Merge pull request #312 in ZP/z-push from develop to release/2.3

* commit 'a93e5be5': (23 commits)
  ZP-995 Warnings in WebserviceInfo->ListUserFolders().
  ZP-994 On missing permissions WebserviceInfo->ListUserFolders() returns own folders.
  ZP-989 remove obsolete comments.
  ZP-990 Detect case that KOE is sending changed categories back and ignore it if categories are the same on the server and in outlook.
  ZP-989 Output current permission flags on all additional folders in AdditionalFolderList(), criteria to add a shared folder in the ChangesMemoryWrapper should always be on the read only flag, refixed typo in Kopano backend.
  ZP-989 Reverted: "Remove readonly parameter from backends' Setup() function. Check"
  ZP-984 Check permissions to access the getUsers store only in in the WebserviceDevice webservice and not generally.
  ZP-990 Detect case that KOE is sending changed categories back.
  ZP-982 Fixed typo.
  ZP-993 Allow to disable outlook and mobile devices' access separately.
  ZP-989 Backward compatibility fixes for old style folder ids.
  ZP-989 Remove readonly parameter from $additionalFolders in config.php and where it was used in the code.
  ZP-987 Allow text keys when using memcache IPC, have a defined mutex name in memcache, suppress errors on unlinking memcache-down file, use device id for IPC type (key) in PingTracking and LoopDetection (one datakey + mutex per device!), check if TopCollector is enabled without blocking the mutex.
  ZP-989 Remove readonly parameter when adding an additional folder via webservice.
  ZP-989 Remove readonly parameter from backends' Setup() function. Check for only read permission in Kopano backend Setup().
  ZP-986 Added option to completely disable the TopCollector.
  ZP-991 Fix evaluation order for PHP 7.
  ZP-978 Load policies from default section policy file.
  ZP-980 Exception of an all day recurrence is not all day.
  ZP-981 Error deleting an all-day occurrence on a mobile device. Some code style fixes.
  ...

build/deb/debian.NEWS.Debian

+z-push (1.0.0-1) unstable; urgency=low
+
+    Upgrading from z-push 2.0 versions
+
+    * Upgrade your z-push files to the new version
+    * Mobiles which connect will receive a temporary synchronization error
+      (only visible if you explicitly click "refresh" on the mobiles)
+    * Run the upgrade script located in the tools folder. The files
+      distributed by us contain a correct configuration of this script to
+      access the config file and locate the state files. If your file
+      locations are different, please check the path settings in the top of
+      the migration script.
+    * After running the migration script, mobiles will continue
+      synchronizing without any re-synchronization
+
+    Upgrading from z-push 1.X versions
+
+    The easiest way to upgrade is to follow the steps for a new installation.
+    The states of z-push 1.X are not compatible and there is no upgrade path,
+    but as this version implements a fully automatic resynchronisation of
+    devices it should not affect the users and work without the user
+    interaction.
+
+    Since all devices will start a full resyncronisation after the upgrade it
+    is recommended to do the upgrade during a period with low traffic.
+
+    This version offers improved logging facilities, so please review your
+    configuration with respect to this.
+
+ -- Michael Kromer <mike@zarafa.com>  Sat, 02 Aug 2014 00:38:49 +0200

build/deb/debian.changelog

+z-push (1.0.0-1) unstable; urgency=low
+
+  * Current release
+
+ -- Zarafa Development <development@zarafa.com>  Tue, 20 Jan 2015 10:25:03 +0100
+

build/deb/debian.compat

+7

build/deb/debian.control

+Source: z-push
+Section: web
+Priority: extra
+Maintainer: Sebastian Kummer <sebastian@z-push.org>
+Build-Depends: debhelper (>= 8.0.0)
+Standards-Version: 3.9.4
+Homepage: http://z-push.org
+
+Package: z-push-common
+Architecture: all
+Depends: ${misc:Depends}, php5 (>= 5.4), php5-cli, php-soap
+Conflicts: d-push, z-push
+Replaces: d-push, z-push
+Description: open source implementation of the ActiveSync protocol
+ Z-Push is an implementation of the ActiveSync protocol which is used
+ 'over-the-air' for multi platform ActiveSync devices, including Windows 
+ Phone, Apple iPhone and iPad, Android, Blackberry 10 devices and 
+ MS Outlook 2013 and later. With Z-Push any groupware can be connected 
+ and synchronized with these devices.
+
+Package: z-push-backend-caldav
+Architecture: all
+Depends: ${misc:Depends}, z-push-common (= ${binary:Version}), php5-curl, libawl-php
+Description: Z-Push caldav backend
+ Backend for Z-Push, that adds the ability to connect to a caldav server
+
+Package: z-push-backend-carddav
+Architecture: all
+Depends: ${misc:Depends}, z-push-common (= ${binary:Version}), php5-curl, php5-xsl
+Description: Z-Push carddav backend
+ Backend for Z-Push, that adds the ability to connect to a carddav server
+
+Package: z-push-backend-combined
+Architecture: all
+Depends: ${misc:Depends}, z-push-common (= ${binary:Version})
+Description: Z-Push combined backend
+ Backend for Z-Push, that adds the ability to combine backends
+
+Package: z-push-backend-imap
+Architecture: all
+Depends: ${misc:Depends}, z-push-common (= ${binary:Version}), php5-imap
+Description: Z-Push imap backend
+ Backend for Z-Push, that adds the ability to connect to a imap server
+
+Package: z-push-backend-ldap
+Architecture: all
+Depends: ${misc:Depends}, z-push-common (= ${binary:Version}), php5-ldap
+Description: Z-Push ldap backend
+ Backend for Z-Push, that adds the ability to connect to a ldap server
+
+Package: z-push-backend-kopano
+Architecture: all
+Depends: ${misc:Depends}, z-push-common (= ${binary:Version}), php5-mapi
+Description: Z-Push Kopano backend
+ Backend for Z-Push, that adds the ability to connect to a Kopano server
+
+Package: z-push-kopano
+Architecture: all
+Depends: ${misc:Depends}, z-push-common (= ${binary:Version}), z-push-backend-kopano (= ${binary:Version}), z-push-ipc-sharedmemory (= ${binary:Version})
+Description: Z-Push for Kopano
+ Z-Push for Kopano meta package
+
+Package: z-push-kopano-gabsync
+Architecture: all
+Depends: ${misc:Depends}, php5-mapi
+Description: GAB sync for Kopano
+ Synchronizes a the global address book for the Kopano Outlook Extension
+
+Package: z-push-ipc-sharedmemory
+Architecture: all
+Depends: ${misc:Depends}, z-push-common (= ${binary:Version})
+Description: Z-Push ipc shared memory provider
+ Provider for Z-Push, that adds the ability to use ipc shared memory
+
+Package: z-push-ipc-memcached
+Architecture: all
+Depends: ${misc:Depends}, z-push-common (= ${binary:Version}), php5-memcached
+Description: Z-Push ipc memcached provider
+ Provider for Z-Push, that adds the ability to use ipc memcached
+
+Package: z-push-backend-galsearch-ldap
+Architecture: all
+Depends: ${misc:Depends}, z-push-common (= ${binary:Version}), php5-ldap
+Description: Z-Push searchldap backend
+ Backend for Z-Push, that adds the ability to search a ldap server
+
+Package: z-push-state-sql
+Architecture: all
+Depends: ${misc:Depends}, z-push-common (= ${binary:Version}), php5-mysql
+Description: Z-Push mysql state backend
+ Backend for Z-Push, that adds the ability to save states in a mysql database
+
+Package: z-push-autodiscover
+Architecture: all
+Depends: ${misc:Depends}, z-push-common (= ${binary:Version}), apache2, z-push-backend-caldav | z-push-backend-carddav | z-push-backend-combined | z-push-backend-imap | z-push-backend-ldap | z-push-backend-kopano
+Description: Z-Push autodiscover
+ Autodiscover for Z-Push backends
+
+Package: z-push-config-apache
+Architecture: all
+Depends: ${misc:Depends}, z-push-common (= ${binary:Version}), libapache2-mod-php5
+Description: Z-Push apache configuration
+ Z-push apache configuration files
+
+Package: z-push-config-apache-autodiscover
+Architecture: all
+Depends: ${misc:Depends}, z-push-autodiscover (= ${binary:Version}), libapache2-mod-php5
+Description: Z-Push autodiscover apache configuration
+ Z-push autodiscover apache configuration files
\ No newline at end of file

