Your message dated Mon, 02 Feb 2015 10:04:23 +0000 with message-id <[email protected]> and subject line Bug#774128: fixed in cyrus-imapd-2.4 2.4.17+caldav~beta10-17 has caused the Debian Bug report #774128, regarding cyrus-caldav: [PATCH] dav: Fails when multiple accounts accessing private calendars from same client to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 774128: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774128 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: cyrus-caldav Version: 2.4.17+caldav~beta10-13~dfd2 Severity: normal Tags: patch Due to strict interpretation/implementation of HTTP Auth RFC having private calendars from multiple accounts accessed by the same instance of a client (e.g. Icedove) fails with "403 Forbidden" for any accounts accessed after the first. This issue is why Mozilla added the about:config option calendars.network.multirealm option (which apparently is also apparently iCal's default behavior). In short it is required to have HTTP Auth occur for different URI's not just different server names because calendars are not differentied by server name but instead by URI. This attached patch is a hack that that re-requests HTTP Auth if the current http userid does not match the userid in the calender URI and HTTP header does not have a an Authorization field. Description: Fix CalDAV/CardDAV for multiple user's calendars from same client Workaround for accessing different users' collections on the same server with same hostname. Without this fix, this fails because HTTP auth is only done once. This is the same issue that had Mozilla Lightning add the calendar.network.multream option. Basically interpretation of RFC's such that HTTP Auth is only done once hostname:port reqardless of the URI causes CalDAV/CardDAV to fail when one does not have a unique hostname:port per user and access to multiple users' calendars is done from the same client, unless one opens up the ACLS so that the calendars are all accessible from a single user (in addition to the owner of the calendar) This workaround forces an authentication request if the userid does not match the user portion of the calendar/addressbook URI. It does require that the client know enough to not use the same authorization for the different calenders (e.g. Mozilla Lightning with multirealm enabled or, apparently, iCal) Index: cyrus-imapd-2.4-2.4.17+caldav~beta10.new/imap/httpd.c =================================================================== --- cyrus-imapd-2.4-2.4.17+caldav~beta10.new.orig/imap/httpd.c +++ cyrus-imapd-2.4-2.4.17+caldav~beta10.new/imap/httpd.c @@ -919,6 +919,9 @@ static void cmdloop(void) const struct namespace_t *namespace; const struct method_t *meth_t; struct request_line_t *req_line = &txn.req_line; + char collection_userid[MAX_MAILBOX_BUFFER]; + char *user_loc; + int has_authorization = 0; /* Reset txn state */ txn.meth = METH_UNKNOWN; @@ -1200,6 +1203,7 @@ static void cmdloop(void) /* Perform authentication, if necessary */ if ((hdr = spool_getheader(txn.req_hdrs, "Authorization"))) { + has_authorization = 1; if (httpd_userid) { /* Reauth - reinitialize */ syslog(LOG_DEBUG, "reauth - reinit"); @@ -1244,6 +1248,33 @@ static void cmdloop(void) } } + /* Workaround for accessing different users' collections on the same server + with same hostname. Without this fix, this fails because HTTP auth is + only done once. This is the same issue that had Mozilla Lightning add + the calendar.network.multream