| Summary | activesync component does not username canonified by authusername() hook |
| Queue | Horde Base |
| Queue Version | Git master |
| Type | Bug |
| State | Resolved |
| Priority | 1. Low |
| Owners | mrubinsk (at) horde (dot) org |
| Requester | enrico.scholz (at) sigma-chemnitz (dot) de |
| Created | 04/16/2013 (4478 days ago) |
| Due | |
| Updated | 05/03/2013 (4461 days ago) |
| Assigned | 05/02/2013 (4462 days ago) |
| Resolved | 05/03/2013 (4461 days ago) |
| Github Issue Link | |
| Github Pull Request | |
| Milestone | |
| Patch | No |
State ⇒ Feedback
commit fd97a0a73130b5e06aea2d1f21c42285f55c2823
Author: Michael J Rubinsky <mrubinsk@horde.org>
Date: Thu May 2 16:26:18 2013 -0400
Bug: 12186Use the Horde username, not the auth username..../Core/lib/Horde/Core/ActiveSync/Driver.php | 6 +++++-
horde/admin/activesync.php | 7 +++----
horde/lib/Prefs/Special/Activesync.php | 6 ++----
3 files changed, 10 insertions(+), 9 deletions(-)
http://git.horde.org/horde-git/-/commit/fd97a0a73130b5e06aea2d1f21c42285f55c2823
'a@mail.other-realm' sees now the activesync information (including
serial number) from user 'a@realm'.
All the activesync related database tables still contain only the
unqualified 'a' username (afais, only
'horde_activesync_device_mailmap' contains the correct 'a@realm').
Adminstrator screen (login as 'admin@realm') shows ActiveSync devices
of 'b@other-realm' as owned by (nonexisting) 'b@realm'.
said the user doesn't log in with an email address? If the user logs
in as 'a', it should be visible.
internal mangled name so that user 'a' reading mails on IMAP host
'mail.realm.org' can be distinguished from user 'a' reading mails on
IMAP server 'mail.other-realm.org'.
Ideally, users have to enter only their username ('a') and choose the
correct mailserver (which is preselected based on HTTP vhost).
ActiveSync users enter their username ('a') and Horde has to mangle
the username based on the IMP backend server (determined by vhost ->
$servers[]->prefered).
State ⇒ Resolved
commit a9450a21b521361da536f15efcd4d96cd519bc9f
Author: Michael J Rubinsky <mrubinsk@horde.org>
Date: Wed May 1 17:00:15 2013 -0400
Convert the username in the admin list of activesync devices also.
Bug: 12186horde/admin/activesync.php | 7 ++++---
1 files changed, 4 insertions(+), 3 deletions(-)
http://git.horde.org/horde-git/-/commit/a9450a21b521361da536f15efcd4d96cd519bc9f
server. You will need to either have the users create a new account on
the device, or an admin can remove the device state on the server. In
other words, only newly created devices will be saved with the
correctly normalized username.
device is listed for user 'a' in the administrator overview.
said the user doesn't log in with an email address? If the user logs
in as 'a', it should be visible. The last comment is correct, the
administrative overview still loads with the un-mangled username since
it comes directly from the ActiveSync state table. I will add the
conversion there as well so it will be displayed as the Horde
username, not the Auth username.
server. You will need to either have the users create a new account
on the device, or an admin can remove the device state on the
server. In other words, only newly created devices will be saved
with the correctly normalized username.
is listed for user 'a' in the administrator overview.
A
| select * from horde_prefs;
lists 'a@realm.org' as pref_uid. But
| select * from horde_activesync_device_users;
returns an entry with the non-canonified 'a' user only.
with the same username he logs in to horde with on the desktop.
enters 'a' as userid in the android email application.
The webfrontend calls "authusername('a', True) -> 'a@realm.org'" while
ActiveSync seems to miss this step.
worse. Some more words about my setup:
* entering 'a' as its userid on a Android devices associated the
device; but it is visible to the administrator in the global
activesync device list. User 'a' does not see it in its
configuration screen.
server. You will need to either have the users create a new account on
the device, or an admin can remove the device state on the server. In
other words, only newly created devices will be saved with the
correctly normalized username.
user too. But I had to wrote a preauthenticate() hook which strips
the '@realm.org' away. Without this hook, authentication to mailbox0
happens as 'a@realm.org'.
With the patch the device is not visible anymore for the last point.
with the same username he logs in to horde with on the desktop.
worse. Some more words about my setup:
* there are two virtualhosts 'mail.realm.org' and
'mail.other-realm.org' which access two different mailservers
'mailbox0' and 'mailbox1'.
* when user 'a' logs in on 'mail.realm.org' the authusername() hook
normalizes its name to 'a@realm.org' but authentication on 'mailbox0'
happens with plain 'a'
* similarly, user 'b' logging in on 'mail.other-realm.org' gets
canonified to 'b@other-realm.org'
There are situations where both mailbox0 and mailbox1 have accounts
for userid 'c' which is associated with two different people.
Accounts must be kept distinct hence.
Ideally, the @realm.org and @other-realm.org canonification should
happen transparently and not visible to users.
Without the patch:
* entering 'a' as its userid on a Android devices associated the
device; but it is visible to the administrator in the global
activesync device list. User 'a' does not see it in its configuration
screen.
* entering 'a@realm.org' as userid made the device visible to the user
too. But I had to wrote a preauthenticate() hook which strips the
'@realm.org' away. Without this hook, authentication to mailbox0
happens as 'a@realm.org'.
With the patch the device is not visible anymore for the last point.
commit f12f57792147157e21af1aae02ad1d4cee1ec4cc
Author: Michael J Rubinsky <mrubinsk@horde.org>
Date: Wed Apr 17 13:21:08 2013 -0400
Must converUserName to the auth name to access the state data.
Bug: 12186horde/lib/Prefs/Special/Activesync.php | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
http://git.horde.org/horde-git/-/commit/f12f57792147157e21af1aae02ad1d4cee1ec4cc
Queue ⇒ Horde Base
Priority ⇒ 1. Low
State ⇒ Feedback
Assigned to Michael Rubinsky
see how it was wrong for the sent folder value. The username used is
from $registry->getAuth(), which already has the conversion to the
horde username applied.
commit 5c09d06df5da725a94b8dfc365e0362371908254
Author: Michael J Rubinsky <mrubinsk@horde.org>
Date: Wed Apr 17 13:21:08 2013 -0400
Must converUserName to the auth name to access the state data.
Bug: 12186horde/lib/Prefs/Special/Activesync.php | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
http://git.horde.org/horde-git/-/commit/5c09d06df5da725a94b8dfc365e0362371908254
Priority ⇒ 2. Medium
State ⇒ Unconfirmed
Patch ⇒ No
Milestone ⇒
Summary ⇒ activesync component does not username canonified by authusername() hook
Type ⇒ Bug
Queue ⇒ Horde Framework Packages
http://wiki.horde.org/ImpH4Realm to allow to serve multiple mail realms.
For the normal webfrontend, things are working fine. But the
activesync component seems to ignore the canonified username and
associates itself with the plain user id.
This causes problems because
* user (--> with preferences keyed for user@realm) do not see their
activesync devices (keyed for plain 'user')
* flags for special folders (sent) which are configured by
'user@realm' are not propagated through activesync because activesync
preferences or for another idenity.
Issue can be reproduced by:
1. add custom authusername() hook which adds e.g. '@realm'
2. login both with webfrontend and with activesync