This is a security issue that allowed a user to read the number
of messages and its subjects when it does not have any permission to read.
Now the user cannot see other's folder without asking for me to the owner.
Instead of asking general container. This gives the possibility to
perform the deletion depending on the data from the message, for instance,
the user creator.
As specified by [MS-OXCPERM] Section 3.2.5.2, the ModifyPermissions ROP
is only possible to users which have this right.
After this changeset, we check the active user can modify permission
list. This is a security fix.
Instead of using the connected active user.
Although this provides no changes in the result, it could be depending
on changes from the backend so it'd better have it accurated to what
the OpenChange DB API offers.
Instead of using connected active user because the fmids are related
to the root folder (context) owner. This avoids returning back incorrect
identifiers which mostly collide with already associated URLs.
This specifies a little the scope of the variable to make it
more realistic with the actual values it may have. We do have
a static typed compiled language, why don't we use it?
In RTF is possible to specify characters with the sequence \'XX being
XX an hexadecimal number.
With this changeset we guard against incorrect hexadecimal numbers which
will be ignored.
The other change added is to ignore carriadge returns in plain text.
In _getElement which match many properties and in both
PidLidAddressBookProviderEmailList and PidLidAddressBookProviderArrayType.
As it is specified in [MS-OXOCNTC] Section 2.2.1, each property
must be stored when the user needs it. So we can assume we can avoid
returning them if we don't have it.
This fix a Sync Issue which make it impossible to sync a contact
folder where some contact object does not any email. The sync issue
message is as follows:
Error synchronizing folder
[80070057-30FFFFFF-0-560]
By setting `SoIMAP4ExceptionsEnabled` config key to YES
Enabled for OpenChange by default, it will ensure no action is taken
when IMAP connection is not valid.
By restricting when FolderVisible right is set to the following rights:
* ReadAny
* EditAny
* DeleteAny
This goes beyond what specs says about when FolderVisible right is
mandatory but there is no more information stored in SOGo
(no possibility to set FolderVisible specific right)
See [MS-OXCPERM] Section 2.2.6 for more details
When Outlook sets the editor role, the FreeBusyDetailed and FreeBusySimple
right flags are set as Full Details are available.
When we store this information in SOGo, the SOGoCalendarRole_PublicModifier,
SOGoCalendarRole_PrivateModifier and SOGoCalendarRole_ConfidentialModifier
are stored as well as the free busy related roles, but as
[SOGoAppointmentFolder aclsForUser:forObjectAtPath] only returns the highest
access rights, we have to set as well the FreeBusy flags.
More details on [MS-OXCPERM] Section 2.2.6
If the event was created by the MAPI client, the client's time zone (if
present) is assigned to the event's calendar in iCalEvent+MAPIStore.
This way, we can use it to deliver the event's properties correctly.
According to [MS-OXCPERM] Section 2.2.7 in PidTagMemberRights possible
values, once we set the DeleteAny flag, the DeleteOwned flag must be set.
Likewise EditOwned must be set when EditAny is set. In this way,
the rights sent by the MAPI client are equal to the returned by the
server when Editor is set.
In real world practice, makes more strict Outlook 2013 work with editor permissions
the sharing of user's defined calendars, tasks or contacts folders as
the recipients can be editors of that folder.
All-day and recurrent events have a binary property that describes the
time zone they take place in. We were using the user's time zone in
the webmail, but it may not be equal to the one in the client. This
difference eventually leads to time shifts in events.
This change adapts the bias fields in the TimeZoneStruct and TZRule
structures to the changes in openchange that allow this offsets to be
negative (zentyal/openchange bba372faea29d942b9471e6bed90bf425dc4b231)
The method computes the date of a SYSTEMTIME structure, in which the day
within the month is given by the Nth occurrence of a weekday (see
[MS-OXOCAL] 2.2.1.39).
For example, if the SMTP is down, then the message is not sent and
an error is returned. We returned back this error code to be managed
by upper layer.
To be able to search in this for every kind of operator.
As we cannot do a migration, we have to add a new key to the property
dictionary (@"version_number") which stores the version:
version = exchange_globcnt(CN >> 16)
Instead of the CN structure which is stored in @"version" key.
This way we can do searches for CN to download only missing data from the
given state of the client for this kind of messages.
It was using NSNumber in versions Dictionary for GCSMessages but it is
stored as the NSString representation (0x390300000000001), so the lookup
has always failed.
By ignoring <, =< and = operators and simplifying the following
request:
MODSEQ >= x || MODSEQ >= y || MODSEQ >= z --> MODSEQ >= min(x, y, z)
This hack will reduce the number of current retrieved UID keys
from the IMAP server. Current status is to retrieve everything when
the multiple CN restriction is sent as the required restriction
is too complex and it is not defined by the IMAP spec.
The proper implementation for:
CN > x_1 & CN < x_2 | CN > y_1 & CN < y_2 | CN > z_1
It will be something like this:
set(MODSEQ >= x_1 + 1) - set(MODSEQ >= x_2)
U
set(MODSEQ >= y_1 + 1) - set(MODSEQ >= y_2)
U
set(MODSEQ >= z_1)
Assuming x_1 <= x_2 <= y_1 <= y_2 <= z_1.
