|
|
I can confirm this bug on Debian Buster.
Clicking the GUI as stated by the reporter (see 0.png) results in no shares. The permissions are stored correctly. But it creates a user called "(null)". If you logout and login the current user, you can confirm it in SOGo's GUI (see 00.png). But SOGo and Dovecot can't map that user correctly.
sudo doveadm acl get -u username@domain.tld INBOX
ID Global Rights
user=(null) lookup read
user=username@domain.tld admin create delete expunge insert lookup post read write write-deleted write-seen
A workaround for me is to set the ACL manually on Dovecot with:
sudo doveadm acl set -u username@domain.tld INBOX authenticated lookup read
sudo doveadm acl get -u username@domain.tld INBOX
ID Global Rights
authenticated lookup read
user=username@domain.tld admin create delete expunge insert lookup post read write write-deleted write-seen
All clients have the share now: Thunderbird, Outlook, mobile phone clients, even SOGo. But again when I login the user and go to the menu I can see, that SOGo can't map that special user "authenticated" to its own "any authenticated user" group (see 1.png).
Additional note: As stated by the reporter I can confirm that shares from user A to user B work correctly. Only the "any authenticated user" is not working.
Am I missing something? I'm pretty sure everything is cofigured correctly here. |
|
|
|
As defined in RFC 4314, SOGo will use the identifier anyone.
Is acl_anyone = allow set in the plugin section of your dovecot configuration? |
|
|
|
hi @francis,
In my first post, the problem is SOGo generates "user=(null)" instead of "anyone". Is it a SOGo bug?
I suppose it doesn't matter whether "acl_anyone = allow" is set in Dovecot? It's generating ACL rule, not testing the generated ACL rule. Am i right? |
|
|
|
Enable ImapDebugEnabled, remove the null user and give some rights to Any authenticated user. Check the logs for setacl. |
|
|
|
I don't have a testing environment right now, the issue was reported 4 years ago.
hi @mighty.duck, could you help test it and give us some feedback? |
|
|
|
hi @francis,
yes <code>acl_anyone = allow</code> is set in the configuration.
After enabling the debug mode I did what u mentioned. When opening the dialogue for the user rights it performs some imap commands. When I add the <i>Any authenticated user</i> entry the only thing in the log is <code>
Jul 24 10:22:26 sogod [2791]: 1.2.3.4, 1.2.3.5 "POST /SOGo/so/mighty.duck/Mail/0/folderINBOX/saveUserRights HTTP/1.1" 200 0/341 0.281 - - 0</code>
The log doesn't show more.
When I check the permissions on the mail server I see:
<code>sudo doveadm acl get -u mighty.duck@domain.tld INBOX
ID Global Rights
user=(null) admin create insert lookup post read write write-deleted write-seen</code>
So according to @zhb's statement it creates an user with empty id.
If you need more information feel free to ask. I would be glad to help and solve the problem. |
|
|
|
Make sure ImapDebugEnabled is set to YES and that you restarted sogod. |
|
|
|
Hi @francis, yes I'm pretty sure, I did it correctly....