build/deb/debian.rules

+#!/usr/bin/make -f
+# Uncomment this to turn on verbose mode.
+export DH_VERBOSE=1
+
+#include /usr/share/quilt/quilt.make
+
+
+
+DEB_VERSION := $(shell dpkg-parsechangelog | egrep '^Version:' | cut -f 2 -d ' ')
+
+%:
+	dh  $@
+
+override_dh_install:
+	mv src/* .
+	sed -s "s/ZPUSHVERSION/${DEB_VERSION}/" build/version.php.in > version.php
+
+	mv "config.php" "z-push.conf.php";
+
+	mkdir conftmp
+	mv "backend/caldav/config.php" "conftmp/caldav.conf.php";
+	mv "backend/carddav/config.php" "conftmp/carddav.conf.php";
+	mv "backend/combined/config.php" "conftmp/combined.conf.php";
+	mv "backend/imap/config.php" "conftmp/imap.conf.php";
+	mv "backend/ldap/config.php" "conftmp/ldap.conf.php";
+	mv "backend/kopano/config.php" "conftmp/kopano.conf.php";
+	mv "backend/ipcmemcached/config.php" "conftmp/memcached.conf.php";
+	mv "backend/searchldap/config.php" "conftmp/galsearch-ldap.conf.php";
+	mv "backend/sqlstatemachine/config.php" "conftmp/state-sql.conf.php";
+	mv "tools/gab-sync/config.php" "conftmp/gabsync.conf.php";
+	mv "autodiscover/config.php" "conftmp/autodiscover.conf.php";
+
+	dh_install
+	mkdir -p debian/z-push/var/lib/z-push
+	mkdir -p debian/z-push/var/log/z-push
+
+clean:
+	dh_testdir
+	dh_testroot
+	rm -f build-stamp
+	dh_clean
+
+build:

build/deb/debian.z-push-autodiscover.install

+conftmp/autodiscover.conf.php etc/z-push/
+autodiscover            /usr/share/z-push/

build/deb/debian.z-push-autodiscover.links

+etc/z-push/autodiscover.conf.php usr/share/z-push/autodiscover/config.php

build/deb/debian.z-push-backend-caldav.install

+conftmp/caldav.conf.php /etc/z-push/
+backend/caldav            /usr/share/z-push/backend

build/deb/debian.z-push-backend-caldav.links

+etc/z-push/caldav.conf.php usr/share/z-push/backend/caldav/config.php

build/deb/debian.z-push-backend-carddav.install

+conftmp/carddav.conf.php /etc/z-push/
+backend/carddav            /usr/share/z-push/backend/

build/deb/debian.z-push-backend-carddav.links

+etc/z-push/carddav.conf.php usr/share/z-push/backend/carddav/config.php

build/deb/debian.z-push-backend-combined.install

+conftmp/combined.conf.php /etc/z-push/
+backend/combined            /usr/share/z-push/backend/

build/deb/debian.z-push-backend-combined.links

+etc/z-push/combined.conf.php usr/share/z-push/backend/combined/config.php

build/deb/debian.z-push-backend-galsearch-ldap.install

+conftmp/galsearch-ldap.conf.php /etc/z-push/
+backend/searchldap            /usr/share/z-push/backend

build/deb/debian.z-push-backend-galsearch-ldap.links

+etc/z-push/galsearch-ldap.conf.php usr/share/z-push/backend/searchldap/config.php

build/deb/debian.z-push-backend-imap.install

+conftmp/imap.conf.php /etc/z-push/
+backend/imap           /usr/share/z-push/backend/

build/deb/debian.z-push-backend-imap.links

+etc/z-push/imap.conf.php usr/share/z-push/backend/imap/config.php

build/deb/debian.z-push-backend-kopano.install

+conftmp/kopano.conf.php /etc/z-push/
+backend/kopano            /usr/share/z-push/backend/

build/deb/debian.z-push-backend-kopano.links

+etc/z-push/kopano.conf.php usr/share/z-push/backend/kopano/config.php

build/deb/debian.z-push-backend-ldap.install

+conftmp/ldap.conf.php /etc/z-push/
+backend/ldap            /usr/share/z-push/backend/

build/deb/debian.z-push-backend-ldap.links

+etc/z-push/ldap.conf.php usr/share/z-push/backend/ldap/config.php

build/deb/debian.z-push-common.dirs

+usr/share/z-push/backend
+var/lib/z-push
+var/log/z-push
+

build/deb/debian.z-push-common.install

+z-push.conf.php    /etc/z-push/
+policies.ini       /etc/z-push/
+include            /usr/share/z-push/
+index.php          /usr/share/z-push/
+lib                /usr/share/z-push/
+vendor             /usr/share/z-push/
+version.php        /usr/share/z-push/
+z-push-admin.php   /usr/share/z-push/
+z-push-top.php     /usr/share/z-push/
+
+config/z-push.lr   etc/logrotate.d/

build/deb/debian.z-push-common.links

+etc/z-push/z-push.conf.php usr/share/z-push/config.php
+etc/z-push/policies.ini usr/share/z-push/policies.ini
+usr/share/z-push/z-push-admin.php /usr/local/sbin/z-push-admin
+usr/share/z-push/z-push-top.php /usr/local/sbin/z-push-top

build/deb/debian.z-push-common.postinst

+#!/bin/sh
+# postinst script for z-push
+#
+# see: dh_installdeb(1)
+
+set -e
+
+case "$1" in
+    configure)
+    if [ "$1" = "configure" -a -n "$2" ] && dpkg --compare-versions "$2" le 2.3.0 ; then
+        /usr/local/sbin/z-push-admin -a fixstates
+    fi
+    ;;
+
+    abort-upgrade|abort-remove|abort-deconfigure)
+    ;;
+
+    *)
+        echo "postinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0

