cyradm and custom annotations

An old problem reared its ugly head again: Trying to set up mailbox folders in Cyrus imapd for a new Kolab user, the message “Permission denied” was the only result when trying to set the required annotations:

user@somehost:~ > cyradm --user cyrusadmin --auth plain mailhost
Password:
mailhost@company.com> mboxconfig user/username@company.com /vendor/kolab/folder-type mail
Permission denied

But after all, we’re using the Cyrus admin account. So what permission is it looking for?

That does ring a bell. It’s likely that we stumbled across that old problem of cyradm not knowing about custom annotations, rather than about missing permissions. And indeed, looking at “/usr/lib/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi/Cyrus/IMAP/Admin.pm” shows just the static list of annotations.

sub mboxconfig {
  my ($self, $mailbox, $entry, $value) = @_;

  my %values = ( "comment" => "/comment",
                 "condstore" => "/vendor/cmu/cyrus-imapd/condstore",
                 "expire" => "/vendor/cmu/cyrus-imapd/expire",
                 "news2mail" => "/vendor/cmu/cyrus-imapd/news2mail",
                 "sharedseen" => "/vendor/cmu/cyrus-imapd/sharedseen",
                 "sieve" => "/vendor/cmu/cyrus-imapd/sieve",
                 "squat" => "/vendor/cmu/cyrus-imapd/squat" );

  if(!$self->{support_annotatemore}) {
    $self->{error} = "Remote does not support ANNOTATEMORE.";
    return undef;
  }

  if(!exists($values{$entry})) {
    $self->{error} = "Unknown parameter $entry";
  }

  $entry = $values{$entry};
...

Now, there used to be a patch available from the Kolab team, permitting to set any annotation via cyradm (and any other Perl program using the Cyrus classes). But while I found enough references and even an old URL, the actual patch was no longer accessible. Looking at the Kolab wiki it appeared that the patch may have been merged into mainline in 2010, but neither does the code base (perl-Cyrus-IMAP-2.3.11-60.65.70.1) on the SLES server in question appear to support this feature, nor does the mentioned link lead anywhere else than to data Nirvana.

So what else could we do than hack a quick fix to get things rolling again? Since any specific annotation will likely start with a leading “/”, we simply made that piece of code responsible for parameter checking and -reassignment, conditional:

# diff Admin.pm.dist Admin.pm
799,803c799,804
<   if(!exists($values{$entry})) {
<     $self->{error} = "Unknown parameter $entry"; 
<   }
< 
<   $entry = $values{$entry};
---
>   # annotations starting with a "/" are already fully qualified
>   if($entry =~ /^[^\/].*/) {
>     if(!exists($values{$entry})) {
>       $self->{error} = "Unknown parameter $entry";
>     }
>     $entry = $values{$entry};
>   }

After starting a new instance of cyradm, setting the annotations worked like a charm.

This entry was posted in Horde, Kolab, Linux. Bookmark the permalink.

Leave a Reply