option. + Basically interpretation of RFC's such that HTTP Auth is only done once + hostname:port reqardless of the URI causes CalDAV/CardDAV to fail when + one does not have a unique hostname:port per user and access to multiple + users' calendars is done from the same client, unless one opens up the + ACLS so that the calendars are all accessible from a single user (in + addition to the owner of the calendar) + This workaround forces an authentication request if the userid does not + match the user portion of the calendar/addressbook URI. It does require + that the client know enough to not use the same authorization for the + different calenders (e.g. Mozilla Lightning with multirealm enabled + or, apparently, iCal) + */ + if (!has_authorization && httpd_userid) { + user_loc = strstr(txn.req_uri->path, "/user/"); + if (user_loc != NULL) { + user_loc += 6; + strlcpy(collection_userid, user_loc, strcspn(user_loc, "/")); + if (strcmp(collection_userid, httpd_userid)) { + *httpd_userid = 0; + } + } + } + /* Request authentication, if necessary */ switch (txn.meth) { case METH_GET: -- System Information: Debian Release: 8.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/5 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages cyrus-caldav depends on: ii cyrus-common 2.4.17+caldav~beta10-13~dfd2 ii dpkg 1.17.22 ii libc6 2.19-13 ii libcomerr2 1.42.12-1 ii libdb5.3 5.3.28-7~deb8u1 ii libical1 1.0-1.1 ii libkrb5-3 1.12.1+dfsg-16 ii libsasl2-2 2.1.26.dfsg1-12 ii libsqlite3-0 3.8.7.1-1 ii libssl1.0.0 1.0.1j-1 ii libwrap0 7.6.q-25 ii libxml2 2.9.1+dfsg1-4 ii zlib1g 1:1.2.8.dfsg-2+b1 cyrus-caldav recommends no packages. cyrus-caldav suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: cyrus-imapd-2.4 Source-Version: 2.4.17+caldav~beta10-17 We believe that the bug you reported is fixed in the latest version of cyrus-imapd-2.4, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ondřej Surý <[email protected]> (supplier of updated cyrus-imapd-2.4 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 02 Feb 2015 10:27:53 +0100 Source: cyrus-imapd-2.4 Binary: cyrus-common cyrus-doc cyrus-imapd cyrus-pop3d cyrus-admin cyrus-murder cyrus-replication cyrus-nntpd cyrus-caldav cyrus-clients cyrus-dev libcyrus-imap-perl cyrus-common-2.4 cyrus-doc-2.4 cyrus-imapd-2.4 cyrus-pop3d-2.4 cyrus-admin-2.4 cyrus-murder-2.4 cyrus-replication-2.4 cyrus-nntpd-2.4 cyrus-caldav-2.4 cyrus-clients-2.4 cyrus-dev-2.4 libcyrus-imap-perl24 Architecture: source all Version: 2.4.17+caldav~beta10-17 Distribution: unstable Urgency: medium Maintainer: Debian Cyrus Team <[email protected]> Changed-By: Ondřej Surý <[email protected]> Description: cyrus-admin - Cyrus mail system - administration tools cyrus-admin-2.4 - Cyrus mail system - administration tools [dummy package] cyrus-caldav - Cyrus mail system - CalDAV and CardDAV support cyrus-caldav-2.4 - Cyrus mail system - CalDAV and CardDAV support [dummy package] cyrus-clients - Cyrus mail system - test clients cyrus-clients-2.4 - Cyrus mail system - test clients [dummy package] cyrus-common - Cyrus mail system - common files cyrus-common-2.4 - Cyrus mail system - common files [dummy package] cyrus-dev - Cyrus mail system - developer files cyrus-dev-2.4 - Cyrus mail system - developer files [dummy package] cyrus-doc - Cyrus mail system - documentation files cyrus-doc-2.4 - Cyrus mail system - documentation files [dummy package] cyrus-imapd - Cyrus mail system - IMAP support cyrus-imapd-2.4 - Cyrus mail system - IMAP