6.0.0-git
2019-04-21

[#9058] IMP ACL - ACL capability may not be available until after login.
Summary IMP ACL - ACL capability may not be available until after login.
Queue IMP
Queue Version 4.3.8
Type Bug
State Resolved
Priority 3. High
Owners slusarz (at) horde (dot) org
Requester robert (at) schetterer (dot) org
Created 2010-05-26 (3252 days ago)
Due
Updated 2010-10-19 (3106 days ago)
Assigned 2010-07-28 (3189 days ago)
Resolved 2010-07-28 (3189 days ago)
Milestone
Patch No

History
2010-10-19 18:04:57 Michael Slusarz Comment #32 Reply to this comment
Ok i found the bug,
a folder named test-1 must be quoted
See Bug #9299
2010-10-13 13:29:18 robert (at) schetterer (dot) org Comment #31 Reply to this comment
Hi,
tested the your diff from git(cvs)
it works now, but my tests show that acls of folders named i.e with -
like test-1 etc cant be displayed, not sure if it ever worked, any idea?
Regards
Ok i found the bug,
a folder named test-1 must be quoted
( whatever ist the problem to quote all folders ? )

the workaround (problem ) is
in rfc2086.php

the preg_match \W is not save ( save here means working or not ) to 
use in any setup cause it depends to the servers config
therefor it should be avoided ( google for that )


[^A-Za-z0-9] should match any symbol not a letter or number
so it might be a workaround

i am no php hacker and i dont know if these brakes other functions or 
security anyway
but it should not be a big thing for horde coders to review and fix this bug
so the ticket is definite not resolved yet ( unless it has no or minor 
connect to the starting bug thread )



/**
      * Attempts to retrieve the existing ACL for a folder from the current
      * IMAP server.
      *
      * NB: if Auth_SASL is not installed this function will send the users
      * password to the IMAP server as plain text!!
      *
      * @param string folder  The folder to get the ACL for.
      *
      * @return array  A hash containing information on the ACL.
      * <pre>
      * Array (
      *   user => Array (
      *     right => 1
      *   )
      * )
      * </pre>
      */
     function getACL($folder)
     {
         /* Quote the folder string if it contains non alpha-numeric
            characters. */

   //  if (preg_match('/\W/',$folder)) {
         if (preg_match('[^A-Za-z0-9]',$folder)) {

          $folder = '"' . $folder . '"';
        }


2010-10-12 15:23:34 robert (at) schetterer (dot) org Comment #30 Reply to this comment
Hi,
tested the your diff from git(cvs)
it works now, but my tests show that acls of folders named i.e with -
like test-1 etc cant be displayed, not sure if it ever worked, any idea?
Regards
2010-10-07 11:31:41 software-horde (at) interfasys (dot) ch Comment #29 Reply to this comment
Thank you!
The '&' characters are missing from this URL. The correct URL is:

http://cvs.horde.org/diff.php/framework/IMAP/IMAP/ACL/Attic/rfc2086.php?rt=horde&r1=1.6.8.25&r2=1.6.8.26&ty=u

This started happening somewhere around the end of August. Since 
then, all links for CVS have their '&' stripped.
2010-10-07 11:30:23 arjen+horde (at) de-korte (dot) org Comment #28 Reply to this comment
This URL doesn't resolve for some reason
Changes have been made in CVS for this ticket:

Bug: 9058
Catch untagged responses after login and discard.
http://cvs.horde.org/diff.php/framework/IMAP/IMAP/ACL/Attic/rfc2086.php?rt=horder1=1.6.8.25r2=1.6.8.26ty=u
The '&' characters are missing from this URL. The correct URL is:

http://cvs.horde.org/diff.php/framework/IMAP/IMAP/ACL/Attic/rfc2086.php?rt=horde&r1=1.6.8.25&r2=1.6.8.26&ty=u

