6.0.0-git
2019-03-21

[#8388] Kronolith webdav user@xy.de gets userxy.de
Summary Kronolith webdav user@xy.de gets userxy.de
Queue Kronolith
Queue Version 2.3.1
Type Bug
State Not A Bug
Priority 2. Medium
Owners
Requester justheadaches (at) googlemail (dot) com
Created 2009-06-28 (3553 days ago)
Due
Updated 2009-08-18 (3502 days ago)
Assigned 2009-06-28 (3553 days ago)
Resolved 2009-08-18 (3502 days ago)
Milestone
Patch No

History
2009-08-18 15:51:35 justheadaches (at) googlemail (dot) com Comment #10 Reply to this comment
Well, these are Apache errors, I'm not sure why you think this is a
Horde problem. How did you access the URLs anyway?
Please follow up on the mailing list, this rather seems to be a
support issue than a bug in Horde.
thanks for your reply



but if this is an apache error why is the user,pass in the mysql.log 
null ?!? its not logical, i think this is an horde error anyway



config url for access from sunbird:

https://xx.de/horde/rpc.php/kronolith/abc@xx.de/abc@xx.de.ics



apache error log when accessing from sunbird with the above url

[Sun Jun 28 07:10:41 2009] [error] [client 111.111.111.111] user

abc@xx.de not found: /horde/rpc.php/kronolith/abc@xx.de/abc@xx.de.ics



MYSQL LOG

                1191 Query       SELECT password FROM users WHERE email = ''

                     1191 Init DB     mail

                     1191 Query       SELECT * FROM users WHERE email =

'' AND password = ENCRYPT(NULL,"aa")




2009-08-18 13:28:59 Jan Schneider Comment #9
State ⇒ Not A Bug
Reply to this comment
Well, these are Apache errors, I'm not sure why you think this is a 
Horde problem. How did you access the URLs anyway?

Please follow up on the mailing list, this rather seems to be a 
support issue than a bug in Horde.
2009-07-20 15:54:47 justheadaches (at) googlemail (dot) com Comment #8 Reply to this comment
What you write is very confusing. *How* did you set up authentication
in Horde?
Hello Jan thanks for your reply, im using virtual users in mysql



snip from horde/config/conf.php:

$conf['auth']['params']['query_auth'] = 'SELECT * FROM users WHERE 
email = \L AND password = ENCRYPT(\P,"aa")';

$conf['auth']['params']['query_add'] = 'INSERT INTO users (email, 
password, quota) VALUES (\L, ENCRYPT(\P,"aa"), 1048576000)';

$conf['auth']['params']['query_getpw'] = 'SELECT password FROM users 
WHERE email = \L';

$conf['auth']['params']['query_update'] = 'UPDATE users SET password = 
ENCRYPT(\P,"aa") WHERE email = \L';

$conf['auth']['params']['query_resetpassword'] = 'UPDATE users SET 
password = ENCRYPT(\P,"aa") WHERE email = \L';

$conf['auth']['params']['query_remove'] = 'DELETE FROM users WHERE 
email = \L limit 1';

$conf['auth']['params']['query_list'] = 'SELECT email FROM users';

$conf['auth']['params']['query_exists'] = 'SELECT 1 FROM users WHERE 
email = \L';


2009-07-20 15:48:52 Jan Schneider Comment #7 Reply to this comment
What you write is very confusing. *How* did you set up authentication 
in Horde?
2009-07-02 23:16:15 justheadaches (at) googlemail (dot) com Comment #6 Reply to this comment




any tipps according to mysql log?






2009-06-28 22:23:11 justheadaches (at) googlemail (dot) com Comment #5 Reply to this comment
as you can see the password and username are lost?!?



but the question is now, where the hack are the credentials gone :D



mysql.log

               1191 Query       SELECT password FROM users WHERE email = ''

                    1191 Init DB     mail

                    1191 Query       SELECT * FROM users WHERE email = 
'' AND password = ENCRYPT(NULL,"aa")





what file could I look for ? im quite new to horde :(
2009-06-28 18:04:58 justheadaches (at) googlemail (dot) com Comment #4 Reply to this comment
but i think this is not really relevant?



my kronolith/config/conf.php

$conf['calendar']['params']['table'] = 'kronolith_events';

$conf['calendar']['params']['driverconfig'] = 'horde';

$conf['calendar']['driver'] = 'sql';

$conf['storage']['params']['table'] = 'kronolith_storage';

$conf['storage']['params']['driverconfig'] = 'horde';

$conf['storage']['driver'] = 'sql';

$conf['metadata']['keywords'] = false;

$conf['reminder']['server_name'] = 'xy.de';

$conf['reminder']['from_addr'] = 'admin@xy.de';

$conf['autoshare']['shareperms'] = 'edit';

$conf['holidays']['enable'] = true;

$conf['menu']['print'] = true;

$conf['menu']['import_export'] = true;

$conf['menu']['apps'] = array();


2009-06-28 17:55:24 justheadaches (at) googlemail (dot) com Comment #3 Reply to this comment
Do you have a username hook?
no just custom sql



im logging in to postfix as aa@xy.de

in horde i have custom sql settings for that table and im loggin in as 
aa@xy.de



this works fine

for gollem im using also virtual user vsftpd/mysql this works also 
with aa@xy.de referenced to the same table




2009-06-28 16:21:42 Chuck Hagenbuch Comment #2
State ⇒ Feedback
Reply to this comment
Do you have a username hook?
2009-06-28 05:15:11 justheadaches (at) googlemail (dot) com Comment #1
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 2. Medium
Summary ⇒ Kronolith webdav user@xy.de gets userxy.de
Queue ⇒ Kronolith
Milestone ⇒
Patch ⇒ No
Reply to this comment
a little bit strange behaviour

...

im trying to get kronlith to work with sunbird while testing i see 
some strange behaviour in apache/error.log like:



in firefox 3.0.11

the user for webdav is changed from abc@xx.de to abcxx.de

[Sun Jun 28 06:32:44 2009] [error] [client 93.104.106.176] user 
abcxx.de not found: /horde/rpc.php/kronolith/abc@xx.de/abc@xx.de.ics



in internet explorer 7

[Sun Jun 28 07:03:23 2009] [error] [client 93.104.106.176] user 
abc@xx.de not found: /horde/rpc.php/kronolith/abc@xx.de/abc@xx.de.ics

[Sun Jun 28 07:03:23 2009] [error] [client 93.104.106.176] request 
failed: error reading the headers

im getting header error and a blank page



in chrome

[Sun Jun 28 07:08:46 2009] [error] [client 93.104.106.176] user 
abc@xx.de not found: /horde/rpc.php/kronolith/abc@xx.de/abc@xx.de.ics



in sunbird

[Sun Jun 28 07:10:41 2009] [error] [client 93.104.106.176] user 
abc@xx.de not found: /horde/rpc.php/kronolith/abc@xx.de/abc@xx.de.ics



my login in horde is abc@xx.de

im using virtual users with postifx



as there is a failure in firefox i think the user@domain isn't 
supported yet nor will ?

how could i try to fix this?



regards

Saved Queries