Bug 38600 – IMAP ACL tests

Bug 38600 - IMAP ACL tests


Summary:	IMAP ACL tests

Status:	CLOSED FIXED

Product:	UCS Test
Classification:	Unclassified
Component:	Mail
Version:	unspecified
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	Daniel Tröder
QA Contact:

URL:
Keywords:

Depends on:	38471
Blocks:	39477
	Show dependency tree / graph

Reported:	2015-05-26 10:29 CEST by Sönke Schwardt-Krummrich
Modified:	2023-03-25 06:49 CET (History)
CC List:	3 users (show)

See Also:
What kind of report is it?:	Development Internal
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sönke Schwardt-Krummrich

2015-05-26 10:29:19 CEST

The IMAP protocol allows users so assign IMAP ACLs to mail folders. Each ACL consists of a user or groups and a set of permission flags (AFAIR 13 flags).
The ACLs may be assigned to the user's INBOX or its subfolders OR a global, shared folder.

Please write one or several tests that check if
- ACLs may be assigned to the user's INBOX or its subfolder
- ACLs may be assigned to shared folders (Perhaps not possible via python, 
  because python had problems with IMAP namespaces in the past. Please ask Sönke 
  or Daniel Tröder how to deal with it if this is the case)
- all flags are correctly respected by the IMAP server
- ACLs for certain users are evaluated correctly (e.g. user X has append 
  permission to folder Y)
- ACLs for certain user groups are evaluated correctly (e.g. group X has read 
  permission to folder Y)

The tests should work with cyrus AND dovecot as IMAP server. It is ok to check/implement against cyrus first. There should be no difference in testing if only the IMAP protocol is used.

Comment 1 Ammar Najjar

2015-07-01 09:11:48 CEST

Two test scripts are created:
"25_imap_acls_correctly_respected": Test if the acls are set correctly.

"26_imap_acls_correctly_evaluated": Test if the permissions after setting the acls are evaluated correctly for both individuals and groups.

Both scripts work for cyrus and dovecot.

Comment 2 Daniel Tröder

2015-07-03 14:07:20 CEST

26_imap_acls_correctly_evaluated crashes on folder names with spaces.

Reproduce with:
# ucr set 'mail/dovecot/mailboxes/special/Gesendete Objekte=\Sent' 'mail/dovecot/mailboxes/auto/Gesendete Objekte=subscribe'

Comment 3 Ammar Najjar

2015-07-07 10:50:41 CEST

(In reply to Daniel Tröder from comment #2)
> 26_imap_acls_correctly_evaluated crashes on folder names with spaces.
> 
> Reproduce with:
> # ucr set 'mail/dovecot/mailboxes/special/Gesendete Objekte=\Sent'
> 'mail/dovecot/mailboxes/auto/Gesendete Objekte=subscribe'

Fixed.

Comment 4 Ammar Najjar

2015-07-07 10:51:49 CEST

(In reply to Ammar Najjar from comment #3)
> (In reply to Daniel Tröder from comment #2)
> > 26_imap_acls_correctly_evaluated crashes on folder names with spaces.
> > 
> > Reproduce with:
> > # ucr set 'mail/dovecot/mailboxes/special/Gesendete Objekte=\Sent'
> > 'mail/dovecot/mailboxes/auto/Gesendete Objekte=subscribe'
> 
> Fixed.

r61826.

Comment 5 Stefan Gohmann

2015-08-09 11:04:45 CEST

The test 40_mail/26_imap_acls_correctly_evaluated failed. I've disabled the test now:

http://jenkins.knut.univention.de:8080/job/UCS-4.0/job/UCS-4.0-3/job/Autotest%20MultiEnv/lastCompletedBuild/SambaVersion=s4,Systemrolle=master/testReport/40_mail/26_imap_acls_correctly_evaluated/test/