This started happening somewhere around the end of August. Since then, 
all links for CVS have their '&' stripped.
2010-10-07 11:20:40 software-horde (at) interfasys (dot) ch Comment #27 Reply to this comment
This URL doesn't resolve for some reason
Changes have been made in CVS for this ticket:

Bug: 9058
Catch untagged responses after login and discard.
http://cvs.horde.org/diff.php/framework/IMAP/IMAP/ACL/Attic/rfc2086.php?rt=horder1=1.6.8.25r2=1.6.8.26ty=u
2010-10-07 08:00:36 Michael Slusarz Comment #26
Summary ⇒ IMP ACL - ACL capability may not be available until after login.
Version ⇒ 4.3.8
Reply to this comment
Fixed in Horde 3.3.10.
2010-10-07 07:59:28 CVS Commit Comment #25 Reply to this comment
Changes have been made in CVS for this ticket:

Bug: 9058
Catch untagged responses after login and discard.
http://cvs.horde.org/diff.php/framework/IMAP/IMAP/ACL/Attic/rfc2086.php?rt=horder1=1.6.8.25r2=1.6.8.26ty=u
2010-10-06 06:48:10 robert (at) schetterer (dot) org Comment #24 Reply to this comment
I've tried this "fix" and it works. Horde can manage folder rights 
:). I didn't know it was able to do so.
yes but it should work without this ugly fix
2010-10-06 06:25:22 software-horde (at) interfasys (dot) ch Comment #23 Reply to this comment
I've tried this "fix" and it works. Horde can manage folder rights :). 
I didn't know it was able to do so.

[Show Quoted Text - 26 lines]
2010-10-06 05:58:18 software-horde (at) interfasys (dot) ch Comment #22 Reply to this comment
A bit more info.
ACLs have to be defined somewhere else since Horde doesn't support 
managing rights, but after having defined some rights in Thunderbird, 
the shared folder will automagically appear and it's possible to 
browse all shared folders.
There is no need to define any acl property in servers.php
2010-10-06 00:18:06 software-horde (at) interfasys (dot) ch Comment #21 Reply to this comment
I just wanted to confirm that things are working fine with the latest 
Horde Webmail Edition and Dovecot 2.0.5
2010-10-02 19:41:52 robert (at) schetterer (dot) org Comment #20 Reply to this comment

[Show Quoted Text - 18 lines]
i did this as temp workaround in rfc2086.php


        if (substr($this->_params['protocol'], 0, 4) != 'imap') {
             /* No point in going any further if it's not an IMAP server. */
//            $this->_error = PEAR::raiseError(_("Only IMAP servers 
support shared folders."));
             $this->_supported = true;
         }

         //else {
          //   $this->_caps = $this->_getCapability();
            // if (is_a($this->_caps, 'PEAR_Error')) {
              //   $this->_error = $this->_caps;
                // return;
             //}

             /* If we couldn't get the server's capability, assume ACL is
              * not supported for now. */
             $this->_supported = true;
         //}

as i have loadbalanced servers i will let stay the other install in 
orginal, so testing
is no Problem with the orginal code be easy switching servers
2010-10-02 18:46:04 robert (at) schetterer (dot) org Comment #19 Reply to this comment
This is not the correct way to fix.

And this code *does* work, because it has been tested by at least 
two different developers.  So the question is why is it not working 
on your system, and you are the only one in the position to help us 
out with that.
sorry i cant find something
in horde log , ( full error ph log is enabled ) but i will help to 
find out whats going wrong
describe how to debug the problem

acl imap work on my setup with thunderbird and acl extension
so its not a  server problem,the server entries were not changed at 
upgrade so the only logical solution
seems that the problem is on the client side
2010-10-01 19:15:31 Michael Slusarz Comment #18 Reply to this comment
This is not the correct way to fix.

