From 9602d061adcc34de412da35a2186832ce96ea252 Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Sat, 17 May 2014 08:00:17 +0000 Subject: [PATCH] * Setup: re-add config for mail authentication and fixed it to always try to use a TLS connection --- phpgwapi/inc/class.auth_mail.inc.php | 84 +++++++++++++------------- setup/inc/hook_config_validate.inc.php | 24 +++++++- setup/templates/default/config.tpl | 38 ++++++++++++ 3 files changed, 102 insertions(+), 44 deletions(-) diff --git a/phpgwapi/inc/class.auth_mail.inc.php b/phpgwapi/inc/class.auth_mail.inc.php index 2f3893553a..e66af43c53 100644 --- a/phpgwapi/inc/class.auth_mail.inc.php +++ b/phpgwapi/inc/class.auth_mail.inc.php @@ -21,6 +21,10 @@ class auth_mail implements auth_backend /** * password authentication * + * We are always trying to establish a TLS connection, but we do not + * (yet) validate certs, as most PHP installs dont validate them! + * For imap/pop3 we are NOT adding notls to use STARTTLS if server supports it. + * * @param string $username username of account to authenticate * @param string $passwd corresponding password * @param string $passwd_type='text' 'text' for cleartext passwords (default) @@ -28,59 +32,51 @@ class auth_mail implements auth_backend */ function authenticate($username, $passwd, $passwd_type='text') { - $notls = '/notls'; - if ($GLOBALS['egw_info']['server']['mail_login_type'] == 'vmailmgr') + unset($passwd_type); // not used but required by function signature + + check_load_extension('imap', true); + + switch ($GLOBALS['egw_info']['server']['mail_login_type']) { - $username = $username . '@' . $GLOBALS['egw_info']['server']['mail_suffix']; - } - if ($GLOBALS['egw_info']['server']['mail_server_type']=='imap') - { - $GLOBALS['egw_info']['server']['mail_port'] = '143'; - } - elseif ($GLOBALS['egw_info']['server']['mail_server_type']=='pop3') - { - $GLOBALS['egw_info']['server']['mail_port'] = '110'; - } - elseif ($GLOBALS['egw_info']['server']['mail_server_type']=='imaps') - { - $GLOBALS['egw_info']['server']['mail_port'] = '993'; - $notls = ''; - } - elseif ($GLOBALS['egw_info']['server']['mail_server_type']=='pop3s') - { - $GLOBALS['egw_info']['server']['mail_port'] = '995'; + case 'vmailmgr': + $username = $username . '@' . $GLOBALS['egw_info']['server']['mail_suffix']; + break; + case 'email': + $username = $GLOBALS['egw']->accounts->id2name($username, 'account_email'); + break; + case 'uidNumber': + $username = 'u'.$GLOBALS['egw']->accounts->name2id($username); + break; } - if( $GLOBALS['egw_info']['server']['mail_server_type']=='pop3') + list($host, $port) = explode(':', $GLOBALS['egw_info']['server']['mail_server']); + switch ($GLOBALS['egw_info']['server']['mail_server_type']) { - $mailauth = imap_open('{'.$GLOBALS['egw_info']['server']['mail_server'].'/pop3' - .':'.$GLOBALS['egw_info']['server']['mail_port'].'}INBOX', $username , $passwd); - } - elseif ( $GLOBALS['egw_info']['server']['mail_server_type']=='imaps' ) - { - // IMAPS support: - $mailauth = imap_open('{'.$GLOBALS['egw_info']['server']['mail_server']."/ssl/novalidate-cert" - .':993}INBOX', $username , $passwd); - } - elseif ( $GLOBALS['egw_info']['server']['mail_server_type']=='pop3s' ) - { - // POP3S support: - $mailauth = imap_open('{'.$GLOBALS['egw_info']['server']['mail_server']."/ssl/novalidate-cert" - .':995}INBOX', $username , $passwd); - } - else - { - /* assume imap */ - $mailauth = imap_open('{'.$GLOBALS['egw_info']['server']['mail_server'] - .':'.$GLOBALS['egw_info']['server']['mail_port'].$notls.'}INBOX', $username , $passwd); + case 'imap': + default: + if (!isset($port)) $port = 143; + $mailauth = imap_open('{'.$host.':'.$port.'/imap/novalidate-cert}INBOX', $username , $passwd); + break; + case 'imaps': + if (!isset($port)) $port = 993; + $mailauth = imap_open('{'.$host.'/imap/ssl/novalidate-cert:'.$port.'}INBOX', $username , $passwd); + break; + case 'pop3': + if (!isset($port)) $port = 110; + $mailauth = imap_open('{'.$host.'/pop3/novalidate-cert:'.$port.'}INBOX', $username , $passwd); + break; + case 'pop3s': + if (!isset($port)) $port = 995; + $mailauth = imap_open('{'.$host.'/pop3/ssl/novalidate-cert:'.$port.'}INBOX', $username , $passwd); + break; } - if ($mailauth == False) + if (!$mailauth) { return False; } imap_close($mailauth); - + return True; } @@ -94,6 +90,8 @@ class auth_mail implements auth_backend */ function change_password($old_passwd, $new_passwd, $account_id=0) { + unset($old_passwd, $new_passwd, $account_id); // not used but required by function sigature + return False; } } diff --git a/setup/inc/hook_config_validate.inc.php b/setup/inc/hook_config_validate.inc.php index 45c1f39c8c..9c52528400 100644 --- a/setup/inc/hook_config_validate.inc.php +++ b/setup/inc/hook_config_validate.inc.php @@ -19,9 +19,31 @@ $GLOBALS['egw_info']['server']['found_validation_hook'] = array( 'files_dir', 'backup_dir', 'mcrypt_algo', - 'ldap_search_filter' + 'ldap_search_filter', + 'auth_type', ); +/** + * Validate different auth-types + * + * @param array $settings + */ +function auth_type($settings) +{ + switch($settings['auth_type']) + { + case 'mail': + try { + check_load_extension('imap', true); + } + catch (Exception $ex) + { + $GLOBALS['config_error'] = $ex->getMessage(); + } + break; + } +} + /** * Set vfs_fstab depending from what the user selected for vfs_storage_mode * diff --git a/setup/templates/default/config.tpl b/setup/templates/default/config.tpl index ea33e16a03..4cf7242e3b 100644 --- a/setup/templates/default/config.tpl +++ b/setup/templates/default/config.tpl @@ -445,6 +445,44 @@   + + {lang_If_using_Mail_authentication_(requires_PHP_IMAP_extension!}: + + + {lang_POP/IMAP_mail_server_hostname_or_IP_address}[:{lang_port}]: + + + + {lang_Mail_server_protocol}: + + + + + + {lang_Mail_server_login_type}: + + + + + + {lang_Mail_domain_(for_Virtual_MAIL_ManaGeR)}: + + + + +   + + {lang_If_using_CAS_(Central_Authentication_Service):}