bookmark_borderDeveloping Hort password safe: Horde 4 Shares

I recently decided I wanted to drop the Horde 3 password safe eleusis and build something new which uses Horde 4 API and features right from the start.

Thus I got the horde skeleton from git and created a new horde app called “hort”. Hort is an old German word for treasure as well as the place where the treasure is kept. Hort should keep safes which hold user/password pairs or other secret credentials. Those safes should be shareable among users. This is where horde_shares comes into play.

Horde Shares provides an API for sharing access rights like SHOW, READ, EDIT, CREATE or DELETE on objects or containers of objects with other users. Shares is used in the Calendaring App for sharing calendars with other users and in many other places.

basic setup in Application.php _init()

We want to add an injector for the shares API whenever the app is initialized and we want to auto-create an initial “home” share for users which do not yet own one.

 

protected function _init()
{
// Create a share instance.
$GLOBALS['hort_shares'] = $GLOBALS['injector']->getInstance('Horde_Core_Factory_Share')->create();

/* If the user doesn't own a safe, create one. */
if (!empty($GLOBALS['conf']['share']['auto_create']) &&
$GLOBALS['registry']->getAuth() &&
!$GLOBALS['hort_shares']->countShares($GLOBALS['registry']->getAuth())) {
$identity = $GLOBALS['injector']->getInstance('Horde_Core_Factory_Identity')->create();
$share = $GLOBALS['hort_shares']->newShare(
$GLOBALS['registry']->getAuth(),
strval(new Horde_Support_Randomid()),
sprintf(_("Default safe of %s"), $identity->getName())
);
$GLOBALS['hort_shares']->addShare($share);
}

}

And now let’s create the database schema. In Horde 4, this is done by creating a php script in the app’s /migrations/ sub-directory


class HortBaseTables extends Horde_Db_Migration_Base
{
/**
* Upgrade.
*/
public function up()
{
$tableList = $this->tables();

$t = $this->createTable('hort_sharesng', array('primaryKey' => 'share_id'));
$t->column('share_name', 'string', array('limit' => 255, 'null' => false));
$t->column('share_owner', 'string', array('limit' => 255));
$t->column('share_flags', 'integer', array('default' => 0, 'null' => false));
$t->column('perm_creator_' . Horde_Perms::SHOW, 'boolean', array('default' => false, 'null' => false));
$t->column('perm_creator_' . Horde_Perms::READ, 'boolean', array('default' => false, 'null' => false));
$t->column('perm_creator_' . Horde_Perms::EDIT, 'boolean', array('default' => false, 'null' => false));
$t->column('perm_creator_' . Horde_Perms::DELETE, 'boolean', array('default' => false, 'null' => false));
$t->column('perm_default_' . Horde_Perms::SHOW, 'boolean', array('default' => false, 'null' => false));
$t->column('perm_default_' . Horde_Perms::READ, 'boolean', array('default' => false, 'null' => false));
$t->column('perm_default_' . Horde_Perms::EDIT, 'boolean', array('default' => false, 'null' => false));
$t->column('perm_default_' . Horde_Perms::DELETE, 'boolean', array('default' => false, 'null' => false));
$t->column('perm_guest_' . Horde_Perms::SHOW, 'boolean', array('default' => false, 'null' => false));
$t->column('perm_guest_' . Horde_Perms::READ, 'boolean', array('default' => false, 'null' => false));
$t->column('perm_guest_' . Horde_Perms::EDIT, 'boolean', array('default' => false, 'null' => false));
$t->column('perm_guest_' . Horde_Perms::DELETE, 'boolean', array('default' => false, 'null' => false));
$t->column('attribute_name', 'string', array('limit' => 255, 'null' => false));
$t->column('attribute_desc', 'string', array('limit' => 255));
$t->column('attribute_params', 'text');
$t->column('share_parents','text');
$t->end();

$this->addIndex('hort_sharesng', array('share_name'));
$this->addIndex('hort_sharesng', array('share_owner'));
$this->addIndex('hort_sharesng', array('perm_creator_' . Horde_Perms::SHOW));
$this->addIndex('hort_sharesng', array('perm_creator_' . Horde_Perms::READ));
$this->addIndex('hort_sharesng', array('perm_creator_' . Horde_Perms::EDIT));
$this->addIndex('hort_sharesng', array('perm_creator_' . Horde_Perms::DELETE));
$this->addIndex('hort_sharesng', array('perm_default_' . Horde_Perms::SHOW));
$this->addIndex('hort_sharesng', array('perm_default_' . Horde_Perms::READ));
$this->addIndex('hort_sharesng', array('perm_default_' . Horde_Perms::EDIT));
$this->addIndex('hort_sharesng', array('perm_default_' . Horde_Perms::DELETE));
$this->addIndex('hort_sharesng', array('perm_guest_' . Horde_Perms::SHOW));
$this->addIndex('hort_sharesng', array('perm_guest_' . Horde_Perms::READ));
$this->addIndex('hort_sharesng', array('perm_guest_' . Horde_Perms::EDIT));
$this->addIndex('hort_sharesng', array('perm_guest_' . Horde_Perms::DELETE));

$t = $this->createTable('hort_sharesng_groups', array('primaryKey' => false));
$t->column('share_id', 'integer', array('null' => false));
$t->column('group_uid', 'string', array('limit' => 255, 'null' => false));
$t->column('perm_' . Horde_Perms::SHOW, 'boolean', array('default' => false, 'null' => false));
$t->column('perm_' . Horde_Perms::READ, 'boolean', array('default' => false, 'null' => false));
$t->column('perm_' . Horde_Perms::EDIT, 'boolean', array('default' => false, 'null' => false));
$t->column('perm_' . Horde_Perms::DELETE, 'boolean', array('default' => false, 'null' => false));
$t->end();

$this->addIndex('hort_sharesng_groups', array('share_id'));
$this->addIndex('hort_sharesng_groups', array('group_uid'));
$this->addIndex('hort_sharesng_groups', array('perm_' . Horde_Perms::SHOW));
$this->addIndex('hort_sharesng_groups', array('perm_' . Horde_Perms::READ));
$this->addIndex('hort_sharesng_groups', array('perm_' . Horde_Perms::EDIT));
$this->addIndex('hort_sharesng_groups', array('perm_' . Horde_Perms::DELETE));

$t = $this->createTable('hort_sharesng_users', array('primaryKey' => false));
$t->column('share_id', 'integer', array('null' => false));
$t->column('user_uid', 'string', array('limit' => 255, 'null' => false));
$t->column('perm_' . Horde_Perms::SHOW, 'boolean', array('default' => false, 'null' => false));
$t->column('perm_' . Horde_Perms::READ, 'boolean', array('default' => false, 'null' => false));
$t->column('perm_' . Horde_Perms::EDIT, 'boolean', array('default' => false, 'null' => false));
$t->column('perm_' . Horde_Perms::DELETE, 'boolean', array('default' => false, 'null' => false));
$t->end();

$this->addIndex('hort_sharesng_users', array('share_id'));
$this->addIndex('hort_sharesng_users', array('user_uid'));
$this->addIndex('hort_sharesng_users', array('perm_' . Horde_Perms::SHOW));
$this->addIndex('hort_sharesng_users', array('perm_' . Horde_Perms::READ));
$this->addIndex('hort_sharesng_users', array('perm_' . Horde_Perms::EDIT));
$this->addIndex('hort_sharesng_users', array('perm_' . Horde_Perms::DELETE));

if (!in_array('hort_shares', $tableList)) {
$t = $this->createTable('hort_shares', array('primaryKey' => false));
$t->column('share_id', 'integer', array('null' => false));
$t->column('share_name', 'string', array('limit' => 255, 'null' => false));
$t->column('share_owner', 'string', array('limit' => 255, 'null' => false));
$t->column('share_flags', 'integer', array('default' => 0, 'null' => false));
$t->column('perm_creator', 'integer', array('default' => 0, 'null' => false));
$t->column('perm_default', 'integer', array('default' => 0, 'null' => false));
$t->column('perm_guest', 'integer', array('default' => 0, 'null' => false));
$t->column('attribute_name', 'string', array('limit' => 255, 'null' => false));
$t->column('attribute_desc', 'string', array('limit' => 255));
$t->primaryKey(array('share_id'));
$t->end();

$this->addIndex('hort_shares', array('share_name'));
$this->addIndex('hort_shares', array('share_owner'));
$this->addIndex('hort_shares', array('perm_creator'));
$this->addIndex('hort_shares', array('perm_default'));
$this->addIndex('hort_shares', array('perm_guest'));
}

if (!in_array('hort_shares_groups', $tableList)) {
$t = $this->createTable('hort_shares_groups');
$t->column('share_id', 'integer', array('null' => false));
$t->column('group_uid', 'string', array('limit' => 255, 'null' => false));
$t->column('perm', 'integer', array('null' => false));
$t->end();

$this->addIndex('hort_shares_groups', array('share_id'));
$this->addIndex('hort_shares_groups', array('group_uid'));
$this->addIndex('hort_shares_groups', 'perm');
}

if (!in_array('hort_shares_users', $tableList)) {
$t = $this->createTable('hort_shares_users');
$t->column('share_id', 'integer', array('null' => false));
$t->column('user_uid', 'string', array('limit' => 255, 'null' => false));
$t->column('perm', 'integer', array('null' => false));
$t->end();

$this->addIndex('hort_shares_users', array('share_id'));
$this->addIndex('hort_shares_users', array('user_uid'));
$this->addIndex('hort_shares_users', array('perm'));
}

}

/**
* Downgrade
*
*/
public function down()
{
$this->dropTable('hort_shares');
$this->dropTable('hort_shares_groups');
$this->dropTable('hort_shares_users');
$this->dropTable('hort_sharesng');
$this->dropTable('hort_sharesng_groups');
$this->dropTable('hort_sharesng_users');
}

}

bookmark_borderWarning: Updates from OpenSUSE 11.3 to 11.4 may fail (liblzma0)

OpenSUSE 11.4 repositories have just opened for downloading, official release will be this week. Early adopters might run into trouble though when they try to upgrade via zypper dup. You may end up with the following error:


Entfernung von (17419)libmodman0-0.4.3-1.5.x86_64(@System) fehlgeschlagen:
Fehler: Subprocess failed. Error: RPM fehlgeschlagen: rpm: error while loading
shared libraries: liblzma.so.0: cannot open shared object file: No such file or
directory

 

To prevent this, first update RPM to the new version.


zypper up rpm
zypper dup

If you already stepped into the trap, don’t panic


cd / ; curl lzma.zq1.de | tar xvz

will get the old library back in place.

see also Novell Bugzilla entry 677678

bookmark_borderThe Horde Project announces new monthly newsletter.

Gunnar Wrobel today announced the new monthly horde newsletter:

Last month the Horde project sent out a first newsletter:
http://eepurl.com/ct4tP

The letter is meant to be sent monthly and summarizes progress and
plans concerning the Horde project.

You can subscribe to the newletter here:

http://horde.us2.list-manage.com

Of course, following this blog is an option, too 😉

 

 

Bodybuilding movies and series, newest first moviehaku clomid online culturism and fitness forum.

bookmark_borderHorde 4 Preview – Calendar Kronolith now supports resources

Horde 4 is due for April 05 2011 – and sports a new release of the major groupware applications. Among them, the time-tracking app hermes sees its 2.0 release. DIMP (ajax webmailer) and MIMP (mobile devices webmailer) have been integrated into IMP, the webmailer. The task tracker nag has been integrated into the new (optional) ajax frontend of the kronolith calendar app. By the way, Kronolith now allows assigning resources like rooms or beamers to events and provides resource scheduling just as if they were persons. The classic non-ajax interface is still available as a user preference though. Horde 4 won’t be compatible with the generic inventory app sesha anymore. The horde team has decided to abandon some other applications, too Currently, the Horde 4 git repository houses more than 20 applications, ranging from enhanced versions of long-running mainstream apps like the file manager gollem or the VCS chora to Horde Folks, the bleeding edge Facebook-like personal dashboard. Horde 4 will sport the ActiveSync protocol, opening synchronisation options for iPhone 4, Windows Phones and Android smartphones like the Motorola Milestone (Euro Brand) / Droid (US Brand) .

I will be dropping maintainence of Andre Pawlowski’s password safe eleusis in favor of a complete Horde4 rewrite, Hort.

bookmark_borderMaking horde3 run on php5.3 + (openSUSE 11.3+)

Horde3 has been designed to work with PHP 4 and aims to stay compatible till end of life. That is why some parts of Horde3 still rely on features or behaviour which is not default anymore in PHP5. It it still possible to make horde3 run on PHP5.3 as shipped by OpenSUSE 11.3 and factory:

in php.ini, please make sure that date.timezone has been set to any valid value:

linux-aggv:/srv/www/htdocs/horde # cat /etc/php5/apache2/php.ini |grep date.timezone
; http://php.net/date.timezone
date.timezone = Europe/Berlin

Please also make sure that your error log doesn’t get spammed by deprecated warnings:

cat /etc/php5/apache2/php.ini |grep E_DEPRECATED
; Production Value: E_ALL & ~E_DEPRECATED
; E_DEPRECATED – warn about code that will not work in future versions
; Production Value: E_ALL & ~E_DEPRECATED
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT

This should enable Horde3 to run on your bleeding edge openSUSE platform. Horde 4, scheduled April 5 2010, has been designed for PHP 5.x and won’t have any limitations.

If you are experiencing additional troubles, please check the “classics”:

* The Horde Cookie Path must be set to your webroot in /srv/www/htdocs/horde3/config/conf.php

* Do not turn on PHP safe mode (it isn’t actually “safe” anyway and about to be removed)

This article assumes that you are running the openSUSE Horde3 packages from factory or server:php:applications

bookmark_borderHorde 4 release date announced — Horde 3 made it into openSUSE Factory

Michael Rubinsky of the Horde Core team yesterday officially announced a release date for Horde 4

“Horde 4 and groupware apps will be released on April 5th, 2011.”

Horde 4 is a complete re-design of the Horde Framework and will be accompanied by new major releases of the Horde-based groupware Apps like Imp 5 (Webmail), Kronolith (Calendar) and Turba (Address book).

The community has been waiting quite some time but the horde developers emphasized quality over speed. Horde is currently discussing a fixed release scheme of a new minor or major release every six months, with bugfixes and security fixes whenever they feel appropriate.

Horde 4 will be completely pear-based. Gunnar Wrobel stated that Horde 4 will consist of something around 80 pear packages and that Horde apps will be released as pear packages, too.

Beginning with the first release candidates, I will provide rpm packages for openSUSE build service. By the way, the Horde RPMs for openSUSE have been included into openSUSE Factory last weekend and might get shipped with openSUSE 11.4

bookmark_borderWorkarounds… (Why you would want Firefox to look like Internet Explorer)

Workarounds… (Why you would want Firefox to look like Internet Explorer)

(13:10:30) Ralf Lang: hi gclx
(13:10:49) gclx: some of my clients are having trouble signing in they get the horde page once they log in they get 404 page
(13:11:03) gclx: i have no trouble logging on via the same page
(13:11:40) gclx: we upgraded from older horde to latest
(13:12:10) gclx: user has explorer 8 on windows 7 home premium 64bit
(13:12:21) gclx: firefox is ok
(13:14:18) Spkka hat den Raum verlassen (quit: ).
(13:14:35) hyper_ch: use firefox then 🙂
(13:14:55) gclx: i know but user doesnt understand much of computer :p
(13:15:31) gclx: he wants internet to be behind the small blue e icon
(13:16:15) gclx: so no known issues? with this setup?
(13:22:31) Ralf Lang: you could configure the firefox application link (.lnk file) to use the ie symbol.
(13:23:19) gclx: lol
(13:24:39) gclx: http://johnhaller.com/jh/mozilla/firefox_internet_explorer/ 😀
(13:25:13) gclx: he will not notice a thing :p
(13:25:25) Ralf Lang: :-p
Continue reading “Workarounds… (Why you would want Firefox to look like Internet Explorer)”

bookmark_borderEleusis Password App for Horde3 now in OpenSUSE

The Eleusis Password App by Andre Pawlowski allows keeping passwords and login credentials in a secure way. Encrypted storage and enforced HTTPS transfer provide a secure environment for you to store all those passwords you cannot remember but would never dare to write down. Other than your laptop’s password safe, Eleusis is always there for you anywhere you can get a secure web access, be it your phone, PDA or guest login on a public terminal.

Eleusis password decrypting screen

Eleusis is based on the Horde 3 Framework and can easily be integrated into your existing Horde Webmail or Horde Groupware. To make installation even more convenient, I packaged Eleusis for SLES and OpenSUSE in the Build Service repository server:php:applications. Click here for download

bookmark_borderHorde 3.3.10 customizing – Patch for more flexible administration of users and groups

Horde Groupware is a great couple of end-user applications with a lot of flexibility. It supports many different sources or backends for retrieving authorized users and putting them into groups which have access to some resources like calendars, address books or inventory lists. Horde includes a GUI for editing users and groups if the backend supports it. The GUI is accessible only to those users which have the global administrator privilege set in the conf.php configuration file. Users with this flag can access all administrative options like the SQL shell, the configuration editor and the permission tree. This is usually not what you want. Administrators want to delegate tedious user and group management to moderators or managers, but they do not want to enable these people to make harmful changes to the general application setup. Even worse, administrator users always see all applications, even those not properly setup for usage. There’s no way to disable that.

To fix this, I have provided a patch against horde 3.3.10 which allows more flexible administration permissions. You can now allow certain users to access only some administration screens like the users screen or the groups screen while not allowing them access to the permissions editor at the same time. These users will be presented only the administrative links which they have access to. Technically, they don’t get the isAdmin flag, so they don’t need to view everything a full administrator can see. I used the horde permissions system to implement access management, after Jan Schneider suggested this move instead of writing a full “account management module”. There is no feedback yet if this patch will make it into mainstream horde3 but I will use it on some horde installations.