Page Menu
Home
Phorge
Search
Configure Global Search
Log In
Files
F174591
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
12 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/lib/Autodiscover.php b/lib/Autodiscover.php
index 769adcf..1060418 100644
--- a/lib/Autodiscover.php
+++ b/lib/Autodiscover.php
@@ -1,390 +1,390 @@
<?php
/**
+--------------------------------------------------------------------------+
| Kolab Autodiscover Service |
| |
| Copyright (C) 2011-2014, Kolab Systems AG <contact@kolabsys.com> |
| |
| This program is free software: you can redistribute it and/or modify |
| it under the terms of the GNU General Public License as published by |
| the Free Software Foundation, either version 3 of the License, or |
| (at your option) any later version. |
| |
| This program is distributed in the hope that it will be useful, |
| but WITHOUT ANY WARRANTY; without even the implied warranty of |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| GNU General Public License for more details. |
| |
| You should have received a copy of the GNU General Public License |
| along with this program. If not, see http://www.gnu.org/licenses/. |
+--------------------------------------------------------------------------+
| Author: Aleksander Machniak <machniak@kolabsys.com> |
+--------------------------------------------------------------------------+
*/
/**
* Main application class
*/
class Autodiscover
{
const CHARSET = 'UTF-8';
protected $conf;
protected $config = array();
/**
* Autodiscover main execution path
*/
public static function run()
{
$uris = array($_SERVER['REQUEST_URI'], $_SERVER['SCRIPT_NAME']);
$type = '';
// Detect request type
foreach ($uris as $uri) {
// Outlook/Activesync
if (stripos($uri, 'autodiscover.xml') !== false) {
$type = 'Microsoft';
break;
}
// Microsoft Autodiscover V2
elseif (stripos($uri, 'autodiscover.json') !== false) {
$type = 'Json';
break;
}
// Mozilla Thunderbird (Kmail/Kontact/Evolution)
else if (strpos($uri, 'config-v1.1.xml') !== false) {
$type = 'Mozilla';
break;
}
}
if (!$type) {
header("HTTP/1.0 404 Not Found");
exit;
}
$class = "Autodiscover$type";
require_once __DIR__ . '/' . $class . '.php';
$engine = new $class;
$engine->handle();
// fallback to 404
header("HTTP/1.0 404 Not Found");
exit;
}
/**
* Initialization of class instance
*/
public function __construct()
{
require_once __DIR__ . '/Conf.php';
require_once __DIR__ . '/Log.php';
$this->conf = Conf::get_instance();
}
/**
* Handle request
*/
public function handle()
{
// read request parameters
$this->handle_request();
// validate requested email address
if (empty($this->email)) {
$this->error("Email address not provided");
}
if (!strpos($this->email, '@')) {
$this->error("Invalid email address");
}
// find/set services parameters
$this->configure();
// send response
$this->handle_response();
}
/**
* Send error to the client and exit
*/
protected function error($msg)
{
header("HTTP/1.0 500 $msg");
exit;
}
/**
* Send 401 Unauthorized to the client end exit
*/
protected function unauthorized($basicauth = true)
{
if ($basicauth) {
header('WWW-Authenticate: Basic realm="'.$_SERVER['HTTP_HOST'].'"');
}
header('HTTP/1.0 401 Unauthorized');
exit;
}
/**
* Get services configuration
*/
protected function configure()
{
$pos = strrpos($this->email, '@');
$this->config = array(
'email' => $this->email,
'domain' => strtolower(substr($this->email, $pos + 1)),
'displayName' => $this->conf->get('autodiscover', 'service_name'),
'displayShortName' => $this->conf->get('autodiscover', 'service_short'),
);
// get user form LDAP, set domain/login/user in $this->config
$user = $this->get_user($this->email, $this->config['domain']);
$proto_map = array('tls' => 'STARTTLS', 'ssl' => 'SSL');
foreach (array('imap', 'pop3', 'smtp') as $type) {
if ($value = $this->conf->get('autodiscover', $type)) {
$params = explode(';', $value);
$pass_secure = in_array($params[1] ?? null, array('CRAM-MD5', 'DIGEST-MD5'));
$host = $params[0];
$host = str_replace('%d', $this->config['domain'], $host);
$url = parse_url($host);
$this->config[$type] = array(
'hostname' => $url['host'],
'port' => $url['port'],
'socketType' => ($proto_map[$url['scheme']] ?? false) ?: 'plain',
'username' => ($this->config['login'] ?? false) ?: $this->config['email'],
'authentication' => 'password-' . ($pass_secure ? 'encrypted' : 'cleartext'),
);
}
}
if ($host = $this->conf->get('autodiscover', 'activesync')) {
$host = str_replace('%d', $this->config['domain'], $host);
$this->config['activesync'] = $host;
}
// Log::debug(print_r($this->config, true));
}
/**
* Get user record from LDAP
*/
protected function get_user($email, $domain)
{
// initialize LDAP connection
$result = $this->init_ldap();
if (!$result) {
$this->config = array_merge(