build/deb/debian.z-push-config-apache-autodiscover.install

+config/apache2/z-push-autodiscover.conf /etc/apache2/conf-available/

build/deb/debian.z-push-config-apache-autodiscover.postinst

+#!/bin/sh
+# postinst script for z-push-config-apache-autodiscover
+#
+# see: dh_installdeb(1)
+
+set -e
+
+if type a2enconf >/dev/null 2>/dev/null; then
+  # FIXME: configure case below pulls symlinks from conf-available manually.
+  a2enconf z-push-autodiscover || true
+  service apache2 reload || true
+fi
+
+reload_apache()
+{
+    if apache2ctl configtest 2>/dev/null; then
+    if [ -x /usr/sbin/invoke-rc.d ]; then
+            invoke-rc.d apache2 $1 3>/dev/null || true
+    else
+            /etc/init.d/apache2 $1 3>/dev/null || true
+    fi
+    else
+        echo "Your Apache 2 configuration is broken, so we're not restarting it for you."
+    fi
+}
+
+case "$1" in
+    configure)
+    CONF="z-push-autodiscover"
+    COMMON_STATE=$(dpkg-query -f '${Status}' -W 'apache2.2-common' 2>/dev/null | awk '{print $3}' || true)
+    if [ -e /usr/share/apache2/apache2-maintscript-helper ] ; then
+        . /usr/share/apache2/apache2-maintscript-helper
+        apache2_invoke enmod alias
+        if [ -e /etc/apache2/conf-available/$CONF.conf ] ; then
+            apache2_invoke enconf $CONF || exit $?
+        fi
+    elif [ "$COMMON_STATE" = "installed" ] || [ "$COMMON_STATE" = "unpacked" ] ; then
+        if [ -d /etc/apache2/conf.d/ ] && [ ! -L /etc/apache2/conf.d/$CONF.conf ] ; then
+            ln -s ../conf-available/$CONF.conf /etc/apache2/conf.d/$CONF.conf
+        fi
+        # Test whether a2enmod is available (and thus also apache2ctl).
+        if [ -x /usr/sbin/a2enmod ]; then
+            # Enable the Apache2 rewrite module if not already enabled
+            a2enmod alias > /dev/null || true
+            # Restart Apache to really enable the module and load
+            # /etc/apache2/conf.d/z-push-autodiscover.conf.
+            reload_apache reload
+        fi
+    fi
+    ;;
+
+    abort-upgrade|abort-remove|abort-deconfigure)
+    ;;
+
+    *)
+        echo "postinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+#DEBHELPER#
+
+exit 0

build/deb/debian.z-push-config-apache-autodiscover.postrm

+#!/bin/sh
+# postrm script for z-push-config-apache
+
+set -e
+
+if type a2disconf >/dev/null 2>/dev/null; then
+  a2disconf z-push-autodiscover || true
+  service apache2 reload || true
+fi
+
+#DEBHELPER#
+
+exit 0

build/deb/debian.z-push-config-apache.install

+config/apache2/z-push.conf /etc/apache2/conf-available/

build/deb/debian.z-push-config-apache.postinst

+#!/bin/sh
+# postinst script for z-push-config-apache
+#
+# see: dh_installdeb(1)
+
+set -e
+
+if type a2enconf >/dev/null 2>/dev/null; then
+  # FIXME: configure case below pulls symlinks from conf-available manually.
+  a2enconf z-push || true
+  service apache2 reload || true
+fi
+
+reload_apache()
+{
+    if apache2ctl configtest 2>/dev/null; then
+    if [ -x /usr/sbin/invoke-rc.d ]; then
+            invoke-rc.d apache2 $1 3>/dev/null || true
+    else
+            /etc/init.d/apache2 $1 3>/dev/null || true
+    fi
+    else
+        echo "Your Apache 2 configuration is broken, so we're not restarting it for you."
+    fi
+}
+
+set_perms() {
+        USER=$1
+        GROUP=$2
+        MODE=$3
+        FILE=$4
+        if ! dpkg-statoverride --list $FILE > /dev/null 2>&1; then
+                chown -R $USER:$GROUP $FILE
+                chmod -R $MODE $FILE
+        fi
+}
+
+
+case "$1" in
+    configure)
+
+    #Set permissions
+    set_perms www-data www-data 700 /var/lib/z-push
+    set_perms www-data www-data 700 /var/log/z-push
+
+    CONF="z-push"
+    COMMON_STATE=$(dpkg-query -f '${Status}' -W 'apache2.2-common' 2>/dev/null | awk '{print $3}' || true)
+    if [ -e /usr/share/apache2/apache2-maintscript-helper ] ; then
+        . /usr/share/apache2/apache2-maintscript-helper
+        if [ -e /etc/apache2/conf-available/$CONF.conf ] ; then
+            apache2_invoke enconf $CONF || exit $?
+        fi
+    elif [ "$COMMON_STATE" = "installed" ] || [ "$COMMON_STATE" = "unpacked" ] ; then
+        if [ -d /etc/apache2/conf.d/ ] && [ ! -L /etc/apache2/conf.d/$CONF.conf ] ; then
+            ln -s ../conf-available/$CONF.conf /etc/apache2/conf.d/$CONF.conf
+        fi
+        # Test whether a2enmod is available (and thus also apache2ctl).
+        if [ -x /usr/sbin/a2enmod ]; then
+            # Restart Apache to really enable the module and load
+            # /etc/apache2/conf.d/z-push.conf.
+            reload_apache reload
+        fi
+    fi
+    ;;
+
+    abort-upgrade|abort-remove|abort-deconfigure)
+    ;;
+
+    *)
+        echo "postinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+#DEBHELPER#
+
+exit 0

build/deb/debian.z-push-config-apache.postrm

+#!/bin/sh
+# postrm script for z-push-config-apache
+
+set -e
+
+if type a2disconf >/dev/null 2>/dev/null; then
+  a2disconf z-push || true
+  service apache2 reload || true
+fi
+
+#DEBHELPER#
+
+exit 0

build/deb/debian.z-push-ipc-memcached.install

+conftmp/memcached.conf.php /etc/z-push/
+backend/ipcmemcached            /usr/share/z-push/backend/

build/deb/debian.z-push-ipc-memcached.links

+etc/z-push/memcached.conf.php usr/share/z-push/backend/ipcmemcached/config.php

build/deb/debian.z-push-ipc-sharedmemory.install

+backend/ipcsharedmemory            /usr/share/z-push/backend/

build/deb/debian.z-push-kopano-gabsync.install

+conftmp/gabsync.conf.php /etc/z-push/
+tools/gab-sync            /usr/share/z-push/tools/

build/deb/debian.z-push-kopano-gabsync.links

+etc/z-push/gabsync.conf.php usr/share/z-push/tools/gab-sync/config.php
+usr/share/z-push/tools/gab-sync/gab-sync.php /usr/local/sbin/z-push-gabsync

