From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Wed, 15 Jan 2020 13:46:47 +0000 (+0200)
Subject: acl: Fix accessing attributes when mailbox had no READ rights
X-Git-Tag: 2.3.10~124
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5f5aaa7c3d98ae3f9f053f0bb681063d4059136c;p=thirdparty%2Fdovecot%2Fcore.git

acl: Fix accessing attributes when mailbox had no READ rights

It's enough to have one of the other rights.
---

diff --git a/src/plugins/acl/acl-mailbox.c b/src/plugins/acl/acl-mailbox.c
index 0d3774876a..781dcc3992 100644
--- a/src/plugins/acl/acl-mailbox.c
+++ b/src/plugins/acl/acl-mailbox.c
@@ -534,6 +534,10 @@ static int acl_mailbox_open_check_acl(struct mailbox *box)
 			ACL_STORAGE_RIGHT_POST : ACL_STORAGE_RIGHT_INSERT;
 	} else if (box->deleting) {
 		open_right = ACL_STORAGE_RIGHT_DELETE;
+	} else if ((box->flags & MAILBOX_FLAG_ATTRIBUTE_SESSION) != 0) {
+		/* GETMETADATA/SETMETADATA requires "l" right and another one
+		   which is checked afterwards. */
+		open_right = ACL_STORAGE_RIGHT_LOOKUP;
 	} else {
 		open_right = ACL_STORAGE_RIGHT_READ;
 	}
@@ -554,6 +558,10 @@ static int acl_mailbox_open_check_acl(struct mailbox *box)
 		if (ret == 0)
 			abox->no_read_right = TRUE;
 	}
+	if ((box->flags & MAILBOX_FLAG_ATTRIBUTE_SESSION) != 0) {
+		if (!acl_mailbox_have_extra_attribute_rights(box))
+			return -1;
+	}
 	return 0;
 }