Jul 24 10:13:37 sogod [823]: <0x0x55b19e92dcf0[WOWatchDog]> Terminating with SIGINT or SIGTERM
Jul 24 10:13:37 sogod [823]: <0x0x55b19eabbca0[WOWatchDogChild]> sending terminate signal to pid 827
Jul 24 10:13:37 sogod [823]: <0x0x55b19eaf8db0[WOWatchDogChild]> sending terminate signal to pid 826
Jul 24 10:13:37 sogod [823]: <0x0x55b19ea02af0[WOWatchDogChild]> sending terminate signal to pid 825
Jul 24 10:13:38 sogod [823]: <0x0x55b19e92dcf0[WOWatchDog]> Terminating with SIGINT or SIGTERM
Jul 24 10:13:38 sogod [823]: <0x0x55b19e92dcf0[WOWatchDog]> Terminating with SIGINT or SIGTERM
Jul 24 10:13:39 sogod [823]: <0x0x55b19e92dcf0[WOWatchDog]> Terminating with SIGINT or SIGTERM
Jul 24 10:13:39 sogod [823]: <0x0x55b19e92dcf0[WOWatchDog]> Terminating with SIGINT or SIGTERM
Jul 24 10:13:40 sogod [823]: <0x0x55b19e92dcf0[WOWatchDog]> Terminating with SIGINT or SIGTERM
Jul 24 10:13:40 sogod [823]: <0x0x55b19e92dcf0[WOWatchDog]> Terminating with SIGINT or SIGTERM
Jul 24 10:13:41 sogod [823]: <0x0x55b19e92dcf0[WOWatchDog]> Terminating with SIGINT or SIGTERM
Jul 24 10:13:41 sogod [823]: <0x0x55b19e92dcf0[WOWatchDog]> Terminating with SIGINT or SIGTERM
Jul 24 10:13:42 sogod [823]: <0x0x55b19e92dcf0[WOWatchDog]> Terminating with SIGINT or SIGTERM
Jul 24 10:13:42 sogod [823]: <0x0x55b19e92dcf0[WOWatchDog]> Terminating with SIGINT or SIGTERM
Jul 24 10:13:42 sogod [823]: <0x0x55b19eabbca0[WOWatchDogChild]> child 827 exited
Jul 24 10:13:42 sogod [823]: <0x0x55b19e92dcf0[WOWatchDog]> Terminating with SIGINT or SIGTERM
Jul 24 10:13:42 sogod [823]: <0x0x55b19e92dcf0[WOWatchDog]> Terminating with SIGINT or SIGTERM
Jul 24 10:13:42 sogod [823]: <0x0x55b19e92dcf0[WOWatchDog]> Terminating with SIGINT or SIGTERM
Jul 24 10:13:42 sogod [823]: <0x0x55b19ea02af0[WOWatchDogChild]> child 825 exited
Jul 24 10:13:42 sogod [823]: <0x0x55b19eaf8db0[WOWatchDogChild]> child 826 exited
Jul 24 10:13:42 sogod [823]: <0x0x55b19e92dcf0[WOWatchDog]> all children exited. We now terminate.
Jul 24 10:13:42 sogod [2787]: version 4.0.7 -- starting
Jul 24 10:13:42 sogod [2787]: version 4.0.7 -- starting
Jul 24 10:13:42 sogod [2787]: vmem size check enabled: shutting down app when vmem > 384 MB. Currently at 83 MB
Jul 24 10:13:42 sogod [2787]: <0x0x5623215d5cd0[SOGoProductLoader]> SOGo products loaded from '/usr/lib/GNUstep/SOGo':
Jul 24 10:13:42 sogod [2787]: <0x0x5623215d5cd0[SOGoProductLoader]> Mailer.SOGo, MailPartViewers.SOGo, CommonUI.SOGo, PreferencesUI.SOGo, ContactsUI.SOGo, AdministrationUI.SOGo, MainUI.SOGo, MailerUI.SOGo, Sc$
Jul 24 10:13:42 sogod [2787]: All products loaded - current memory usage at 93 MB
Jul 24 10:13:42 sogod [2787]: <0x0x56232161ddb0[WOWatchDog]> listening on 127.0.0.1:20000
Jul 24 10:13:42 sogod [2787]: <0x0x56232161ddb0[WOWatchDog]> watchdog process pid: 2787
Jul 24 10:13:42 sogod [2787]: <0x0x7f55a0668200[WOWatchDogChild]> watchdog request timeout set to 10 minutes
Jul 24 10:13:42 sogod [2787]: <0x0x56232161ddb0[WOWatchDog]> preparing 3 children
Jul 24 10:13:42 sogod [2787]: <0x0x56232161ddb0[WOWatchDog]> child spawned with pid 2789
Jul 24 10:13:42 sogod [2787]: <0x0x56232161ddb0[WOWatchDog]> child spawned with pid 2790
Jul 24 10:13:42 sogod [2787]: <0x0x56232161ddb0[WOWatchDog]> child spawned with pid 2791
Jul 24 10:13:43 sogod [2790]: <0x0x5623214867e0[WOHttpAdaptor]> notified the watchdog that we are ready
Jul 24 10:13:43 sogod [2791]: <0x0x562321486c70[WOHttpAdaptor]> notified the watchdog that we are ready
Jul 24 10:13:43 sogod [2789]: <0x0x562321488d60[WOHttpAdaptor]> notified the watchdog that we are ready
Jul 24 10:15:03 sogod [2789]: <0x0x56232194d940[SOGoCache]> Cache cleanup interval set every 300.000000 seconds
Jul 24 10:15:03 sogod [2789]: <0x0x56232194d940[SOGoCache]> Using host(s) 'localhost' as server(s)
Jul 24 10:15:12 sogod [2791]: 1.2.3.4, 1.2.3.5 "GET /SOGo/so/mighty.duck/Mail/0/view HTTP/1.1" 200 1274/0 0.436 - - 4M
S[0x5623219f2ba0]: OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN] Dovecot (Debian) ready.
