sieve addflag/setflag for \seen flag doesn't work with keep/implicit keep

Ken Murchison murch at andrew.cmu.edu
Wed May 14 11:16:58 EDT 2008


Sorry for the delay in looking into this.  I looked at the code, and 
finally realized why it was written in the way that it was:

- For fileinto, we use the credentials of the script owner when 
delivering to the mailbox and optionally setting IMAP flags.  We know 
that the script owner has explicitly told us what mailbox to deliver to 
and with which flags.  Of course, the script owner must still have the 
appropriate ACL.

- For keep, we use the credentials of the LMTP authenticated/authorized 
user (if any).  We treat keep no different than a regular LMTP delivery 
where no sieve script is executed.  Yes, an explicit keep is a result of 
a sieve script, but since the destination mailbox was not explicitly 
provided by the script owner, how is the script engine supposed to know 
if the recipient wants some anonymous user to be able to deliver to the 
mailbox and optionally set IMAP flags on messages?  If the ACL is set 
accordingly for a particular auth'd sender (or anonymous), then the 
message can be delivered and possibly have flags set.

If anyone has any thoughts on how to improve on this without creating a 
security hole, I'm all ears.


Rob Mueller wrote:
> The whole mailbox/append code leaves me a bit lost, but I've tracked 
> down the general area of the problem, Ken maybe you can work out what 
> the right fix is, I don't think it's hard.
> 
> sieve_fileinto() does the following:
> 
> 1. cast void * sc -> script_data_t *sd
> 2. pass "sd->username" as the "authuser" param to deliver_mailbox()
> 3. deliver_mailbox() calls append_setup() with "authuser" as the 
> "userid" param
> 4. append_setup() copys the "userid" parameter into the 
> "appendstate.userid" struct area
> 5. during append_commit() "appendstate.userid" is used as the username 
> to add the seen flag to
> 
> That all works fine.
> 
> However, sieve_keep() does the following:
> 
> 1. cast void *mc -> deliver_data_t *mydata
> 2. pass "mydata" as the "mydata" param to deliver_local()
> 3. deliver_local() calls deliver_mailbox(), with "mydata->authuser" as 
> the "userid" param
> 
> The value in mydata->authuser is not the username, in fact they're empty:
> 
> (gdb) p *mydata
> $29 = { ..., authuser = 0x0, authstate = 0x0}
> 
> This means the seen flag never gets stored correctly if you're using 
> keep or the implicit keep, you have to use fileinto.
> 
> I'm not sure of the best way of fixing this. I can see the obvious 
> solution (in sieve_keep, cast void * sc -> script_data_t *sd, and copy 
> authuser and authstate sd to mydata), but that doesn't feel right to me.
> 
> Ken, do you know what the right solution is here?
> 
> Rob
> 
> 


-- 
Kenneth Murchison
Systems Programmer
Project Cyrus Developer/Maintainer
Carnegie Mellon University


More information about the Cyrus-devel mailing list