Hi, We found a bug in the cyrus-imapd-2.4.6-keep-owner-rights patch. That occur in the SETACL command, when trying to remove the admin rights. Thus, the following command should work, but does not: SETACL mailbox mailboxowner -xi
And this one should not work, but actually works: SETACL mailbox mailboxowner -a Attached is a patch to fix this issue. Kind regards, On Friday 04 February 2011 10:38:44 you wrote: > Guilherme Maciel Ferreira wrote: > > Hi, > > > > here is the patch against the master. > > Applied and pushed, with full attribution, thanks! > > Kind regards, > > Jeroen van Meeuwen -- Guilherme Maciel Ferreira Intra2net AG | Mömpelgarder Weg 8 | 72072 Tübingen | DE Telefon +49-7071-56510-0 Telefax +49-7071-56510-50 Internet www.intra2net.com Vorstand | Steffen Jarosch Aufsichtsrat | Ulrich Emmert | Vorsitzender Handelsregister | HRB 382770 | Amtsgericht Stuttgart Identnummern | USt-Id DE216036710 | WEEE DE72185423 ----------------------------------------- -- Guilherme Maciel Ferreira Intra2net AG | Mömpelgarder Weg 8 | 72072 Tübingen | DE Telefon +49-7071-56510-0 Telefax +49-7071-56510-50 Internet www.intra2net.com Vorstand | Steffen Jarosch Aufsichtsrat | Ulrich Emmert | Vorsitzender Handelsregister | HRB 382770 | Amtsgericht Stuttgart Identnummern | USt-Id DE216036710 | WEEE DE72185423
From 3c926bac416a3c8fe651e92b36e9149b8a837397 Mon Sep 17 00:00:00 2001 From: Guilherme Maciel Ferreira <guilherme.maciel.ferre...@intra2net.com> Date: Thu, 17 Mar 2011 09:54:00 +0100 Subject: [PATCH] Fixed a BUG that causes "SETACL ... -a" to fail when it should be successful. - the setacl command DOES accept "SETACL mailbox mb_owner -a", removing the admin rights from the folder owner, but DOES NOT accept "SETACL mailbox mb_owner -xi". - this BUG was introduced by my patch in the commit 4412656e218a42559964ccdce06e8daefb8197c5. --- imap/mboxlist.c | 10 +++++++--- 1 files changed, 7 insertions(+), 3 deletions(-) diff --git a/imap/mboxlist.c b/imap/mboxlist.c index 9e3c11f..b9d799e 100644 --- a/imap/mboxlist.c +++ b/imap/mboxlist.c @@ -1298,7 +1298,7 @@ static int mboxlist_is_owner(const char *name, int domainlen, /* * Check if the admin rights are present in the 'rights' */ -static int mboxlist_have_admin_rights(const char* rights) { +static int mboxlist_contains_admin_rights(const char* rights) { int access = cyrus_acl_strtomask(rights); int have_admin_access = access & ACL_ADMIN; @@ -1471,9 +1471,13 @@ int mboxlist_setacl(const char *name, const char *identifier, rights++; mode = ACL_MODE_REMOVE; } + /* do not allow to remove the admin rights from mailbox owner */ - if (isidentifiermbox && (mode != ACL_MODE_ADD) && - !mboxlist_have_admin_rights(rights)) { + if (isidentifiermbox && + ( (mode == ACL_MODE_SET && !mboxlist_contains_admin_rights(rights)) || + (mode == ACL_MODE_REMOVE && mboxlist_contains_admin_rights(rights)) + ) + ) { syslog(LOG_ERR,"Denied to change admin access rights for " "folder \"%s\" (owner: %s) by user \"%s\"", name, mailbox_owner, userid); -- 1.7.4