*** BEGIN *** ['/usr/bin/python', '26_imap_acls_correctly_evaluated'] ***
*** 40_mail/26_imap_acls_correctly_evaluated *** Mail imap acl flags are correctly evaluated ***
*** START TIME: 2015-08-08 17:49:09 ***
Create mail/dovecot/mailbox/delete
File: /usr/sbin/univention-sa-learn
Multifile: /etc/postfix/ldap.sharedfolderlocal
Restarting IMAP/POP3 mail server: dovecot.
Creating users/user object with {'username': 'phdjbah8ho', 'set': {'password': 'univention', 'mailHomeServer': 'master091.AutoTest091.local', 'mailPrimaryAddress': 'phdjbah8ho@AutoTest091.local'}, 'firstname': 'u88vk9sgjd', 'lastname': 'cv00asqsyb', 'position': 'cn=users,dc=AutoTest091,dc=local', 'password': 'univention'}
Waiting for replication:
CRITICAL: no change of listener transaction id for last 0 checks (nid=7803 lid=7795)
OK: replication complete (nid=7803 lid=7803)
Done: replication complete.
WARNING: No path in service IPC$ - making it unavailable!
NOTE: Service IPC$ is flagged unavailable.
Waiting for DRS replication, filter: 'cn=phdjbah8ho' 
DRS replication took 0 seconds
Creating users/user object with {'username': 'x9ecins1zb', 'set': {'password': 'univention', 'mailHomeServer': 'master091.AutoTest091.local', 'mailPrimaryAddress': 'x9ecins1zb@AutoTest091.local'}, 'firstname': 'b4lkkmykth', 'lastname': 'fkevbb7npg', 'position': 'cn=users,dc=AutoTest091,dc=local', 'password': 'univention'}
Waiting for replication:
CRITICAL: no change of listener transaction id for last 0 checks (nid=7814 lid=7806)
OK: replication complete (nid=7814 lid=7814)
Done: replication complete.
WARNING: No path in service IPC$ - making it unavailable!
NOTE: Service IPC$ is flagged unavailable.
Waiting for DRS replication, filter: 'cn=x9ecins1zb' 
DRS replication took 0 seconds
Creating users/user object with {'username': 'a2kkzi6b5r', 'set': {'password': 'univention', 'mailHomeServer': 'master091.AutoTest091.local', 'mailPrimaryAddress': 'a2kkzi6b5r@AutoTest091.local'}, 'firstname': 'yqo7dqo5cf', 'lastname': 'sjso1m4uop', 'position': 'cn=users,dc=AutoTest091,dc=local', 'password': 'univention'}
Waiting for replication:
CRITICAL: no change of listener transaction id for last 0 checks (nid=7825 lid=7817)
OK: replication complete (nid=7825 lid=7825)
Done: replication complete.
WARNING: No path in service IPC$ - making it unavailable!
NOTE: Service IPC$ is flagged unavailable.
Waiting for DRS replication, filter: 'cn=a2kkzi6b5r' 
DRS replication took 0 seconds
*** Sending mail: recipients=['phdjbah8ho@AutoTest091.local', 'x9ecins1zb@AutoTest091.local', 'a2kkzi6b5r@AutoTest091.local'] sender='tarpit@example.com' subject='Testmessage Sat Aug  8 17:49:17 2015' idstring='no id string' gtube=False server='localhost' port=587 tls=True username='a2kkzi6b5r@AutoTest091.local' password='univention' HELO/EHLO='ucstest.22597.example.com'
send: 'ehlo ucstest.22597.example.com\r\n'
reply: '250-master091.AutoTest091.local\r\n'
reply: '250-PIPELINING\r\n'
reply: '250-SIZE 10240000\r\n'
reply: '250-VRFY\r\n'
reply: '250-ETRN\r\n'
reply: '250-STARTTLS\r\n'
reply: '250-ENHANCEDSTATUSCODES\r\n'
reply: '250-8BITMIME\r\n'
reply: '250 DSN\r\n'
reply: retcode (250); Msg: master091.AutoTest091.local
PIPELINING
SIZE 10240000
VRFY
ETRN
STARTTLS
ENHANCEDSTATUSCODES
8BITMIME
DSN
send: 'STARTTLS\r\n'
reply: '220 2.0.0 Ready to start TLS\r\n'
reply: retcode (220); Msg: 2.0.0 Ready to start TLS
send: 'ehlo ucstest.22597.example.com\r\n'
reply: '250-master091.AutoTest091.local\r\n'
reply: '250-PIPELINING\r\n'
reply: '250-SIZE 10240000\r\n'
reply: '250-VRFY\r\n'
reply: '250-ETRN\r\n'
reply: '250-AUTH PLAIN LOGIN\r\n'
reply: '250-AUTH=PLAIN LOGIN\r\n'
reply: '250-ENHANCEDSTATUSCODES\r\n'
reply: '250-8BITMIME\r\n'
reply: '250 DSN\r\n'
reply: retcode (250); Msg: master091.AutoTest091.local
PIPELINING
SIZE 10240000
VRFY
ETRN
AUTH PLAIN LOGIN
AUTH=PLAIN LOGIN
ENHANCEDSTATUSCODES
8BITMIME
DSN
send: 'AUTH PLAIN AGEya2t6aTZiNXJAQXV0b1Rlc3QwOTEubG9jYWwAdW5pdmVudGlvbg==\r\n'
reply: '235 2.7.0 Authentication successful\r\n'
reply: retcode (235); Msg: 2.7.0 Authentication successful
send: 'mail FROM:<tarpit@example.com> size=591\r\n'
reply: '250 2.1.0 Ok\r\n'
reply: retcode (250); Msg: 2.1.0 Ok
send: 'rcpt TO:<phdjbah8ho@AutoTest091.local>\r\n'
reply: '250 2.1.5 Ok\r\n'
reply: retcode (250); Msg: 2.1.5 Ok
send: 'rcpt TO:<x9ecins1zb@AutoTest091.local>\r\n'
reply: '250 2.1.5 Ok\r\n'
