[horde] Standalone Horde server access disabled overnight (wrong username or password)

Arjen de Korte build+horde at de-korte.org
Wed Feb 27 08:06:20 UTC 2019 

Citeren Arjen de Korte <build+horde at de-korte.org>:

> Citeren Louis-Philippe Allard <lp.allard.1 at gmail.com>:
>
>> Quoting Arjen de Korte <build+horde at de-korte.org>:
>>
>>> Check the difference between
>>>
>>>    pear config-show
>>>
>>> and
>>>
>>>    pear config-show system
>>>
>>> shows. The first is what you use when running the pear commands,  
>>> the second probably what is configured in the system wide  
>>> settings. It could be that the user your webserver is running as,  
>>> is using another configuration. If there is a .pearrc in the home  
>>> directory of your 'www' or 'wwwrun' (or whatever your user that  
>>> runs PHP uses), this is different. You might get an idea of the  
>>> configuration used by running this command in a command shell from  
>>> within Horde
>>>
>>> With the above mentioned configuration, if you run pear, the  
>>> information about installed Horde packages will end up in the  
>>> /var/lib/pear/.registry/.channel.pear.horde.org directory and if  
>>> you go to that directory, you'll probably see that most files are  
>>> fairly fresh. But I'm pretty sure that this is not what your  
>>> webserver is using at the moment. A hackish fix might be to just  
>>> symlink the directory Horde uses to the actual directory.
>>>
>>>> Additionally, I realised that since I ran the updates that were  
>>>> suggested, my horde setup is no longer able to deal with emails  
>>>> containing PDF files.
>>>
>>> This is actually good news, since it means that at least the  
>>> packages are updated, you're just not seeing the correct version  
>>> information in Horde.
>>>
>>>> When I highlight an email with such attachment, I see a red popup  
>>>> in the corner saying "Error when communicating with the server".   
>>>> If I try to open the email in a separate window, I get this crash  
>>>> trace:
>>>>
>>>> A FATAL ERROR HAS OCCURRED
>>>>
>>>> UNDEFINED CLASS CONSTANT 'ALPHACHANNEL_REMOVE'
>>>>
>>>> 1. Horde_ErrorHandler::catchFatalError()
>>>>
>>>> DETAILS
>>>>
>>>> The Full Error Message Is Logged In Horde's Log File, And Is  
>>>> Shown Below Only To Administrators. Non-administrative Users Will  
>>>> Not See Error Details.
>>>
>>> This has been discussed before on this mailinglist, search the  
>>> archives for 'ALPHACHANNEL_REMOVE'. Bottomline is that your  
>>> imagick library is too old (which you should remedy immediately,  
>>> since this is a security problem).
>>>
>>>> ErrorException Object (     [message:protected] => Undefined  
>>>> class constant 'ALPHACHANNEL_REMOVE'     
>>>>  [string:Exception:private] =>      [code:protected] => 0     
>>>>  [file:protected] =>  
>>>> /var/www/html/horde/imp/lib/Mime/Viewer/Pdf.php     
>>>>  [line:protected] => 142     [trace:Exception:private] => Array   
>>>>        (             [0] => Array                 (               
>>>>        [function] => catchFatalError                     [class]  
>>>> => Horde_ErrorHandler                     [type] => ::             
>>>>          [args] => Array                         (                 
>>>>          )                  )          )       
>>>> [previous:Exception:private] =>      [severity:protected] => 1     
>>>>  [logged] => 1 )   Finally, I noticed (while browsing the OS)  
>>>> that /tmp/pear/download is filled with the latest pear packages  
>>>> from the Horde pear channel... Not sure why the CLI update fails  
>>>> but the webinterface sees thera available updates, and the  
>>>> packages are somwhow downloaded locally but not used to upgrade  
>>>> the existing ones.   So?  I'm a bit "lost" here...  May have to  
>>>> start from a fresh install?
>>>> Louis-Philippe Allard
>>>> lp.allard.1 at gmail.com
>>>> Sent using Horde Groupware on GNU/Linux
>>>
>>> --
>>> Horde mailing list
>>> Frequently Asked Questions: http://horde.org/faq/To unsubscribe,  
>>> mail: horde-unsubscribe at lists.horde.org
>>
>> OK I managed to progress.  The good news:  PHP is upgraded from 5.4  
>> to 7.2.  Horde feels snappier and much faster.  Also PDF's are OK  
>> now in IMP.
>>
>> Bad news: I am still stuck with the original issue (not able to  
>> upgrade Horde).  The command "pear config-show" gives:
>>
>> PHP extension directory        ext_dir          /usr/lib64/php/modules
>> Base Horde directory           horde_dir        /var/www/html/horde
>> PEAR directory                 php_dir          /usr/share/php
>> Systems manpage files          man_dir          /usr/share/man
>>
>> While the command "pear config-show system" gives:
>>
>> PHP extension directory        ext_dir          <not set>
>> Base Horde directory           horde_dir        <not set>
>> PEAR directory                 php_dir          /usr/share/pear
>> Systems manpage files          man_dir          <not set>
>> directory

And I just realised that you indeed have two disconnected PEAR  
installations. Most likely you'll also want to change the php_dir so  
that the system and user configurations for all of the above  
parameters match. Since your Apache user doesn't use a separate PEAR  
configuration, it is probably best to set

      pear config-set ext_dir   /usr/lib64/php/modules system
      pear config-set horde_dir /var/www/html/horde system
      pear config-set man_dir   /usr/share/man system

and

      pear config-set php_dir   /usr/share/pear <- note the absence of  
system here!

After that, you'll need to upgrade all Horde packages again, since  
you've switched to the system setup. If you don't have specific  
requirements about separate PEAR installations for different setups, I  
would skip the last step and just remove the .pearrc file for the root  
user.

>> So clearly there are difference between the variables.  If I run  
>> "whoami" in Horde's CLI webinterface, it reports "apache", so I  
>> believe Horde is running under the user "apache" which would make  
>> sense.  Apache's home folder seems to be "/usr/share/httpd"  
>> according to the following command"
>>
>> [root at centos-mail[1] httpd]# getent passwd apache
>> apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
>>
>> There are NO .pearrc files in its "home" folder.
>
> This should be easy to fix. Since there is no .pearrc for the Apache  
> user, it will default to the system settings. The horde_dir is not  
> defined in the system settings, so you'll need to fix that:
>
>     pear config-set horde_dir /var/www/html/horde system
>
> Also make sure the metadata_dir is the same as in the user configuration.
>
>> Do you still recommend symlinking or there's a cleaner way of  
>> putting things back in order?
>
> No, this should be fixable.
>
>> Gettin' there!
>>
>> Links:
>> ------
>> [1] https://centos-mail/horde/imp/dynamic.php?page=mailbox#
>> Louis-Philippe Allard
>> lp.allard.1 at gmail.com
>> Sent using Horde Groupware on GNU/Linux

More information about the horde mailing list