brong
commented
16 years ago From: Alain Spineux
This bug is related to thread
http://lists.andrew.cmu.edu/pipermail/info-cyrus/2007-October/027116.html
I'm login as bk17@beta.loc using domain admin admin.mydomain.loc@mydomain.loc credential. First I dont know if i should fail or not. Second I look for the ACL, and I see admin.mydomain.loc@mydomain.loc is not in the list for bk17@beta.loc INBOX Then i use MYRIGHT an the INBOX and get full right ! I went further by creating folder in INBOX
Here is the log
imtest -a admin.mydomain.loc@mydomain.loc -w password -u
bk17@beta.loc -v localhost S: OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=PLAIN SASL-IR] eg01.emailgency.loc Cyrus IMAP4 v2.3.9-openpkg server ready C: C01 CAPABILITY S: CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=PLAIN SASL-IR ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE URLAUTH S: C01 OK Completed C: A01 AUTHENTICATE PLAIN YmsxN0BiZXRhLmxvYwBhZG1pbi5teWRvbWFpbi5sb2NAbXlkb21haW4ubG9jAHZpc2hub3U= S: A01 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE URLAUTH] Success (no protection) Authenticated. Security strength factor: 0 A4 GETACL INBOX
- ACL INBOX bk17@beta.loc lrswipkxtecda manager r A4 OK Completed A7 MYRIGHTS INBOX
- MYRIGHTS INBOX lrswipkxtecda A7 OK Completed A8 CREATE INBOX/foo A8 OK Completed A9 MYRIGHTS INBOX/boo A9 NO Mailbox does not exist A10 MYRIGHTS INBOX/foo
- MYRIGHTS INBOX/foo lrswipkxtecda A10 OK Completed A11 GETACL INBOX/foo
- ACL INBOX/foo bk17@beta.loc lrswipkxtecda manager r A11 OK Completed
I'm running an Openpkg cyrus-2.3.9 on kolab-2.2beta1 runing on centos 5.0
Here is my imapd.conf
configdirectory: /kolab/var/imapd partition-default: /kolab/var/imapd/spool allowusermoves: 0 admins: admin.beta.loc@beta.loc admin.teta.loc@teta.loc admin.gamma.loc@gamma.loc admin.mydomain.loc@mydomain.loc manager sasl_pwcheck_method: saslauthd sasl_mech_list: plain sendmail: /kolab/sbin/sendmail allowanonymouslogin: no allowplaintext: yes servername: eg01.emailgency.loc autocreatequota: 100000 reject8bit: no munge8bit: no quotawarn: 80 lmtp_over_quota_perm_failure: 0 timeout: 30 sievedir: /kolab/var/imapd/sieve lmtpsocket: /kolab/var/kolab/lmtp allowapop: no tls_cert_file: /kolab/etc/kolab/cert.pem tls_key_file: /kolab/etc/kolab/key.pem altnamespace: 0 unixhierarchysep: yes lmtp_downcase_rcpt: yes username_tolower: 1 hashimapspool: yes loginrealms: eg01.emailgency.loc mydomain.loc eg01.emailgency.loc beta.loc teta.loc koko.loc gamma.loc ldap_uri: ldap://127.0.0.1:389 ldap_base: dc=eg01,dc=emailgency,dc=loc ldap_bind_dn: cn=nobody,cn=internal,dc=eg01,dc=emailgency,dc=loc ldap_password: **** ldap_time_limit: 15 virtdomains: ldap postuser: kolab userprefix: user sharedprefix: shared notifysocket: /kolab/var/imapd/socket/notify sievenotifier: mailto mailnotifier: mailto annotation_db: berkeley mboxlist_db: berkeley duplicatesuppression: 0 imapidlepoll: 5 annotation_definitions: /kolab/etc/imapd/imapd.annotation_definitions singleinstancestore: 1
From: Alain Spineux Bugzilla-Id: 2998 Version: 2.3.x Owner: Ken Murchison