View Issue Details

IDProjectCategoryView StatusLast Update
0003780SOGoBackend Mailpublic2020-07-26 15:18
Reporterzhb Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
Summary0003780: SOGo cannot share a folder to all authenticated users
Description

Again, it's an iRedMail server, sharing an IMAP folder to some specific mail user works fine. e.g. logged as 'user@mydomain.com', share INBOX to 'other@mydomain.com', it works fine.

When you click the three-dot menu to share a folder, there's a entry called "Any Authenticated User", click it, and toggle on the access rights, click "Save". But no one can see this shared folder.

After checked the 'dovecot-acl' file under user's mailbox, it's obvious that SOGo generates wrong ACL.

  • The one generated by SOGO:

user=(null) akilprwts

  • The correct one should be:

anyone akilprwts

TagsNo tags attached.

Activities

mighty.duck

mighty.duck

2020-07-08 18:40

reporter   ~0014473

I can confirm this bug on Debian Buster.

Clicking the GUI as stated by the reporter (see 0.png) results in no shares. The permissions are stored correctly. But it creates a user called "(null)". If you logout and login the current user, you can confirm it in SOGo's GUI (see 00.png). But SOGo and Dovecot can't map that user correctly.

sudo doveadm acl get -u username@domain.tld INBOX
ID Global Rights
user=(null) lookup read
user=username@domain.tld admin create delete expunge insert lookup post read write write-deleted write-seen

A workaround for me is to set the ACL manually on Dovecot with:
sudo doveadm acl set -u username@domain.tld INBOX authenticated lookup read
sudo doveadm acl get -u username@domain.tld INBOX
ID Global Rights
authenticated lookup read
user=username@domain.tld admin create delete expunge insert lookup post read write write-deleted write-seen

All clients have the share now: Thunderbird, Outlook, mobile phone clients, even SOGo. But again when I login the user and go to the menu I can see, that SOGo can't map that special user "authenticated" to its own "any authenticated user" group (see 1.png).

Additional note: As stated by the reporter I can confirm that shares from user A to user B work correctly. Only the "any authenticated user" is not working.

Am I missing something? I'm pretty sure everything is cofigured correctly here.

00.png (14,345 bytes)   
00.png (14,345 bytes)   
1.png (33,843 bytes)   
1.png (33,843 bytes)   
0.png (102,514 bytes)   
0.png (102,514 bytes)   
francis

francis

2020-07-22 14:12

administrator   ~0014563

As defined in RFC 4314, SOGo will use the identifier anyone.

Is acl_anyone = allow set in the plugin section of your dovecot configuration?

zhb

zhb

2020-07-22 14:19

reporter   ~0014564

hi @francis,

In my first post, the problem is SOGo generates "user=(null)" instead of "anyone". Is it a SOGo bug?
I suppose it doesn't matter whether "acl_anyone = allow" is set in Dovecot? It's generating ACL rule, not testing the generated ACL rule. Am i right?

francis

francis

2020-07-22 14:22

administrator   ~0014565

Enable ImapDebugEnabled, remove the null user and give some rights to Any authenticated user. Check the logs for setacl.

zhb

zhb

2020-07-22 14:24

reporter   ~0014566

I don't have a testing environment right now, the issue was reported 4 years ago.
hi @mighty.duck, could you help test it and give us some feedback?

mighty.duck

mighty.duck

2020-07-24 08:32

reporter   ~0014572

hi @francis,

yes <code>acl_anyone = allow</code> is set in the configuration.

After enabling the debug mode I did what u mentioned. When opening the dialogue for the user rights it performs some imap commands. When I add the <i>Any authenticated user</i> entry the only thing in the log is <code>
Jul 24 10:22:26 sogod [2791]: 1.2.3.4, 1.2.3.5 "POST /SOGo/so/mighty.duck/Mail/0/folderINBOX/saveUserRights HTTP/1.1" 200 0/341 0.281 - - 0</code>

The log doesn't show more.

When I check the permissions on the mail server I see:
<code>sudo doveadm acl get -u mighty.duck@domain.tld INBOX
ID Global Rights
user=(null) admin create insert lookup post read write write-deleted write-seen</code>

So according to @zhb's statement it creates an user with empty id.

If you need more information feel free to ask. I would be glad to help and solve the problem.

francis

francis

2020-07-24 16:13

administrator   ~0014582

Make sure ImapDebugEnabled is set to YES and that you restarted sogod.

mighty.duck

mighty.duck

2020-07-26 15:15

reporter   ~0014588

Hi @francis, yes I'm pretty sure, I did it correctly....