support [dummy package] cyrus-murder - Cyrus mail system - proxies and aggregator cyrus-murder-2.4 - Cyrus mail system - proxies and aggregator [dummy package] cyrus-nntpd - Cyrus mail system - NNTP support cyrus-nntpd-2.4 - Cyrus mail system - NNTP support [dummy package] cyrus-pop3d - Cyrus mail system - POP3 support cyrus-pop3d-2.4 - Cyrus mail system - POP3 support [dummy package] cyrus-replication - Cyrus mail system - replication cyrus-replication-2.4 - Cyrus mail system - replication [dummy package] libcyrus-imap-perl - Interface to Cyrus imap client imclient library libcyrus-imap-perl24 - Interface to Cyrus imap client imclient library [dummy package] Closes: 774128 Changes: cyrus-imapd-2.4 (2.4.17+caldav~beta10-17) unstable; urgency=medium . [Daniel Dickinson] * Fix users in virtual domains cannot access caldav/carddav (Closes: #774128) Checksums-Sha1: eb6a5723e3f1d212ca126becb20fd49b8af28ab4 4041 cyrus-imapd-2.4_2.4.17+caldav~beta10-17.dsc aeb594e3161e02f501dbacafc7788fd0c47ab0a9 228240 cyrus-imapd-2.4_2.4.17+caldav~beta10-17.debian.tar.xz 5c5186d2adf295853bbee39d6fde33c90e0c2973 289414 cyrus-doc_2.4.17+caldav~beta10-17_all.deb 0aacc7f7ed1d7929e54fde4218d144732b1db82a 82006 cyrus-admin_2.4.17+caldav~beta10-17_all.deb 64cbfc40def77da4aa8a162d0af4eca55db6f88d 20258 cyrus-common-2.4_2.4.17+caldav~beta10-17_all.deb 61497e250ff044488c022a7ea8b42edd512f2c1e 20320 cyrus-doc-2.4_2.4.17+caldav~beta10-17_all.deb 5bcd7d5a4fb138b239e9535186bf92c905d372b5 20310 cyrus-imapd-2.4_2.4.17+caldav~beta10-17_all.deb 9c12e5117f78ee975a8acff5e528c6f91d4bfe36 20322 cyrus-pop3d-2.4_2.4.17+caldav~beta10-17_all.deb 175bbb9cad6c4d49e86b1c715a273dee9e0e4a4a 20324 cyrus-admin-2.4_2.4.17+caldav~beta10-17_all.deb d7ffb894e4c0040c4a246b0ef73e145e7d47ed54 20322 cyrus-murder-2.4_2.4.17+caldav~beta10-17_all.deb 3e9c41aff99ee94d15f315d4f1ec9407c6145ea6 20336 cyrus-replication-2.4_2.4.17+caldav~beta10-17_all.deb e12c6c313a528e2de070d32dee000cd2b086835c 20336 cyrus-nntpd-2.4_2.4.17+caldav~beta10-17_all.deb a850e1adcd58eb1b1f60e696b74b7aaffe0e0f4a 20334 cyrus-caldav-2.4_2.4.17+caldav~beta10-17_all.deb 87b4ed3f449b28ea5b59324e960d0719c0f36470 20330 cyrus-clients-2.4_2.4.17+caldav~beta10-17_all.deb fa133cec6210ea6381656ba24cec1b0140244d52 20314 cyrus-dev-2.4_2.4.17+caldav~beta10-17_all.deb b0e8e52f663258c36d59615e878a0c3328ddaf7d 20348 libcyrus-imap-perl24_2.4.17+caldav~beta10-17_all.deb Checksums-Sha256: 97d61a08313b08c2b2c720e65b39dcfbc20a240de9d33c7c7446912269880b3a 4041 cyrus-imapd-2.4_2.4.17+caldav~beta10-17.dsc 782ed2060e652ed941fd77e55ac52c635081ae2fc139c33ed43af34ffd490810 228240 cyrus-imapd-2.4_2.4.17+caldav~beta10-17.debian.tar.xz 0d8528d2638dc06ee04b40c82bb81c6a7cd50478802303950bce0d84cbdaa88c 289414 cyrus-doc_2.4.17+caldav~beta10-17_all.deb c7e6557d38ae371ea6d1fabd5ae49893720e48b4618b2014318d32b5bf9043da 82006 cyrus-admin_2.4.17+caldav~beta10-17_all.deb dcae5283a5c14b58a37e42049e417932a0ef9657dccc2274a54a1f5f32dce148 20258 cyrus-common-2.4_2.4.17+caldav~beta10-17_all.deb 938f9981f216ee6aa125f93186e5df0d92b1bb1c07421dfc4fc6686e7d89e744 20320 cyrus-doc-2.4_2.4.17+caldav~beta10-17_all.deb bfd06c4175847ed27efb7724d249174f34b13a15dab90130ead72946d0381cfa 20310 cyrus-imapd-2.4_2.4.17+caldav~beta10-17_all.deb 0a55da2b67a8a3a7a25ec015e29099d69f363f1633021285939756122e955f12 20322 cyrus-pop3d-2.4_2.4.17+caldav~beta10-17_all.deb b066a422cdfbcabb90b27f03031ae9d41bae8e88eb734113a24ae6b95a16b5d8 20324 cyrus-admin-2.4_2.4.17+caldav~beta10-17_all.deb 