Bug 40037 - Unable to remove/move mails from shared folder
Unable to remove/move mails from shared folder
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Mail
UCS 4.0
Other Linux
: P5 normal (vote)
: UCS 4.0-4-errata
Assigned To: Sönke Schwardt-Krummrich
Daniel Tröder
:
Depends on:
Blocks: 40038
  Show dependency treegraph
 
Reported: 2015-11-19 16:26 CET by Sönke Schwardt-Krummrich
Modified: 2016-01-20 13:44 CET (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): External feedback
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sönke Schwardt-Krummrich univentionstaff 2015-11-19 16:26:25 CET
Ticket #2015111121001141

The dovecot shared folder listener module does not set the "expunge" permission if "write" or "all" is selected in UDM for IMAP ACLs.
Due to the missing "expunge" permission, users are unable to remove mails from shared folder or to move mails from a shared folder to a different folder. The user gets "permission denied".
Comment 1 Sönke Schwardt-Krummrich univentionstaff 2015-12-08 21:59:35 CET
The "expunge" permission has been added. To add expunge permission on existing dovecot shared folder, the script reapply_shared_folder_acls is called in univention-mail-dovecot's join script. reapply_shared_folder_acls may be found in
/usr/share/univention-mail-dovecot/ and can be called at any time as user root to reapply the IMAP ACLs.

univention-mail-dovecot (1.0.1-1):
r66188 | Bug #40037: add IMAP permission expunge if shared folder permission write or all has been selected

univention-mail-dovecot.yaml:
r66189 | Bug #40037: updated yaml
r66187 | Bug #40037: added yaml

For test commands see bug #40038.
Comment 2 Daniel Tröder univentionstaff 2015-12-09 10:00:34 CET
OK: code review
OK: advisory
OK: manual tests:

root@dc2000:~# eval $(ucr shell)
root@dc2000:~# udm mail/folder create --position cn=folder,cn=mail,$ldap_base --set name=pub1 --set mailDomain=$domainname --set mailHomeServer=$hostname.$domainname --append sharedFolderUserACL="test1m@uni.dtr write" --append sharedFolderUserACL="test2m@uni.dtr all" --append sharedFolderUserACL="test3m@uni.dtr read"
Object created: cn=pub1@uni.dtr,cn=folder,cn=mail,dc=uni,dc=dtr
root@dc2000:~# udm mail/folder create --position cn=folder,cn=mail,$ldap_base --set name=pub2 --set mailDomain=$domainname --set mailHomeServer=$hostname.$domainname --append sharedFolderUserACL="test1m@uni.dtr write" --append sharedFolderUserACL="test2m@uni.dtr all" --append sharedFolderUserACL="test3m@uni.dtr read" --set mailPrimaryAddress=pub2m@uni.dtr
Object created: cn=pub2@uni.dtr,cn=folder,cn=mail,dc=uni,dc=dtr

root@dc2000:~# cp /var/spool/dovecot/public/uni.dtr/pub1/.INBOX/dovecot-acl pub1-before
root@dc2000:~# cp /var/spool/dovecot/private/uni.dtr/pub2m/Maildir/dovecot-acl pub2m-before
root@dc2000:~# diff pub1-before pub2m-before

root@dc2000:~# univention-upgrade

root@dc2000:~# grep univention-mail-dovecot /var/univention-join/status
univention-mail-dovecot v1 successful
univention-mail-dovecot v2 successful
root@dc2000:~# cat /var/log/univention/reapply_shared_folder_acls.log
02.12.15 13:40:05.495  DEBUG_INIT
02.12.15 13:40:05.499  MAIN        ( INFO    ) : Initialising reapply_shared_folder_acls...
02.12.15 13:40:05.535  MAIN        ( INFO    ) : Looking for objects matching to following LDAP filter:
   (&(objectClass=univentionMailSharedFolder)(univentionMailHomeServer=dc2000.uni.dtr))
02.12.15 13:40:05.538  MAIN        ( PROCESS ) : DN: 'cn=pub1@uni.dtr,cn=folder,cn=mail,dc=uni,dc=dtr'
02.12.15 13:40:06.478  LISTENER    ( PROCESS ) : reapply_shared_folder_acls: Updated shared mailbox configuration.
02.12.15 13:40:06.609  LISTENER    ( PROCESS ) : reapply_shared_folder_acls: Set ACLs on 'pub1@uni.dtr'.
02.12.15 13:40:06.609  MAIN        ( PROCESS ) : ACLs updated
02.12.15 13:40:06.609  MAIN        ( PROCESS ) : DN: 'cn=pub2@uni.dtr,cn=folder,cn=mail,dc=uni,dc=dtr'
02.12.15 13:40:06.688  LISTENER    ( PROCESS ) : reapply_shared_folder_acls: Set ACLs on 'pub2m@uni.dtr'.
02.12.15 13:40:06.688  MAIN        ( PROCESS ) : ACLs updated
02.12.15 13:40:06.688  MAIN        ( PROCESS ) : Done

root@dc2000:~# diff pub1-before /var/spool/dovecot/public/uni.dtr/pub1/.INBOX/dovecot-acl 
1,2c1,2
< user=test1m@uni.dtr ilprwts
< user=test2m@uni.dtr ailprwts
---
> user=test1m@uni.dtr eilprwts
> user=test2m@uni.dtr aeilprwts
root@dc2000:~# diff pub2m-before /var/spool/dovecot/private/uni.dtr/pub2m/Maildir/dovecot-acl
1,2c1,2
< user=test1m@uni.dtr ilprwts
< user=test2m@uni.dtr ailprwts
---
> user=test1m@uni.dtr eilprwts
> user=test2m@uni.dtr aeilprwts
root@dc2000:~# diff /var/spool/dovecot/public/uni.dtr/pub1/.INBOX/dovecot-acl /var/spool/dovecot/private/uni.dtr/pub2m/Maildir/dovecot-acl

* Manual tests with Horde webmail worked as expected.
Comment 3 Janek Walkenhorst univentionstaff 2016-01-20 13:44:36 CET
<http://errata.software-univention.de/ucs/4.0/388.html>