Hi,
I've been working on a patch for dovecot 1.2 from the Kolab branch (http://hg.intevation.org/kolab/dovecot-1.2_kolab-branch/) that implements listing of shared namespaces. I've got something that works in some basic way but is still missing some pieces. See the attached patch, which also contains some installation and configuration notes.
Implementation notes:
One of the main problems the patch addresses is getting a list of all users that have mailboxes the logged in user can see. The patch uses a dict to cache information about which users have at least one mailbox that is visible to other users. The dict doesn't cache which other users, though. The cache entry for a given user is updated whenever the dovecot-acl-list file in the maildir root directory is updated. This ties the implementation to a specific acl backend to an extent, but that shouldn't be a problem at the moment.
Another problem is that namespaces for all those users have to be created. The patch does that in shared-storage.c when the shared storage is created. At this stage of development of the patch that works well enough, I think, but it might be better to update the namespaces whenever a list iterator is created.
To avoid unnecessary coupling between the shared namespace code and the ACL plugin, the shared namespace code has a hook that it calls when it needs a list of all the users who may have mailboxes visible to the current user. The ACL plugin sets that hook and uses the dict to produce that list. This way, the ACL plugin depends on the shared namespace code but not the other way round and all the dict handling is in the ACL plugin.
I'm not sure the new hook is really needed. The patch could perhaps just as well extend the acl_next_hook_mail_storage_created and acl_next_hook_mailbox_list_created functions to do the namespace creation when they're called for a shared storage or mailbox list.
Problems:
All of my tests so far involved a shared namespace of the form
namespace shared { separator = / prefix = users/%%u/ location = maildir:.../var/mail/%%u:... subscriptions = no list = yes hidden = no }
Also, let's assume two users, ford and arthur with ford's "INBOX/hhgttg" available to arthur as "users/ford/INBOX/hhgttg". Arthur may not list ford's INBOX, though. In the following the current user is always arthur.
I found the following problems:
LIST response includes namespaces the user doesn't really have access to. E.g. if there's another user, zaphod who's made some mailbox available to somebody else, but not arthur, arthur still sees
- LIST (\Noselect \HasChildren) "/" "users/zaphod"
Not sure it's worth fixing this, though.
List with "%" doesn't list all intermediate mailboxes.
On the one hand arthur sees this:
x LIST "" "*" ...
- LIST (\Noselect \HasChildren) "/" "users/ford"
- LIST (\HasNoChildren) "/" "users/ford/INBOX/hhgttg" x OK List completed.
OTOH, with "%" only this:
x LIST "" "users/ford/%" x OK List completed.
cyrus shows
x LIST "" "users/ford/%"
- LIST (\Noselect \HasChildren) "/" "users/ford/INBOX" x OK List completed.
At least Kontact resp. KMail rely on this.
The dovecot-acl-list is not always rebuilt, even when it should have been, AFAICT. In particular, if the file exists but is empty, it's never updated, even when ACL later change. Maybe this is a bug in the Kolab branch.
Cheers,
Bernhard
-- Bernhard Herzog | ++49-541-335 08 30 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner