6.0.0-git
2019-04-24

[#11766] [passwd] imp is not activated.
Summary [passwd] imp is not activated.
Queue Passwd
Queue Version Git develop
Type Bug
State Resolved
Priority 2. Medium
Owners Horde Developers (at) , lang (at) b1-systems (dot) de
Requester aba (at) sundown (dot) cz
Created 2012-11-27 (2339 days ago)
Due
Updated 2013-03-12 (2234 days ago)
Assigned 2012-12-03 (2333 days ago)
Resolved 2013-03-12 (2234 days ago)
Milestone
Patch No

History
2013-03-12 23:07:50 Git Commit Comment #13 Reply to this comment
Changes have been made in Git (master):

commit da458cde92a2bddaff217cd1124ae3243a038b6e
Author: Michael M Slusarz <slusarz@horde.org>
Date:   Tue Mar 12 17:07:37 2013 -0600

     Add better logout message (Bug #11766)

  passwd/lib/Basic.php |    5 ++++-
  1 files changed, 4 insertions(+), 1 deletions(-)

http://git.horde.org/horde-git/-/commit/da458cde92a2bddaff217cd1124ae3243a038b6e
2013-03-12 23:05:44 Michael Slusarz Comment #12
State ⇒ Resolved
Reply to this comment
After mulling this over, the only safe and reasonable solution is to 
destroy the Horde session if the password change would affect anything 
within the session.  This is because, even with registry calls, there 
can be no guarantee that, for example, an admin hasn't cached 
something relating to the old password in a hook.

Our backend is not optimized to handle this kind of invasive session 
change.  Nor should it.  This is an acceptable solution (and the 
solution the vast majority of applications use).
2013-03-12 23:02:36 Git Commit Comment #11 Reply to this comment
Changes have been made in Git (master):

commit 43f9253c42bfe053a64f3dc8386048626936e367
Author: Michael M Slusarz <slusarz@horde.org>
Date:   Tue Mar 12 16:53:41 2013 -0600

     [mms] Add option to destroy Horde session after changing password 
(Bug #11766).

  passwd/config/backends.php |    7 ++++---
  passwd/docs/CHANGES        |    1 +
  passwd/docs/UPGRADING      |   15 +++++++++++++++
  passwd/lib/Basic.php       |    9 ++++-----
  passwd/package.xml         |    1 +
  5 files changed, 25 insertions(+), 8 deletions(-)

http://git.horde.org/horde-git/-/commit/43f9253c42bfe053a64f3dc8386048626936e367
2013-03-06 17:36:20 mooroon2 (at) mail (dot) ru Comment #10 Reply to this comment
Still present as of lastest Horde groupware release (5.0,4) with Imp 
6.0.4 and passwd 5.0-git.
Are there any suggestion on how to workaround this problem for us mere 
mortals so we could use passwd to change passwords on IMAP servers and 
have Imp handling Horde auth at the same time? As far as I could see 
from git logs the patch which was aimed at fixing this problem had 
been reverted after some discussion on the dev mailing list. So, 
what's to do then?

Thanks in advance for updates on the topic.
2013-01-03 07:15:49 dharmesh (at) 3rdwire (dot) in Comment #9 Reply to this comment
it seems that it works with this patch

thank you

Petr
where is the patch?
2012-12-03 16:01:44 aba (at) sundown (dot) cz Comment #8 Reply to this comment
it seems that it works with this patch

thank you

Petr

2012-12-03 15:09:31 Git Commit Comment #7 Reply to this comment
Changes have been made in Git (master):

commit f1a9c26a2e5e8b5edf4216f6278426593e4dda69
Author: Ralf Lang <lang@b1-systems.de>
Date:   Mon Dec 3 16:32:19 2012 +0200

     validate imap object's internal password against imp's auth 
credentials in authenticateCallback.
     This affects the root cause of #11766, #11789, #10228

  imp/lib/Auth.php |    7 +++++++
  1 files changed, 7 insertions(+), 0 deletions(-)

http://git.horde.org/horde-git/-/commit/f1a9c26a2e5e8b5edf4216f6278426593e4dda69
2012-12-03 13:41:47 Ralf Lang (B1 Systems GmbH) Comment #6 Reply to this comment
I compared horde "packages", versions, horde, imp, passwd 
configuration of these both instances but I didn't found anything 
interesting. I have no idea what could be wrong. Do you think that 
could be done with imap server? On both sites is dovecot, maybe 
different version. I can compare configuration, but question is- 
isn't it too low to seek the problem there?
I have no idea why your two setups differ. I progressed in analysis though.

Any IMP action for authenticated session, even ->authenticate or 
->transparent, implies PushApp and thus ->authenticated which in turn 
triggers IMP_Auth->authenticationCallback.

That one however tries to build a whole IMP environment and reuses the 
existing ->ob (IMP_Imap) instance to detect the namespace. This is 
where it fails because of the old, unchanged credentials.

I'm preparing a patch but it looks rather ugly so far and I am not 
sure it doesn't imply performance loss.
2012-12-03 07:57:09 aba (at) sundown (dot) cz Comment #5 Reply to this comment
Hi,
you are right that problem still persists.

