phpgroupware-tracker
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-tracker] [Bug #800] Authentication via mail server doesn't


From: nobody
Subject: [Phpgroupware-tracker] [Bug #800] Authentication via mail server doesn't work.
Date: Tue, 03 Sep 2002 18:52:02 -0400

=================== BUG #800: LATEST MODIFICATIONS ==================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=800&group_id=509

Changes by: Mark A Peters <address@hidden>
Date: 2002-Sep-03 18:52 (EST5EDT)

            What     | Removed                   | Added
---------------------------------------------------------------------------
              Status | Open                      | Closed




=================== BUG #800: FULL BUG SNAPSHOT ===================


Submitted by: None                      Project: phpGroupWare                   
Submitted on: 2002-Jul-04 08:20
Category:  API - phpGWapi               Bug Group:  0.9.14 RC3                  
Severity:  5 - Major                    Priority:  None                         
Resolution:  Fixed                      Assigned to:  skeeter                   
Status:  Closed                         Platform Version:  None                 
Reproducibility:  Every Time            

Summary:  Authentication via mail server doesn't work.

Original Submission:  Ok, it took me some time to get login to send correct 
usernames to the mailserver (why can't it just send what there's in the box? I 
mean it really makes not much sense to me that it strips  @domain away so I 
have to mess with setup to get it back. Further it makes it absolutely 
impossible to use the same install with more than one domain, so what about 
just sending the username the user entered to the mail server?) I now end up
with the following error message:

Database error: Invalid SQL: SELECT account_type FROM phpgw_accounts WHERE 
account_id=

File: /web/apache_root/phpgroupware/phpgwapi/inc/class.accounts_sql.inc.php
Line: 232

Session halted.
Fatal error: Call to undefined function: parse_navbar_end() in 
/web/apache_root/phpgroupware/phpgwapi/inc/footer.inc.php on line 62

The weird thing is that if I switch back to SQL authentication in setup, it 
will work perfectly again!


Follow-up Comments
*******************

-------------------------------------------------------
Date: 2002-Sep-03 07:02             By: sheimers
Sorry, my fault. I didn't update class.accounts_sql.inc.php yesterday, only 
class.sessions_db.inc.php. With both of your patches it works perfectly.

Thank you very much, from my point of view you can close this bug and Bug #1038.

Stefan Heimers


-------------------------------------------------------
Date: 2002-Sep-02 18:26             By: skeeter
What gets me here, is that if the account doesn't exist just yet, why would it 
still be returning that the account_type is == 'g' (denoting that it is a 
group.)  That line is important in here as it verifies that the user is not 
attempting to login as a user group.  Because for the most part, those account 
types (groups) are insecure.

Now, I've looked at the accounts->get_type() function and everything in there 
looks like it would return False if the account does not exist.  What method of 
account repository are you using (LDAP/sql/??)?

Thanks,
Mark A Peters (Skeeter)

-------------------------------------------------------
Date: 2002-Sep-02 17:21             By: sheimers
BTW, Bug #1038 seems to be the same problem. 

-------------------------------------------------------
Date: 2002-Sep-02 17:18             By: sheimers
Sorry, it still tries a get_type() on a not yet created user (for valid NIS or 
email users with no database entry set up yet) and bails out. You have to move 
the test for get_type() == 'g' down below the auto_add() like this, then it 
works:



if (! $GLOBALS['phpgw']->auth->authenticate($this->account_lid, $this->passwd, 
$this->passwd_type
) )
                        {
                                return False;
                                exit;
                        }

                

                        if 
(!$GLOBALS['phpgw']->accounts->exists($this->account_lid) && 
$GLOBALS['phpgw_info']['server'][
'auto_create_acct'] == True)
                        {
                                $this->account_id = 
$GLOBALS['phpgw']->accounts->auto_add($this->account_lid, $passwd);
                        }
                        else
                        {
                                $this->account_id = 
$GLOBALS['phpgw']->accounts->name2id($this->account_lid);
                        }


                        if ( 
$GLOBALS['phpgw']->accounts->get_type($this->account_lid) == 'g')
                        {
                
                                return False;
                        }       





By the way, does this "exit;" make sense in there?

{
   return False;
   exit;
}

I think exit is not reachable in this context.

-------------------------------------------------------
Date: 2002-Sep-01 22:34             By: skeeter
I think I have a solution for this in CVS.  Try grabbing an update of the .14 
branch, and give it a try and see if that corrects the problem.  Let us know 
your results, so I can close this out if it works correctly for you.

Thanks,
Mark A Peters (Skeeter)

-------------------------------------------------------
Date: 2002-Aug-21 20:47             By: None
I have the same problem with NIS and MySQL. It seems to be in 
class.sessions_db.inc.php, when loging in as a valid NIS user without a phpgw 
account in the SQL database.


The following statement is causing it. Its purpose is to check if the login is 
correct (which works) and to see if the account is no group but a user (which 
fails in get_type because the account is not yet created)

if (! $GLOBALS['phpgw']->auth->authenticate($this->account_lid, $this->passwd, 
$this->passwd_type) || 
$GLOBALS['phpgw']->accounts->get_type($this->account_lid) == 'g')
                        {
                                echo "could not authenticate<br>";
                                return False;
                                exit;
                        }


You have to split the two checks and test for a group after the auto_add 
statement some lines below.

I try to attach the working version of that file.


Hope that helps,
 Stefan Heimers (address@hidden)


-------------------------------------------------------
Date: 2002-Aug-20 03:42             By: None
how did you get the authentication by email to work? I want to use this method 
but, as you state, it does not work.


-------------------------------------------------------
Date: 2002-Jul-06 04:28             By: None
This also seems to happen with other auth methods when Email is selected, 
FeLaMiMail works, though!


File Attachments
****************

-------------------------------------------------------
Date: 2002-Aug-21 20:47  Name: class.sessions_db.inc.php  Size: 32KB   By: None
fixed verion of that file (login without sql account)
http://savannah.gnu.org/bugs/download.php?group_id=509&bug_id=800&bug_file_id=74


For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=800&group_id=509




reply via email to

[Prev in Thread] Current Thread [Next in Thread]