$this->config,
Array('mail' => $email, 'domain' => $domain)
);
return;
}
// find domain
if (!$this->ldap->find_domain($domain)) {
$this->error("Unknown domain");
}
// find user
$user = $this->find_user($email, $domain);
// update config
$this->config = array_merge($this->config, (array)$user, array('domain' => $domain));
}
/**
* Initialize LDAP connection
*/
protected function init_ldap()
{
$ldap_uri = $this->conf->get('ldap_uri', false);
if (!$ldap_uri) {
return false;
}
$uri = parse_url($ldap_uri);
$this->_ldap_server = ($uri['scheme'] === 'ldaps' ? 'ldaps://' : '') . $uri['host'];
$this->_ldap_port = $uri['port'];
$this->_ldap_scheme = $uri['scheme'];
$this->_ldap_bind_dn = $this->conf->get('ldap', 'service_bind_dn');
$this->_ldap_bind_pw = $this->conf->get('ldap', 'service_bind_pw');
// Catch cases in which the ldap server port has not been explicitely defined
if (!$this->_ldap_port) {
$this->_ldap_port = $this->_ldap_scheme == 'ldaps' ? 636 : 389;
}
$this->ldap = new Net_LDAP3(array(
'debug' => in_array(strtolower($this->conf->get('autodiscover', 'debug_mode')), array('trace', 'debug')),
'log_hook' => array($this, 'ldap_log'),
'vlv' => $this->conf->get('ldap', 'vlv', Conf::AUTO),
'config_root_dn' => "cn=config",
'hosts' => array($this->_ldap_server),
'port' => $this->_ldap_port,
'use_tls' => $this->_ldap_scheme == 'tls',
'domain_base_dn' => $this->conf->get('ldap', 'domain_base_dn'),
'domain_filter' => $this->conf->get('ldap', 'domain_filter'),
'domain_name_attribute' => $this->conf->get('ldap', 'domain_name_attribute'),
));
$this->_ldap_domain = $this->conf->get('primary_domain');
// connect to LDAP
if (!$this->ldap->connect()) {
$this->error("Storage connection failed");
return false;
}
// bind as the service user
if (!$this->ldap->bind($this->_ldap_bind_dn, $this->_ldap_bind_pw)) {
$this->error("Storage connection failed");
return false;
}
return true;
}
/**
* Find user in LDAP
*/
private function find_user($email, $domain)
{
$filter = $this->conf->get('login_filter');
if (empty($filter)) {
$filter = $this->conf->get('filter');
}
if (empty($filter)) {
$filter = "(&(|(mail=%s)(mail=%U@%d)(alias=%s)(alias=%U@%d)(uid=%s))(objectclass=inetorgperson))";
}
$_parts = explode('@', $email);
$localpart = $_parts[0];
$replace_patterns = array(
'/%s/' => $email,
'/%d/' => $domain,
'/%U/' => $localpart,
'/%r/' => $domain,
);
$attributes = array(
'login' => $this->conf->get('autodiscover', 'login_attribute') ?: 'mail',
'username' => $this->conf->get('autodiscover', 'name_attribute') ?: 'cn',
);
$filter = preg_replace(array_keys($replace_patterns), array_values($replace_patterns), $filter);
$base_dn = $this->ldap->domain_root_dn($domain);
$result = $this->ldap->search($base_dn, $filter, 'sub', array_values($attributes));
if (!$result) {
Log::debug("Could not search $base_dn with $filter");
return;
}
if ($result->count() > 1) {
Log::debug("Multiple entries found.");
return;
}
else if ($result->count() < 1) {
Log::debug("No entries found.");
return;
}
// parse result
$entries = $result->entries(true);
$dn = key($entries);
$entry = $entries[$dn];
$result = array('dn' => $dn);
foreach ($attributes as $idx => $attr) {
$result[$idx] = is_array($entry[$attr]) ? current($entry[$attr]) : $entry[$attr];
}
return $result;
}
/**
* authenticate a user by his given dn and password
*/
protected function authenticate($dn, $password)
{
if (empty($this->_ldap_server)) {
return false;
}
$ldap = new Net_LDAP3(array(
'debug' => in_array(strtolower($this->conf->get('autodiscover', 'debug_mode')), array('trace', 'debug')),
'log_hook' => array($this, 'ldap_log'),
'hosts' => array($this->_ldap_server),
'port' => $this->_ldap_port,
'use_tls' => $this->_ldap_scheme == 'tls'
));
// connect to LDAP
if (!$ldap->connect()) {
$this->error("Storage connection failed");
return false;
}
// bind as given userdn
if (!$ldap->bind($dn, $password)) {
$this->unauthorized();
return false;
}
$ldap->close();
return true;
}
/**
* LDAP logging handler
*/
public function ldap_log($level, $msg)
{
if (is_array($msg)) {
$msg = implode("\n", $msg);
}
switch ($level) {
case LOG_DEBUG:
- Log::debug($str . $msg);
+ Log::debug($msg);
break;
case LOG_ERR:
- Log::error($str . $msg);
+ Log::error($msg);
break;
case LOG_INFO:
- Log::info($str . $msg);
+ Log::info($msg);
break;
case LOG_WARNING:
- Log::warning($str . $msg);
+ Log::warning($msg);
break;
case LOG_ALERT:
case LOG_CRIT:
case LOG_EMERG:
case LOG_NOTICE:
default:
- Log::trace($str . $msg);
+ Log::trace($msg);
break;
}
}
}
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Sat, Jan 18, 12:41 PM (1 h, 52 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
119949
Default Alt Text
(12 KB)
Attached To
Mode
R9 autoconf
Attached
Detach File
Event Timeline
Log In to Comment