reply: retcode (250); Msg: 2.1.5 Ok
send: 'rcpt TO:<a2kkzi6b5r@AutoTest091.local>\r\n'
reply: '250 2.1.5 Ok\r\n'
reply: retcode (250); Msg: 2.1.5 Ok
send: 'data\r\n'
reply: '354 End data with <CR><LF>.<CR><LF>\r\n'
reply: retcode (354); Msg: End data with <CR><LF>.<CR><LF>
data: (354, 'End data with <CR><LF>.<CR><LF>')
send: 'Content-Type: multipart/mixed; boundary="===============4847558922255141005=="\r\nMIME-Version: 1.0\r\nFrom: tarpit@example.com\r\nTo: phdjbah8ho@AutoTest091.local, x9ecins1zb@AutoTest091.local,\r\n a2kkzi6b5r@AutoTest091.local\r\nDate: Sat, 08 Aug 2015 17:49:17 +0000\r\nSubject: Testmessage Sat Aug  8 17:49:17 2015\r\nUCS-TEST: no id string\r\nMessage-Id: 511fca24-3e17-11e5-9a73-024f3926e325.eq5xzekcjh@AutoTest091.local\r\n\r\n--===============4847558922255141005==\r\nContent-Type: text/plain; charset="us-ascii"\r\nMIME-Version: 1.0\r\nContent-Transfer-Encoding: 7bit\r\n\r\n1439070557.09\r\n--===============4847558922255141005==--\r\n.\r\n'
reply: '250 2.0.0 Ok: queued as 7EA2D2094F\r\n'
reply: retcode (250); Msg: 2.0.0 Ok: queued as 7EA2D2094F
data: (250, '2.0.0 Ok: queued as 7EA2D2094F')
send: 'quit\r\n'
reply: '221 2.0.0 Bye\r\n'
reply: retcode (221); Msg: 2.0.0 Bye
phdjbah8ho@AutoTest091.local is waiting for an email; should be delivered = True
Creating groups/group object with {'position': 'cn=groups,dc=AutoTest091,dc=local', 'set': {'mailAddress': 'eqjeossloy@AutoTest091.local', 'users': 'uid=x9ecins1zb,cn=users,dc=AutoTest091,dc=local'}, 'name': 'j3m8hvaqwp'}
Waiting for replication:
OK: replication complete (nid=7842 lid=7842)
Done: replication complete.
WARNING: No path in service IPC$ - making it unavailable!
NOTE: Service IPC$ is flagged unavailable.
Waiting for DRS replication, filter: 'cn=j3m8hvaqwp' . . . . . . . 
DRS replication took 7 seconds
Creating mail/folder object with {'position': 'cn=folder,cn=mail,dc=AutoTest091,dc=local', 'set': {'mailHomeServer': 'master091.AutoTest091.local', 'mailDomain': 'AutoTest091.local', 'name': 'p4z26w9fhf', 'mailPrimaryAddress': ''}, 'append': {'sharedFolderUserACL': ['"anyone" "none"'], 'sharedFolderGroupACL': []}}
Waiting for replication:
CRITICAL: no change of listener transaction id for last 0 checks (nid=7843 lid=7842)
CRITICAL: no change of listener transaction id for last 0 checks (nid=7843 lid=7842)
OK: replication complete (nid=7845 lid=7845)
Done: replication complete.
Creating mail/folder object with {'position': 'cn=folder,cn=mail,dc=AutoTest091,dc=local', 'set': {'mailHomeServer': 'master091.AutoTest091.local', 'mailDomain': 'AutoTest091.local', 'name': 'dehuwdf0uq', 'mailPrimaryAddress': 'dehuwdf0uq@AutoTest091.local'}, 'append': {'sharedFolderUserACL': ['"anyone" "none"'], 'sharedFolderGroupACL': []}}
Waiting for replication:
CRITICAL: no change of listener transaction id for last 0 checks (nid=7846 lid=7845)
OK: replication complete (nid=7846 lid=7846)
Done: replication complete.
** phdjbah8ho@AutoTest091.local Mailbox = Ham, Setting a2kkzi6b5r@AutoTest091.local -> lrspiwcda
Lookup : shared/phdjbah8ho@AutoTest091.local/Ham ['Ham', 'Spam', 'INBOX']
Unsetting mail/dovecot/internal/sharedfolders
Unsetting mail/dovecot/mailbox/delete
File: /usr/sbin/univention-sa-learn
Multifile: /etc/postfix/ldap.sharedfolderlocal
File: /etc/dovecot/conf.d/10-mail.conf
File: /etc/dovecot/conf.d/90-quota.conf
Restarting IMAP/POP3 mail server: dovecot.
Cleanup after exception: <class 'essential.mailclient.LookupFail'> Un-expected result for listing the mailbox shared/phdjbah8ho@AutoTest091.local/Ham
Performing UCSTestUDM cleanup...
Traceback (most recent call last):
  File "26_imap_acls_correctly_evaluated", line 115, in <module>
    main()
  File "26_imap_acls_correctly_evaluated", line 89, in main
    imap2.check_permissions(owner_user, mailbox, permission, dovecot)
  File "/usr/share/ucs-test/40_mail/essential/mailclient.py", line 312, in check_permissions
    self.check_lookup(owner_user, {mailbox: lookup_OK(permission)}, dovecot)
  File "/usr/share/ucs-test/40_mail/essential/mailclient.py", line 199, in check_lookup
    raise LookupFail('Un-expected result for listing the mailbox %s' % mailbox)
essential.mailclient.LookupFail: Un-expected result for listing the mailbox shared/phdjbah8ho@AutoTest091.local/Ham
UCSTestUDM cleanup done
*** END TIME: 2015-08-08 17:49:34 ***
*** TEST DURATION (H:MM:SS.ms): 0:00:24.679202 ***
*** END *** 1 ***

