[dev] ActiveSync with Nokia MfE - Strange Problem in Horde_Auth_Base
Michael Rubinsky
mrubinsk at horde.org
Thu May 27 15:07:01 UTC 2010
Quoting Jan Schneider <jan at horde.org>:
> Zitat von Lukas Gradl <horde at ssn.at>:
>
>> On 2010-05-27 13:14, Lukas Gradl wrote:
>>> Hi!
>>>
>>
>> So, a little bit deeper once again - and stuck once again:
>>
>> In Horde_Secret::getKey $this->keyCache is searched for the key to
>> encrypt the password to write it to credentials.
>>
>> When Syncing with WM6.1 the variable $_COOKIE contains the necessary keys.
>> When Syncing with MfE 3.0 the variable $_COOKIE is an empty array.
>>
>> So no key is found to encrypt the password, no password is written
>> and the auth to turba will fail.
>>
>>
>> What I can't find now is the place where the $_COOKIE variable is
>> filled with the correct keys when using WM6.1, to compare that to
>> MfE 3.0
>
> Now you are onto something!
Indeed, good work :)
$_COOKIE is set automatically if the
> client sent a cookie with the HTTP request. I bet that cookie
> support is not required by the AS specs.
Correct.
> Actually Horde should fall back to some other secret if it can't
> store them in the cookie, but maybe this is broken in the current
> development version. Or maybe this doesn't work for some reason
> during AS requests.
It looks like we fall back to using the session_id as the key, though
I don't know the Auth/Secret code well enough yet to know how that
works. I'll dig, but if anyone has any hints... :)
Thanks,
mike
--
The Horde Project (www.horde.org)
mrubinsk at horde.org
"Time just hates me. That's why it made me an adult." - Josh Joplin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: PGP Digital Signature
URL: <http://lists.horde.org/archives/dev/attachments/20100527/359fa1b8/attachment.bin>
More information about the dev
mailing list