build/deb/debian.z-push-state-sql.install

+conftmp/state-sql.conf.php /etc/z-push/
+backend/sqlstatemachine            /usr/share/z-push/backend/
+tools/migrate-filestates-to-db.php        /usr/share/z-push/tools/

build/deb/debian.z-push-state-sql.links

+etc/z-push/state-sql.conf.php usr/share/z-push/backend/sqlstatemachine/config.php

build/deb/z-push.dsc

+Format: 1.0
+Source: z-push
+Binary: z-push
+Architecture: all
+Version: 1.0.0-1
+Maintainer: Sebastian Kummer <sebastian@z-push.org>
+Homepage: http://z-push.org
+Standards-Version: 3.9.4
+Build-Depends: debhelper (>= 8.0.0)
+Files: 

build/version.php.in

+<?php
+/***********************************************
+* File      :   version.php
+* Project   :   Z-Push
+* Descr     :   version number
+*
+* Created   :   18.04.2008
+*
+* Copyright 2007 - 2013, 2015 Zarafa Deutschland GmbH
+*
+* This program is free software: you can redistribute it and/or modify
+* it under the terms of the GNU Affero General Public License, version 3,
+* as published by the Free Software Foundation with the following additional
+* term according to sec. 7:
+*
+* According to sec. 7 of the GNU Affero General Public License, version 3,
+* the terms of the AGPL are supplemented with the following terms:
+*
+* "Zarafa" is a registered trademark of Zarafa B.V.
+* "Z-Push" is a registered trademark of Zarafa Deutschland GmbH
+* The licensing of the Program under the AGPL does not imply a trademark license.
+* Therefore any rights, title and interest in our trademarks remain entirely with us.
+*
+* However, if you propagate an unmodified version of the Program you are
+* allowed to use the term "Z-Push" to indicate that you distribute the Program.
+* Furthermore you may use our trademarks where it is necessary to indicate
+* the intended purpose of a product or service provided you use it in accordance
+* with honest practices in industrial or commercial matters.
+* If you want to propagate modified versions of the Program under the name "Z-Push",
+* you may only do so if you have a written permission by Zarafa Deutschland GmbH
+* (to acquire a permission please contact Zarafa at trademark@zarafa.com).
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU Affero General Public License for more details.
+*
+* You should have received a copy of the GNU Affero General Public License
+* along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+* Consult LICENSE file for details
+************************************************/
+
+define("ZPUSH_VERSION", "ZPUSHVERSION");
\ No newline at end of file

config/lighttpd/z-push.conf

+# Alias for z-push directory
+alias.url += (
+    "/Microsoft-Server-ActiveSync" => "/usr/share/z-push/index.php"
+)

config/nginx/z-push.conf

+server {
+    listen 443;
+    server_name localhost; # Please edit me
+ 
+    ssl on;
+    #ssl_certificate         /path/to/ssl.crt; # Please edit me
+    #ssl_certificate_key     /path/to/ssl.key; # Please edit me
+ 
+    root    /usr/share/webapps/z-push;
+    index   index.php;
+ 
+    # Performance Settings
+    #client_max_body_size 4M;
+    #client_body_buffer_size 128k;
+ 
+    location / {
+            try_files $uri $uri/ index.php;
+    }
+ 
+    location /Microsoft-Server-ActiveSync {
+            rewrite ^(.*)$  /index.php last;
+    }
+ 
+    location ~ .php$ {
+            include fastcgi_params;
+            fastcgi_index index.php;
+            fastcgi_param HTTPS on;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ 
+            fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
+    }
+}

config/z-push.lr

+/var/log/z-push/*.log {
+	size 1k
+	create www-data www-data
+	compress
+	rotate 4
+}

src/backend/ipcmemcached/ipcmemcachedprovider.php

@@ -47,6 +47,7 @@ require_once("backend/ipcmemcached/config.php");
 
 class IpcMemcachedProvider implements IIpcProvider {
     protected $type;
+    private $typeMutex;
     private $maxWaitCycles;
     private $logWaitCycles;
     private $isDownUntil;
@@ -70,6 +71,7 @@ class IpcMemcachedProvider implements IIpcProvider {
      */
     public function __construct($type, $allocate, $class) {
         $this->type = $type;
+        $this->typeMutex = $type . "MX";
         $this->maxWaitCycles = round(MEMCACHED_MUTEX_TIMEOUT * 1000 / MEMCACHED_BLOCK_WAIT)+1;
         $this->logWaitCycles = round($this->maxWaitCycles/5);
 
@@ -181,20 +183,20 @@ class IpcMemcachedProvider implements IIpcProvider {
         }
 
         $n = 0;
-        while(!$this->memcached->add($this->type+10, true, MEMCACHED_MUTEX_TIMEOUT)) {
+        while(!$this->memcached->add($this->typeMutex, true, MEMCACHED_MUTEX_TIMEOUT)) {
             if (++$n % $this->logWaitCycles == 0) {
-                ZLog::Write(LOGLEVEL_DEBUG, sprintf("IpcMemcachedProvider->BlockMutex() waiting to aquire mutex for type: %s ", $this->type));
+                ZLog::Write(LOGLEVEL_DEBUG, sprintf("IpcMemcachedProvider->BlockMutex() waiting to aquire mutex for type: %s ", $this->typeMutex));
             }
             // wait before retrying
             usleep(MEMCACHED_BLOCK_WAIT * 1000);
             if ($n > $this->maxWaitCycles) {
-                ZLog::Write(LOGLEVEL_ERROR, sprintf("IpcMemcachedProvider->BlockMutex() could not aquire mutex for type: %s. Check memcache service!", $this->type));
+                ZLog::Write(LOGLEVEL_ERROR, sprintf("IpcMemcachedProvider->BlockMutex() could not aquire mutex for type: %s. Check memcache service!", $this->typeMutex));
                 $this->markAsDown();
                 return false;
             }
         }
         if ($n*MEMCACHED_BLOCK_WAIT > 50) {
-            ZLog::Write(LOGLEVEL_WARN, sprintf("IpcMemcachedProvider->BlockMutex() mutex aquired after waiting for %sms for type: %s", ($n*MEMCACHED_BLOCK_WAIT), $this->type));
+            ZLog::Write(LOGLEVEL_WARN, sprintf("IpcMemcachedProvider->BlockMutex() mutex aquired after waiting for %sms for type: %s", ($n*MEMCACHED_BLOCK_WAIT), $this->typeMutex));
         }
         return true;
     }
@@ -207,7 +209,7 @@ class IpcMemcachedProvider implements IIpcProvider {
      * @return boolean
      */
     public function ReleaseMutex() {
-        return $this->memcached->delete($this->type+10);
+        return $this->memcached->delete($this->typeMutex);
     }
 
