A NOTE has been added to this issue.
======================================================================
http://www.dbmail.org/mantis/view.php?id=424
======================================================================
Reported By: windowsrefund
Assigned To: aaron
======================================================================
Project: DBMail
Issue ID: 424
Category: IMAP daemon
Reproducibility: always
Severity: major
Priority: normal
Status: assigned
target:
======================================================================
Date Submitted: 06-Oct-06 23:07 CEST
Last Modified: 11-Oct-06 17:27 CEST
======================================================================
Summary: Shared mailboxes and their subfolders
Description:
Users access shared mail stored in #Users/$foo/INBOX
If the user attempts to create a subfolder of #Users/$foo, the MUA (TB in
this case) displays the folder and the operation appears to have been a
success.
The following record is created in dbmail_mailboxes:
mysql> select * from dbmail_mailboxes where name like '%foo'\G;
*************************** 1. row ***************************
mailbox_idnr: 470
owner_idnr: 168
name: #Users/sysop/foo
seen_flag: 1
answered_flag: 1
deleted_flag: 1
flagged_flag: 1
recent_flag: 1
draft_flag: 1
no_inferiors: 0
no_select: 0
permission: 2
The user has also been subscribed to the mailbox:
mysql> select * from dbmail_subscription where mailbox_id = 470\G; * 1.
row *
user_id: 168
mailbox_id: 470
The user attempts to access the newly created mailbox and receives an
error from the MUA about the mailbox not existing. This makes sense
because no record exists in the dbmail_acl table.
End result: End users can create mailboxes that they can not use.
Furthermore, even if a record was written to the dbmail_acl table, other
users who use the shared mailbox would not have the required ACLs on the
subfolder.
======================================================================
----------------------------------------------------------------------
windowsrefund - 06-Oct-06 23:33
----------------------------------------------------------------------
Additional Information was meant as a possible workaround.
----------------------------------------------------------------------
windowsrefund - 06-Oct-06 23:50
----------------------------------------------------------------------
I just verified that cyrus imapd's ACLs are maintained on newly created
subfolders.
----------------------------------------------------------------------
aaron - 08-Oct-06 08:04
----------------------------------------------------------------------
In fact, this was screwed up pretty badly. Give SVN a whirl, it should take
care of the issues in #Users and #Public. Sadly, it's kinda hackish :-\
Needs some heavy testing because a lot of code was impacted.
----------------------------------------------------------------------
windowsrefund - 10-Oct-06 21:48
----------------------------------------------------------------------
I'm not sure what to expect here so I'll just post my findings:
First off, I'm on 2304.
Here's what I see reported in /var/log/maillog when I attempt to create a
subfolder named foo in #Users/info. Logging is set to 4.
Oct 10 13:52:14 xen-mail dbmail/imap4d[26023]: Info COMMAND: [28 create
"#Users/info/foo"]
Oct 10 13:52:14 xen-mail dbmail/imap4d[26023]: Info
imap4.c,IMAPClientHandler: Executing command create...
Oct 10 13:52:14 xen-mail dbmail/imap4d[26023]: Info Creating mailbox
[#Users/info/foo] source [4] for user [8]
Oct 10 13:52:14 xen-mail dbmail/imap4d[26023]: Info
imap4.c,IMAPClientHandler: Finished command create [1]
Now checking dbmail_mailboxes for a record:
mysql> select * from dbmail_mailboxes where name like '%foo%';
Empty set (0.00 sec)
mysql>
What should my expectations be with 2304?
Best,
Adam
----------------------------------------------------------------------
aaron - 11-Oct-06 04:24
----------------------------------------------------------------------
What user were you logged in as at the time? If you were logged in as
'info' then '#Users/info/foo' should create the mailbox 'foo' owned by
'info'.
a1a1a1 LOGIN info password
a1a1a1 OK LOGIN completed
123abc CREATE "#Users/info/foo"
123abc OK CREATE completed
If you were logged in as someone else, you should have gotten a NO
message.
aaa111 LOGIN notinfo password
aaa111 OK LOGIN completed
abc123 CREATE "#Users/info/foo"
abc123 NO Top-level mailboxes may not be created for others under #Users
----------------------------------------------------------------------
windowsrefund - 11-Oct-06 17:27
----------------------------------------------------------------------
I was logged into the imap daemon with my userid and attempted to create a
subfolder of a shared mailbox (#Users/info) that I have proper permissions
to. You are correct that I did not recieve an error message.
Just to summarize, users expect to be able to create, rename, and delete
subfolders of shared mailboxes (assuming their ACLs are intact).
Issue History
Date Modified Username Field Change
======================================================================
06-Oct-06 23:07 windowsrefund New Issue
06-Oct-06 23:33 windowsrefund Note Added: 0001478
06-Oct-06 23:50 windowsrefund Note Added: 0001479
07-Oct-06 20:52 aaron Status new => assigned
07-Oct-06 20:52 aaron Assigned To => aaron
08-Oct-06 08:04 aaron Note Added: 0001480
10-Oct-06 21:48 windowsrefund Note Added: 0001495
11-Oct-06 04:24 aaron Note Added: 0001496
11-Oct-06 17:27 windowsrefund Note Added: 0001500
======================================================================
