ZP-77 Only save policyname and policyhash after provisioning has been

successful. PolicyName is part of mapping of SyncProvisioning now. Get
the policyname from the backend only to determine which policy is
configured for the user.

Released under the Affero GNU General Public License (AGPL) version 3.

src/lib/core/devicemanager.php

@@ -237,8 +237,8 @@ class DeviceManager {
             ZLog::Write(LOGLEVEL_DEBUG, sprintf("DeviceManager->ProvisioningRequired('%s') saved device key '%s': %s", $policykey, $this->device->GetPolicyKey(), Utils::PrintAsString($p)));
 
         if ($checkPolicies) {
-            $policyHash = SyncProvisioning::GetObjectWithPolicies($this->getProvisioningPolicies())->GetPolicyHash();
-            if ($this->device->getPolicyhash() != $policyHash) {
+            $policyHash = $this->GetProvisioningObject()->GetPolicyHash();
+            if ($this->device->hasPolicyhash() && $this->device->getPolicyhash() != $policyHash) {
                 $p = true;
                 ZLog::Write(LOGLEVEL_INFO, sprintf("DeviceManager->ProvisioningRequired(): saved policy hash '%s' changed '%s'. Provisioning required.", $this->device->getPolicyhash(), $policyHash));
             }
@@ -277,13 +277,9 @@ class DeviceManager {
      * @return SyncProvisioning
      */
     public function GetProvisioningObject() {
-        $p = SyncProvisioning::GetObjectWithPolicies($this->getProvisioningPolicies());
-
-        // save policies' hash and name
-        $this->device->SetPolicyname($this->getPolicyName());
-        $this->device->SetPolicyhash($p->GetPolicyHash());
-        ZLog::Write(LOGLEVEL_DEBUG, sprintf("Set policy: %s with hash: %s", $this->device->GetPolicyname(), $this->device->GetPolicyhash()));
-
+        $policyName = $this->getPolicyName();
+        $p = SyncProvisioning::GetObjectWithPolicies($this->getProvisioningPolicies($policyName));
+        $p->PolicyName = $policyName;
         return $p;
     }
 
@@ -316,6 +312,21 @@ class DeviceManager {
         return true;
     }
 
+    /**
+     * Saves the policy hash and name in device's state.
+     *
+     * @param SyncProvisioning  $provisioning
+     *
+     * @access public
+     * @return void
+     */
+    public function SavePolicyHashAndName($provisioning) {
+        // save policies' hash and name
+        $this->device->SetPolicyname($provisioning->PolicyName);
+        $this->device->SetPolicyhash($provisioning->GetPolicyHash());
+        ZLog::Write(LOGLEVEL_DEBUG, sprintf("DeviceManager->SavePolicyHashAndName(): Set policy: %s with hash: %s", $this->device->GetPolicyname(), $this->device->GetPolicyhash()));
+    }
+
 
     /**----------------------------------------------------------------------------------------------------------
      * LEGACY AS 1.0 and WRAPPER operations
@@ -944,11 +955,12 @@ class DeviceManager {
     /**
      * Loads Provisioning policies from the policies file.
      *
+     * @param string    $policyName     The name of the policy
+     *
      * @access private
      * @return array
      */
-    private function getProvisioningPolicies() {
-        $policyName = $this->getPolicyName();
+    private function getProvisioningPolicies($policyName) {
         $policies = ZPush::GetPolicies();
 
         if (!isset($policies[$policyName]) && $policyName != ASDevice::DEFAULTPOLICYNAME) {
@@ -968,10 +980,6 @@ class DeviceManager {
 
     private function getPolicyName() {
         $policyName = ZPush::GetBackend()->GetUserPolicyName();
-        if ($policyName === false && $this->device->HasPolicyname()) {
-            // get the policy name from device data
-            $policyName = $this->device->GetPolicyname();
-        }
         $policyName = ((!empty($policyName) && $policyName !== false) ? $policyName : ASDevice::DEFAULTPOLICYNAME);
         ZLog::Write(LOGLEVEL_DEBUG, sprintf("DeviceManager->getPolicyName(): determined policy name: '%s'", $policyName));
         return $policyName;

src/lib/core/zpushdefs.php

@@ -488,7 +488,8 @@ define("SYNC_PROVISION_UNAPPROVEDINROMAPPLIST", "Provision:UnapprovedInROMApplic
 define("SYNC_PROVISION_APPNAME", "Provision:ApplicationName");
 define("SYNC_PROVISION_APPROVEDAPPLIST", "Provision:ApprovedApplicationList");
 define("SYNC_PROVISION_HASH", "Provision:Hash");
-
+// only for internal use - never to be streamed to the mobile
+define("SYNC_PROVISION_POLICYNAME", "Provision:PolicyName");
 
 //Search
 define("SYNC_SEARCH_SEARCH", "Search:Search");

src/lib/request/provisioning.php

@@ -236,6 +236,7 @@ class Provisioning extends RequestProcessor {
                             if (!$prov->Check())
                                 throw new FatalException("Invalid policies!");
 
+                            self::$deviceManager->SavePolicyHashAndName($prov);
                             $prov->Encode(self::$encoder);
                         self::$encoder->endTag();
                     }

src/lib/syncobjects/syncprovisioning.php

@@ -94,6 +94,9 @@ class SyncProvisioning extends SyncObject {
     public $unapprovedinromapplist;
     public $approvedapplist;
 
+    // policy name used with the policies; not part of ActiveSync
+    public $PolicyName;
+
     function SyncProvisioning() {
         $mapping = array (
                     SYNC_PROVISION_DEVPWENABLED                         => array (  self::STREAMER_VAR      => "devpwenabled",
@@ -133,6 +136,10 @@ class SyncProvisioning extends SyncObject {
 
                     SYNC_PROVISION_DEVPWHISTORY                         => array (  self::STREAMER_VAR      => "devpwhistory",
                                                                                     self::STREAMER_CHECKS   => array(   self::STREAMER_CHECK_CMPHIGHER  => -1 )),
+
+
+                    SYNC_PROVISION_POLICYNAME                           => array (  self::STREAMER_VAR      => "PolicyName",
+                                                                                    self::STREAMER_TYPE     => self::STREAMER_TYPE_IGNORE),
                 );
 
         if(Request::GetProtocolVersion() >= 12.1) {