[horde] Gettting Failed FTP Logins After Setting Up IOS ActiveSync Device

Michael J Rubinsky mrubinsk at horde.org
Fri Jun 8 15:10:58 UTC 2012


Quoting Brent <impuser at bitrealm.com>:

> Quoting mrubinsk at horde.org:
>
>> Very strange.  That log output occurs at the very end of a ping  
>> request. The only thing going on there is some data is being saved  
>> to the database. This runs completely within the scope of the  
>> ActiveSync code. No: death what would trigger a hit again St the  
>> ftp server.
>>
>> Brent <impuser at bitrealm.com> wrote:
>>
>> Quoting Brent <impuser at bitrealm.com>> Quoting Michael J Rubinsky  
>> <mrubinsk at horde.org>:
>>>> Quoting Brent <impuser at bitrealm.com>:
>>>>> Using all the latest releases, I have setup an IOS phone using  
>>>>> ActiveSync.  After setting it up, I notice my /var/log/secure  
>>>>> filling up with failed FTP login attemps:
>>>>>
>>>>> Jun  7 08:08:04 localhost vsftpd[27746]: pam_unix(vsftpd:auth):  
>>>>> authentication failure; logname= uid=0 euid=0 tty=ftp  
>>>>> ruser=MYUSERNAME rhost=localhost.localdomain  user=MYUSERNAME
>>>>>
>>>>> I've replaced my real username with MYUSERNAME.
>>>>>
>>>>> Now, I do have gollem installed, but that works fine in Horde as  
>>>>> does ingo, which also uses ftp to upload/check the users  
>>>>> .procmailrc file.
>>>>>
>>>>> I have the phone set to:
>>>>>
>>>>> Fetch New Data:   Push  (on the IOS device)
>>>>>
>>>>>
>>>>> What's happening here?  I added another user and started getting  
>>>>> failed ftp login attemps, but it's from localhost?  I don't  
>>>>> quite understand what is causing the failed ftp logins, but it  
>>>>> seems to be clearly related to adding an ActiveSync IOS device.
>>>> It sounds like either Gollem or Ingo is being polled at some  
>>>> point during the ActiveSync request, though I can't think of  
>>>> where this would be happening - unless you are using FTP as the  
>>>> Horde VFS backend. It's coming from locahost because it's not the  
>>>> device accessing the FTP server directly, it's Horde doing it.  
>>>> Either way, I'm not sure why authentication would fail. Make sure  
>>>> your Horde log is set to DEBUG and see if there is anything  
>>>> interesting in there. Ditto if you are using a dedicated sync log  
>>>> file.
>>> Ok, looking at the ActiveSync log for the device, each ftp log deny lines
>>> up with the following entries in the active sync log for the individual
>>> device:
>>>
>>> 2012-06-07T10:15:50-07:00 INFO: [OBFUSCATEDAPPLEID] Sending  
>>> response for PING.
>>> 2012-06-07T10:15:50-07:00 DEBUG: O  <Ping:Ping>
>>> 2012-06-07T10:15:50-07:00 DEBUG: O   <Ping:Status>
>>> 2012-06-07T10:15:50-07:00 DEBUG: O    1
>>> 2012-06-07T10:15:50-07:00 DEBUG: O   <Ping:Status/>
>>> 2012-06-07T10:15:50-07:00 DEBUG: O  <Ping:Ping/>
>>> 2012-06-07T10:15:50-07:00 DEBUG: Saving PING state:
>>> a:2:{s:8:"lifetime";s:3:"960";s:11:"collections";a:2:{s:8:"Calendar";a:2:{s:2:"id";s:8:"Calendar";s:5:"class";s:8:"Calendar";}s:8:"Contacts";a:3:{s:2:"id";s:8:"Contacts";s:5:"class";s:8:"Contacts";s:7:"synckey";s:15:"OBFUSCATEDAPPLEID";}}}
>>> 2012-06-07T10:15:51-07:00 INFO: User MYUSERNAME logged off
>>>
>>> Horde VFS is set to "SQL Database"
>>>
>>> For DataTree system, I notice I have it set to "none" in Horde, if that
>>> makes any difference.
>>>
>>> Every time there is a /var/log/secure failed ftp login, there is a
>>> matching "Saving PING state" event for the device.  I can't figure out the
>>> correlationbetween ActiveSync and FTP.
>
>
> Just ran a tcpdump of the loopback interface to see what is being  
> sent.  The packet capture shows:
>
> USER MYUSERNAME
> PASS
>
> So, something is sending my local username, but is using a null  
> password.  The ftp login attempt and the line that says "Sending  
> Response for PING" occur at the exact same time, every time.  The  
> line right before it, says the following:

I still have no idea what this would be from. The *only* thing that is  
happening at the time this line is dumped to the log is the WBXML for  
the response is being sent over the php output stream. In fact, at  
this point all of the Horde API access is already done with.  You can  
verify this by looking at the code in ActiveSync/Request/Ping.php.

The only thing that happens after this is the state is saved to the DB  
and the output buffer is flushed.

-- 
mike

The Horde Project (www.horde.org)
mrubinsk at horde.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6096 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.horde.org/archives/horde/attachments/20120608/f9cacdc0/attachment.bin>


More information about the horde mailing list