#! /bin/sh /usr/share/dpatch/dpatch-run
## 0002-allow_invalid_id_acl_removal.dpatch by Sven Mueller <debian@incase.de>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Upstream: Allow removal of invalid ID ACLs

@DPATCH@
diff -urNad cyrus-imapd-2.2.13/lib/acl_afs.c cyrus-imapd-2.2.13/lib/acl_afs.c
--- cyrus-imapd-2.2.13/lib/acl_afs.c	2005-03-12 23:09:22.000000000 +0100
+++ cyrus-imapd-2.2.13/lib/acl_afs.c	2006-05-03 15:27:47.049193574 +0200
@@ -114,6 +114,7 @@
 cyrus_acl_canonproc_t *canonproc;
 void *canonrock;
 {
+    const char *canonid;
     char *newidentifier = 0;
     char *newacl;
     char *thisid, *nextid;
@@ -122,9 +123,14 @@
 
     /* Convert 'identifier' into canonical form */
     if (*identifier == '-') {
-	char *canonid = auth_canonifyid(identifier+1, 0);
+	canonid = auth_canonifyid(identifier+1, 0);
 	if (!canonid) {
-	    return -1;
+	    if (access != 0L) {
+		return -1;
+	    } else {
+		/* trying to delete invalid/non-existent identifier */
+		canonid = identifier+1;
+	    }
 	}
 	newidentifier = xmalloc(strlen(canonid)+2);
 	newidentifier[0] = '-';
@@ -135,9 +141,13 @@
 	}
     }
     else {
-	identifier = auth_canonifyid(identifier, 0);
-	if (!identifier) {
+	canonid = auth_canonifyid(identifier, 0);
+	if (canonid) {
+	    identifier = canonid;
+	} else if (access != 0L) {
 	    return -1;
+	} else {
+	    /* trying to delete invalid/non-existent identifier */
 	}
 	if (canonproc) {
 	    access = canonproc(canonrock, identifier, access);