Strange is, that on two horde webmail instances passwd has different 
behaviour. On first it works now (and honestly i'm not sure if I test 
it there when I opened this bug) and on second it still fails.

I compared horde "packages", versions, horde, imp, passwd 
configuration of these both instances but I didn't found anything 
interesting. I have no idea what could be wrong. Do you think that 
could be done with imap server? On both sites is dovecot, maybe 
different version. I can compare configuration, but question is- isn't 
it too low to seek the problem there?

Petr
2012-12-03 06:36:14 Ralf Lang (B1 Systems GmbH) Comment #4
State ⇒ Assigned
Reply to this comment
Well, I can reproduce it.

What basically happens is this:
When Horde uses imp as authentication and password is changed by 
passwd, for example via postfix admin database table, it also resets 
the session. It does not (and cannot easily) reset the internally 
stored imap connection.

I'm still resolving what happens afterwards.

I tried to add explicit re-authentication to passwd and additional 
code to IMP_Auth which would destroy/reopen an imap connection if 
parameter credentials do not match the IMAP ->ob credentials.

It does not get there though.

Somewhere in the stack between Horde's Auth_Application instance and 
imp's auth_application instance (_base) it already tries to access the 
imap object (probably part of application startup for an already 
authenticated scenario) before it can run IMP_Auth->authenticate. I'm 
still tracing where this happens, but any suggestions are welcome.
2012-12-01 21:27:29 aba (at) sundown (dot) cz Comment #3 Reply to this comment
I will look into this if it's a passwd issue. I remember a ticket 
about imp or the imap components caching credentials and not 
allowing to refresh them during a session. But I do not find that 
ticket now, maybe it's resolved.
seems to be fixed in horde webmail 5.0.2, you can close it
2012-11-27 15:48:05 Ralf Lang (B1 Systems GmbH) Comment #2
Assigned to Ralf Lang (B1 Systems GmbH)
Assigned to Horde DevelopersHorde Developers
Reply to this comment
I will look into this if it's a passwd issue. I remember a ticket 
about imp or the imap components caching credentials and not allowing 
to refresh them during a session. But I do not find that ticket now, 
maybe it's resolved.
2012-11-27 15:45:18 aba (at) sundown (dot) cz Comment #1
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 2. Medium
Summary ⇒ [passwd] imp is not activated.
Queue ⇒ Passwd
Milestone ⇒
Patch ⇒ No
Reply to this comment
Hi,
with the latest passwd I'm using postfixadmin (SQL) backend. Passwd 
let me to change passwd but after submision I got this message to log 
"2012 Nov 27 15:36:43 mail [passwd] imp is not activated. [pid 23717 
on line 1457 of "/usr/share/php/Horde/Registry.php"]"

and following text on screen:


A fatal error has occurred
imp is not activated.

1. Horde_Notification_Handler->push() /var/www/webmail/passwd/index.php:146
2. Horde_Core_Notification_Handler_Decorator_Base->push() 
/usr/share/php/Horde/Notification/Handler.php:255
3. Horde_Registry->pushApp() 
/usr/share/php/Horde/Core/Notification/Handler/Decorator/Base.php:37

Details
The full error message is logged in Horde's log file, and is shown 
below only to administrators. Non-administrative users will not see 
error details.

Horde_Exception_PushApp Object
(
     [application] => imp
     [details] =>
     [logged] => 1
     [_logLevel:protected] => 0
     [message:protected] => imp is not activated.
     [string:Exception:private] =>
     [code:protected] => 2
     [file:protected] => /usr/share/php/Horde/Registry.php
     [line:protected] => 1457
     [trace:Exception:private] => Array
         (
             [0] => Array
                 (
                     [file] => 
/usr/share/php/Horde/Core/Notification/Handler/Decorator/Base.php
                     [line] => 37
                     [function] => pushApp
                     [class] => Horde_Registry
                     [type] => ->
                     [args] => Array
                         (
                             [0] => imp
                             [1] => Array
                                 (
                                     [check_perms] => 1
                                     [logintasks] =>
                                 )

                         )

                 )

             [1] => Array
                 (
                     [file] => /usr/share/php/Horde/Notification/Handler.php
                     [line] => 255
                     [function] => push
                     [class] => Horde_Core_Notification_Handler_Decorator_Base
                     [type] => ->
                     [args] => Array
                         (
                             [0] => Horde_Core_Notification_Event_Status Object
                                 (
                                     [charset] => UTF-8
                                     [message] => Failure in changing 
password for Postfix Admin server: Authentication failed.
                                     [flags] => Array
                                         (
                                         )

                                     [type] => horde.error
                                 )

                             [1] => Array
                                 (
                                 )

                         )

                 )

             [2] => Array
                 (
                     [file] => /var/www/webmail/passwd/index.php
                     [line] => 146
                     [function] => push
                     [class] => Horde_Notification_Handler
                     [type] => ->
                     [args] => Array
                         (
                             [0] => Failure in changing password for 
Postfix Admin server: Authentication failed.
                             [1] => horde.error
                         )

                 )

         )

     [previous:Exception:private] =>
)

thanks
Petr

Saved Queries