     /**
@@ -265,7 +267,7 @@ class IpcMemcachedProvider implements IIpcProvider {
                 return $timestamp;
             }
             else {
-                unlink(MEMCACHED_DOWN_LOCK_FILE);
+                @unlink(MEMCACHED_DOWN_LOCK_FILE);
             }
         }
         return 0;

src/backend/kopano/importer.php

@@ -415,6 +415,18 @@ class ImportChangesICS implements IImportChanges {
                 ZLog::Write(LOGLEVEL_INFO, sprintf("ImportChangesICS->ImportMessageChange('%s','%s'): Conflict detected. Data from PIM will be dropped! Object was deleted on server.", $id, get_class($message)));
                 return false;
             }
+
+            // KOE ZP-990: OL updates the deleted category which causes a race condition if more than one KOE is connected to that user
+            if(ZPush::GetDeviceManager()->IsKoe() && KOE_CAPABILITY_RECEIVEFLAGS && !isset($message->flag) && isset($message->categories)) {
+                // check if the categories changed
+                $mapiCategories = $this->mapiprovider->GetMessageCategories($props[PR_PARENT_SOURCE_KEY], $props[PR_SOURCE_KEY]);
+                if( (empty($message->categories) && empty($mapiCategories)) ||
+                    (is_array($mapiCategories) && count(array_diff($mapiCategories, $message->categories)) == 0 && count(array_diff($message->categories, $mapiCategories)) == 0)) {
+                    ZLog::Write(LOGLEVEL_DEBUG, "ImportChangesICS->ImportMessageChange(): KOE update of flag categories. Ignoring incoming update.");
+                    return $id;
+                }
+            }
+
         }
         else
             $flags = SYNC_NEW_MESSAGE;

src/backend/kopano/kopano.php

@@ -75,7 +75,8 @@ class BackendKopano implements IBackend, ISearchProvider {
     private $folderStatCache;
 
     // KC config parameter for PR_EC_ENABLED_FEATURES / PR_EC_DISABLED_FEATURES
-    const ZPUSH_ENABLED = 'mobile';
+    const MOBILE_ENABLED = 'mobile';
+    const OUTLOOK_ENABLED = 'outlook';
 
     const MAXAMBIGUOUSRECIPIENTS = 9999;
     const FREEBUSYENUMBLOCKS = 50;
@@ -238,7 +239,7 @@ class BackendKopano implements IBackend, ISearchProvider {
         if ($user === false)
             $user = $this->mainUser;
 
-        // This is a special case. A user will get it's entire folder structure by the foldersync by default.
+        // This is a special case. A user will get his entire folder structure by the foldersync by default.
         // The ACL check is executed when an additional folder is going to be sent to the mobile.
         // Configured that way the user could receive the same folderid twice, with two different names.
         if ($this->mainUser == $user && $checkACLonly && $folderid) {
@@ -2323,8 +2324,18 @@ class BackendKopano implements IBackend, ISearchProvider {
         $userEntryid = mapi_getprops($this->store, array(PR_MAILBOX_OWNER_ENTRYID));
         $mailuser = mapi_ab_openentry($addressbook, $userEntryid[PR_MAILBOX_OWNER_ENTRYID]);
         $enabledFeatures = mapi_getprops($mailuser, array(PR_EC_DISABLED_FEATURES));
-        if (isset($enabledFeatures[PR_EC_DISABLED_FEATURES]) && is_array($enabledFeatures[PR_EC_DISABLED_FEATURES]) && in_array(self::ZPUSH_ENABLED, $enabledFeatures[PR_EC_DISABLED_FEATURES])) {
-            throw new FatalException("User is disabled for Z-Push.");
+        if (isset($enabledFeatures[PR_EC_DISABLED_FEATURES]) && is_array($enabledFeatures[PR_EC_DISABLED_FEATURES])) {
+            $mobileDisabled = in_array(self::MOBILE_ENABLED, $enabledFeatures[PR_EC_DISABLED_FEATURES]);
+            $outlookDisabled = in_array(self::OUTLOOK_ENABLED, $enabledFeatures[PR_EC_DISABLED_FEATURES]);
+            if ($mobileDisabled && $outlookDisabled) {
+                throw new FatalException("User is disabled for Z-Push.");
+            }
+            elseif (Request::IsOutlook() && $outlookDisabled) {
+                throw new FatalException("User is disabled for Outlook usage with Z-Push.");
+            }
+            elseif (!Request::IsOutlook() && $mobileDisabled) {
+                throw new FatalException("User is disabled for mobile device usage with Z-Push.");
+            }
         }
         return true;
     }

src/backend/kopano/replybackimexporter.php

@@ -453,16 +453,15 @@ class ReplyBackImExporter implements IImportChanges, IExportChanges {
 
         $sourcekey = hex2bin($sk);
         $parentsourcekey = hex2bin(ZPush::GetDeviceManager()->GetBackendIdForFolderId($fsk));
+        // Backwards compatibility for old style folder ids
+        if (empty($parentsourcekey)) {
+            $parentsourcekey = $this->folderid;
+        }
         $entryid = mapi_msgstore_entryidfromsourcekey($this->store, $parentsourcekey, $sourcekey);
 
         if(!$entryid) {
             ZLog::Write(LOGLEVEL_INFO, sprintf("ReplyBackImExporter->getMessage(): Couldn't retrieve message from MAPIProvider, sourcekey: '%s', parentsourcekey: '%s'", bin2hex($sourcekey), bin2hex($parentsourcekey), bin2hex($entryid)));
-            if ($announceErrors) {
-                return $status;
-            }
-            else {
-                return false;
-            }
+            return false;
         }
 
         $mapimessage = mapi_msgstore_openentry($this->store, $entryid);
@@ -484,8 +483,7 @@ class ReplyBackImExporter implements IImportChanges, IExportChanges {
                     }
                     ZPush::GetDeviceManager()->AnnounceIgnoredMessage(false, $brokenSO->id, $brokenSO);
                 }
-                // tell MAPI to ignore the message
-                return $status;
+                return false;
             }
         }
         return $message;

src/config.php

@@ -345,8 +345,6 @@
  *                      SYNC_FOLDER_TYPE_USER_TASK
  *                      SYNC_FOLDER_TYPE_USER_MAIL
  *                      SYNC_FOLDER_TYPE_USER_NOTE
- *      readonly:   indicates if the folder should be opened read-only.
- *                  If set to false, full writing permissions are required.
  *
  *  Additional notes:
  *  - on Kopano systems use backend/kopano/listfolders.php script to get a list
@@ -355,11 +353,6 @@
  *  - all Z-Push users must have at least reading permissions so the configured
  *    folders can be synchronized to the mobile. Else they are ignored.
  *
- *  - if read-only is set to 'false' only users with full permissions (secretary
- *    rights) are able to change entries. For all others, the changes will be
- *    discarted and overwritten with data from the server. Check backend
- *    compatibility and configuration for this feature.
- *
  *  - this feature is only partly suitable for multi-tenancy environments,
  *    as ALL users from ALL tenents need access to the configured store & folder.
  *    When configuring a public folder, this will cause problems, as each user has
@@ -379,7 +372,6 @@
             'folderid'  => "",
             'name'      => "Public Contacts",
             'type'      => SYNC_FOLDER_TYPE_USER_CONTACT,
-            'readonly'  => false,
         ),
 */
     );

