On Mon, 2008-09-08 at 15:14 +0200, Matvey Soloviev wrote: > Hello, > > I am working on implementing support for the RFC4314 ACL management commands > and responses in the ACL plugin included with dovecot 1.1.2.
Sounds great. :) Did you also notice my "Initial support for shared mailboxes" message from yesterday? > (I verified the > error persists with 1.1.3 though.) While the described objective is still in > the works, I have stumbled upon what I believe to be a critical issue with > the handling of negative rights in the present ACL plugin - to be precise, > the cache component of it handles them in the exact same way as it does > positive rights, thus granting rather than retracting the individual > privileges. I think the ACL plugin has currently been used only for some very basic configurations and it's not very well tested. I guess test cases would be nice, but the framework for easily doing that is still missing. Once you've implemented support for the IMAP ACL commands I could add test cases to imaptest (http://imapwiki.org/ImapTest). > To fix this, go to src/plugins/acl/acl-cache.c:391. The line and the one > following it should read > p[j] |= > obj_cache->my_neg_rights[i]->mask[j]; > Replace that to read > p[j] &= > ~obj_cache->my_neg_rights[i]->mask[j]; Thanks, fixed in v1.[012] code trees.
signature.asc
Description: This is a digitally signed message part