Jul 24 10:13:37 sogod [823]: <0x0x55b19e92dcf0[WOWatchDog]> Terminating with SIGINT or SIGTERM
Jul 24 10:13:37 sogod [823]: <0x0x55b19eabbca0[WOWatchDogChild]> sending terminate signal to pid 827
Jul 24 10:13:37 sogod [823]: <0x0x55b19eaf8db0[WOWatchDogChild]> sending terminate signal to pid 826
Jul 24 10:13:37 sogod [823]: <0x0x55b19ea02af0[WOWatchDogChild]> sending terminate signal to pid 825
Jul 24 10:13:38 sogod [823]: <0x0x55b19e92dcf0[WOWatchDog]> Terminating with SIGINT or SIGTERM
Jul 24 10:13:38 sogod [823]: <0x0x55b19e92dcf0[WOWatchDog]> Terminating with SIGINT or SIGTERM
Jul 24 10:13:39 sogod [823]: <0x0x55b19e92dcf0[WOWatchDog]> Terminating with SIGINT or SIGTERM
Jul 24 10:13:39 sogod [823]: <0x0x55b19e92dcf0[WOWatchDog]> Terminating with SIGINT or SIGTERM
Jul 24 10:13:40 sogod [823]: <0x0x55b19e92dcf0[WOWatchDog]> Terminating with SIGINT or SIGTERM
Jul 24 10:13:40 sogod [823]: <0x0x55b19e92dcf0[WOWatchDog]> Terminating with SIGINT or SIGTERM
Jul 24 10:13:41 sogod [823]: <0x0x55b19e92dcf0[WOWatchDog]> Terminating with SIGINT or SIGTERM
Jul 24 10:13:41 sogod [823]: <0x0x55b19e92dcf0[WOWatchDog]> Terminating with SIGINT or SIGTERM
Jul 24 10:13:42 sogod [823]: <0x0x55b19e92dcf0[WOWatchDog]> Terminating with SIGINT or SIGTERM
Jul 24 10:13:42 sogod [823]: <0x0x55b19e92dcf0[WOWatchDog]> Terminating with SIGINT or SIGTERM
Jul 24 10:13:42 sogod [823]: <0x0x55b19eabbca0[WOWatchDogChild]> child 827 exited
Jul 24 10:13:42 sogod [823]: <0x0x55b19e92dcf0[WOWatchDog]> Terminating with SIGINT or SIGTERM
Jul 24 10:13:42 sogod [823]: <0x0x55b19e92dcf0[WOWatchDog]> Terminating with SIGINT or SIGTERM
Jul 24 10:13:42 sogod [823]: <0x0x55b19e92dcf0[WOWatchDog]> Terminating with SIGINT or SIGTERM
Jul 24 10:13:42 sogod [823]: <0x0x55b19ea02af0[WOWatchDogChild]> child 825 exited
Jul 24 10:13:42 sogod [823]: <0x0x55b19eaf8db0[WOWatchDogChild]> child 826 exited
Jul 24 10:13:42 sogod [823]: <0x0x55b19e92dcf0[WOWatchDog]> all children exited. We now terminate.
Jul 24 10:13:42 sogod [2787]: version 4.0.7 -- starting
Jul 24 10:13:42 sogod [2787]: version 4.0.7 -- starting
Jul 24 10:13:42 sogod [2787]: vmem size check enabled: shutting down app when vmem > 384 MB. Currently at 83 MB
Jul 24 10:13:42 sogod [2787]: <0x0x5623215d5cd0[SOGoProductLoader]> SOGo products loaded from '/usr/lib/GNUstep/SOGo':
Jul 24 10:13:42 sogod [2787]: <0x0x5623215d5cd0[SOGoProductLoader]> Mailer.SOGo, MailPartViewers.SOGo, CommonUI.SOGo, PreferencesUI.SOGo, ContactsUI.SOGo, AdministrationUI.SOGo, MainUI.SOGo, MailerUI.SOGo, Sc$
Jul 24 10:13:42 sogod [2787]: All products loaded - current memory usage at 93 MB
Jul 24 10:13:42 sogod [2787]: <0x0x56232161ddb0[WOWatchDog]> listening on 127.0.0.1:20000
Jul 24 10:13:42 sogod [2787]: <0x0x56232161ddb0[WOWatchDog]> watchdog process pid: 2787
Jul 24 10:13:42 sogod [2787]: <0x0x7f55a0668200[WOWatchDogChild]> watchdog request timeout set to 10 minutes
Jul 24 10:13:42 sogod [2787]: <0x0x56232161ddb0[WOWatchDog]> preparing 3 children
Jul 24 10:13:42 sogod [2787]: <0x0x56232161ddb0[WOWatchDog]> child spawned with pid 2789
Jul 24 10:13:42 sogod [2787]: <0x0x56232161ddb0[WOWatchDog]> child spawned with pid 2790
Jul 24 10:13:42 sogod [2787]: <0x0x56232161ddb0[WOWatchDog]> child spawned with pid 2791
Jul 24 10:13:43 sogod [2790]: <0x0x5623214867e0[WOHttpAdaptor]> notified the watchdog that we are ready
Jul 24 10:13:43 sogod [2791]: <0x0x562321486c70[WOHttpAdaptor]> notified the watchdog that we are ready
Jul 24 10:13:43 sogod [2789]: <0x0x562321488d60[WOHttpAdaptor]> notified the watchdog that we are ready
Jul 24 10:15:03 sogod [2789]: <0x0x56232194d940[SOGoCache]> Cache cleanup interval set every 300.000000 seconds
Jul 24 10:15:03 sogod [2789]: <0x0x56232194d940[SOGoCache]> Using host(s) 'localhost' as server(s)

