ZP-77 Do not check for policy changes in Ping. Changed logging in

DeviceManager for policy name. Disabled PasswordRecoveryEnabled policy in default section of policies.ini. Released under the Affero GNU General Public License (AGPL) version 3.

ZP-77 Do not check for policy changes in Ping. Changed logging in
DeviceManager for policy name. Disabled PasswordRecoveryEnabled policy in default section of policies.ini. Released under the Affero GNU General Public License (AGPL) version 3.
744dae1d · Manfred Kutas · 40aef93e · 744dae1d · 744dae1d · 744dae1d
Commit 744dae1d authored Mar 11, 2016 by Manfred Kutas
5 changed files
--- a/src/lib/core/devicemanager.php
+++ b/src/lib/core/devicemanager.php
@@ -216,11 +216,12 @@ class DeviceManager {
     *
     * @param string        $policykey
     * @param boolean       $noDebug        (opt) by default, debug message is shown
+     * @param boolean       $checkPolicies  (opt) by default check if the provisioning policies changed
     *
     * @access public
     * @return boolean
     */
-    public function ProvisioningRequired($policykey, $noDebug = false) {
+    public function ProvisioningRequired($policykey, $noDebug = false, $checkPolicies = true) {
        $this->loadDeviceData();
        // check if a remote wipe is required
@@ -229,16 +230,21 @@ class DeviceManager {
            return true;
        }
-        $policyHash = SyncProvisioning::GetObjectWithPolicies($this->getProvisioningPolicies())->GetPolicyHash();
        $p = ( ($this->device->GetWipeStatus() != SYNC_PROVISION_RWSTATUS_NA && $policykey != $this->device->GetPolicyKey()) ||
-              (Request::WasPolicyKeySent() && $this->device->GetPolicyKey() == ASDevice::UNDEFINED) ||
+              (Request::WasPolicyKeySent() && $this->device->GetPolicyKey() == ASDevice::UNDEFINED) );
-                 $this->device->getPolicyhash() != $policyHash);
        if (!$noDebug || $p)
-            ZLog::Write(LOGLEVEL_DEBUG, sprintf("DeviceManager->ProvisioningRequired('%s') saved device key '%s', policyHash '%s', saved device policy hash '%s' : %s",
+            ZLog::Write(LOGLEVEL_DEBUG, sprintf("DeviceManager->ProvisioningRequired('%s') saved device key '%s' : %s",
-                    $policykey, $this->device->GetPolicyKey(), $policyHash, $this->device->getPolicyhash(), Utils::PrintAsString($p)));
+                    $policykey, $this->device->GetPolicyKey(), Utils::PrintAsString($p)));
+        if ($checkPolicies) {
+            $policyHash = SyncProvisioning::GetObjectWithPolicies($this->getProvisioningPolicies())->GetPolicyHash();
+            if ($this->device->getPolicyhash() != $policyHash) {
+                $p = true;
+                ZLog::Write(LOGLEVEL_INFO, sprintf("DeviceManager->ProvisioningRequired(): saved policy hash '%s' changed '%s'. Provisioning required.", $this->device->getPolicyhash(), $policyHash));
+            }
+        }
        return $p;
    }
@@ -946,35 +952,29 @@ class DeviceManager {
        $policyName = $this->getPolicyName();
        $policies = parse_ini_file(PROVISIONING_POLICYFILE, true);
-        if ($policyName !== false) {
+        if (!isset($policies[$policyName]) && $policyName != ASDevice::DEFAULTPOLICYNAME) {
-            if (isset($policies[$policyName])) {
+            ZLog::Write(LOGLEVEL_WARN, sprintf("The '%s' policy is configured, but it is not available in the policies' file. Please check %s file. Loading default policy.", $policyName, PROVISIONING_POLICYFILE));
-                ZLog::Write(LOGLEVEL_DEBUG, sprintf("DeviceManager->GetProvisioningObject(): load %s policy.", $policyName));
+            return $policies[ASDevice::DEFAULTPOLICYNAME];
-                return $policies[$policyName];
-            }
-            else {
-                ZLog::Write(LOGLEVEL_WARN, sprintf("The '%s' policy is configured, but it is not available in the policies' file. Please check %s file. Loading default policy.", $policyName, PROVISIONING_POLICYFILE));
-                return $policies[ASDevice::DEFAULTPOLICYNAME];
-            }
        }
-        ZLog::Write(LOGLEVEL_DEBUG, "DeviceManager->GetProvisioningObject(): load default policy.");
+        ZLog::Write(LOGLEVEL_DEBUG, sprintf("DeviceManager->getProvisioningPolicies(): loaded '%s' policy.", $policyName));
-        return $policies[ASDevice::DEFAULTPOLICYNAME];
+        return $policies[$policyName];
    }
    /**
     * Gets the policy name set in the backend or in device data.
     *
     * @access private
-     * @return string|boolean
+     * @return string
     */
    private function getPolicyName() {
        $policyName = ZPush::GetBackend()->GetUserPolicyName();
-        ZLog::Write(LOGLEVEL_DEBUG, sprintf("The backend returned '%s' policy.", Utils::PrintAsString($policyName)));
        if ($policyName === false && $this->device->HasPolicyname()) {
            // get the policy name from device data
            $policyName = $this->device->GetPolicyname();
-            ZLog::Write(LOGLEVEL_DEBUG, sprintf("The device data returned '%s' policy %s.", Utils::PrintAsString($policyName), gettype($policyName)));
        }
-        return (!empty($policyName) ? $policyName : ASDevice::DEFAULTPOLICYNAME);
+        $policyName = ((!empty($policyName) && $policyName !== false) ? $policyName : ASDevice::DEFAULTPOLICYNAME);
+        ZLog::Write(LOGLEVEL_DEBUG, sprintf("DeviceManager->getPolicyName(): determined policy name: '%s'", $policyName));
+        return $policyName;
    }
 }
--- a/src/lib/core/synccollections.php
+++ b/src/lib/core/synccollections.php
@@ -539,7 +539,7 @@ class SyncCollections implements Iterator {
            // Check if provisioning is necessary
            // if a PolicyKey was sent use it. If not, compare with the ReferencePolicyKey
-            if (PROVISIONING === true && $policyKey !== false && ZPush::GetDeviceManager()->ProvisioningRequired($policyKey, true))
+            if (PROVISIONING === true && $policyKey !== false && ZPush::GetDeviceManager()->ProvisioningRequired($policyKey, true, false))
                // the hierarchysync forces provisioning
                throw new StatusException("SyncCollections->CheckForChanges(): Policies or PolicyKey changed. Provisioning required.", self::ERROR_WRONG_HIERARCHY);

