Bug 53111 - Traceback in listener.log when setting IMAP ACLs for shared folder
Traceback in listener.log when setting IMAP ACLs for shared folder
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Mail - Dovecot
UCS 5.0
Other Linux
: P5 normal (vote)
: UCS 5.0
Assigned To: Sönke Schwardt-Krummrich
Florian Best
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-04-15 17:55 CEST by Sönke Schwardt-Krummrich
Modified: 2021-05-25 15:58 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.091
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sönke Schwardt-Krummrich univentionstaff 2021-04-15 17:55:47 CEST
Adding/modifying/removing IMAP ACL for shared folders is broken in UCS 5:

15.04.21 17:04:57.582  LISTENER    ( PROCESS ) : updating 'cn=foo2@nstx60.ucs,cn=folder,cn=mail,dc=nstx,dc=ucs' command a
15.04.21 17:04:57.615  LDAP        ( PROCESS ) : connecting to ldap://localhost:7389
15.04.21 17:04:58.035  LISTENER    ( WARN    ) : replication: Can't contact LDAP server: retrying
15.04.21 17:04:58.035  LISTENER    ( WARN    ) :        additional info: Broken pipe
doveadm(Administrator): Error: Can't open mailbox shared/foo2@nstx60.ucs: Mailbox doesn't exist: shared/foo2@nstx60.ucs
15.04.21 17:04:58.930  LISTENER    ( ERROR   ) : dovecot-shared-folder: Failed to set ACLs '['mail11@nstx60.ucs write', 'Domain Users read', 'dovecotadmin none']' on mailbox 'INBOX' for 'foo2@nstx60.ucs'.
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/univention/mail/dovecot_shared_folder.py", line 426, in imap_set_mailbox_acls
    imap.setacl(mailbox, identifier, dovecot_acls[right][0])
  File "/usr/lib/python3.7/imaplib.py", line 764, in setacl
    return self._simple_command('SETACL', mailbox, who, what)
  File "/usr/lib/python3.7/imaplib.py", line 1196, in _simple_command
    return self._command_complete(name, self._command(name, *args))
  File "/usr/lib/python3.7/imaplib.py", line 1027, in _command_complete
    raise self.error('%s command error: %s %s' % (name, typ, data))
imaplib.IMAP4.error: SETACL command error: BAD [b'Error in IMAP command SETACL: Invalid ACL right: U (0.001 + 0.000 secs).']
15.04.21 17:04:58.931  LISTENER    ( ERROR   ) : dovecot-shared-folder: Failed setting ACLs on new shared mailbox 'foo2@nstx60.ucs': SETACL command error: BAD [b'Error in IMAP command SETACL: Invalid ACL right: U (0.001 + 0.000 secs).']
Comment 1 Sönke Schwardt-Krummrich univentionstaff 2021-04-16 17:44:16 CEST
The cause of the traceback was the unquoted group name "Domain Users". This must be enclosed in quotation marks, otherwise the IMAP parser will evaluate the input incorrectly.
The listener module has been fixed, to quote names correctly.
A ucs-test script has been added to check this matter in the future.
A ACL parsing error in the ucs-test mailclient.py library has also been fixed.

[5.0-0] d72c959c6c Bug #53111: add changelog entry
[5.0-0] 9fff3ee550 Bug #53111: fix ACL parser
[5.0-0] af010473ee Bug #53111: add test 40_mail/43_dovecot_shared_folder_create_folder_with_acls
[5.0-0] 789e9293c4 Bug #53111: add changelog entry
[5.0-0] 3a3adc0bc4 Bug #53111: code cleanup
[5.0-0] a1c557902c Bug #53111: identifiers should be escaped to prevent parsing errors

Package: univention-mail-dovecot
Version: 6.0.3-1A~5.0.0.202104161743
Branch: ucs_5.0-0

Package: ucs-test
Version: 10.0.4-58A~5.0.0.202104161743
Branch: ucs_5.0-0
Comment 2 Sönke Schwardt-Krummrich univentionstaff 2021-04-18 21:05:29 CEST
[5.0-0] 7cad0af20f Bug #53111: add changelog entry
[5.0-0] 7815ac65d9 Bug #53111: escape double quotes in identifier when calling SETACL

Package: univention-mail-dovecot
Version: 6.0.3-2A~5.0.0.202104182059
Branch: ucs_5.0-0
Comment 3 Florian Best univentionstaff 2021-04-20 12:24:55 CEST
If possible, new test cases should be written in Python 3.

40_mail/43_dovecot_shared_folder_create_folder_with_acls is failing in Samba-4 environment:
https://jenkins.knut.univention.de:8181/job/UCS-5.0/job/UCS-5.0-0/view/Default/job/AutotestUpgrade/lastCompletedBuild/SambaVersion=s4,Systemrolle=master-part-II/testReport/40_mail/43_dovecot_shared_folder_create_folder_with_acls/master071/
Comment 4 Sönke Schwardt-Krummrich univentionstaff 2021-04-22 21:31:13 CEST
(In reply to Florian Best from comment #3)
> If possible, new test cases should be written in Python 3.

The helper lib and all depending tests are still py2. So I left the test on py2.

[5.0-0] 7d4847eb8f Bug #53111: reverted switch to py3 - helper lib is still py2
[5.0-0] a01a027db5 Bug #53111: add entry to changelog xml
[5.0-0] c380c86cb5 Bug #53111: add changelog entry
[5.0-0] 4ac46a31ad Bug #53111: disable test in samba4 environments
[5.0-0] 12b7b3cf74 Bug #53111: cleanup
[5.0-0] 6da0ff3fc3 Bug #53111: switch test to python3
 
> 40_mail/43_dovecot_shared_folder_create_folder_with_acls is failing in
> Samba-4 environment:
> https://jenkins.knut.univention.de:8181/job/UCS-5.0/job/UCS-5.0-0/view/
> Default/job/AutotestUpgrade/lastCompletedBuild/SambaVersion=s4,
> Systemrolle=master-part-II/testReport/40_mail/
> 43_dovecot_shared_folder_create_folder_with_acls/master071/

I disabled the test in S4 environments for now. The other 43_* tests are also disabled in S4 envs.

Package: ucs-test
Version: 10.0.5-3A~5.0.0.202104222111
Branch: ucs_5.0-0
Comment 5 Florian Best univentionstaff 2021-04-23 00:58:20 CEST
OK: quoting
OK: test case
OK: changelog entry
Comment 6 Sönke Schwardt-Krummrich univentionstaff 2021-04-23 11:06:01 CEST
[5.0-0] dab8f12e49 Bug #53111: add changelog entry
[5.0-0] 858d3a01d7 Bug #53111: add missing sys import
[5.0-0] 13e719609d Bug #53111: add mypy annotations

Package: ucs-test
Version: 10.0.5-5A~5.0.0.202104231057
Branch: ucs_5.0-0
Comment 7 Florian Best univentionstaff 2021-05-25 15:58:54 CEST
UCS 5.0 has been released:
 https://docs.software-univention.de/release-notes-5.0-0-en.html
 https://docs.software-univention.de/release-notes-5.0-0-de.html

If this error occurs again, please use "Clone This Bug".