Hi,
We found a bug in the cyrus-imapd-2.4.6-keep-owner-rights patch. That occur in
the SETACL command, when trying to remove the admin rights. Thus, the
following command should work, but does not:
SETACL mailbox mailboxowner -xi
And this one should not work, but actually works:
SETACL mailbox mailboxowner -a
Attached is a patch to fix this issue.
Kind regards,
On Friday 04 February 2011 10:38:44 you wrote:
> Guilherme Maciel Ferreira wrote:
> > Hi,
> >
> > here is the patch against the master.
>
> Applied and pushed, with full attribution, thanks!
>
> Kind regards,
>
> Jeroen van Meeuwen
--
Guilherme Maciel Ferreira
Intra2net AG | Mömpelgarder Weg 8 | 72072 Tübingen | DE
Telefon +49-7071-56510-0
Telefax +49-7071-56510-50
Internet www.intra2net.com
Vorstand | Steffen Jarosch
Aufsichtsrat | Ulrich Emmert | Vorsitzender
Handelsregister | HRB 382770 | Amtsgericht Stuttgart
Identnummern | USt-Id DE216036710 | WEEE DE72185423
-----------------------------------------
--
Guilherme Maciel Ferreira
Intra2net AG | Mömpelgarder Weg 8 | 72072 Tübingen | DE
Telefon +49-7071-56510-0
Telefax +49-7071-56510-50
Internet www.intra2net.com
Vorstand | Steffen Jarosch
Aufsichtsrat | Ulrich Emmert | Vorsitzender
Handelsregister | HRB 382770 | Amtsgericht Stuttgart
Identnummern | USt-Id DE216036710 | WEEE DE72185423
-----------------------------------------
--
Guilherme Maciel Ferreira
Intra2net AG | Mömpelgarder Weg 8 | 72072 Tübingen | DE
Telefon +49-7071-56510-0
Telefax +49-7071-56510-50
Internet www.intra2net.com
Vorstand | Steffen Jarosch
Aufsichtsrat | Ulrich Emmert | Vorsitzender
Handelsregister | HRB 382770 | Amtsgericht Stuttgart
Identnummern | USt-Id DE216036710 | WEEE DE72185423
From 3c926bac416a3c8fe651e92b36e9149b8a837397 Mon Sep 17 00:00:00 2001
From: Guilherme Maciel Ferreira <[email protected]>
Date: Thu, 17 Mar 2011 09:54:00 +0100
Subject: [PATCH] Fixed a BUG that causes "SETACL ... -a" to fail when it should be successful.
- the setacl command DOES accept "SETACL mailbox mb_owner -a", removing the admin rights from the folder owner, but DOES NOT accept "SETACL mailbox mb_owner -xi".
- this BUG was introduced by my patch in the commit 4412656e218a42559964ccdce06e8daefb8197c5.
---
imap/mboxlist.c | 10 +++++++---
1 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/imap/mboxlist.c b/imap/mboxlist.c
index 9e3c11f..b9d799e 100644
--- a/imap/mboxlist.c
+++ b/imap/mboxlist.c
@@ -1298,7 +1298,7 @@ static int mboxlist_is_owner(const char *name, int domainlen,
/*
* Check if the admin rights are present in the 'rights'
*/
-static int mboxlist_have_admin_rights(const char* rights) {
+static int mboxlist_contains_admin_rights(const char* rights) {
int access = cyrus_acl_strtomask(rights);
int have_admin_access = access & ACL_ADMIN;
@@ -1471,9 +1471,13 @@ int mboxlist_setacl(const char *name, const char *identifier,
rights++;
mode = ACL_MODE_REMOVE;
}
+
/* do not allow to remove the admin rights from mailbox owner */
- if (isidentifiermbox && (mode != ACL_MODE_ADD) &&
- !mboxlist_have_admin_rights(rights)) {
+ if (isidentifiermbox &&
+ ( (mode == ACL_MODE_SET && !mboxlist_contains_admin_rights(rights)) ||
+ (mode == ACL_MODE_REMOVE && mboxlist_contains_admin_rights(rights))
+ )
+ ) {
syslog(LOG_ERR,"Denied to change admin access rights for "
"folder \"%s\" (owner: %s) by user \"%s\"", name,
mailbox_owner, userid);
--
1.7.4
