[Tickets #11387] horde_alarms tries always to login as first admin user but with an empty password
bugs at horde.org
bugs at horde.org
Thu Aug 30 21:23:19 UTC 2012
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/11387
------------------------------------------------------------------------------
Ticket | 11387
Created By | peter.meier+horde at immerda.ch
Summary | horde_alarms tries always to login as first admin user
| but with an empty password
Queue | Horde Base
Version | 4.0.15
Type | Bug
State | Unconfirmed
Priority | 2. Medium
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
peter.meier+horde at immerda.ch (2012-08-30 21:23) wrote:
Each time horde_alarms runs by cron, it tries to login as the first
admin user, but with an empty, password. So we get tons of failed
logins in the logs, plus this might lead to locking the account by the
backend.
Example log entries:
2012-08-30T23:03:42+02:00 NOTICE: HORDE [imp] PHP ERROR: Undefined
index: password [pid 22832 on line 174 of
"/var/www/vhosts/horde.example.ch/pear/php/Horde/Imap/Client/Base.php"]
2012-08-30T23:03:44+02:00 ERR: HORDE [imp] Mail server denied
authentication. [pid 22832 on line 345 of
"/var/www/vhosts/horde.example.ch/www/imp/lib/Imap.php"]
2012-08-30T23:03:44+02:00 INFO: HORDE [imp] FAILED LOGIN for
foo at example.com (Horde user foo at example.com) [] to {localhost:143
[imap]} [pid 22832 on line 176 of
"/var/www/vhosts/horde.example.ch/www/imp/lib/Auth.php"]
2012-08-30T23:03:46+02:00 ERR: HORDE [imp] Mail server denied
authentication. [pid 22832 on line 345 of
"/var/www/vhosts/horde.example.ch/www/imp/lib/Imap.php"]
2012-08-30T23:03:46+02:00 INFO: HORDE [imp] FAILED LOGIN for
foo at example.com (Horde user foo at example.com) [] to {localhost:143
[imap]} [pid 22832 on line 176 of
"/var/www/vhosts/horde.example.ch/www/imp/lib/Auth.php"]
If we check in /var/www/vhosts/horde.example.ch/www/imp/lib/Imap.php
for an empty password an raise an Exception, we get the following
exception:
====================
Fatal Error:
Horde_Imap_Client requires a username and password.
1. Horde_Alarm->notify()
/var/www/vhosts/horde.example.ch/pear/horde-alarms:22
2. Horde_Alarm->listAlarms()
/var/www/vhosts/horde.example.ch/pear/php/Horde/Alarm.php:404
3. call_user_func()
/var/www/vhosts/horde.example.ch/pear/php/Horde/Alarm.php:100
4. Horde_Core_Factory_Alarm->load()
5. Horde_Registry->listApps()
/var/www/vhosts/horde.example.ch/pear/php/Horde/Core/Factory/Alarm.php:114
6. Horde_Registry->hasPermission()
/var/www/vhosts/horde.example.ch/pear/php/Horde/Registry.php:804
7. Horde_Registry->isAuthenticated()
/var/www/vhosts/horde.example.ch/pear/php/Horde/Registry.php:1439
8. Horde_Core_Auth_Application->transparent()
/var/www/vhosts/horde.example.ch/pear/php/Horde/Registry.php:1902
9. Horde_Registry->callAppMethod()
/var/www/vhosts/horde.example.ch/pear/php/Horde/Core/Auth/Application.php:369
10. call_user_func_array()
/var/www/vhosts/horde.example.ch/pear/php/Horde/Registry.php:1083
11. IMP_Application->authTransparent()
12. IMP_Auth::transparent()
/var/www/vhosts/horde.example.ch/www/imp/lib/Application.php:387
13. IMP_Auth::authenticate()
/var/www/vhosts/horde.example.ch/www/imp/lib/Auth.php:135
14. IMP_Imap->createImapObject()
/var/www/vhosts/horde.example.ch/www/imp/lib/Auth.php:88
15. Horde_Imap_Client::factory()
/var/www/vhosts/horde.example.ch/www/imp/lib/Imap.php:138
16. Horde_Imap_Client_Socket->__construct()
/var/www/vhosts/horde.example.ch/pear/php/Horde/Imap/Client.php:345
17. Horde_Imap_Client_Base->__construct()
/var/www/vhosts/horde.example.ch/pear/php/Horde/Imap/Client/Socket.php:141
====================
See
https://github.com/o-/horde/commit/3f916b63e59ee92611883f9e204a2d878c661c2f
for an implementation of this check.
