subfolders. 

---------------------------------------------------------------------- 
 aaron - 08-Oct-06 08:04  
---------------------------------------------------------------------- 
In fact, this was screwed up pretty badly. Give SVN a whirl, it should take
care of the issues in #Users and #Public. Sadly, it's kinda hackish :-\
Needs some heavy testing because a lot of code was impacted. 

---------------------------------------------------------------------- 
 windowsrefund - 10-Oct-06 21:48  
---------------------------------------------------------------------- 
I'm not sure what to expect here so I'll just post my findings:

First off, I'm on 2304.

Here's what I see reported in /var/log/maillog when I attempt to create a
subfolder named foo in #Users/info. Logging is set to 4.

Oct 10 13:52:14 xen-mail dbmail/imap4d[26023]: Info COMMAND: [28 create
"#Users/info/foo"]
Oct 10 13:52:14 xen-mail dbmail/imap4d[26023]: Info
imap4.c,IMAPClientHandler: Executing command create...
Oct 10 13:52:14 xen-mail dbmail/imap4d[26023]: Info Creating mailbox
[#Users/info/foo] source [4] for user [8]
Oct 10 13:52:14 xen-mail dbmail/imap4d[26023]: Info
imap4.c,IMAPClientHandler: Finished command create [1]


Now checking dbmail_mailboxes for a record:

mysql> select * from dbmail_mailboxes where name like '%foo%';
Empty set (0.00 sec)

mysql>

What should my expectations be with 2304?

Best,
Adam 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
06-Oct-06 23:07 windowsrefund  New Issue                                    
06-Oct-06 23:33 windowsrefund  Note Added: 0001478                          
06-Oct-06 23:50 windowsrefund  Note Added: 0001479                          
07-Oct-06 20:52 aaron          Status                   new => assigned     
07-Oct-06 20:52 aaron          Assigned To               => aaron           
08-Oct-06 08:04 aaron          Note Added: 0001480                          
10-Oct-06 21:48 windowsrefund  Note Added: 0001495                          
======================================================================

Reply via email to