src/lib/core/asdevice.php

@@ -854,12 +854,11 @@ class ASDevice extends StateObject {
      * @param string    $folderid   the folder id of the additional folder.
      * @param string    $name       the name of the additional folder (has to be unique for all folders on the device).
      * @param string    $type       AS foldertype of SYNC_FOLDER_TYPE_USER_*
-     * @param boolean   $readonly   Indicates if the folder should be synched if the user has at least read-only permissions.
      *
      * @access public
      * @return boolean
      */
-    public function AddAdditionalFolder($store, $folderid, $name, $type, $readonly) {
+    public function AddAdditionalFolder($store, $folderid, $name, $type) {
         // check if type is of a additional user type
         if (!in_array($type, array(SYNC_FOLDER_TYPE_USER_CONTACT, SYNC_FOLDER_TYPE_USER_APPOINTMENT, SYNC_FOLDER_TYPE_USER_TASK, SYNC_FOLDER_TYPE_USER_MAIL, SYNC_FOLDER_TYPE_USER_NOTE, SYNC_FOLDER_TYPE_USER_JOURNAL))) {
             ZLog::Write(LOGLEVEL_ERROR, sprintf("ASDevice->AddAdditionalFolder(): folder can not be added because the specified type '%s' is not a permitted user type.", $type));
@@ -901,7 +900,6 @@ class ASDevice extends StateObject {
                             'folderid'  => $folderid,
                             'name'      => $name,
                             'type'      => $type,
-                            'readonly'  => $readonly,
                          );
         $this->additionalfolders = $af;
 

src/lib/core/changesmemorywrapper.php

@@ -78,7 +78,8 @@ class ChangesMemoryWrapper extends HierarchyCache implements IImportChanges, IEx
             foreach($state as $addKey => $addFolder) {
                 ZLog::Write(LOGLEVEL_DEBUG, sprintf("ChangesMemoryWrapper->Config(AdditionalFolders) : process folder '%s'", $addFolder->displayname));
                 if (isset($addFolder->NoBackendFolder) && $addFolder->NoBackendFolder == true) {
-                    $hasRights = ZPush::GetBackend()->Setup($addFolder->Store, true, $addFolder->BackendId, $addFolder->ReadOnly);
+                    // check rights for readonly access only
+                    $hasRights = ZPush::GetBackend()->Setup($addFolder->Store, true, $addFolder->BackendId, true);
                     // delete the folder on the device
                     if (! $hasRights) {
                         // delete the folder only if it was an additional folder before, else ignore it

src/lib/core/devicemanager.php

@@ -493,7 +493,7 @@ class DeviceManager {
     public function GetAdditionalUserSyncFolders() {
         $folders = array();
         foreach($this->device->GetAdditionalFolders() as $df) {
-            $folder = $this->getAdditionalSyncFolder($df['store'], $df['folderid'], $df['name'], $df['type'], $df['readonly'], DeviceManager::FLD_ORIGIN_SHARED);
+            $folder = $this->getAdditionalSyncFolder($df['store'], $df['folderid'], $df['name'], $df['type'], DeviceManager::FLD_ORIGIN_SHARED);
             $folders[$folder->BackendId] = $folder;
         }
 
@@ -501,7 +501,7 @@ class DeviceManager {
         if (KOE_CAPABILITY_GAB && $this->IsKoe() && KOE_GAB_STORE != "" && KOE_GAB_NAME != "") {
             // if KOE_GAB_FOLDERID is set, use it
             if (KOE_GAB_FOLDERID != "") {
-                $folder = $this->getAdditionalSyncFolder(KOE_GAB_STORE, KOE_GAB_FOLDERID, KOE_GAB_NAME, SYNC_FOLDER_TYPE_USER_APPOINTMENT, true, DeviceManager::FLD_ORIGIN_GAB);
+                $folder = $this->getAdditionalSyncFolder(KOE_GAB_STORE, KOE_GAB_FOLDERID, KOE_GAB_NAME, SYNC_FOLDER_TYPE_USER_APPOINTMENT, DeviceManager::FLD_ORIGIN_GAB);
                 $folders[$folder->BackendId] = $folder;
             }
             else {
@@ -518,7 +518,7 @@ class DeviceManager {
                     }
 
                     if ($backendGabId) {
-                        $folders[$backendGabId] = $this->getAdditionalSyncFolder(KOE_GAB_STORE, $backendGabId, KOE_GAB_NAME, SYNC_FOLDER_TYPE_USER_APPOINTMENT, true, DeviceManager::FLD_ORIGIN_GAB);
+                        $folders[$backendGabId] = $this->getAdditionalSyncFolder(KOE_GAB_STORE, $backendGabId, KOE_GAB_NAME, SYNC_FOLDER_TYPE_USER_APPOINTMENT, DeviceManager::FLD_ORIGIN_GAB);
                     }
                 }
             }
@@ -1113,6 +1113,11 @@ class DeviceManager {
             return $policies[ASDevice::DEFAULTPOLICYNAME];
         }
         ZLog::Write(LOGLEVEL_DEBUG, sprintf("DeviceManager->getProvisioningPolicies(): loaded '%s' policy.", $policyName));
+
+        // Always load default policies, so that if a policy extends a default policy it doesn't have to copy all the values
+        if ($policyName != ASDevice::DEFAULTPOLICYNAME) {
+            $policies[$policyName] = array_replace_recursive($policies[ASDevice::DEFAULTPOLICYNAME], $policies[$policyName]);
+        }
         return $policies[$policyName];
     }
 
@@ -1136,13 +1141,12 @@ class DeviceManager {
      * @param string    $folderid
      * @param string    $name
      * @param int       $type
-     * @param boolean   $readonly
      * @param string    $folderOrigin
      *
      * @access private
      * @returns SyncFolder
      */
-    private function getAdditionalSyncFolder($store, $folderid, $name, $type, $readonly, $folderOrigin) {
+    private function getAdditionalSyncFolder($store, $folderid, $name, $type, $folderOrigin) {
         $folder = new SyncFolder();
         $folder->BackendId = $folderid;
         $folder->serverid = $this->GetFolderIdForBackendId($folder->BackendId, true, $folderOrigin, $name);
@@ -1152,7 +1156,6 @@ class DeviceManager {
         // save store as custom property which is not streamed directly to the device
         $folder->NoBackendFolder = true;
         $folder->Store = $store;
-        $folder->ReadOnly = $readonly;
 
         return $folder;
     }

src/lib/core/interprocessdata.php

@@ -88,8 +88,13 @@ abstract class InterProcessData {
             if (!$this->provider_class) {
                 throw new Exception("No IPC provider available");
             }
+            // ZP-987: use an own mutex + storage key for each device on non-shared-memory IPC
+            // this method is not suitable for the TopCollector atm
+            if (!($this instanceof TopCollector) && $this->provider_class !== 'IpcSharedMemoryProvider') {
+                $this->type = Request::GetDeviceID(). "-". $this->type;
+            }
             $this->ipcProvider = new $this->provider_class($this->type, $this->allocate, get_class($this));
-            ZLog::Write(LOGLEVEL_DEBUG, sprintf("%s initialised with IPC provider '%s'", get_class($this), $this->provider_class));
+            ZLog::Write(LOGLEVEL_DEBUG, sprintf("%s initialised with IPC provider '%s' with type '%s'", get_class($this), $this->provider_class, $this->type));
 
