Two major patches just landed crossdomains and reversacls

Bron Gondwana brong at
Mon Nov 16 07:00:50 EST 2015

So this is what I've been working on for the past little bit, on and off - mostly in the last week - but I've been building the groundwork for ages.

1) cross domain support.  It's an option, if you turn it on then admin users don't see any change, but non-admin users see all user folders with a domain attached, and can look across domains.  Like this:

. login brong at foo

. list "" *
* LIST (\HasChildren) "/" INBOX
* LIST (\HasNoChildren) "/" INBOX/hello
* LIST (\HasNoChildren) "/" INBOX/sub
* LIST (\HasNoChildren) "/" user/brong at
* LIST (\HasNoChildren) "/" user/ellie at

That's in the regular namespace - it's the same in the altnamespace, the domain is attached after the username.  EVERYONE has a domain, if they're in defaultdomain, that gets added too.

2) reverseacls.  It's optional too, but only kinda.  ctl_cyrusdb checks the option at startup and flicks the actual switch, which is a key called '$RACL' in mailboxes.db.  Mailboxes.db now skips any key starting with $.  All the actual reverse ACLs are subkeys of $RACL$ - read the commit message or code for the gory details.

At the moment they don't support groups or the anyone ACL, sorry.  I have a plan for supporting groups, but I need to understand more about how they're implemented in krb5 and ptsloader first.


These come with a couple of Cassandane tests as well :)



  Bron Gondwana
  brong at

More information about the Cyrus-devel mailing list