C[0x5623219ec890]: 1 login "mighty.duck@domain.tld" "MIGHTYPASSWORD"
S[0x5623219f2ba0]: 1 OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAME$
C[0x5623219ec890]: 2 capability
S[0x5623219f2ba0]: CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPAC$
S[0x5623219f2ba0]: 2 OK Capability completed (0.001 + 0.043 + 0.042 secs).
C[0x5623219ec890]: 3 ID ("x-originating-ip" "10.10.70.97, 10.10.70.9")
S[0x5623219f2ba0]: ID ("name" "Dovecot")
S[0x5623219f2ba0]: 3 OK ID completed (0.001 + 0.044 + 0.043 secs).
C[0x5623219ec890]: 4 namespace
S[0x5623219f2ba0]: NAMESPACE (("" "/")) (("shared/" "/")) NIL
S[0x5623219f2ba0]: 4 OK Namespace completed (0.001 + 0.044 + 0.043 secs).
C[0x5623219ec890]: 5 LIST "" ""
S[0x5623219f2ba0]: LIST (\Noselect) "/" ""
S[0x5623219f2ba0]: 5 OK List completed (0.001 + 0.044 + 0.043 secs).
C[0x5623219ec890]: 6 LIST "" ""
S[0x5623219f2ba0]: LIST (\HasNoChildren \UnMarked) "/" Archives
S[0x5623219f2ba0]: LIST (\HasNoChildren \Sent) "/" Sent
S[0x5623219f2ba0]: LIST (\HasChildren \UnMarked) "/" Versicherung
S[0x5623219f2ba0]: LIST (\HasNoChildren \UnMarked) "/" Versicherung/Einbruchdiebstahl
S[0x5623219f2ba0]: LIST (\HasNoChildren \UnMarked \Junk) "/" Junk
S[0x5623219f2ba0]: LIST (\HasNoChildren \Trash) "/" Trash
S[0x5623219f2ba0]: LIST (\HasNoChildren \Drafts) "/" Drafts
S[0x5623219f2ba0]: LIST (\HasNoChildren) "/" INBOX
S[0x5623219f2ba0]: 6 OK List completed (0.001 + 0.042 + 0.042 secs).
C[0x5623219ec890]: 7 LIST "" "shared/"
S[0x5623219f2ba0]: 7 OK List completed (0.001 + 0.043 + 0.042 secs).
C[0x5623219ec890]: 8 logout
S[0x5623219f2ba0]: BYE Logging out |
|
|
|
That's why I can confirm that after saving the coressponding rights. This is the only thing, what appears in the log:
Jul 24 10:22:26 sogod [2791]: 1.2.3.4, 1.2.3.5 "POST /SOGo/so/mighty.duck/Mail/0/folderINBOX/saveUserRights HTTP/1.1" 200 0/341 0.281 - - 0
That's all! There are no IMAP commands, that follow this log. |
|
