cross domain ACL when using virtdomains

Fabio Pietrosanti lists at pietrosanti.it
Sun May 7 06:41:48 EDT 2006 

Hi all,

while attempting to setup ACL for user at domain1.com on the mailbox
user at domain2.com on a Cyrus setup which use virtdomains (Kolab project
http://www.kolab.org ) i found that's not possible to setup cross-domain
ACL.

I am not a software developer and i attempted to create a "dirty patch"
just removing the cross-domain check in imap/mboxlist.c and
imap/mboxname.c as described by the attached patch.

This allowed me to "setaclmailbox" trough cyradmin interface without errors.
However this doesn't seems to give the desidered effect: it doesn't
allow user at domain1.com to access the mailbox user at domain2.com even if
there is an ACL permitting it.
When i attempt to LIST available mailboxes for user at domain1.com i
doesn't see any user at domain2.com mailbox.

So my approach in "blind patching" the cyrus 2.2 sources doesn't seems
to work.

I would like to have cross-domain ACL implemented and would be able to
provide financing to implement such feature in the mainstream cyrus
source code.

I also would be able to see not only the "user part" of a shared mailbox
but also the @domain.com part while listing and accessing it.

Regards

Fabio Pietrosanti

-------------- next part --------------
diff -upr cyrus-imapd-2.2.12.orig/imap/mboxlist.c cyrus-imapd-2.2.12/imap/mboxlist.c
--- cyrus-imapd-2.2.12.orig/imap/mboxlist.c	2004-07-26 20:08:03.000000000 +0200
+++ cyrus-imapd-2.2.12/imap/mboxlist.c	2006-05-05 22:27:58.000000000 +0200
@@ -1482,7 +1482,9 @@ int mboxlist_setacl(const char *name, co
 		 (!domain && (!config_defdomain ||
 			      strcasecmp(config_defdomain, cp+1))))) {
 		/* can't set cross-domain ACLs */
+/* Kolab cross-domain use
 		return IMAP_INVALID_IDENTIFIER;
+*/
 	    }
 	    if ((config_defdomain && !strcasecmp(config_defdomain, cp+1)) ||
 		!strcmp(identifier, "anonymous") ||
@@ -1910,7 +1912,9 @@ int mboxlist_findall(struct namespace *n
 		if ((p-pattern != domainlen-1) ||
 		    strncmp(pattern, domain+1, domainlen-1)) {
 		    /* don't allow cross-domain access */
+/* Kolab cross-domain use
 		    return IMAP_MAILBOX_BADNAME;
+*/
 		}
 
 		pattern = p+1;
diff -upr cyrus-imapd-2.2.12.orig/imap/mboxname.c cyrus-imapd-2.2.12/imap/mboxname.c
--- cyrus-imapd-2.2.12.orig/imap/mboxname.c	2005-02-14 07:39:57.000000000 +0100
+++ cyrus-imapd-2.2.12/imap/mboxname.c	2006-05-05 22:27:00.000000000 +0200
@@ -135,7 +135,9 @@ static int mboxname_tointernal(struct na
 	    if (config_defdomain && !strcasecmp(config_defdomain, cp+1)) {
 		if (domainlen) {
 		    /* don't allow cross-domain access */
+/* Kolab cross-domain use
 		    return IMAP_MAILBOX_BADNAME;
+*/
 		}
 		/* don't prepend default domain */
 	    }
@@ -144,7 +146,9 @@ static int mboxname_tointernal(struct na
 		    (domainlen && strcasecmp(userid+userlen, cp))) {
 		    /* don't allow cross-domain access
 		       (except for global admin) */
+/* Kolab cross-domain use
 		    return IMAP_MAILBOX_BADNAME;
+*/
 		}
 		domainlen = strlen(cp+1)+1;
 		if (domainlen > MAX_MAILBOX_NAME) 
@@ -225,7 +229,9 @@ static int mboxname_tointernal_alt(struc
 	    if (config_defdomain && !strcasecmp(config_defdomain, cp+1)) {
 		if (domainlen) {
 		    /* don't allow cross-domain access */
+/* Kolab cross-domain use
 		    return IMAP_MAILBOX_BADNAME;
+*/
 		}
 		/* don't prepend default domain */
 	    }
@@ -234,7 +240,9 @@ static int mboxname_tointernal_alt(struc
 		    (domainlen && strcasecmp(userid+userlen, cp))) {
 		    /* don't allow cross-domain access 
 		       (except for global admin) */
+/* Kolab cross-domain use
 		    return IMAP_MAILBOX_BADNAME;
+*/
 		}
 		domainlen = strlen(cp+1)+1;
 		if (domainlen > MAX_MAILBOX_NAME)

More information about the Cyrus-devel mailing list