Installed versions:
# pear -c /var/www/vhosts/horde.example.ch/pear.conf list -a
INSTALLED PACKAGES, CHANNEL __URI:
==================================
(no packages installed)
INSTALLED PACKAGES, CHANNEL DOC.PHP.NET:
========================================
(no packages installed)
INSTALLED PACKAGES, CHANNEL PEAR.HORDE.ORG:
===========================================
PACKAGE VERSION STATE
Horde_ActiveSync 1.2.7 stable
Horde_Alarm 1.0.7 stable
Horde_Argv 1.0.5 stable
Horde_Auth 1.4.9 stable
Horde_Autoloader 1.0.1 stable
Horde_Browser 1.0.8 stable
Horde_Cache 1.0.5 stable
Horde_Cli 1.0.4 stable
Horde_Compress 1.0.7 stable
Horde_Constraint 1.0.1 stable
Horde_Controller 1.0.2 stable
Horde_Core 1.9.2 stable
Horde_Crypt 1.1.2 stable
Horde_Data 1.0.7 stable
Horde_DataTree 1.0.1 stable
Horde_Date 1.0.11 stable
Horde_Date_Parser 1.0.2 stable
Horde_Db 1.2.1 stable
Horde_Editor 1.0.2 stable
Horde_Exception 1.0.9 stable
Horde_Feed 1.1.1 stable
Horde_Form 1.1.0 stable
Horde_Group 1.0.5 stable
Horde_History 1.0.1 stable
Horde_Http 1.1.1 stable
Horde_Icalendar 1.1.2 stable
Horde_Image 1.0.10 stable
Horde_Imap_Client 1.5.7 stable
Horde_Imsp 1.0.6 stable
Horde_Injector 1.0.1 stable
Horde_Itip 1.0.7 stable
Horde_Kolab_Format 1.1.2 stable
Horde_Kolab_Server 1.0.2 stable
Horde_Kolab_Session 1.1.1 stable
Horde_Kolab_Storage 1.1.0 stable
Horde_Lock 1.0.1 stable
Horde_Log 1.1.2 stable
Horde_LoginTasks 1.0.3 stable
Horde_Mail 1.2.0 stable
Horde_Memcache 1.1.1 stable
Horde_Mime 1.6.1 stable
Horde_Mime_Viewer 1.0.8 stable
Horde_Nls 1.1.6 stable
Horde_Notification 1.0.1 stable
Horde_Oauth 1.0.2 stable
Horde_Pdf 1.0.2 stable
Horde_Perms 1.0.7 stable
Horde_Prefs 1.1.8 stable
Horde_Rdo 1.2.0 stable
Horde_Role 1.0.0 stable
Horde_Routes 1.1.2 stable
Horde_Rpc 1.0.4 stable
Horde_Scribe 1.0.2 stable
Horde_Secret 1.0.2 stable
Horde_Serialize 1.0.2 stable
Horde_Service_Facebook 1.1.3 stable
Horde_Service_Twitter 1.1.4 stable
Horde_Service_Weather 1.1.2 stable
Horde_SessionHandler 1.0.5 stable
Horde_Share 1.3.0 stable
Horde_SpellChecker 1.0.1 stable
Horde_Stream_Filter 1.1.0 stable
Horde_Stream_Wrapper 1.0.1 stable
Horde_Support 1.0.2 stable
Horde_SyncMl 1.0.9 stable
Horde_Template 1.0.1 stable
Horde_Text_Diff 1.0.2 stable
Horde_Text_Filter 1.1.5 stable
Horde_Text_Filter_Csstidy 1.0.1 stable
Horde_Text_Flowed 1.0.1 stable
Horde_Thrift 1.0.1 stable
Horde_Token 1.1.7 stable
Horde_Translation 1.0.2 stable
Horde_Tree 1.0.1 stable
Horde_Url 1.0.2 stable
Horde_Util 1.4.0 stable
Horde_Vfs 1.0.9 stable
