dovecot - Aug 2009 - ACL plugin, public namespace, erroneous \HasNoChildren

Hi,

dovecot 1.2.2 with a second namespace called "Public", mapped to
"/export/vmailboxes/public", LIST returning \HasNoChildren:

root at testvm06:~# cat /export/vmailboxes/public/dovecot-acl
user=cite lrwstiekxa
authenticated lrs
anyone lrs
root at testvm06:~# ls -l /export/vmailboxes/public/.announcements/dovecot-acl 
lrwxrwxrwx 1 root root 14 Aug  6 03:50
/export/vmailboxes/public/.announcements/dovecot-acl -> ../dovecot-acl

With ACL plugin enabled (notice the \HasNoChildren):

root at testvm06:~# telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS
AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot ready.
. login cite secret
. OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT
THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE
UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES
WITHIN CONTEXT=SEARCH ACL RIGHTS=texk QUOTA] Logged in
. list "" Public
* LIST (\Noselect \HasNoChildren) "." "Public"
. OK List completed.
. select Public.announcements
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
* OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags
permitted.
* 0 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1249522417] UIDs valid
* OK [UIDNEXT 1] Predicted next UID
* OK [HIGHESTMODSEQ 1]
. OK [READ-WRITE] Select completed.

I included the select to show that filesystem permissions are OK.

Without ACL plugin (notice the \HasChildren here):

root at testvm06:~# telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS
AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot ready.
. login cite secret
. OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT
THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE
UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES
WITHIN CONTEXT=SEARCH QUOTA] Logged in
. list "" Public
* LIST (\Noselect \HasChildren) "." "Public"
. OK List completed.

Is this intended behaviour, am I just too stupid for ACLs or something
completely different? I wonder how clients are supposed to get a
listing of a public namespace...

dovecot -n:
# 1.2.2: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.26-2-amd64 x86_64 Debian 5.0.2 
log_timestamp: %Y-%m-%d %H:%M:%S 
protocols: imap imaps managesieve
listen(default): *:143
listen(imap): *:143
listen(managesieve): *
ssl_listen(default): *:993
ssl_listen(imap): *:993
ssl_listen(managesieve): 
ssl_cert_file: /etc/ssl/owncerts/snakeoil.crt
ssl_key_file: /etc/ssl/private/snakeoil.key
login_dir: /var/run/dovecot/login
login_executable(default): /usr/lib/dovecot/imap-login
login_executable(imap): /usr/lib/dovecot/imap-login
login_executable(managesieve): /usr/lib/dovecot/managesieve-login
verbose_proctitle: yes
mail_privileged_group: vmail
mail_location: maildir:~/Maildir
mbox_write_locks: fcntl dotlock
mail_executable(default): /usr/lib/dovecot/imap
mail_executable(imap): /usr/lib/dovecot/imap
mail_executable(managesieve): /usr/lib/dovecot/managesieve
mail_process_size: 1024
mail_plugins(default): quota imap_quota fts fts_squat acl
mail_plugins(imap): quota imap_quota fts fts_squat acl
mail_plugins(managesieve): 
mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve
namespace:
  type: private
  separator: .
  inbox: yes
  list: yes
  subscriptions: yes
namespace:
  type: public
  separator: .
  prefix: Public.
  location: maildir:/export/vmailboxes/public
  list: yes
lda:
  postmaster_address: postmaster at test.cite.lan
  hostname: testvm06.test.cite.lan
  mail_plugins: quota sieve
  auth_socket_path: /var/run/dovecot/auth-master
auth default:
  mechanisms: plain login cram-md5
  passdb:
    driver: sql
    args: /etc/dovecot/dovecot-sql.conf
  userdb:
    driver: sql
    args: /etc/dovecot/dovecot-sql.conf
  socket:
    type: listen
    client:
      path: /var/spool/postfix/private/auth
      mode: 432
      user: postfix
      group: sasl
    master:
      path: /var/run/dovecot/auth-master
      mode: 384
      user: vmail
      group: vmail
plugin:
  quota: maildir:User quota
  quota_warning: storage=80%% /usr/local/bin/quota-warning.sh 80
  quota_warning: storage=95%% /usr/local/bin/quota-warning.sh 95
  sieve: ~/.dovecot.sieve
  sieve_storage: ~/sieve
  sieve_extensions: +imapflags
  fts: squat
  fts_squat: partial=4 full=10
  acl: vfile


Cheers
Stefan

* Stefan F?rster <cite+dovecot-users at
incertum.net>:
> dovecot 1.2.2 with a second namespace called "Public", mapped to
> "/export/vmailboxes/public", LIST returning \HasNoChildren:
> 
> root at testvm06:~# cat /export/vmailboxes/public/dovecot-acl
> user=cite lrwstiekxa
> authenticated lrs
> anyone lrs
> root at testvm06:~# ls -l
/export/vmailboxes/public/.announcements/dovecot-acl
> lrwxrwxrwx 1 root root 14 Aug  6 03:50
/export/vmailboxes/public/.announcements/dovecot-acl -> ../dovecot-acl
> 
> With ACL plugin enabled (notice the \HasNoChildren):
> 
> root at testvm06:~# telnet localhost 143
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot ready.
> . login cite secret
> . OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT
THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE
UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES
WITHIN CONTEXT=SEARCH ACL RIGHTS=texk QUOTA] Logged in
> . list "" Public
> * LIST (\Noselect \HasNoChildren) "." "Public"
> . OK List completed.
I recompiled dovecot with changeset 13fa572535f0 (from
http://hg.dovecot.org/dovecot-1.2/rev/13fa572535f0 ), but it didn't
change the behaviour - and with "Public." being a mailbox with that
patch, dovecot is really lying to me ;-)

Did I miss an ACL entry?


Cheers
Stefan

On Thu, 2009-08-06 at 05:08 +0200, Stefan F?rster wrote:
> . list "" Public
> * LIST (\Noselect \HasNoChildren) "." "Public"
What about LIST "" Public*?

What do you have in /export/vmailboxes/public/dovecot-acl-list? Does it
work if you delete the file?

I couldn't reproduce this, except by using a stale dovecot-acl-list.
Wonder if it could be made to update itself automatically in more
situations.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20090807/3fb4a4c4/attachment-0002.bin>

* Timo Sirainen <tss at iki.fi>:
> On Thu, 2009-08-06 at 05:08 +0200, Stefan F?rster wrote:
> > . list "" Public
> > * LIST (\Noselect \HasNoChildren) "." "Public"
> 
> What about LIST "" Public*?
No difference.
> What do you have in /export/vmailboxes/public/dovecot-acl-list? Does it
> work if you delete the file?
It was a 0 bytes file, owned by vmail:vmail. I deleted it, and now
everything works - thanks.
> I couldn't reproduce this, except by using a stale dovecot-acl-list.
> Wonder if it could be made to update itself automatically in more
> situations.
While I'm certain that this would be a good idea, because everything
else in dovecot seems to repair itself as needed, I certainly can't
offer any hints on how to do that ;-)


Anyways: Thanks again
Stefan