2.3.14: posting to shared mailbox results in 550 Permission denied

Simon Matter simon.matter at invoca.ch
Thu May 28 10:09:47 EDT 2009


> On Thu, May 28, 2009 at 03:23:13PM +0200, Simon Matter wrote:
>> Hi Bron,
>>
>> I tried to find out more but with no success. Here is what works and
>> what
>> not:
>>
>> x86_64 works OK:
>> localhost.localdomain> lam system
>> group:leitung lrswipkte
>> simat lrswipcda
>> gamat lrswipcda
>> anonymous p
>>
>> i386 does NOT work:
>> localhost.localdomain> lam system
>> anonymous p
>> anyone lrs
>>
>> i386 works OK:
>> localhost.localdomain> lam system
>> anyone lrsp
>
> Ooh.  The difference being that the 'p' is on anyone.
>
> Looks like maybe LMTP isn't being considered "anonymous" on
> the middle host.  Would fit with it looking like it thinks
> it's dealing with user "system" in your original error message.

Well, from what I understand the call to verify_user() is done to check
whether mailbox "system" exists.

>
> I'm suspecting the target address is being parsed differently
> somehow between the two releases.

So far I tried to insert some debug lines so I can see what the difference
is. Note, i'm always using the same i386 box only difference is that I
change the lmtpd binary to see where it does something different.

So far I found the following:

verify_user() is called the same way, at least the ACL string is the same
then append_check() is called, which now calls mailbox_open_header().
Here, the mailbox struct gets filled but somehow myrights has a different
value.
Back in append_check() the lines below result in the permission denied:
    if ((m.myrights & aclcheck) != aclcheck) {
        r = (m.myrights & ACL_LOOKUP) ?
          IMAP_PERMISSION_DENIED : IMAP_MAILBOX_NONEXISTENT;

With 2.3.13 we have
aclcheck: 32 myrights: 39

With 2.3.14 we have
aclcheck: 32 myrights: 7

There was either a change in permission calculation or it has something to
do with data types, which could be the reason why the same version seems
to  do fine on 64bit but not on 32bit.

Simon



More information about the Info-cyrus mailing list