Can't SELECT mailbox as admin on frontend (Murder)

[Etienne Goyer]

On Wed, Dec 17, 2003 at 05:43:26PM -0500, Rob Siemborski wrote:
> On Wed, 17 Dec 2003, Etienne Goyer wrote:
> You lose many of the privs of being an 'admin' when you are being proxied.
> (namely, the ones that don't come directly from an ACL).
> 
> This behavior originated from the belief that proxy users shouldn't be
> able to become admins.  It becomes less clear that this is actually the
> desired behavior to me all the time (and, indeed, the security benefits
> are marginal at best).

I can confirm that this is the case.  With imtest, I logged in as proxy
auth, admin user and can't SELECT user/mailbox.  When I log in with the
admin credentials, I can. 

What I need to do is merging user's account.  For that, I wanted to :

1. login on a frontend as mailadmin;

2. SELECT source mailbox

3. LIST submailbox

4. CREATE submailbox in destination mailbox

5. SEARCH messages

6. COPY messages to destination mailbox

Could you suggest a workaround, or some other way to achieve similar
result ?

> But this is likely the source of your problem.  If you want to do this,
> you can either patch cyrus to not make the isadmin/isproxyadmin
> distinction, or act like a referrals-capable client and follow the
> referral (e.g. issue an 'RLIST "" ""' before you issue the SELECT).

I am running 2.1.13. in another Murder, and it work there (proxy
authcid, admin authzid, SELECT user/mailbox).  So I suppose that this
change somewhere in 2.1.14 or 2.1.15 ?

Thanks for your nsights, I'll be looking at the source.

-- 
Etienne Goyer                    Linux Québec Technologies Inc.
http://www.LinuxQuebec.com       etienne.goyer at linuxquebec.com