[horde] Random user not authorized messages from Registry.php

Luis Felipe Marzagao lfbm.andamentos at gmail.com
Fri Jul 12 01:00:25 UTC 2013


Em 11-07-2013 07:48, James MacLean escreveu:
> On 07/10/2013 08:15 PM, Luis Felipe Marzagao wrote:
>> Em 10-07-2013 18:43, Andy Dorman escreveu:
>>> On 07/10/2013 04:38 PM, l.kiraly at madalbal.hu wrote:
>>>> Hi Luis,
>>>>
>>>>
>>>> The user has to relog after this message?
>>>>
>>>>
>>>> Idézet (Luis Felipe Marzagao <lfbm.andamentos at gmail.com>):
>>>>
>>>>> Hello:
>>>>>
>>>>> Horde 5.1.1.
>>>>>
>>>>> I´m getting random 'user not authorized' msgs in my logs, like these:
>>>>>
>>>>> Jul 10 14:34:16 mserver HORDE: User is not authorized for horde [pid
>>>>> 1612 on line 267 of "/usr/share/php/Horde/Registry.php"]
>>>>> Jul 10 14:34:18 mserver HORDE: User is not authorized for horde [pid
>>>>> 1311 on line 267 of "/usr/share/php/Horde/Registry.php"]
>>>>> Jul 10 15:42:01 mserver HORDE: User is not authorized for horde [pid
>>>>> 2263 on line 270 of "/usr/share/php/Horde/Registry.php"]
>>>>> Jul 10 16:42:04 mserver HORDE: User is not authorized for horde [pid
>>>>> 2268 on line 270 of "/usr/share/php/Horde/Registry.php"]
>>>>>
>>>>> Apparently, they are harmless, since everybody is using horde and all
>>>>> the modules just fine. But I´d like to further investigate this.
>>>>>
>>>>> I´ve inserted Horde::debug($GLOBALS['registry']->getAuth()); in
>>>>> /usr/share/php/Horde/Registry.php to see what users were causing the
>>>>> problem, but it returned a false boolean, like this:
>>>>>
>>>>> 2013-07-10T18:42:01+00:00 DEBUG: Variable information:
>>>>> bool(false)
>>>>>
>>>>> Backtrace:
>>>>> 1. Horde_Registry::appInit() /var/www/horde/rampage.php:54
>>>>> 2. Horde::debug() /usr/share/php/Horde/Registry.php:268
>>>>>
>>>>>
>>>>> How can I further debug this? Any directions?
>>>>>
>>>>> Thanks.
>>>>> Luis Felipe
>>>>> -- 
>>>>> Horde mailing list
>>>>> Frequently Asked Questions: http://horde.org/faq/
>>>>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>>
>>> In our case the user does NOT have to relog after this message...in 
>>> fact we have not yet seen any impact on the user.
>>>
>>
>> Yes, for us to. Any user has to relog into horde. Things still works 
>> after the error msg.
>>
> In our environment, this started when we were testing in the spring. 
> When they happen we can not get back in to Horde. Refreshing the 
> browser just repeats the error. We use the latest 5 release with IMP 
> authentication.
>
> We have so far found the following 2 situations:
>
> In one instance, users get redirected around and around usually to an 
> emtpy page or a browser recursive error. After this user could not log 
> in until the remove their Horde specific cookie. Fix for this that 
> appears to work for us is to remove the cookie at the point when these 
> errors are thrown :
>
> --- Registry.php        2013-07-08 17:54:00.089791302 -0300
> +++ /usr/share/pear/Horde/Registry.php  2013-07-08 20:43:23.920790751 
> -0300
> @@ -264,6 +264,8 @@
>
>              switch ($e->getCode()) {
>              case self::AUTH_FAILURE:
> +               setcookie ($GLOBALS['conf']['session']['name'], 
> "remove", time() - 3600, '/', '.<ourdomain>');
>                  $failure = new 
> Horde_Exception_AuthenticationFailure($e->getMessage());
>                  $failure->application = $app;
>                  throw $failure;
> @@ -280,6 +282,8 @@
>                  // Fall-through
>
>              case self::PERMISSION_DENIED:
> +               setcookie ($GLOBALS['conf']['session']['name'], 
> "remove", time() - 3600, '/', '.<ourdomain>');
>                  $failure = new 
> Horde_Exception_AuthenticationFailure($e->getMessage(), 
> Horde_Auth::REASON_MESSAGE);
>                  $failure->application = $app;
>                  throw $failure;
>
> No, not the best fix, but seems to be working when tested at the point 
> the error occurs.
>
> The second gives the user a JSON response in their browser and again, 
> no way to get back in easily. For that we changed one of the ajax 
> returns:
>
> --- ajax.php    2013-07-09 12:29:48.336546450 -0300
> +++ /var/www/horde/services/ajax.php    2013-07-09 12:29:21.423811212 
> -0300
> @@ -72,7 +72,9 @@
>      $response = new Horde_Core_Ajax_Response_HordeCore_NoAuth($app, 
> $e->getCode());
>      $response->sendAndExit();
>  } catch (Exception $e) {
> -    $notification->push($e->getMessage(), 'horde.error');
> -    $response = new Horde_Core_Ajax_Response_HordeCore();
> +//    $notification->push($e->getMessage(), 'horde.error');
> +//    $response = new Horde_Core_Ajax_Response_HordeCore();
> +    $response = new Horde_Core_Ajax_Response_HordeCore_NoAuth($app, 
> $e->getCode());
>      $response->sendAndExit();
>  }
>
> Again, these would not be the right fix, but have been proven to allow 
> us to continue on once the errors are found. We have just started 
> digging in to these over the last 2 days so this is just a work around 
> at this point ;).
>
> JES

I don't think your problem is the same. In the case I've reported, 
nothing happens with users because it is actually someonte (google bots) 
trying to load pages from my horde installation. So I get the "user not 
authorized for horde", which is actually expected.


More information about the horde mailing list