And this code *does* work, because it has been tested by at least two 
different developers.  So the question is why is it not working on 
your system, and you are the only one in the position to help us out 
with that.
2010-10-01 09:23:34 robert (at) schetterer (dot) org Comment #17 Reply to this comment

[Show Quoted Text - 9 lines]
tested this dont work ,see timos and mine conversation about starting 
this bug and how to
manipulate capability,
horde 3.9 still does not report folder sharing, no debug logs what 
might happen apear
so i dont see this as resolved, guess your code is buggy and there is 
no workaround yet
so i might revert my horde install where my code workaround posted
did worked
http://comments.gmane.org/gmane.mail.imap.dovecot/47967


2010-10-01 07:27:10 robert (at) schetterer (dot) org Comment #16 Reply to this comment
Sorry, does not work at my setup, tested this with dovecot 2.03
Where in the code (framework/IMAP/IMAP/ACL/rfc2086.php) is it failing?
sorry i will have a look in horde log, perhaps i might find something 
there and report
I personally don't have the time to devote any more time to tracking 
this down, especially since this is not an issue in IMP 5 and because
no Problem installing imp5 from cvs unless it doesnt brake something
with the current horde stable code, after all i would install all from 
cvs , if there would be a good description how to do that ( cant find 
), or better way a snapshot release from cvs upcomming
horde groupware with imp5 horde 4 etc should be on the net, also would 
be good for testing
this can also be fixed easily at the dovecot level by simply adding 
the ACL capability strings to the capability returned by dovecot 
pre-auth.
i will ask Timo about that but my last info was that this is is selective
so you have to insert all capability  you want to use later
if that is still true , this is an ugly workaround, which might leads 
brake other stuff
if its enough to insert capability acl only in pre auth, its acceptable
as there might be other buggy clients around
do you have a link or mail with a description from Timo ( dovecot developer )
where he describes this expliciet way ?
2010-10-01 06:45:57 Michael Slusarz Comment #15 Reply to this comment
Sorry, does not work at my setup, tested this with dovecot 2.03
Where in the code (framework/IMAP/IMAP/ACL/rfc2086.php) is it failing?

I personally don't have the time to devote any more time to tracking 
this down, especially since this is not an issue in IMP 5 and because 
this can also be fixed easily at the dovecot level by simply adding 
the ACL capability strings to the capability returned by dovecot 
pre-auth.
2010-09-30 08:44:41 robert (at) schetterer (dot) org Comment #14 Reply to this comment
Works now, thanks.
Sorry, does not work at my setup, tested this with dovecot 2.03
and newest Webmail (imp)  H3 (4.3.8) by upgrade from yesterday stable release
i see you have changed the code but its not working
message is server does not support folder sharing, can you double check this ?
also by code change my workaround does not longer work
any hints how do a better debug or parameter may changed i have to set new?
additional info imap acl is working with thunderbird imap acl add_on
Regards
2010-07-28 21:09:45 Jan Schneider Comment #13
State ⇒ Resolved
Reply to this comment
Works now, thanks.
2010-07-28 17:44:11 CVS Commit Comment #12 Reply to this comment
Changes have been made in CVS for this ticket:

Make sure to always read the complete IMAP response, now that we re-use the
IMAP stream and don't close it after each operation (Bug #9058).
Still slow like hell.
http://cvs.horde.org/diff.php/framework/IMAP/IMAP/ACL/Attic/rfc2086.php?rt=horde&r1=1.6.8.23&r2=1.6.8.24&ty=u
2010-07-28 16:56:55 Michael Slusarz Comment #11 Reply to this comment
Those issues have now been fixed.  Fingers crossed.
2010-07-28 16:56:07 CVS Commit Comment #10 Reply to this comment
Changes have been made in CVS for this ticket:

Bug: 9058
Next back of variable fixups.
Fixing this old IMAP code makes my realize how grateful I am that we now have
a fully encapsulated, robust IMAP library.  No need to hack all this IMAP
connection stuff anymore.
http://cvs.horde.org/diff.php/framework/IMAP/IMAP/ACL/Attic/rfc2086.php?rt=horde&r1=1.6.8.22&r2=1.6.8.23&ty=u
2010-07-28 16:48:59 Jan Schneider Comment #9 Reply to this comment
Getting closer. There is still:

( ! ) Warning: Missing argument 1 for _getcapability() in 
/srv/www/htdocs/horde/framework/IMAP/IMAP/ACL/rfc2086.php on line 218
Call Stack
#        Time        Memory        Function        Location
1        0.0014        62520        {main}( )        ../prefs.php:0
2        0.2609        5651000        require( '/srv/www/htdocs/horde/imp/acl.php' 
)        ../prefs.php:57
3        0.2697        5915544        imp_imap_acl::singleton( )        ../acl.php:42
4        0.2698        5916096        imp_imap_acl::factory( )        ../ACL.php:82
5        0.2737        6048288        imp_imap_acl_rfc2086->imp_imap_acl_rfc2086( )        ../ACL.php:55
6        0.2737        6048376        imap_acl_rfc2086::imap_acl_rfc2086( )        ../rfc2086.php:46
7        0.2737        6049344        imp_imap_acl_rfc2086->_getcapability( )        ../rfc2086.php:77

( ! ) Notice: Undefined variable: txid in 
/srv/www/htdocs/horde/framework/IMAP/IMAP/ACL/rfc2086.php on line 478
Call Stack
#        Time        Memory        Function        Location
1        0.0014        62520        {main}( )        ../prefs.php:0
2        0.2609        5651000        require( '/srv/www/htdocs/horde/imp/acl.php' 
)        ../prefs.php:57
3        0.2697        5915544        imp_imap_acl::singleton( )        ../acl.php:42
4        0.2698        5916096        imp_imap_acl::factory( )        ../ACL.php:82
5        0.2737        6048288        imp_imap_acl_rfc2086->imp_imap_acl_rfc2086( )        ../ACL.php:55
6        0.2737        6048376        imap_acl_rfc2086::imap_acl_rfc2086( )        ../rfc2086.php:46
7        0.2737        6049344        imp_imap_acl_rfc2086->_getcapability( )        ../rfc2086.php:77
8        0.2744        6049424        imp_imap_acl_rfc2086->_internallogin( )        ../rfc2086.php:223

( ! ) Notice: Undefined variable: txid in 
/srv/www/htdocs/horde/framework/IMAP/IMAP/ACL/rfc2086.php on line 481
Call Stack
#        Time        Memory        Function        Location
1        0.0014        62520        {main}( )        ../prefs.php:0
2        0.2609        5651000        require( '/srv/www/htdocs/horde/imp/acl.php' 
)        ../prefs.php:57
3        0.2697        5915544        imp_imap_acl::singleton( )        ../acl.php:42
4        0.2698        5916096        imp_imap_acl::factory( )        ../ACL.php:82
5        0.2737        6048288        imp_imap_acl_rfc2086->imp_imap_acl_rfc2086( )        ../ACL.php:55
6        0.2737        6048376        imap_acl_rfc2086::imap_acl_rfc2086( )        ../rfc2086.php:46
7        0.2737        6049344        imp_imap_acl_rfc2086->_getcapability( )        ../rfc2086.php:77
8        0.2744        6049424        imp_imap_acl_rfc2086->_internallogin( )        ../rfc2086.php:223

( ! ) Notice: Undefined variable: login in 
/srv/www/htdocs/horde/framework/IMAP/IMAP/ACL/rfc2086.php on line 484
Call Stack
#        Time        Memory        Function        Location
1        0.0014        62520        {main}( )        ../prefs.php:0
2        0.2609        5651000        require( '/srv/www/htdocs/horde/imp/acl.php' 
)        ../prefs.php:57
3        0.2697        5915544        imp_imap_acl::singleton( )        ../acl.php:42
4        0.2698        5916096        imp_imap_acl::factory( )        ../ACL.php:82
5        0.2737        6048288        imp_imap_acl_rfc2086->imp_imap_acl_rfc2086( )        ../ACL.php:55
6        0.2737        6048376        imap_acl_rfc2086::imap_acl_rfc2086( )        ../rfc2086.php:46
7        0.2737        6049344        imp_imap_acl_rfc2086->_getcapability( )        ../rfc2086.php:77
8        0.2744        6049424        imp_imap_acl_rfc2086->_internallogin( )        ../rfc2086.php:223

