[Dovecot] patch: list shared namespace

Bernhard Herzog bh at intevation.de
Mon Nov 3 14:03:46 EET 2008 

On 01.11.2008, Timo Sirainen wrote:
> On Fri, 2008-10-31 at 17:51 +0200, Timo Sirainen wrote:
> > LIST % -> List "foo" as non-existing
> > LIST foo -> List "foo" as non-existing
> > LIST * -> List "foo/bar" only
>
> There are also some truly horrible cases.

I tested this with my acl_mailbox_list_info_is_visible modification in a 
vanilla dovecot 1.2 (rev. c6482b5cdea1).  User listtest2 at test.hq has these 
mailboxes:

* LIST (\HasChildren) "/" "INBOX/foo"
* LIST (\HasChildren) "/" "INBOX/foo/foo"
* LIST (\HasNoChildren) "/" "INBOX/foo/foo/foo"
* LIST (\HasChildren) "/" "INBOX/foo/bar"
* LIST (\HasNoChildren) "/" "INBOX/foo/bar/baz"

INBOX/foo/foo/foo and INBOX/foo/bar/baz have ACLs which give listtest1 at test.hq 
the l-permission.  The other mailboxes involved have no ACLs or only ACL 
settings for the owner.  The results for listtest1 are as follows:

> 1 list "" foo*
> * LIST (\HasNoChildren) "." "foo.foo.foo"
> * LIST (\HasNoChildren) "." "foo.bar.baz"
> 1 ok

1 list "" "users/listtest2 at test.hq/foo*"
* LIST (\HasNoChildren) "/" "users/listtest2 at test.hq/foo/foo/foo"
* LIST (\HasNoChildren) "/" "users/listtest2 at test.hq/foo/bar/baz"
1 OK List completed.

> 2 list "" f*o.%
> * LIST (\HasNoChildren) "." "foo.foo.foo"
> * LIST (\Noselect \HasChildren) "." "foo.bar"
> 2 OK List completed.

2 list "" "users/listtest2 at test.hq/f*o.%"
2 OK List completed.

The equivalent list command for the owner of the mailboxes, listtest2, doesn't 
return anything either:

2 list "" "INBOX/f*o.%"
2 OK List completed.


> 3 list "" f*r
> * LIST (\Noselect \HasChildren) "." "foo.bar"
> 3 OK List completed.

3 list "" "users/listtest2 at test.hq/f*r"
* LIST (\Noselect \HasChildren) "/" "users/listtest2 at test.hq/foo/bar"
3 OK List completed.


> As you can see, the non-existing "foo.foo" isn't returned because its
> child "foo.foo.foo" also matches the pattern and is returned. But the
> non-existing "foo.bar" is returned because its children don't match the
> pattern. It took me forever to get all this stuff working right with
> Maildir++. :)

I can imagine :).  The reason it should work with ACLs more or less 
automatically is that when the mailbox list is populated by 
acl_mailbox_try_list_fast, it only adds the mailboxes that the user can see 
using mailbox_list_iter_update.  mailbox_list_iter_update takes care of 
filling in the nonexisting parent mailboxes if necessary.

In your example, that means only foo.foo.foo and foo.bar.baz are added, 
regardless of whether foo, foo.foo or foo.bar actually exist.  foo, foo.foo 
and foo.bar are added to the list as nonexisting mailboxes automatically, 
though. So AFAICT from the other user's point of view it really is as if only 
foo.foo.foo and foo.bar.baz actually existed.

Of course, assuming there's a reason acl_mailbox_try_list_fast has a "try" in 
its name and that it actually can fail, foo, foo.foo and foo.bar could 
perhaps end up in the mailbox list even if they do not have children that are 
visible to the user.

   Bernhard

-- 
Bernhard Herzog  |  ++49-541-335 08 30  |  http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://dovecot.org/pipermail/dovecot/attachments/20081103/88b3dede/attachment.bin

More information about the dovecot mailing list