No OneTemporary
Actions

Size

7 KB

Referenced Files

None

Subscribers

None

View Options

	diff --git a/plugins/krb_authentication/composer.json b/plugins/krb_authentication/composer.json
	index ee835556b..10af7eb35 100644
	--- a/plugins/krb_authentication/composer.json
	+++ b/plugins/krb_authentication/composer.json
	@@ -1,24 +1,24 @@
	{
	"name": "roundcube/krb_authentication",
	"type": "roundcube-plugin",
	"description": "Kerberos Authentication",
	"license": "GPLv3+",
	- "version": "1.1",
	+ "version": "1.2",
	"authors": [
	{
	"name": "Jeroen van Meeuwen",
	"email": "vanmeeuwen@kolabsys.com",
	"role": "Lead"
	}
	],
	"repositories": [
	{
	"type": "composer",
	"url": "http://plugins.roundcube.net"
	}
	],
	"require": {
	"php": ">=5.3.0",
	"roundcube/plugin-installer": ">=0.1.3"
	}
	}
	diff --git a/plugins/krb_authentication/config.inc.php.dist b/plugins/krb_authentication/config.inc.php.dist
	index 63db16943..ae67f89a5 100644
	--- a/plugins/krb_authentication/config.inc.php.dist
	+++ b/plugins/krb_authentication/config.inc.php.dist
	@@ -1,13 +1,20 @@
	<?php

	// Kerberos/GSSAPI Authentication Plugin options
	// ---------------------------------------------

	// Default mail host to log-in using user/password from HTTP Authentication.
	// This is useful if the users are free to choose arbitrary mail hosts (or
	// from a list), but have one host they usually want to log into.
	// Unlike $config['default_host'] this must be a string!
	$config['krb_authentication_host'] = '';

	-// GSS API security context
	-$config['krb_authentication_context'] = 'imap/kolab.example.org@EXAMPLE.ORG';
	+// GSS API security context.
	+// Single value or an array with per-protocol values. Example:
	+//
	+// $config['krb_authentication_context'] = array(
	+// 'imap' => 'imap/host.fqdn@REALM.NAME',
	+// 'smtp' => 'smtp/host.fqdn@REALM.NAME',
	+// 'sieve' => 'sieve/host.fqdn@REALM.NAME',
	+// );
	+$config['krb_authentication_context'] = 'host.fqdn@REALM.NAME';
	diff --git a/plugins/krb_authentication/krb_authentication.php b/plugins/krb_authentication/krb_authentication.php
	index 12ab95b51..95adc771d 100644
	--- a/plugins/krb_authentication/krb_authentication.php
	+++ b/plugins/krb_authentication/krb_authentication.php
	@@ -1,151 +1,151 @@
	<?php

	/**
	* Kerberos Authentication
	*
	* Make use of an existing Kerberos authentication and perform login
	* with the existing user credentials
	*
	* For other configuration options, see config.inc.php.dist!
	*
	* @license GNU GPLv3+
	* @author Jeroen van Meeuwen
	*/
	class krb_authentication extends rcube_plugin
	{
	private $redirect_query;

	/**
	* Plugin initialization
	*/
	function init()
	{
	$this->add_hook('startup', array($this, 'startup'));
	$this->add_hook('authenticate', array($this, 'authenticate'));
	$this->add_hook('login_after', array($this, 'login'));
	$this->add_hook('storage_connect', array($this, 'storage_connect'));
	$this->add_hook('managesieve_connect', array($this, 'managesieve_connect'));
	$this->add_hook('smtp_connect', array($this, 'smtp_connect'));
	}

	/**
	* Startup hook handler
	*/
	function startup($args)
	{
	if (!empty($_SERVER['REMOTE_USER']) && !empty($_SERVER['KRB5CCNAME'])) {
	// handle login action
	if (empty($_SESSION['user_id'])) {
	$args['action'] = 'login';
	$this->redirect_query = $_SERVER['QUERY_STRING'];
	}
	else {
	$_SESSION['password'] = null;
	}
	}

	return $args;
	}

	/**
	* Authenticate hook handler
	*/
	function authenticate($args)
	{
	if (!empty($_SERVER['REMOTE_USER']) && !empty($_SERVER['KRB5CCNAME'])) {
	// Load plugin's config file
	$this->load_config();

