[horde] Horde4/BCBreaking

Christopher Neuhaus cne at ruhrverband.de
Fri Nov 4 14:47:14 UTC 2011


Am 02.11.2011 04:10, schrieb Michael M Slusarz:
> Quoting Christopher Neuhaus <cne at ruhrverband.de>:
>
>> Am 26.10.2011 20:22, schrieb Michael M Slusarz:
>>> Quoting Christopher Neuhaus <cne at ruhrverband.de>:
>>>
>>>> In our multi IMAP-/one Horde-Server environment, we use a
>>>> preauthentication hook to autoselect the IMAP-Server for the user.
>>>> Here
>>>> we extract the information of one of many IMAP-servers where the user
>>>> should authenticate. (just like http://wiki.horde.org/ImapSelect)
>>>>
>>>> After the H4 authentication cleaning process ..
>>>>
>>>>     http://wiki.horde.org/Horde4/BCBreaking: "Remove confusing mess of
>>>>     hooks and other ways of muddling logins (especially with IMP), and
>>>>     replace them _all_ with the preauthenticate and postauthenticate
>>>>     hooks + appropriate examples for things like vhosting. *(DONE)"*
>>>>     **
>>>>
>>>>  this solution doesn`t  work any more cause there are several changes,
>>>> that make this method impossible.
>>>
>>> How is it impossible?  Just disable the server selection list on the
>>> login page and set the desired server in the preauthenticate() hook.
>>> See imp/config/hooks.php.dist
>>>
>>> michael
>>>
>>> ___________________________________
>>> Michael Slusarz [slusarz at horde.org]
>>>
>>
>> Hi Michael,
>>
>> while we where searching, why our H3-hook doesn`t work for H4, we found
>> f.e. that in imp/lib/Auth.php $_SERVER['HTTP_HOST'] is take for
>> identifying the users authentication host. This has to be changed for
>> each user who authenticates against a different server.
>
> No - this is only used if 'preferred' is set in backends.php.  Don't
> set preferred.
>
>> I think we are not alone with our problem. Perhaps you have an idea how
>> our solution could be realised in a imp preauthenticate() hook?
>
> public function preauthenticate($userId, $credentials)
> {
>     // Do magic here to determine the preferred server.  Store the
> preferred server key (from backends.php)
>     // in $key
>
>     $credentials['server'] = $key;
>
>     return $credentials;
> }
>
> michael
>
> ___________________________________
> Michael Slusarz [slusarz at horde.org]
>

Sorry Michael,

my last positive reaction seemed to be overhasty.

If I delete any 'preferred' statements in backends.php, no server will
be selected and H4 authentication is impossible.

One preferred server: H4 authentication is possible for all users on any
server of backends.php (even if the 'preferred' statement is not set).
But for imp, the authentication is always possible only against the
preferred server. Even if $conf[server] in IMP is on "hidden" or on "none"

Many preferred server: H4 authentication is possible for all user on all
servers, but for imp, only the first server is used for IMAP-authentication.

If $conf[server] is "shown" everything is ok (H4- and IMAP-auth).

For IMP the file /tmp/hook.out tells me that even if $conf[server] in
IMP is on "hidden" or on "none" every time the right server is selected:
"key individual-user-server (imp): individual-user-server" (see $erg below)

The imp preauthentication (/horde/imp/config/hooks.php):

    public function preauthenticate($userId, $credentials)
    {
        require dirname(__FILE__) . '/../../imp/config/backends.local.php';
        $ma = exec("/usr/bin/ypmatch $userId mail.aliases");
        if ( strpos($ma,",")) {
          $ma = substr($ma,0,strpos($ma,","));
          $mserver = strtolower(substr($ma,strpos($ma,"@")+1));
        } else {
          $mserver = strtolower(substr($ma,strpos($ma,"@")+1));
        }
        foreach ( $servers as $key => $curServer ) {
// Get the individual-user-server $key from backends
          if ( $servers[$key]['smtphost'] == $mserver ) {
            $credentials['server'] = $key;
$erg = exec("echo key $key \(imp\): " . $credentials['server'] . " 
$erg  >> /tmp/hook.out");
            break;
          }
          // backup-server
          // $credentials['server'] = 'imap';
        }
    return $credentials;
    }

I have no idea how I can give IMP the right backends-auth.-server,
because setting $credentials['server'] seems not to work.

Best Regards

Christopher

-- 

Dipl.-Ing. Christopher Neuhaus

Ruhrverband
Abteilung Datenverarbeitung
Kronprinzenstr. 37
45128 Essen

Telefon: 0201/178-1531
Telefax: 0201/178-1545
E-Mail: cne at ruhrverband.de
Internet: www.ruhrverband.de


Verbandsrat: Dr. Bernhard Görgens, Vorsitzender
Vorstand: Prof. Dr.-Ing. Harro Bode, Vorsitzender, Norbert Frece



More information about the horde mailing list