Jul 24 10:15:12 sogod [2791]: 1.2.3.4, 1.2.3.5 "GET /SOGo/so/mighty.duck/Mail/0/view HTTP/1.1" 200 1274/0 0.436 - - 4M
S[0x5623219f2ba0]: OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN] Dovecot (Debian) ready.
C[0x5623219ec890]: 1 login "mighty.duck@domain.tld" "MIGHTYPASSWORD"
S[0x5623219f2ba0]: 1 OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAME$
C[0x5623219ec890]: 2 capability
S[0x5623219f2ba0]:
CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPAC$
S[0x5623219f2ba0]: 2 OK Capability completed (0.001 + 0.043 + 0.042 secs).
C[0x5623219ec890]: 3 ID ("x-originating-ip" "10.10.70.97, 10.10.70.9")
S[0x5623219f2ba0]: ID ("name" "Dovecot")
S[0x5623219f2ba0]: 3 OK ID completed (0.001 + 0.044 + 0.043 secs).
C[0x5623219ec890]: 4 namespace
S[0x5623219f2ba0]:
NAMESPACE (("" "/")) (("shared/" "/")) NIL
S[0x5623219f2ba0]: 4 OK Namespace completed (0.001 + 0.044 + 0.043 secs).
C[0x5623219ec890]: 5 LIST "" ""
S[0x5623219f2ba0]: LIST (\Noselect) "/" ""
S[0x5623219f2ba0]: 5 OK List completed (0.001 + 0.044 + 0.043 secs).
C[0x5623219ec890]: 6 LIST "" "
"
S[0x5623219f2ba0]: LIST (\HasNoChildren \UnMarked) "/" Archives
S[0x5623219f2ba0]:
LIST (\HasNoChildren \Sent) "/" Sent
S[0x5623219f2ba0]: LIST (\HasChildren \UnMarked) "/" Versicherung
S[0x5623219f2ba0]:
LIST (\HasNoChildren \UnMarked) "/" Versicherung/Einbruchdiebstahl
S[0x5623219f2ba0]: LIST (\HasNoChildren \UnMarked \Junk) "/" Junk
S[0x5623219f2ba0]:
LIST (\HasNoChildren \Trash) "/" Trash
S[0x5623219f2ba0]: LIST (\HasNoChildren \Drafts) "/" Drafts
S[0x5623219f2ba0]:
LIST (\HasNoChildren) "/" INBOX
S[0x5623219f2ba0]: 6 OK List completed (0.001 + 0.042 + 0.042 secs).
C[0x5623219ec890]: 7 LIST "" "shared/"
S[0x5623219f2ba0]: 7 OK List completed (0.001 + 0.043 + 0.042 secs).
C[0x5623219ec890]: 8 logout
S[0x5623219f2ba0]:
BYE Logging out

mighty.duck

mighty.duck

2020-07-26 15:18

reporter   ~0014589

That's why I can confirm that after saving the coressponding rights. This is the only thing, what appears in the log:
Jul 24 10:22:26 sogod [2791]: 1.2.3.4, 1.2.3.5 "POST /SOGo/so/mighty.duck/Mail/0/folderINBOX/saveUserRights HTTP/1.1" 200 0/341 0.281 - - 0

That's all! There are no IMAP commands, that follow this log.

Issue History

Date Modified Username Field Change
2016-07-26 10:49 zhb New Issue
2020-07-08 18:40 mighty.duck File Added: 00.png
2020-07-08 18:40 mighty.duck File Added: 1.png
2020-07-08 18:40 mighty.duck File Added: 0.png
2020-07-08 18:40 mighty.duck Note Added: 0014473
2020-07-22 14:12 francis Note Added: 0014563
2020-07-22 14:19 zhb Note Added: 0014564
2020-07-22 14:22 francis Note Added: 0014565
2020-07-22 14:24 zhb Note Added: 0014566
2020-07-24 08:32 mighty.duck Note Added: 0014572
2020-07-24 16:13 francis Note Added: 0014582
2020-07-26 15:15 mighty.duck Note Added: 0014588
2020-07-26 15:18 mighty.duck Note Added: 0014589