--- a/src/lib/interface/ibackend.php
+++ b/src/lib/interface/ibackend.php
@@ -331,6 +331,9 @@ interface IBackend {
    /**
     * Returns the policy name for the user.
+     * If the backend returns false, the 'default' policy is used.
+     * If the backend returns any other name than 'default' the policygroup with
+     * that name (defined in the policies.ini file) will be applied for this user.
     *
     * @access public
     * @return string|boolean

--- a/src/lib/syncobjects/syncprovisioning.php
+++ b/src/lib/syncobjects/syncprovisioning.php
@@ -235,6 +235,14 @@ class SyncProvisioning extends SyncObject {
        parent::SyncObject($mapping);
    }
+    /**
+     * Loads provisioning policies into a SyncProvisioning object.
+     *
+     * @param array     $policies - array with policies' names and values
+     *
+     * @access public
+     * @return void
+     */
    public function Load($policies = array()) {
        $this->LoadDefaultPolicies();
@@ -249,6 +257,12 @@ class SyncProvisioning extends SyncObject {
        }
    }
+    /**
+     * Loads default policies' values into a SyncProvisioning object.
+     *
+     * @access public
+     * @return void
+     */
    public function LoadDefaultPolicies() {
        //AS 12.0, 12.1 and 14.0 props
        $this->devpwenabled = 0;

--- a/src/policies.ini
+++ b/src/policies.ini
@@ -33,9 +33,10 @@ devencenabled = 0
 ; Specifies if the server supports storing a recovery password which could be
 ; sent by the client using the Settings command.
+; This policy is currently not supported by Z-Push.
 ; 0 - Password recovery not enabled on the server.
 ; 1 - Password recovery enabled on the server.
-pwrecoveryenabled = 0
+; pwrecoveryenabled = 0
 ; Deprecated.
 docbrowseenabled =