3dae89658e09b5fd7f1a16fa8a0a5819c745cf975de7a65a5357703c196d0295 20322 cyrus-murder-2.4_2.4.17+caldav~beta10-17_all.deb 61f650301dd509340620516fa9ba784d669dd8f2d5d4a1548609ece98e7d8449 20336 cyrus-replication-2.4_2.4.17+caldav~beta10-17_all.deb bd3e8159d3e4f78d788d064b4fa8b567a4d8d4df1c55c4f4e228814aabbdd3f8 20336 cyrus-nntpd-2.4_2.4.17+caldav~beta10-17_all.deb f8ceb8fc1d4e43b3855c5ee9a1712bf13a9df3eb26ab2a3ddcd795a9617a2b06 20334 cyrus-caldav-2.4_2.4.17+caldav~beta10-17_all.deb 326a3f6e352eba4ce04d73231107ee0481aa14b2d9d260be4e6477e6457e5def 20330 cyrus-clients-2.4_2.4.17+caldav~beta10-17_all.deb 505f8caa988d3fbbfa943797bf84b30cebb81cbc3808ee90c7f3ca315bc1b1a3 20314 cyrus-dev-2.4_2.4.17+caldav~beta10-17_all.deb 0823a5e3a68511acdaaca4590296b1a696ebb1b41c55a5b2b94cfc9a55a3f41f 20348 libcyrus-imap-perl24_2.4.17+caldav~beta10-17_all.deb Files: 8dfe070a5007fdf29187d10bfd65be54 4041 mail extra cyrus-imapd-2.4_2.4.17+caldav~beta10-17.dsc f92b124afc9b34228e796b90f02e4a13 228240 mail extra cyrus-imapd-2.4_2.4.17+caldav~beta10-17.debian.tar.xz 36c56eece370dd03440c9156a7c1cab1 289414 doc extra cyrus-doc_2.4.17+caldav~beta10-17_all.deb 3657cabf85379e2b7c04b90b4c42e146 82006 mail extra cyrus-admin_2.4.17+caldav~beta10-17_all.deb 6dcb849d68e29188bb3419b354e0e51f 20258 oldlibs extra cyrus-common-2.4_2.4.17+caldav~beta10-17_all.deb 1cc9b5eb8a1729eef491cba20edb2e38 20320 oldlibs extra cyrus-doc-2.4_2.4.17+caldav~beta10-17_all.deb 9013de5be4efbc0674f3774e138c5715 20310 oldlibs extra cyrus-imapd-2.4_2.4.17+caldav~beta10-17_all.deb 1c0f044bc5706f915ab20de0c254112e 20322 oldlibs extra cyrus-pop3d-2.4_2.4.17+caldav~beta10-17_all.deb df0f085b9102d09f78b8c70033b59eeb 20324 oldlibs extra cyrus-admin-2.4_2.4.17+caldav~beta10-17_all.deb 16858cd41dbebf594b62e1117f738451 20322 oldlibs extra cyrus-murder-2.4_2.4.17+caldav~beta10-17_all.deb 684a41fcb9a1a7ccc0b581dc3060643c 20336 oldlibs extra cyrus-replication-2.4_2.4.17+caldav~beta10-17_all.deb f1c910cac9883b000f98351aabbd82fb 20336 oldlibs extra cyrus-nntpd-2.4_2.4.17+caldav~beta10-17_all.deb b64f212b67c8e93ad5d5eb232bf99d25 20334 oldlibs extra cyrus-caldav-2.4_2.4.17+caldav~beta10-17_all.deb 1e51bce3275582bbcbe544bf2a2935ad 20330 oldlibs extra cyrus-clients-2.4_2.4.17+caldav~beta10-17_all.deb f04ad25b20ee2f5be6fe6a9c754fd823 20314 oldlibs extra cyrus-dev-2.4_2.4.17+caldav~beta10-17_all.deb 3298cb0595e8c25d432272a7b9af6b91 20348 oldlibs extra libcyrus-imap-perl24_2.4.17+caldav~beta10-17_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJUz0YJXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMEI5MzNEODBGQ0UzRDk4MUEyRDM4RkIw Qzk5QjcwRUY0RkNCQjA3AAoJEAyZtw70/LsHG0gP/jATttPedzhZsTN7HFOoHnfK Og+xH6C4GbXmL/DoCUMq0yx5EzhnoA/rdhiX6/Ep8ROZNyCcYtCB2ecJMyvl5tz2 4Bv69Olwj47Wzx7NWm+6rwUBwQ4EqjGx7GR40EoYjwDIhITUBQsjvLfywjuY9qRZ ogghpldB0ktrMhT9r7aNzBHUA8+X/jAYxW3qgCBXTwR9jnWD/mMgw4t3mzTCtcIV 5JVCT03jllApxS/8YFTYHwWyOgX/88bYhNMjEC1w9uTrJ5uyCALpQP3iqERGOxAP n/WvtEpHc/qLJNNQGp6SHkcP2ZhfP/clhOErrS+oKmPDQsTP/lFSAl8jL9KKH4Jg QBFX8zT996PipwK9K+ff7L2kr25bTFk7RhafgJTvedwNOcvaYzvqlTrLg8Jl38eH p7R4nWjr0BS+byRYyopEVi7pEAZNifL03wphEG7JpvU2BEJutE7sasiqpupp5m0j YxfN/m3N/w3SCQ2RLckTuzGW3i/BtTksfP/oaN775V2tQpc0ZHevU0BQys2h2Mzo f7SYJDKKI7wLVuL7bhw01biNUWNqnW3e0s7KJlAJz7+Y3Dx3ujWi1F/0xDI6+Y4Z vyeBCDSxC35uHTB6JqU5O1IoehIR58bwKbIVRiC3C68edRyQnlhsJp/QWr6z2jST l9AwagexVqCntFRsbNG2 =1BHm -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ Pkg-Cyrus-imapd-Debian-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-cyrus-imapd-debian-devel