         }
         catch (Exception $e) {

src/lib/core/topcollector.php

@@ -132,6 +132,10 @@ class TopCollector extends InterProcessData {
      * @return boolean
      */
     public function AnnounceInformation($addinfo, $preserve = false, $terminating = false) {
+        if (defined('TOPCOLLECTOR_DISABLED') && constant('TOPCOLLECTOR_DISABLED') === true) {
+            return true;
+        }
+
         $this->latest["addinfo"] = $addinfo;
         $this->latest["update"] = time();
 
@@ -144,10 +148,10 @@ class TopCollector extends InterProcessData {
         if ($preserve)
             $this->preserved[] = $addinfo;
 
-        // exclusive block
-        if ($this->blockMutex()) {
-
-            if ($this->isEnabled()) {
+        if ($this->isEnabled()) {
+            $ok = false;
+            // exclusive block
+            if ($this->blockMutex()) {
                 $topdata = ($this->hasData(self::TOPDATA)) ? $this->getData(self::TOPDATA): array();
 
                 $this->checkArrayStructure($topdata);
@@ -155,16 +159,14 @@ class TopCollector extends InterProcessData {
                 // update
                 $topdata[self::$devid][self::$user][self::$pid] = $this->latest;
                 $ok = $this->setData($topdata, self::TOPDATA);
+                $this->releaseMutex();
+            }
+            // end exclusive block
+            if (!$ok) {
+                ZLog::Write(LOGLEVEL_WARN, "TopCollector::AnnounceInformation(): could not write to shared memory. Z-Push top will not display this data.");
+                return false;
             }
-            $this->releaseMutex();
-        }
-        // end exclusive block
-
-        if ($this->isEnabled() === true && !$ok) {
-            ZLog::Write(LOGLEVEL_WARN, "TopCollector::AnnounceInformation(): could not write to shared memory. Z-Push top will not display this data.");
-            return false;
         }
-
         return true;
     }
 

src/lib/core/zpush.php

@@ -415,7 +415,6 @@ class ZPush {
                 // save store as custom property which is not streamed directly to the device
                 $folder->NoBackendFolder = true;
                 $folder->Store = $af['store'];
-                $folder->ReadOnly = $af['readonly'];
 
                 self::$addSyncFolders[$folder->BackendId] = $folder;
             }

src/lib/core/zpushdefs.php

@@ -326,7 +326,6 @@ define("SYNC_FOLDERHIERARCHY_VERSION","FolderHierarchy:Version");
 define("SYNC_FOLDERHIERARCHY_IGNORE_STORE","FolderHierarchy:IgnoreStore");
 define("SYNC_FOLDERHIERARCHY_IGNORE_NOBCKENDFLD","FolderHierarchy:IgnoreNoBackendFolder");
 define("SYNC_FOLDERHIERARCHY_IGNORE_BACKENDID","FolderHierarchy:IgnoreBackendId");
-define("SYNC_FOLDERHIERARCHY_IGNORE_READONLY","FolderHierarchy:IgnoreReadOnly");
 
 // MeetingResponse
 define("SYNC_MEETINGRESPONSE_CALENDARID","MeetingResponse:CalendarId");

src/lib/request/requestprocessor.php

@@ -83,10 +83,6 @@ abstract class RequestProcessor {
 
         // mark this request as "authenticated"
         self::$userIsAuthenticated = true;
-
-        // check Auth-User's permissions on GETUser's store
-        if($backend->Setup(Request::GetGETUser(), true) == false)
-            throw new AuthenticationRequiredException(sprintf("Not enough privileges of '%s' to setup for user '%s': Permission denied", Request::GetAuthUser(), Request::GetGETUser()));
     }
 
     /**

src/lib/syncobjects/syncfolder.php

@@ -54,7 +54,6 @@ class SyncFolder extends SyncObject {
     public $Store;
     public $NoBackendFolder;
     public $BackendId;
-    public $ReadOnly;
 
     function SyncFolder() {
         $mapping = array (
@@ -80,10 +79,6 @@ class SyncFolder extends SyncObject {
 
                     SYNC_FOLDERHIERARCHY_IGNORE_BACKENDID               => array (  self::STREAMER_VAR      => "BackendId",
                                                                                     self::STREAMER_TYPE     => self::STREAMER_TYPE_IGNORE),
-
-                    SYNC_FOLDERHIERARCHY_IGNORE_READONLY                => array (  self::STREAMER_VAR      => "ReadOnly",
-                                                                                    self::STREAMER_TYPE     => self::STREAMER_TYPE_IGNORE),
-
         );
 
         parent::SyncObject($mapping);

src/lib/syncobjects/syncobject.php

@@ -202,7 +202,7 @@ abstract class SyncObject extends Streamer {
         foreach ($this->mapping as $k=>$v) {
             // Do not bother with the properties for which notifications aren't required
             // or if they are not set
-            if (!isset($v[self::STREAMER_RONOTIFY]) || !$v[self::STREAMER_RONOTIFY] || (!isset($this->$v[self::STREAMER_VAR]) && !isset($odo->$v[self::STREAMER_VAR]))) {
+            if (!isset($v[self::STREAMER_RONOTIFY]) || !$v[self::STREAMER_RONOTIFY] || (!isset($this->{$v[self::STREAMER_VAR]}) && !isset($odo->{$v[self::STREAMER_VAR]}))) {
                 continue;
             }
             $val = $v[self::STREAMER_VAR];

src/lib/utils/zpushadmin.php

@@ -505,7 +505,6 @@ class ZPushAdmin {
                                         'syncfolderid' => $syncfolderid,
                                         'name' => $so->displayname,
                                         'type' => $so->type,
-                                        'readonly' => $so->ReadOnly,
                                         'origin' => Utils::GetFolderOriginFromId($syncfolderid),
                                     );
                 }
@@ -529,12 +528,11 @@ class ZPushAdmin {
      * @param string    $add_folderid   the folder id of the additional folder.
      * @param string    $add_name       the name of the additional folder (has to be unique for all folders on the device).
      * @param string    $add_type       AS foldertype of SYNC_FOLDER_TYPE_USER_*
-     * @param boolean   $add_readonly   Indicates if the folder should be synched if the user has at least read-only permissions.
      *
      * @access public
      * @return boolean
      */
-    static public function AdditionalFolderAdd($user, $devid, $add_store, $add_folderid, $add_name, $add_type, $add_readonly) {
+    static public function AdditionalFolderAdd($user, $devid, $add_store, $add_folderid, $add_name, $add_type) {
         // load device data
         $device = new ASDevice($devid, ASDevice::UNDEFINED, $user, ASDevice::UNDEFINED);
         try {
@@ -551,7 +549,7 @@ class ZPushAdmin {
                 return false;
             }
 
