Affected version
pykolab 0.9.0.6-1~kolab1+1.2
Problem
When running the command
kolab acl-cleanup <some_subject>
the command fails with the exception:
Traceback (most recent call last): File "/usr/sbin/kolab", line 41, in <module> kolab = Cli() File "/usr/lib/python3/dist-packages/pykolab/cli/__init__.py", line 77, in __init__ commands.execute('_'.join(to_execute)) File "/usr/lib/python3/dist-packages/pykolab/cli/commands.py", line 135, in execute commands[cmd_name]['function'](conf.cli_args, kw) File "/usr/lib/python3/dist-packages/pykolab/cli/cmd_acl_cleanup.py", line 52, in execute acls = imap.list_acls(folder) File "/usr/lib/python3/dist-packages/pykolab/imap/__init__.py", line 1221, in list_acls return self.imap.lam(self.folder_utf7(folder)) File "/usr/lib/python3/dist-packages/cyruslib.py", line 764, in lam res, acl = self.__docommand("getacl", self.decode(mailbox)) File "/usr/lib/python3/dist-packages/cyruslib.py", line 580, in __docommand self.__doexception(function, msg[0], *args) File "/usr/lib/python3/dist-packages/cyruslib.py", line 548, in __doexception self.__doraise( function.upper(), msg ) File "/usr/lib/python3/dist-packages/cyruslib.py", line 557, in __doraise raise CYRUSError( idError[0], mode, msg ) cyruslib.CYRUSError: (30, 'GETACL', b'Mailbox does not exist')
Tracking down the issue revealed that the problematic mailbox contains special characters (in particular the letter "Ö":
2024-04-19 11:05:49,693 pykolab.imap DEBUG [19807] [GETACL "user/mailboxname/O&-ANY-@domain.name"] BAD: b'Mailbox does not exist'
Looking at the encoded mailbox name, it seems that the names is UTF7 encoded twice ("&-ANY-" instead of "&ANY-"). This originates from mixing commands from pykolab.imap that rely on UTF7 output with commands that rely on UTF8 input. Specifically on cmd_acl_cleanup.py:L49, imap.lm() is used with returns folder names in UTF7 encoding. These folder names are passed to imap_list_acls() on cmd_acl_cleanup.py:L52 which expects UTF8 input.
Possible solutions
- Replace cmd_acl_cleanup.py:L49 with imap.list_folders().
- While debugging, I found that there is already a method imap.cleanup_acls() (see here), which should likely be used instead of reimplementing this functionality in cmd_acl_cleanup.py.
Further discussion
After thinking about it for a while and reading the original cmd_acl_cleanup.py it seems to me that this CLI command was intended to be run without an aci_subject to find all dangling ACLs by querying the user list. Using option 2 above would not solve this. However, the original function also did not implement that part and works only if the aci_subject is provided.