| Summary | Activesync and permissions |
| Queue | Synchronization |
| Queue Version | Git master |
| Type | Bug |
| State | Resolved |
| Priority | 1. Low |
| Owners | mrubinsk (at) horde (dot) org |
| Requester | horde (at) albasoft (dot) com |
| Created | 08/26/2013 (4343 days ago) |
| Due | |
| Updated | 08/26/2013 (4343 days ago) |
| Assigned | |
| Resolved | 08/26/2013 (4343 days ago) |
| Github Issue Link | |
| Github Pull Request | |
| Milestone | |
| Patch | Yes |
commit 72cb324f69696db11bc65ac7220a371c02ec8e86
Author: Michael J Rubinsky <mrubinsk@horde.org>
Date: Mon Aug 26 17:18:19 2013 -0400
Check global errors from PING as well.
Prevents PING from attempting to run (and breaking) when something
like a permissions error is detected in Horde_ActiveSync::handleRequest().
Bug: 12623.../lib/Horde/ActiveSync/Request/Ping.php | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)
http://git.horde.org/horde-git/-/commit/72cb324f69696db11bc65ac7220a371c02ec8e86
Assigned to Michael Rubinsky
State ⇒ Resolved
error codes. The problem was with the Horde_ActiveSync_Request_Ping
class. We were failing to check for global errors before processing
the request.
Fixed in Git, though this would only happen if you deny access after
the device has paired, and you have not removed the device from the
list of activesync devices.
Priority ⇒ 1. Low
New Attachment: hordewm5-activesync_permissions.patch
Patch ⇒ Yes
Milestone ⇒
Queue ⇒ Synchronization
Summary ⇒ Activesync and permissions
Type ⇒ Bug
State ⇒ Unconfirmed
has "horde:activesync" permission removed.
Web server returns 500 HTTP code to the device.
I get a device log like this:
2013-08-26T03:43:51+02:00 INFO: [770]
Horde_Core_ActiveSync_Driver::authenticate() attempt for <my_user>
2013-08-26T03:43:51+02:00 INFO: Access denied for user <my_user> per
policy settings.
2013-08-26T03:43:51+02:00 DEBUG: [770] PING request received for user
2013-08-26T03:43:51+02:00 INFO: [770] Device entry exists for
<my_dev>, updating userAgent and version.
2013-08-26T03:43:51+02:00 INFO: [770] Device entry does not exist for
device <my_dev> and user - creating it.
And at horde.log:
2013-08-26T03:43:51+02:00 ERR: HORDE [horde] SQL QUERY FAILED:
SQLSTATE[23502]: Not null violation: 7 ERROR: null value in column
"device_user" violates not-null constraint
INSERT INTO horde_activesync_device_users (device_id, device_user,
device_policykey) VALUES('<my_dev>', NULL, 0) [pid 770 on
line 553 of ".../Horde/Db/Adapter/Base.php"]
2013-08-26T03:43:51+02:00 ERR: HORDE [horde] Returning HTTP 500 while
handling Ping command. [pid 770 on line 156 of ".../horde/rpc.php"]
...
It seems that authentication process is correct and permission
checked, and so it is logged, but not enforced. Ping request still
goes on and then it fails because of some missing data: user is not
properly set and missing at following log lines.
I think authenticate function at Horde_ActiveSync class is the
problem. It correctly gets AUTH_REASON_USER_DENIED, but it makes no
difference.
Attached patch makes permissions work as expected, and I hope it makes
this problem easier to be identify, but sure it inserts "return" at
wrong place.