tine20
tine20 copied to clipboard
tine20
0013708: Hidden groups break webdav due to missing
Reported by lab-at-nohl on 21 Jan 2018 02:11
Version: 2017.08.11 Community Edition
If user is member of a group which has set visibility to "do not show in address book" calDAV folder detection breaks (curiosity: you would rather expect cardDAV to be affected, but it isn't).
Steps to reproduce: Try to add new account with davdroid on Android. Switch visibility on or off.
Additional information: 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Tinebase_Core::setupUserLocale::1165 given localeString 'auto' 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Tinebase_Core::setupUserLocale::1192 Try to detect the locale of the user (browser, environment, default) 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Tinebase_Translation::getLocale::199 given localeString 'auto' 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Tinebase_Translation::getLocale::211 'de_DE' is not supported, checking fallback 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Tinebase_Translation::getLocale::237 selected locale: 'de' 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Tinebase_Core::setupUserLocale::1206 Saving locale: de 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Tinebase_Preference_Abstract::setValueForUser::481 Updated: locale for user 3173a20e-6c19-1034-948b-17a0cca20f00 -> de 4e91b testuser - 2018-01-21T01:59:13+00:00 INFO (6): Tinebase_Core::setupUserLocale::1216 Setting user locale: de 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Tinebase_Preference_Abstract::getValueForUser::287 Get value for timezone of account id 3173a20e-6c19-1034-948b-17a0cca20f00 / user 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Tinebase_Core::setupUserTimezone::1265 User timezone: Europe/Berlin 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Tinebase_Auth_CredentialCache::setCacheAdapter::117 Using credential cache adapter: Tinebase_Auth_CredentialCache_Adapter_Cookie 4e91b testuser - 2018-01-21T01:59:13+00:00 INFO (6): Tinebase_Server_WebDAV::handle::97 Starting to handle WebDAV request (requestUri:/principals/users/74/ PID: 11654) 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Tinebase_Server_WebDAV::handle::108 headers: Array ( [accept-language] => de-DE, de;q=0.7, *;q=0.5 [user-agent] => DAVdroid/1.9.7-ose (2017/12/24; dav4android; okhttp3) Android/7.1.1 [accept-encoding] => gzip [connection] => Keep-Alive [host] => testtine.de [content-length] => 360 [content-type] => application/xml; charset=utf-8 [depth] => 0 )
4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Tinebase_Server_WebDAV::handle::111 requestContentType: application/xml; charset=utf-8 requestMethod: PROPFIND 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Tinebase_Server_WebDAV::handle::120 <<< *DAV request <?xml version='1.0' encoding='UTF-8' ?><propfind xmlns="DAV:" xmlns:CAL="urn:ietf:params:xml:ns:caldav" xmlns:CARD="urn:ietf:params:xml:ns:carddav"><prop><CAL:calendar-home-set /><n0:calendar-proxy-read-for xmlns:n0="http://calendarserver.org/ns/" /><n1:calendar-proxy-write-for xmlns:n1="http://calendarserver.org/ns/" /><group-membership /></prop></propfind> 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Tinebase_Server_WebDAV::handle::178 SyncTokenSupport enabled 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Tinebase_Controller_Record_Abstract::checkFilterACL::2086 Force a standard containerFilter (specialNode = all) as ACL filter. 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Tinebase_Container::_resolveRecordClassArgument::400 Using application name is deprecated. Please use the classname of the model or the class itself. 