[horde] "Error: User is not authorized for imp" with PHP 5.6

Mauricio Jose T. Tecles mtecles at biof.ufrj.br
Fri Jun 6 18:59:57 UTC 2014 

----- Mensagem de adorman at ironicdesign.com ---------
     Data: Fri, 06 Jun 2014 09:20:08 -0500
     De: Andy Dorman <adorman at ironicdesign.com>
  Assunto: Re: [horde] "Error: User is not authorized for imp" with PHP 5.6
       Para: horde at lists.horde.org


> On 05/29/2014 03:08 PM, Michael M Slusarz wrote:
>> Quoting Ernie Dunbar <maillist at lightspeed.ca>:
>>
>>> After yesterday's difficulty in getting Horde set up (I moved the
>>> directory back to its original installation value and changed back what
>>> configuration I had changed), I'm now up against something totally new.
>>>
>>> I'm able to log in to Horde with a regular user as well as the
>>> administrator, authenticate against our IMAP server (I can see the
>>> successful authentication in the IMAP server's logs), but nobody can use
>>> IMP. I just see that panel filled with the message:
>>>
>>> "ERROR
>>>
>>> User is not authorized for imp"
>>>
>>> If I try to click on the "Mail" menu at the top, I apparently get logged
>>> out, which seems strange.
>>
>> No... you are being kicked out to the IMP authentication screen.  I've
>> been meaning to make this more clear on the login screen, so I should
>> probably do it before we release 5.2.
>>
>> michael
>>
>> ___________________________________
>> Michael Slusarz [slusarz at horde.org]
>>
>
> I just ran into the same problem, imp login failure, but I believe  
> it is because php 5.6 has apparently changed something that is  
> causing imp authentication to fail.  So far I have not found a good  
> indication of what that might be.
>
> We run a development server where we test the latest debian release  
> of Horde Groupware Webmail (currently Horde 5.1.6/IMP 6.1.7-1).
>
> It has been working well with only a couple of minor issues  
> (apparent cookie timeouts and such).  Last night it was working fine  
> and I read my email with no problems.
>
> This morning I updated the development server to PHP 5.6.0-beta3 and  
> was very surprised when I tried to log in and got the Horde fatal  
> error page at the end of this email.
>
> I mainly want to alert the community that there may be a coming  
> issue with PHP 5.6 that needs to be addressed.  And if anyone knows  
> of a suggested patch to test, I will be happy to try it.
>
> We are using Apache2 with php-fpm and there is nothing in the  
> php-fpm log that indicates a problem.

Just a hint, I don't know if this is the problem. I cote from a recent  
Debian Wheezy PHP update:
"php5 (5.4.4-14+deb7u9) stable; urgency=medium

   * The default PHP FPM socket permission has been changed from 0666
     to 0660 to mitigate security vulnerability (CVE-2014-0185) in PHP
     FPM that allowed any local user to run a PHP code under the active
     user of FPM process via crafted FastCGI client.

     The default Debian setup now correctly sets the listen.owner and
     listen.group to www-data:www-data in default php-fpm.conf.  If you
     have more FPM instances or a webserver not running under www-data
     user you need to adjust the configuration of FPM pools in
     /etc/php5/fpm/pool.d/ so the accessing process has rights to
     access the socket.

  -- Ondrej Surý <ondrej at debian.org>  Mon, 12 May 2014 14:23:05 +0200"

Mauricio

>
> I checked the cyrus IMAP log and it indicated a successful login:
>
> ==== cyrus log ====
>> 2014-06-06T08:24:16.559279-05:00 yorick cyrus/lmtp[29949]: accepted  
>> connection
>> 2014-06-06T08:24:16.559389-05:00 yorick cyrus/lmtp[29949]:  
>> connection from yorick.ironicdesign.com [192.168.0.23]
>> 2014-06-06T08:24:16.560739-05:00 yorick cyrus/lmtp[29949]: login:  
>> yorick.ironicdesign.com [192.168.0.23] cyrus PLAIN User logged in
> ...
>
> The horde logs are currently set to NOTICE and we see our local  
> "last login" update followed by login success to horde and then ingo  
> and horde reporting "User is not authorized for imp".
>
> ==== Horde logs ====
>> 2014-06-06T08:56:14.411195-05:00 yorick HORDE: [imp] Setting  
>> hostname "yorick.ironicdesign.com" from client [76.29.224.98] [pid  
>> 28978 on line 31 of "/etc/horde/imp/backends.local.php"]
>> 2014-06-06T08:56:14.684240-05:00 yorick HORDE: [imp] modified  
>> fmLastLogin for  
>> uid=andydorman at comehome.net,ou=addresses,o=antespam.com to be Fri  
>> Jun  6 13:56:14 2014 [pid 28978 on line 84 of  
>> "/etc/horde/imp/backends.local.php"]
>> 2014-06-06T08:56:14.734835-05:00 yorick HORDE: [horde] Login  
>> success for andydorman at comehome.net [76.29.224.98] to horde. [pid  
>> 28978 on line 150 of "/usr/share/horde/login.php"]
>> 2014-06-06T08:56:15.461147-05:00 yorick HORDE: [ingo] Finding sieve  
>> hostname "yorick.ironicdesign.com" from client [76.29.224.98] [pid  
>> 28979 on line 102 of "/etc/horde/ingo/backends.local.php"]
>> 2014-06-06T08:56:15.562690-05:00 yorick HORDE: [ingo] User is not  
>> authorized for imp [pid 28979 on line 1552 of  
>> "/usr/share/php/Horde/Registry.php"]
>> 2014-06-06T08:56:15.563162-05:00 yorick HORDE: [horde] User is not  
>> authorized for imp [pid 28979 on line 1645 of  
>> "/usr/share/php/Horde/Registry.php"]
>
> I can expand the Horde log level and try another login and report  
> back if that would help.
>
> I can also post my config & registry.local files if it will help,  
> but there is nothing in the registry.local.php that sets anything  
> related to imp.
>
> Here is the fatal error web page that displays after login.  When I  
> reload the page I get the Horde portal with the imp block showing  
> "User is not authorized for imp"
>

----- Final da mensagem de adorman at ironicdesign.com -----



----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

More information about the horde mailing list