	$rcmail = rcmail::get_instance();
	$host = $rcmail->config->get('krb_authentication_host');

	if (is_string($host) && trim($host) !== '' && empty($args['host'])) {
	$args['host'] = rcube_utils::idn_to_ascii(rcube_utils::parse_host($host));
	}

	if (!empty($_SERVER['REMOTE_USER'])) {
	$args['user'] = $_SERVER['REMOTE_USER'];
	$args['pass'] = null;
	}

	$args['cookiecheck'] = false;
	$args['valid'] = true;
	}

	return $args;
	}

	/**
	- * Storage_connect hook handler
	+ * login_after hook handler
	*/
	- function storage_connect($args)
	+ function login($args)
	{
	- if (!empty($_SERVER['REMOTE_USER']) && !empty($_SERVER['KRB5CCNAME'])) {
	- // Load plugin's config file
	- $this->load_config();
	-
	- $rcmail = rcmail::get_instance();
	- $context = $rcmail->config->get('krb_authentication_context');
	-
	- $args['gssapi_context'] = $context ?: 'imap/kolab.example.org@EXAMPLE.ORG';
	- $args['gssapi_cn'] = $_SERVER['KRB5CCNAME'];
	- $args['auth_type'] = 'GSSAPI';
	+ // Redirect to the previous QUERY_STRING
	+ if ($this->redirect_query) {
	+ header('Location: ./?' . $this->redirect_query);
	+ exit;
	}

	return $args;
	}

	/**
	- * login_after hook handler
	+ * Storage_connect hook handler
	*/
	- function login($args)
	+ function storage_connect($args)
	{
	- // Redirect to the previous QUERY_STRING
	- if ($this->redirect_query) {
	- header('Location: ./?' . $this->redirect_query);
	- exit;
	+ if (!empty($_SERVER['REMOTE_USER']) && !empty($_SERVER['KRB5CCNAME'])) {
	+ $args['gssapi_context'] = $this->gssapi_context('imap');
	+ $args['gssapi_cn'] = $_SERVER['KRB5CCNAME'];
	+ $args['auth_type'] = 'GSSAPI';
	}

	return $args;
	}

	/**
	* managesieve_connect hook handler
	*/
	function managesieve_connect($args)
	{
	if ((!isset($args['auth_type']) \|\| $args['auth_type'] == 'GSSAPI') && !empty($_SERVER['REMOTE_USER']) && !empty($_SERVER['KRB5CCNAME'])) {
	- // Load plugin's config file
	- $this->load_config();
	-
	- $rcmail = rcmail::get_instance();
	- $context = $rcmail->config->get('krb_authentication_context');
	-
	- $args['gssapi_context'] = $context ?: 'imap/kolab.example.org@EXAMPLE.ORG';
	+ $args['gssapi_context'] = $this->gssapi_context('sieve');
	$args['gssapi_cn'] = $_SERVER['KRB5CCNAME'];
	$args['auth_type'] = 'GSSAPI';
	}

	return $args;
	}
	-
	+
	/**
	* smtp_connect hook handler
	*/
	function smtp_connect($args)
	{
	if ((!isset($args['smtp_auth_type']) \|\| $args['smtp_auth_type'] == 'GSSAPI') && !empty($_SERVER['REMOTE_USER']) && !empty($_SERVER['KRB5CCNAME'])) {
	- // Load plugin's config file
	- $this->load_config();
	-
	- $rcmail = rcmail::get_instance();
	- $context = $rcmail->config->get('krb_authentication_context');
	-
	- $args['gssapi_context'] = $context ?: 'imap/kolab.example.org@EXAMPLE.ORG';
	+ $args['gssapi_context'] = $this->gssapi_context('smtp');
	$args['gssapi_cn'] = $_SERVER['KRB5CCNAME'];
	$args['smtp_auth_type'] = 'GSSAPI';
	}

	return $args;
	}
	+
	+ /**
	+ * Returns configured GSSAPI context string
	+ */
	+ private function gssapi_context($protocol)
	+ {
	+ // Load plugin's config file
	+ $this->load_config();
	+
	+ $rcmail = rcmail::get_instance();
	+ $context = $rcmail->config->get('krb_authentication_context');
	+
	+ if (is_array($context)) {
	+ $context = $context[$protocol];
	+ }
	+
	+ return $context ?: 'host.fqdn@REALM.NAME';
	+ }
	}

File Metadata

Mime Type: text/x-diff
Expires: Thu, Mar 19, 12:10 PM (1 d, 11 h)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 458654
Default Alt Text: (7 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions