Mailing List Archive

Error 403 with Ical with "advanced" shared calendars after upgrade.
Hi,

I've juste upgraded with success my Debian Wheezy Davical server (v
1.1.1) to Debian Jessie (v 1.1.4 with Awl 0.56 from official debain
back-ports repositories)

Script /usr/share/davical/dba/update-davical-database passed with success.

Since this upgrade i've a major issue with all my Ical MacOS clients for
some shared calendars.

That case worked with my old davical version:

User A grant access to User B as read only to his root collection
(/caldav.php/userA contain User B account with read access)
User A grant access to User B as read only to his WORK collection
(/caldav.php/userA/WORK contain User B account with read access / No
access for others (no default rights))
User A deny access to User B to his HOME collection
(/caldav.php/userA/HOME have no access rules for anyone, and there is no
default rights)

In my old davical version; all was working as expected in Apple Ical
clients: user B could _only_ see WORK calendar of User A (when he ticks
the box UserA in his ical delegation tab)

In new version (1.1.3 and 1.1.4) User B encountered an error in Ical:
"403 operation CalDAVAccountRefreshQueuableOperation"
Ical POPUP stay in top; and pressing OK don't remove it (come again in
few seconds)
Apache logs attached (server side for this request).

The only workaround i found for User B is to grand him as read only on
/caldav.php/userA/HOME calendar; or use default rights in all
collections of User A.
That's not the result expected since /caldav.php/userA/HOME should be a
private calendar.


[Thu Jul 28 10:43:12.630433 2016] [:error] [pid 2022] [client
172.20.101.110:53689] davical: LOG: :Response status 403 for PROPFIND
/caldav.php/userA/HOME/
[Thu Jul 28 10:43:12.630522 2016] [:error] [pid 2022] [client
172.20.101.110:53689] davical: LOG: :***************** Response Header
****************
[Thu Jul 28 10:43:12.630563 2016] [:error] [pid 2022] [client
172.20.101.110:53689] davical: LOG: headers:-->X-Powered-By:
PHP/5.6.24-0+deb8u1
[Thu Jul 28 10:43:12.630598 2016] [:error] [pid 2022] [client
172.20.101.110:53689] davical: LOG: headers:-->Server: 1.1
[Thu Jul 28 10:43:12.630638 2016] [:error] [pid 2022] [client
172.20.101.110:53689] davical: LOG: headers:-->DAV: 1, 2, 3,
access-control, calendar-access, calendar-schedule
[Thu Jul 28 10:43:12.630672 2016] [:error] [pid 2022] [client
172.20.101.110:53689] davical: LOG: headers:-->DAV: extended-mkcol,
bind, addressbook, calendar-auto-schedule, calendar-proxy
[Thu Jul 28 10:43:12.630706 2016] [:error] [pid 2022] [client
172.20.101.110:53689] davical: LOG: headers:-->X-DAViCal-Version:
DAViCal/1.1.4; DB/1.2.12
[Thu Jul 28 10:43:12.630739 2016] [:error] [pid 2022] [client
172.20.101.110:53689] davical: LOG: headers:-->Content-type: text/xml;
charset="utf-8"
[Thu Jul 28 10:43:12.630771 2016] [:error] [pid 2022] [client
172.20.101.110:53689] davical: LOG: :******************** Response
********************
[Thu Jul 28 10:43:12.630823 2016] [:error] [pid 2022] [client
172.20.101.110:53689] davical: LOG: response:--><?xml version="1.0"
encoding="utf-8" ?>
[Thu Jul 28 10:43:12.630856 2016] [:error] [pid 2022] [client
172.20.101.110:53689] davical: LOG: response:--><error xmlns="DAV:">
[Thu Jul 28 10:43:12.630889 2016] [:error] [pid 2022] [client
172.20.101.110:53689] davical: LOG: response:--> <need-privileges>
[Thu Jul 28 10:43:12.630921 2016] [:error] [pid 2022] [client
172.20.101.110:53689] davical: LOG: response:--> <resource>
[Thu Jul 28 10:43:12.630953 2016] [:error] [pid 2022] [client
172.20.101.110:53689] davical: LOG: response:-->
<href>/caldav.php/userA/HOME/</href>
[Thu Jul 28 10:43:12.630986 2016] [:error] [pid 2022] [client
172.20.101.110:53689] davical: LOG: response:--> <privilege>
[Thu Jul 28 10:43:12.631018 2016] [:error] [pid 2022] [client
172.20.101.110:53689] davical: LOG: response:--> <read/>
[Thu Jul 28 10:43:12.631050 2016] [:error] [pid 2022] [client
172.20.101.110:53689] davical: LOG: response:--> </privilege>
[Thu Jul 28 10:43:12.631084 2016] [:error] [pid 2022] [client
172.20.101.110:53689] davical: LOG: response:--> </resource>
[Thu Jul 28 10:43:12.631116 2016] [:error] [pid 2022] [client
172.20.101.110:53689] davical: LOG: response:--> </need-privileges>
[Thu Jul 28 10:43:12.631148 2016] [:error] [pid 2022] [client
172.20.101.110:53689] davical: LOG: response:--></error>
[Thu Jul 28 10:43:12.631180 2016] [:error] [pid 2022] [client
172.20.101.110:53689] davical: LOG: response:-->

Thank's for any help,

Regards,

Adrien
Re: Error 403 with Ical with "advanced" shared calendars after upgrade. [ In reply to ]
Hi all;

I've just found a "bad" workaround to resolve the issue.

Here is the file concerned: davical/inc/caldav-PROPFIND.php

When i use the old version of this file (coming from my old instance);
and keep all other files from new version (1.1.4), it's working again.

In ICAL; User B can only see the WORK calendar; HOME calendar never
appear and no error is displayed.

Do you think that keeping the old version of caldav-PROPFIND.php in a
new install is hazardous (first of all for DB consistency)?

You will find in this mail the two versions of caldav-PROPFIND.php in my
environment:
caldav-PROPFIND.ICALOK.php resolve the bug (version 1.1.1.)
caldav-PROPFIND.ICALERROR.php create the issue (version 1.1.4)

Should-i open an issue on gitlab?

Thank's a lot for you help,

Regards;
Adrien



Le 28/07/2016 11:21, Adrien MALGOYRE a écrit :
> Hi,
>
> I've juste upgraded with success my Debian Wheezy Davical server (v
> 1.1.1) to Debian Jessie (v 1.1.4 with Awl 0.56 from official debain
> back-ports repositories)
>
> Script /usr/share/davical/dba/update-davical-database passed with success.
>
> Since this upgrade i've a major issue with all my Ical MacOS clients
> for some shared calendars.
>
> That case worked with my old davical version:
>
> User A grant access to User B as read only to his root collection
> (/caldav.php/userA contain User B account with read access)
> User A grant access to User B as read only to his WORK collection
> (/caldav.php/userA/WORK contain User B account with read access / No
> access for others (no default rights))
> User A deny access to User B to his HOME collection
> (/caldav.php/userA/HOME have no access rules for anyone, and there is
> no default rights)
>
> In my old davical version; all was working as expected in Apple Ical
> clients: user B could _only_ see WORK calendar of User A (when he
> ticks the box UserA in his ical delegation tab)
>
> In new version (1.1.3 and 1.1.4) User B encountered an error in Ical:
> "403 operation CalDAVAccountRefreshQueuableOperation"
> Ical POPUP stay in top; and pressing OK don't remove it (come again in
> few seconds)
> Apache logs attached (server side for this request).
>
> The only workaround i found for User B is to grand him as read only on
> /caldav.php/userA/HOME calendar; or use default rights in all
> collections of User A.
> That's not the result expected since /caldav.php/userA/HOME should be
> a private calendar.
>
>
> [Thu Jul 28 10:43:12.630433 2016] [:error] [pid 2022] [client
> 172.20.101.110:53689] davical: LOG: :Response status 403 for PROPFIND
> /caldav.php/userA/HOME/
> [Thu Jul 28 10:43:12.630522 2016] [:error] [pid 2022] [client
> 172.20.101.110:53689] davical: LOG: :***************** Response Header
> ****************
> [Thu Jul 28 10:43:12.630563 2016] [:error] [pid 2022] [client
