[Kolab-devel] [issue2549] Resource manager creates events in wrong account
Sascha Wilde
kolab-issues at intevation.de
Fri Mar 14 17:58:22 CET 2008
New submission from Sascha Wilde <wilde at intevation.de>:
Example:
On a test system I have 3 resource accounts:
accept at test.example
accept2 at test.example
accept-mayeb at test.example
Now a user invites accept at test.example (which is configured to always
accept invitations) and gets a reply that accept at test.example accepted
the invitation.
BUT: the event is not added to the calendar folder of
accept at test.example but to that of accept-mayeb@@test.example.
Assuming that this problem not only exists for resource but also for
group accounts leads to the conclusion that it is not only a serious
functionality bug but also a security issue, as members of an group
account might get an event in there calendar which they weren't
supposed to see.
Here is an excerpt from filter.log, which provides some hints on whats
going on here:
Mar 14 17:01:12 Kolab Filter [debug] [horde] Filter_Incoming starting up
(sender=1 at test.example, recipients=accept at test.example,
client_address=127.0.0.1) [pid 29192 on line 184 of
"/kolab/lib/php/Kolab/Filter/Filter.php"]
Mar 14 17:01:12 Kolab Filter [debug] [horde] Found iCal data in message [pid
29192 on line 65 of "/kolab/lib/php/Kolab/Filter/Incoming.php"]
Mar 14 17:01:12 Kolab Filter [debug] [horde] Calling
resmgr_filter(kolab-server.test.example, 1 at test.example, accept at test.example,
/kolab/var/kolab-filter/tmp/IN.Filter_Incoming.wxUuii) [pid 29192 on line 125 of
"/kolab/lib/php/Kolab/Filter/Incoming.php"]
[...]
Mar 14 17:01:12 Kolab Filter [debug] [horde] Action for 1 at test.example is
ACT_ALWAYS_ACCEPT [pid 29192 on line 1166 of
"/kolab/lib/php/Kolab/Filter/Resource.php"]
Mar 14 17:01:12 Kolab Filter [debug] [horde] Processing REQUEST method for
accept at test.example [pid 29192 on line 1211 of
"/kolab/lib/php/Kolab/Filter/Resource.php"]
Mar 14 17:01:12 Kolab Filter [debug] [horde] Event has UID [pid 29192 on line
1217 of "/kolab/lib/php/Kolab/Filter/Resource.php"]
[...]
Mar 14 17:01:12 Kolab Filter [debug] [horde] Logging into 127.0.0.1 as user
calendar at test.example to access user/accept/Calendar [pid 29192 on line 651 of
"/kolab/lib/php/Kolab/Filter/Resource.php"]
Mar 14 17:01:12 Kolab Filter [debug] [horde] Mailboxes under account: Array
(
[0] => user/accept
[1] => user/accept-maybe
[2] => user/accept-maybe/Calendar
[3] => user/accept/Calendar
[4] => user/accept2
[5] => user/accept2/Calendar
)
[pid 29192 on line 677 of "/kolab/lib/php/Kolab/Filter/Resource.php"]
[...]
Mar 14 17:01:12 Kolab Filter [debug] [horde] /vendor/kolab/folder-type
annotation for folder user/accept-maybe/Calendar is event.default [pid 29192 on
line 684 of "/kolab/lib/php/Kolab/Filter/Resource.php"]
Mar 14 17:01:12 Kolab Filter [debug] [horde] Selecting
user/accept-maybe/Calendar for calendar at test.example [pid 29192 on line 723 of
"/kolab/lib/php/Kolab/Filter/Resource.php"]
Mar 14 17:01:12 Kolab Filter [debug] [horde] Successfully connected to
user/accept-maybe/Calendar. [pid 29192 on line 735 of
"/kolab/lib/php/Kolab/Filter/Resource.php"]
[...]
Mar 14 17:01:12 Kolab Filter [info] [horde] Adding event libkcal-310537901.731
[pid 29192 on line 1374 of "/kolab/lib/php/Kolab/Filter/Resource.php"]
Mar 14 17:01:12 Kolab Filter [debug] [horde] Appending message to
user/accept-maybe/Calendar [pid 29192 on line 1405 of
"/kolab/lib/php/Kolab/Filter/Resource.php"]
[...]
----------
assignedto: wilde
messages: 14099
nosy: bernhard, martin, thomas, till, wilde, wrobel
priority: critical
status: unread
title: Resource manager creates events in wrong account
topic: server
___________________________________________________
Kolab issue tracker <kolab-issues at intevation.de>
<https://www.intevation.de/roundup/kolab/issue2549>
___________________________________________________
More information about the devel
mailing list