Bug 45921 - fix quoting in global acls
fix quoting in global acls
Product: UCS
Classification: Unclassified
Component: Mail - Dovecot
UCS 4.2
Other Linux
: P5 enhancement (vote)
: UCS 4.2-3-errata
Assigned To: Daniel Tröder
Mail maintainers
Depends on: 41138
Blocks: 45894 45971
  Show dependency treegraph
Reported: 2017-12-21 10:58 CET by Daniel Tröder
Modified: 2018-04-26 12:42 CEST (History)
5 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 2: Improvement: Would be a product improvement
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.103
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number: 2016032321000374, 2017032421000405, 2017100621000202
Bug group (optional):
Max CVSS v3 score:


Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Tröder univentionstaff 2017-12-21 10:58:30 CET
+++ This bug was initially created as a clone of Bug #41138 +++

+++ This bug was initially created as a clone of Bug #41022 +++


Changing the mailPrimaryAddress of a shared folder if a group contains a space:

19.12.17 14:18:31.905  LISTENER    ( PROCESS ) : dovecot-shared-folder-ox: Moved mail home (of mail: 'fol4mneu@ox-test-gmbh.intranet') from '/var/spool/dovecot/private/ox-test-gmbh.intranet/fol4m' to '/var/spool/dovecot/private/ox-test-gmbh.intranet/fol4mneu'.
Traceback (most recent call last):
  File "/usr/lib/univention-directory-listener/system/dovecot-shared-folder-ox.py", line 203, in handler
    dl.mod_shared_folder(old, new)
  File "/usr/lib/pymodules/python2.7/univention/mail/dovecot_shared_folder.py", line 227, in mod_shared_folder
  File "/usr/lib/pymodules/python2.7/univention/mail/dovecot_shared_folder.py", line 526, in remove_global_acls
  File "/usr/lib/pymodules/python2.7/univention/mail/dovecot_shared_folder.py", line 92, in remove_acls
  File "/usr/lib/pymodules/python2.7/univention/mail/dovecot_shared_folder.py", line 117, in _read
TypeError: __init__() takes exactly 4 arguments (5 given)
19.12.17 14:18:31.906  LISTENER    ( WARN    ) : handler: dovecot-shared-folder-ox (failed)


The identifier in the ACL file must be quoted, for example:
shared/priv6m@uni.dtr "group=DC Slave Hosts" lrws
Comment 1 Daniel Tröder univentionstaff 2017-12-21 11:07:51 CET
The identifiers in the ACLs in the global ACL file have to be quoted, if they contain spaces.

commit 4108486d8a3082c382d4034f2303912c521981bc
    Bug #45921: fix quoting of identifier in global ACL file
commit 5eac889a5452d9066c54f6dc19c83e46d4799e95
    Bug #45921: changelog
commit 12ab2302153da4b02a5b3334aad40e511d3a1b46
    Bug #45921: advisory

Package: univention-mail-dovecot
Version: 3.0.1-5A~
Branch: ucs_4.2-0
Scope: errata4.2-3
Comment 2 Florian Best univentionstaff 2017-12-21 11:45:54 CET
The code change doesn't consider if there is a double quote (") in a value.
Comment 3 Sönke Schwardt-Krummrich univentionstaff 2017-12-21 16:01:02 CET
(In reply to Florian Best from comment #2)
> The code change doesn't consider if there is a double quote (") in a value.

The first regex matches only if the <id> starts and ends with a double quote.
<folder> and <acl> may not contain whitespace.

Updated regular expression to prevent problems if the .* in <folder> matches
too many characters:

-glocal_acl_pattern1 = re.compile(r'(?P<folder>.+) "(?P<id>.+)" (?P<acl>\w+)')
-glocal_acl_pattern2 = re.compile(r'(?P<folder>.+) (?P<id>.+) (?P<acl>\w+)')
+glocal_acl_pattern1 = re.compile(r'(?P<folder>[^ ]+) "(?P<id>.+)" (?P<acl>\w+)')
+glocal_acl_pattern2 = re.compile(r'(?P<folder>[^ ]+) (?P<id>.+) (?P<acl>\w+)')

Tested with new and old/uncorrected ACLs. Both are correct after next folder modification.

Package: univention-mail-dovecot
Version: 3.0.1-6A~
Branch: ucs_4.2-0
Scope: errata4.2-3

Comment 4 Arvid Requate univentionstaff 2017-12-22 13:53:56 CET