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Tinebase_Container::getContainerByACL::459 app: Addressbook / account: testuser / grant:readGrant/adminGrant 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Addressbook_Model_ContactHiddenFilter::appendFilterSql::41 Query account contacts (hide if status = disabled) 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Tinebase_Controller_Record_Abstract::search::245 Got 1 search results of Addressbook_Model_Contact 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Tinebase_Controller_Record_Abstract::checkFilterACL::2086 Force a standard containerFilter (specialNode = all) as ACL filter. 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Tinebase_Container::_resolveRecordClassArgument::400 Using application name is deprecated. Please use the classname of the model or the class itself. 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Tinebase_Container::getContainerByACL::459 app: Addressbook / account: testuser / grant:readGrant/adminGrant 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Tinebase_Controller_Record_Abstract::search::245 Got 1 search results of Addressbook_Model_List 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Tinebase_Controller_Record_Abstract::checkFilterACL::2086 Force a standard containerFilter (specialNode = all) as ACL filter. 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Tinebase_Container::_resolveRecordClassArgument::400 Using application name is deprecated. Please use the classname of the model or the class itself. 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Tinebase_Container::getContainerByACL::459 app: Addressbook / account: testuser / grant:readGrant/adminGrant 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Addressbook_Model_ContactHiddenFilter::appendFilterSql::41 Query account contacts (hide if status = disabled) 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Tinebase_Controller_Record_Abstract::search::245 Got 18 search results of Addressbook_Model_Contact 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Addressbook_Controller_List::_removeHiddenListMembers::135 Found 6 hidden members, removing them 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Tinebase_Controller_Record_Abstract::checkFilterACL::2086 Force a standard containerFilter (specialNode = all) as ACL filter. 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Tinebase_Container::_resolveRecordClassArgument::400 Using application name is deprecated. Please use the classname of the model or the class itself. 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Tinebase_Container::getContainerByACL::459 app: Addressbook / account: testuser / grant:readGrant/adminGrant 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Tinebase_Controller_Record_Abstract::search::245 Got 0 search results of Addressbook_Model_List 4e91b testuser - 2018-01-21T01:59:13+00:00 NOTICE (5): Tinebase_WebDav_PrincipalBackend::getPrincipalByPath::176 Group/list principal does not exist: e3524b6e4842f4cd764076d058bdbedea66caa19 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Tinebase_Controller_Record_Abstract::checkFilterACL::2086 Force a standard containerFilter (specialNode = all) as ACL filter. 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Tinebase_Container::_resolveRecordClassArgument::400 Using application name is deprecated. Please use the classname of the model or the class itself. 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Tinebase_Container::getContainerByACL::459 app: Addressbook / account: testuser / grant:readGrant/adminGrant 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Tinebase_Controller_Record_Abstract::search::245 Got 0 search results of Addressbook_Model_List 4e91b testuser - 2018-01-21T01:59:13+00:00 NOTICE (5): Tinebase_WebDav_PrincipalBackend::getPrincipalByPath::176 Group/list principal does not exist: e3524b6e4842f4cd764076d058bdbedea66caa19 4e91b testuser - 2018-01-21T01:59:13+00:00 DEBUG (7): Tinebase_Server_WebDAV::handle::199 >>> *DAV response: <?xml version="1.0" encoding="utf-8"?