[Dovecot] v1.2: can't access other users shared INBOX

Bernhard Herzog bh at intevation.de
Mon Mar 30 19:50:34 EEST 2009 

On 25.03.2009, Bernhard Herzog wrote:
> On 19.03.2009, Bernhard Herzog wrote:
> > The reason for that is maildir_fill_readdir always adds the virtual name
> > of the INBOX even when MAILBOX_LIST_ITER_VIRTUAL_NAMES isn't set.  In
> > lines 260ff of mailbox-list-maildir-iter.c, rev. 5284f45c249a  it
> > unconditionally adds the prefix to "INBOX" when adding it to the tree:
> >
> > 		node = mailbox_tree_get(ctx->tree_ctx,
> > 			t_strconcat(ns->prefix, "INBOX", NULL), NULL);
> >
> >
> > The patch below fixes this, by only adding the virtual name of the INBOX
> > if virtual_names is true, basically in the same way as earlier in the
> > loop. I'm not sure whether it's really the correct fix, but in my tests
> > so far it seems to work correctly.
>
> As it turns out, there is one problem the patch doesn't address.

There's one other problem that the patch doesn't fix.  If user fred gives dave 
read permission on INBOX but not on any other folder and the inbox has 
children, the INBOX is not always listed for dave.  OTOH, if dave has read 
permissions on one of the children, or the INBOX does not have children at 
all, the INBOX is listed.

What happens is that if INBOX has children maildir_fill_readdir will add INBOX 
to the tree indirectly when it encounters the children and later when the 
INBOX special cases are handled, INBOX is already in the tree and it won't be 
matched against the mailbox name pattern and thus it's MAILBOX_MATCHED flag 
will not be set.  If INBOX is the only visible mailbox that would match the 
search pattern, no mailbox in the tree has the MAILBOX_MATCHED flag, and 
dovecot will consider the whole users/fred namespace invisible to dave.

The patch below addresses this.

   Bernhard

diff -r 643a96aec996 src/lib-storage/list/mailbox-list-maildir-iter.c
--- a/src/lib-storage/list/mailbox-list-maildir-iter.c	Thu Mar 26 18:36:36 
2009 -0400
+++ b/src/lib-storage/list/mailbox-list-maildir-iter.c	Fri Mar 27 17:46:53 
2009 +0200
@@ -250,16 +250,29 @@ maildir_fill_readdir(struct maildir_list
 			if (!update_only)
 				node->flags |= MAILBOX_MATCHED;
 		}
-	} else if (mailbox_tree_lookup(ctx->tree_ctx, "INBOX") == NULL &&
-		   imap_match(glob, "INBOX") == IMAP_MATCH_YES) {
+	} else  {
+		const char * inbox_name;
+		if (!virtual_names) {
+			inbox_name = "INBOX";
+		} else {
+			inbox_name = mail_namespace_get_vname(ns, mailbox,
+							      "INBOX");
+		}
+
 		/* see if INBOX exists. */
 		ret = ctx->ctx.list->v.
-			iter_is_mailbox(&ctx->ctx, ctx->dir, "", "INBOX",
-					MAILBOX_LIST_FILE_TYPE_UNKNOWN, &flags);
-		if (ret > 0) {
-			node = mailbox_tree_get(ctx->tree_ctx,
-				t_strconcat(ns->prefix, "INBOX", NULL), NULL);
-			node->flags = MAILBOX_NOCHILDREN | MAILBOX_MATCHED;
+			iter_is_mailbox(&ctx->ctx, ctx->dir, "",
+					"INBOX",
+					MAILBOX_LIST_FILE_TYPE_UNKNOWN,
+					&flags);
+		if (ret > 0 && imap_match(glob, inbox_name) == IMAP_MATCH_YES) {
+
+			node = mailbox_tree_get(ctx->tree_ctx, inbox_name,
+						&created);
+			if (created)
+				node->flags = MAILBOX_NOCHILDREN;
+
+			node->flags |= MAILBOX_MATCHED;
 		}
 	}
 	return 0;




-- 
Bernhard Herzog  |  ++49-541-335 08 30  |  http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part.
Url : http://dovecot.org/pipermail/dovecot/attachments/20090330/9d698354/attachment-0001.bin

More information about the dovecot mailing list