[Tickets #12623] Activesync and permissions

noreply at bugs.horde.org noreply at bugs.horde.org
Mon Aug 26 16:34:50 UTC 2013 

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/12623
------------------------------------------------------------------------------
  Ticket             | 12623
  Created By         | horde at albasoft.com
  Summary            | Activesync and permissions
  Queue              | Synchronization
  Version            | Git master
  Type               | Bug
  State              | Unconfirmed
  Priority           | 1. Low
  Milestone          |
  Patch              | 1
  Owners             |
------------------------------------------------------------------------------


horde at albasoft.com (2013-08-26 16:34) wrote:

Using Horde permissions on Activesync, I get some errors when a user  
has "horde:activesync" permission removed.
Web server returns 500 HTTP code to the device.

I get a device log like this:
2013-08-26T03:43:51+02:00 INFO: [770]  
Horde_Core_ActiveSync_Driver::authenticate() attempt for <my_user>
2013-08-26T03:43:51+02:00 INFO: Access denied for user <my_user> per  
policy settings.
2013-08-26T03:43:51+02:00 DEBUG: [770] PING request received for user
2013-08-26T03:43:51+02:00 INFO: [770] Device entry exists for  
<my_dev>, updating userAgent and version.
2013-08-26T03:43:51+02:00 INFO: [770] Device entry does not exist for  
device <my_dev> and user  - creating it.

And at horde.log:
2013-08-26T03:43:51+02:00 ERR: HORDE [horde] SQL QUERY FAILED:  
SQLSTATE[23502]: Not null violation: 7 ERROR:  null value in column  
"device_user" violates not-null constraint
         INSERT INTO horde_activesync_device_users (device_id, device_user,
           device_policykey) VALUES('<my_dev>', NULL, 0) [pid 770 on  
line 553 of ".../Horde/Db/Adapter/Base.php"]
2013-08-26T03:43:51+02:00 ERR: HORDE [horde] Returning HTTP 500 while  
handling Ping command. [pid 770 on line 156 of ".../horde/rpc.php"]
...

It seems that authentication process is correct and permission  
checked, and so it is logged, but not enforced. Ping request still  
goes on and then it fails because of some missing data: user is not  
properly set and missing at following log lines.

I think authenticate function at Horde_ActiveSync class is the  
problem. It correctly gets AUTH_REASON_USER_DENIED, but it makes no  
difference.
Attached patch makes permissions work as expected, and I hope it makes  
this problem easier to be identify, but sure it inserts "return" at  
wrong place.



horde at albasoft.com (2013-08-26 16:34) uploaded:  
hordewm5-activesync_permissions.patch

http://bugs.horde.org/h/services/download/?app=whups&actionID=download_file&file=hordewm5-activesync_permissions.patch&ticket=12623&fn=%2Fhordewm5-activesync_permissions.patch

More information about the bugs mailing list