2010-07-28 16:37:09 Michael Slusarz Comment #8
State ⇒ Feedback
Reply to this comment
Try this.  It for sure fixes the usage of $authMech and should fix the 
$folder issue.  Unfortunately, I have no way of testing on a live IMAP 
system though.
2010-07-28 16:36:17 CVS Commit Comment #7 Reply to this comment
2010-07-28 08:43:02 Jan Schneider Comment #6 Reply to this comment
Sorry, what I meant was that you moved code around to other methods 
with the patch, and now a bunch of variables are undefinded because 
that had only been defined in the old places, like $authMech, $folder.
2010-07-28 06:07:24 Michael Slusarz Comment #5 Reply to this comment
This change broke the ACL driver completely. Variables are not 
available anymore etc.
I really don't understand what this means re: variables not available.
2010-07-27 17:43:35 Jan Schneider Comment #4
State ⇒ Assigned
Priority ⇒ 3. High
Reply to this comment
This change broke the ACL driver completely. Variables are not 
available anymore etc.
2010-06-15 15:24:02 Jan Schneider State ⇒ Resolved
 
2010-06-03 18:12:18 Michael Slusarz Comment #3
Assigned to Michael Slusarz
State ⇒ Feedback
Priority ⇒ 1. Low
Reply to this comment
Try this.
2010-06-03 18:12:03 CVS Commit Comment #2 Reply to this comment
Changes have been made in CVS for this ticket:

Bug: 9058
Need to grab CAPABILITY string after login, since ACL does not need to be
broadcast pre-login.
http://cvs.horde.org/diff.php/framework/IMAP/Attic/package.xml?rt=horde&r1=1.17.8.4&r2=1.17.8.5&ty=u
http://cvs.horde.org/diff.php/framework/IMAP/IMAP/ACL/Attic/rfc2086.php?rt=horde&r1=1.6.8.20&r2=1.6.8.21&ty=u
2010-05-26 15:37:44 robert (at) schetterer (dot) org Comment #1
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 3. High
Summary ⇒ imp imap acl with comming dovecot2 version capability bug
Queue ⇒ IMP
Milestone ⇒
Patch ⇒ No
Reply to this comment
4.3.7: IMP H3 (4.3.7) Final does not work using comming dovecot version 2
using imap acls as tested

dovecot Timo Sirainen developer changed acl behavior, clients should be fixed

more info
http://dovecot.org/list/dovecot/2010-April/048147.html

slusarz@horde.org wrote


This works fine in IMP 5.  The problem with IMP 4 is that c-client 
doesn't support the CAPABILITY command so we have to use hackish ways 
to work around it.

You should open a ticket re: this issue on http://bugs.horde.org/


meanwhile as workaround i found

   horde/imp does a check which seems to get workarounded by

   horde/lib/Horde/IMAP/ACL/rfc2086.php

   if (substr($this- _params['protocol'], 0, 4) != 'imap') {
               /* No point in going any further if it's not an IMAP server. */
               $this- _error = PEAR::raiseError(_("Only IMAP servers
   support shared folders."));
               $this- _supported = false;
           } elseif (!isset($this- _caps['acl'])) {
               /* If we couldn't get the server's capability, we'll assume
   ACL is
                  not supported for now. */

   ----change---from---false---to---true

   $this- _supported = true;



           } else {
               $this- _supported = true;
           }

   the alternate workaround with dovecot
   is setting manual imap capability list
   didnt tested that yet

Saved Queries