> <d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns"> <s:exception>Sabre\DAV\Exception\NotFound</s:exception> <s:message>Principal with name e3524b6e4842f4cd764076d058bdbedea66caa19 not found</s:message> <s:file>/srv/vendor/sabre/dav/lib/Sabre/DAVACL/AbstractPrincipalCollection.php</s:file> <s:line>116</s:line> <s:code>0</s:code> <s:stacktrace>#0 /srv/vendor/sabre/dav/lib/Sabre/DAV/ObjectTree.php(72): Sabre\DAVACL\AbstractPrincipalCollection->getChild('e3524b6e4842f4c...') #1 /srv/vendor/sabre/dav/lib/Sabre/CalDAV/Plugin.php(380): Sabre\DAV\ObjectTree->getNodeForPath('principals/grou...') #2 [internal function]: Sabre\CalDAV\Plugin->beforeGetProperties('principals/user...', Object(Tinebase_WebDav_Principal), Array, Array) #3 /srv/vendor/sabre/dav/lib/Sabre/DAV/Server.php(433): call_user_func_array(Array, Array) #4 /srv/vendor/sabre/dav/lib/Sabre/DAV/Server.php(1519): Sabre\DAV\Server->broadcastEvent('beforeGetProper...', Array) #5 /srv/vendor/sabre/dav/lib/Sabre/DAV/Server.php(723): Sabre\DAV\Server->getPropertiesForPath('principals/user...', Array, 0) #6 [internal function]: Sabre\DAV\Server->httpPropfind('principals/user...') #7 /srv/vendor/sabre/dav/lib/Sabre/DAV/Server.php(474): call_user_func(Array, 'principals/user...') #8 /srv/vendor/sabre/dav/lib/Sabre/DAV/Server.php(214): Sabre\DAV\Server->invokeMethod('PROPFIND', 'principals/user...') #9 /srv/Tinebase/Server/WebDAV.php(196): Sabre\DAV\Server->exec() #10 /srv/Tinebase/Core.php(260): Tinebase_Server_WebDAV->handle(Object(Zend\Http\PhpEnvironment\Request)) #11 /srv/index.php(24): Tinebase_Core::dispatchRequest() #12 {main}</s:stacktrace> </d:error>
4e91b testuser - 2018-01-21T01:59:13+00:00 INFO (6): index.php (31) METHOD: Tinebase_Server_WebDAV::PROPFIND / TIME: 589ms / Memory usage: 2 MB / Real patch cache size: 144114 / PID: 11654
Comment posted by shochdoerfer on 23 Mar 2018 08:11
Maybe some logic was changed to read the attendee and all it's related data which might be a primary group that is marked as hidden. Just a random guess.
Comment posted by pschuele on 23 Mar 2018 09:17
should be fixed with #13788.
please reopen if it does not work with 2018.02.3
I got that with 2019.02.4. This happens for users using apple calendar and caldav which are member of a hidden admin group.
2019-05-02T12:15:48+00:00 NOTICE (5): Tinebase_WebDav_PrincipalBackend::getPrincipalByPath::176 Group/list principal does not exist: 26f645a1f1c79f8ef55fdbc392400dd62b61455b
is this still happening in current releases? I'll write a test for this when I find some time. imho this should work (for personal calendars) for a user, even if he is in a hidden group.
5 years later, I came back to this. In 2022.12.1 the NOTICE - although harmless, I guess - is still there and the log is filled on each WebDAV request once for each hidden goup the user belongs to.
NOTICE (5): Tinebase_WebDav_PrincipalBackend::getPrincipalByPath::176 Group/list principal does not exist: <Id of a address list of a hidden group>
@pschuele You asked for reopening long time ago. As far as I can see, everything works fine. However, Addressbook_Model_List that belong to a hidden group are not found. Is it dangerous/security issue if also the hidden groups are found?
See line 158 ff. in file Tinebase/WebDav/PrincipalBackend.php and my addition in line 170, where I added hidden groups/lists to the filter.
$filter = new Addressbook_Model_ListFilter(array(
array(
'field' => 'type',
'operator' => 'equals',
'value' => Addressbook_Model_List::LISTTYPE_GROUP
),
array(
'field' => 'id',
'operator' => 'equals',
'value' => $id
),
));
$filter->addFilter($filter->createFilter('showHidden', 'equals', true));
$list = Addressbook_Controller_List::getInstance()->search($filter)->getFirstRecord();
if (!$list) {
if (Tinebase_Core::isLogLevel(Zend_Log::NOTICE)) {
Tinebase_Core::getLogger()->notice(
__METHOD__ . '::' . __LINE__ . ' Group/list principal does not exist: ' . $id );
}
return null;
}
$principal = $this->_listToPrincipal($list, $prefix);
Can I do this - and I will submit a PR. Or are there any side effects? From my point of view it does not matter. But I do not see in general why such groups should be accessible by WebDAV (it may be better to turn off the NOTICE).