Comment 6 Philipp Hahn

2015-09-17 15:47:00 CEST

Jenkins regression since 50 runs with ucs-test-mail 5.0.171-2.1203.201509141600 on S4-Master:

<http://jenkins.knut.univention.de:8080/job/UCS-4.0/job/UCS-4.0-3/job/Autotest%20MultiEnv/lastCompletedBuild/SambaVersion=s4,Systemrolle=master/testReport/40_mail/26_imap_acls_correctly_evaluated/test/>

> Cleanup after exception: <class 'essential.mailclient.LookupFail'> Un-expected result for listing the mailbox shared/j661k3ymsj@AutoTest091.local/Ham

Comment 7 Philipp Hahn

2015-10-21 17:54:34 CEST

Fails since 84 runs on S4 Master
<http://jenkins.knut.univention.de:8080/job/UCS-4.0/job/UCS-4.0-3/job/Autotest%20MultiEnv/lastCompletedBuild/SambaVersion=s4,Systemrolle=master/testReport/40_mail/26_imap_acls_correctly_evaluated/test/>

Comment 8 Stefan Gohmann

2015-10-28 14:23:53 CET

I've disabled the test case on Samba 4 systems: r64934

Comment 9 Daniel Tröder

2015-11-03 14:31:13 CET

The problem is the CamelCase domain name. Workaround in r65136 until Bug #39721 is resolved.

Comment 10 Daniel Tröder

2015-11-04 14:42:11 CET

The fix mentioned in comment 9 was not commited. Done in r65170.

Comment 11 Stefan Gohmann

2016-10-12 07:48:49 CEST

For this bug is no separate QA needed.