Horde_View 1.0.1 stable
Horde_Xml_Element 1.0.1 stable
Horde_Xml_Wbxml 1.0.3 stable
content 1.0.3 stable
horde 4.0.15 stable
imp 5.0.23 stable
ingo 2.0.9 stable
kronolith 3.0.17 stable
mnemo 3.0.6 stable
nag 3.0.8 stable
passwd 4.0.1 stable
timeobjects 1.0.7 stable
turba 3.0.15 stable
webmail 4.0.8 stable
INSTALLED PACKAGES, CHANNEL PEAR.PHP.NET:
=========================================
PACKAGE VERSION STATE
Archive_Tar 1.3.10 stable
Auth_SASL 1.0.6 stable
Cache 1.5.6 stable
Console_Color 1.0.3 stable
Console_Getopt 1.3.1 stable
Console_Table 1.1.4 stable
Crypt_Blowfish 1.0.1 stable
Crypt_CHAP 1.5.0 stable
DB 1.7.14 stable
Date 1.5.0a2 alpha
Date_Holidays 0.21.6 alpha
Date_Holidays_Austria 0.1.4 alpha
Date_Holidays_Brazil 0.1.2 alpha
Date_Holidays_Denmark 0.1.3 alpha
Date_Holidays_Discordian 0.1.1 alpha
Date_Holidays_EnglandWales 0.1.4 alpha
Date_Holidays_Germany 0.1.2 alpha
Date_Holidays_Iceland 0.1.2 alpha
Date_Holidays_Ireland 0.1.3 alpha
Date_Holidays_Italy 0.1.1 alpha
Date_Holidays_Japan 0.1.2 alpha
Date_Holidays_Netherlands 0.1.2 alpha
Date_Holidays_Norway 0.1.2 alpha
Date_Holidays_PHPdotNet 0.1.2 alpha
Date_Holidays_Romania 0.1.2 alpha
Date_Holidays_Slovenia 0.1.2 alpha
Date_Holidays_Sweden 0.1.3 alpha
Date_Holidays_UNO 0.1.3 beta
Date_Holidays_USA 0.1.1 alpha
Date_Holidays_Ukraine 0.1.2 alpha
File_Find 1.3.1 stable
HTTP_Request 1.4.4 stable
HTTP_WebDAV_Server 1.0.0RC7 beta
MDB2 2.4.1 stable
Net_DNS2 1.2.2 stable
Net_FTP 1.3.7 stable
Net_IMAP 1.1.1 stable
Net_SMTP 1.6.1 stable
Net_Sieve 1.3.2 stable
Net_Socket 1.0.10 stable
Net_URL 1.0.15 stable
PEAR 1.9.4 stable
Services_Weather 1.4.6 stable
Structures_Graph 1.0.4 stable
Text_Figlet 1.0.2 stable
XML_Parser 1.3.4 stable
XML_SVG 1.1.0 stable
XML_Serializer 0.20.2 beta
XML_Util 1.2.1 stable
INSTALLED PACKAGES, CHANNEL PECL.PHP.NET:
=========================================
PACKAGE VERSION STATE
APC 3.1.9 stable
LZF 1.6.2 stable
geoip 1.0.8 stable
intl 2.0.1 stable
memcache 2.2.6 stable
pam 1.0.3 stable
xdiff 1.4.1 stable
There should be no login if it is run by cron.
As a current workaround we have added a non-existing user as the first
entry in conf.php -> $conf['auth']['admins'] = array(...); However, as
this still produces a lot of failed login messages in horde's and the
backend's log this is not an acceptable solution.
In bug #10076 it was suggested that this is a duplicated of bug #9733,
however as we are on the latest versions, this is clearly still an
issue.
More information about the bugs
mailing list