> 172.20.101.110:53689] davical: LOG: headers:-->X-Powered-By:
> PHP/5.6.24-0+deb8u1
> [Thu Jul 28 10:43:12.630598 2016] [:error] [pid 2022] [client
> 172.20.101.110:53689] davical: LOG: headers:-->Server: 1.1
> [Thu Jul 28 10:43:12.630638 2016] [:error] [pid 2022] [client
> 172.20.101.110:53689] davical: LOG: headers:-->DAV: 1, 2, 3,
> access-control, calendar-access, calendar-schedule
> [Thu Jul 28 10:43:12.630672 2016] [:error] [pid 2022] [client
> 172.20.101.110:53689] davical: LOG: headers:-->DAV: extended-mkcol,
> bind, addressbook, calendar-auto-schedule, calendar-proxy
> [Thu Jul 28 10:43:12.630706 2016] [:error] [pid 2022] [client
> 172.20.101.110:53689] davical: LOG: headers:-->X-DAViCal-Version:
> DAViCal/1.1.4; DB/1.2.12
> [Thu Jul 28 10:43:12.630739 2016] [:error] [pid 2022] [client
> 172.20.101.110:53689] davical: LOG: headers:-->Content-type: text/xml;
> charset="utf-8"
> [Thu Jul 28 10:43:12.630771 2016] [:error] [pid 2022] [client
> 172.20.101.110:53689] davical: LOG: :******************** Response
> ********************
> [Thu Jul 28 10:43:12.630823 2016] [:error] [pid 2022] [client
> 172.20.101.110:53689] davical: LOG: response:--><?xml version="1.0"
> encoding="utf-8" ?>
> [Thu Jul 28 10:43:12.630856 2016] [:error] [pid 2022] [client
> 172.20.101.110:53689] davical: LOG: response:--><error xmlns="DAV:">
> [Thu Jul 28 10:43:12.630889 2016] [:error] [pid 2022] [client
> 172.20.101.110:53689] davical: LOG: response:--> <need-privileges>
> [Thu Jul 28 10:43:12.630921 2016] [:error] [pid 2022] [client
> 172.20.101.110:53689] davical: LOG: response:--> <resource>
> [Thu Jul 28 10:43:12.630953 2016] [:error] [pid 2022] [client
> 172.20.101.110:53689] davical: LOG: response:-->
> <href>/caldav.php/userA/HOME/</href>
> [Thu Jul 28 10:43:12.630986 2016] [:error] [pid 2022] [client
> 172.20.101.110:53689] davical: LOG: response:--> <privilege>
> [Thu Jul 28 10:43:12.631018 2016] [:error] [pid 2022] [client
> 172.20.101.110:53689] davical: LOG: response:--> <read/>
> [Thu Jul 28 10:43:12.631050 2016] [:error] [pid 2022] [client
> 172.20.101.110:53689] davical: LOG: response:--> </privilege>
> [Thu Jul 28 10:43:12.631084 2016] [:error] [pid 2022] [client
> 172.20.101.110:53689] davical: LOG: response:--> </resource>
> [Thu Jul 28 10:43:12.631116 2016] [:error] [pid 2022] [client
> 172.20.101.110:53689] davical: LOG: response:--> </need-privileges>
> [Thu Jul 28 10:43:12.631148 2016] [:error] [pid 2022] [client
> 172.20.101.110:53689] davical: LOG: response:--></error>
> [Thu Jul 28 10:43:12.631180 2016] [:error] [pid 2022] [client
> 172.20.101.110:53689] davical: LOG: response:-->
>
> Thank's for any help,
>
> Regards,
>
> Adrien
>
>
> ------------------------------------------------------------------------------
>
>
> _______________________________________________
> Davical-general mailing list
> Davical-general@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/davical-general