-            $status = $device->AddAdditionalFolder($add_store, $add_folderid, $add_name, $add_type, $add_readonly);
+            $status = $device->AddAdditionalFolder($add_store, $add_folderid, $add_name, $add_type);
             if ($status)
                 ZPush::GetStateMachine()->SetState($device->GetData(), $devid, IStateMachine::DEVICEDATA);
 

src/lib/wbxml/wbxmlencoder.php

@@ -177,7 +177,7 @@ class WBXMLEncoder extends WBXMLDefs {
     }
 
     /**
-     * Puts content of a stream on the output stack.
+     * Puts content of a stream on the output stack AND closes it.
      *
      * @param resource $stream
      * @param boolean $asBase64     if true, the data will be encoded as base64, default: false
@@ -197,6 +197,8 @@ class WBXMLEncoder extends WBXMLDefs {
         if (!$asBase64) {
             stream_filter_remove($rnc_filter);
         }
+
+        fclose($stream);
     }
 
     /**

src/lib/webservice/webservice.php

@@ -66,15 +66,17 @@ class Webservice {
 
         // the webservice command is handled by its class
         if ($commandCode == ZPush::COMMAND_WEBSERVICE_DEVICE) {
+            // check if the authUser has admin permissions to get data on the GETUser's device
+            if(ZPush::GetBackend()->Setup(Request::GetGETUser(), true) == false)
+                throw new AuthenticationRequiredException(sprintf("Not enough privileges of '%s' to setup for user '%s': Permission denied", Request::GetAuthUser(), Request::GetGETUser()));
+
             ZLog::Write(LOGLEVEL_DEBUG, sprintf("Webservice::HandleWebservice('%s'): executing WebserviceDevice service", $commandCode));
             $this->server->setClass("WebserviceDevice");
         }
-        // the webservice command is handled by its class
         else if ($commandCode == ZPush::COMMAND_WEBSERVICE_INFO) {
             ZLog::Write(LOGLEVEL_DEBUG, sprintf("Webservice::HandleWebservice('%s'): executing WebserviceInfo service", $commandCode));
             $this->server->setClass("WebserviceInfo");
         }
-        // the webservice command is handled by its class
         else if ($commandCode == ZPush::COMMAND_WEBSERVICE_USERS) {
             if (!defined("ALLOW_WEBSERVICE_USERS_ACCESS") || ALLOW_WEBSERVICE_USERS_ACCESS !== true)
                 throw new HTTPReturnCodeException("Access to the WebserviceUsers service is disabled in configuration. Enable setting ALLOW_WEBSERVICE_USERS_ACCESS", 403);

src/lib/webservice/webservicedevice.php

@@ -168,6 +168,15 @@ class WebserviceDevice {
         $deviceId = preg_replace("/[^A-Za-z0-9]/", "", $deviceId);
         $folders = ZPushAdmin::AdditionalFolderList($user, $deviceId);
         ZLog::Write(LOGLEVEL_INFO, sprintf("WebserviceDevice::AdditionalFolderList(): found %d folders for device '%s' of user '%s'", count($folders), $deviceId, $user));
+        // retrieve the permission flags from the backend
+        $backend = ZPush::GetBackend();
+        foreach($folders as &$folder) {
+            $folder['readable'] = $backend->Setup($folder['store'], true, $folder['folderid'], true);
+            $folder['writeable'] = $backend->Setup($folder['store'], true, $folder['folderid']);
+        }
+        // make sure folder is not pointing to our last folder anymore
+        unset($folder);
+
         ZPush::GetTopCollector()->AnnounceInformation(sprintf("Retrieved details of %d folders", count($folders)), true);
 
         return $folders;
@@ -181,19 +190,17 @@ class WebserviceDevice {
      * @param string    $add_folderid   the folder id of the additional folder.
      * @param string    $add_name       the name of the additional folder (has to be unique for all folders on the device).
      * @param string    $add_type       AS foldertype of SYNC_FOLDER_TYPE_USER_*
-     * @param boolean   $add_readonly   Indicates if the folder should be synched if the user has at least read-only permissions.
      *
      * @access public
      * @return boolean
      */
-    public function AdditionalFolderAdd($deviceId, $add_store, $add_folderid, $add_name, $add_type, $add_readonly) {
+    public function AdditionalFolderAdd($deviceId, $add_store, $add_folderid, $add_name, $add_type) {
         $user = Request::GetGETUser();
         $deviceId = preg_replace("/[^A-Za-z0-9]/", "", $deviceId);
         $add_folderid = preg_replace("/[^A-Za-z0-9]/", "", $add_folderid);
         $add_type = preg_replace("/[^0-9]/", "", $add_type);
-        $add_readonly = !! $add_readonly;
 
-        $status = ZPushAdmin::AdditionalFolderAdd($user, $deviceId, $add_store, $add_folderid, $add_name, $add_type, $add_readonly);
+        $status = ZPushAdmin::AdditionalFolderAdd($user, $deviceId, $add_store, $add_folderid, $add_name, $add_type);
         if (!$status) {
             ZPush::GetTopCollector()->AnnounceInformation(ZLog::GetLastMessage(LOGLEVEL_ERROR), true);
             throw new SoapFault("ERROR", ZLog::GetLastMessage(LOGLEVEL_ERROR));

src/lib/webservice/webserviceinfo.php

@@ -57,13 +57,15 @@ class WebserviceInfo {
         $hasRights = ZPush::GetBackend()->Setup($user);
         ZLog::Write(LOGLEVEL_INFO, sprintf("WebserviceInfo::ListUserFolders(): permissions to open store '%s': %s", $user, Utils::PrintAsString($hasRights)));
 
-        $folders = ZPush::GetBackend()->GetHierarchy();
-        ZPush::GetTopCollector()->AnnounceInformation(sprintf("Retrieved details of %d folders", count($folders)), true);
+        if ($hasRights) {
+            $folders = ZPush::GetBackend()->GetHierarchy();
+            ZPush::GetTopCollector()->AnnounceInformation(sprintf("Retrieved details of %d folders", count($folders)), true);
 
-        foreach ($folders as $folder) {
-            $folder->StripData();
-            unset($folder->Store, $folder->flags, $folder->content, $folder->NoBackendFolder, $folder->ReadOnly);
-            $output[] = $folder;
+            foreach ($folders as $folder) {
+                $folder->StripData();
+                unset($folder->Store, $folder->flags, $folder->content, $folder->NoBackendFolder);
+                $output[] = $folder;
+            }
         }
 
         return $output;

src/z-push-top.php

@@ -78,7 +78,7 @@ include_once(ZPUSH_CONFIG);
             system("stty sane");
         }
         else
-            echo "Z-Push shared memory interprocess communication is not available.\n";
+            echo "Z-Push interprocess communication (IPC) is not available or TopCollector is disabled.\n";
     }
     catch (ZPushException $zpe) {
         fwrite(STDERR, get_class($zpe) . ": ". $zpe->getMessage() . "\n");
@@ -219,6 +219,9 @@ class ZPushTop {
      * @return boolean
      */
     public function IsAvailable() {
+        if (defined('TOPCOLLECTOR_DISABLED') && constant('TOPCOLLECTOR_DISABLED') === true) {
+            return false;
+        }
         return $this->topCollector->IsActive();
     }