* Setup: re-add config for mail authentication and fixed it to always try to use a TLS connection

This commit is contained in:
Ralf Becker 2014-05-17 08:00:17 +00:00
parent 8605c025ec
commit 9602d061ad
3 changed files with 102 additions and 44 deletions

View File

@ -21,6 +21,10 @@ class auth_mail implements auth_backend
/**
* password authentication
*
* We are always trying to establish a TLS connection, but we do not
* (yet) validate certs, as most PHP installs dont validate them!
* For imap/pop3 we are NOT adding notls to use STARTTLS if server supports it.
*
* @param string $username username of account to authenticate
* @param string $passwd corresponding password
* @param string $passwd_type='text' 'text' for cleartext passwords (default)
@ -28,54 +32,46 @@ class auth_mail implements auth_backend
*/
function authenticate($username, $passwd, $passwd_type='text')
{
$notls = '/notls';
if ($GLOBALS['egw_info']['server']['mail_login_type'] == 'vmailmgr')
unset($passwd_type); // not used but required by function signature
check_load_extension('imap', true);
switch ($GLOBALS['egw_info']['server']['mail_login_type'])
{
case 'vmailmgr':
$username = $username . '@' . $GLOBALS['egw_info']['server']['mail_suffix'];
}
if ($GLOBALS['egw_info']['server']['mail_server_type']=='imap')
{
$GLOBALS['egw_info']['server']['mail_port'] = '143';
}
elseif ($GLOBALS['egw_info']['server']['mail_server_type']=='pop3')
{
$GLOBALS['egw_info']['server']['mail_port'] = '110';
}
elseif ($GLOBALS['egw_info']['server']['mail_server_type']=='imaps')
{
$GLOBALS['egw_info']['server']['mail_port'] = '993';
$notls = '';
}
elseif ($GLOBALS['egw_info']['server']['mail_server_type']=='pop3s')
{
$GLOBALS['egw_info']['server']['mail_port'] = '995';
break;
case 'email':
$username = $GLOBALS['egw']->accounts->id2name($username, 'account_email');
break;
case 'uidNumber':
$username = 'u'.$GLOBALS['egw']->accounts->name2id($username);
break;
}
if( $GLOBALS['egw_info']['server']['mail_server_type']=='pop3')
list($host, $port) = explode(':', $GLOBALS['egw_info']['server']['mail_server']);
switch ($GLOBALS['egw_info']['server']['mail_server_type'])
{
$mailauth = imap_open('{'.$GLOBALS['egw_info']['server']['mail_server'].'/pop3'
.':'.$GLOBALS['egw_info']['server']['mail_port'].'}INBOX', $username , $passwd);
}
elseif ( $GLOBALS['egw_info']['server']['mail_server_type']=='imaps' )
{
// IMAPS support:
$mailauth = imap_open('{'.$GLOBALS['egw_info']['server']['mail_server']."/ssl/novalidate-cert"
.':993}INBOX', $username , $passwd);
}
elseif ( $GLOBALS['egw_info']['server']['mail_server_type']=='pop3s' )
{
// POP3S support:
$mailauth = imap_open('{'.$GLOBALS['egw_info']['server']['mail_server']."/ssl/novalidate-cert"
.':995}INBOX', $username , $passwd);
}
else
{
/* assume imap */
$mailauth = imap_open('{'.$GLOBALS['egw_info']['server']['mail_server']
.':'.$GLOBALS['egw_info']['server']['mail_port'].$notls.'}INBOX', $username , $passwd);
case 'imap':
default:
if (!isset($port)) $port = 143;
$mailauth = imap_open('{'.$host.':'.$port.'/imap/novalidate-cert}INBOX', $username , $passwd);
break;
case 'imaps':
if (!isset($port)) $port = 993;
$mailauth = imap_open('{'.$host.'/imap/ssl/novalidate-cert:'.$port.'}INBOX', $username , $passwd);
break;
case 'pop3':
if (!isset($port)) $port = 110;
$mailauth = imap_open('{'.$host.'/pop3/novalidate-cert:'.$port.'}INBOX', $username , $passwd);
break;
case 'pop3s':
if (!isset($port)) $port = 995;
$mailauth = imap_open('{'.$host.'/pop3/ssl/novalidate-cert:'.$port.'}INBOX', $username , $passwd);
break;
}
if ($mailauth == False)
if (!$mailauth)
{
return False;
}
@ -94,6 +90,8 @@ class auth_mail implements auth_backend
*/
function change_password($old_passwd, $new_passwd, $account_id=0)
{
unset($old_passwd, $new_passwd, $account_id); // not used but required by function sigature
return False;
}
}

View File

@ -19,9 +19,31 @@ $GLOBALS['egw_info']['server']['found_validation_hook'] = array(
'files_dir',
'backup_dir',
'mcrypt_algo',
'ldap_search_filter'
'ldap_search_filter',
'auth_type',
);
/**
* Validate different auth-types
*
* @param array $settings
*/
function auth_type($settings)
{
switch($settings['auth_type'])
{
case 'mail':
try {
check_load_extension('imap', true);
}
catch (Exception $ex)
{
$GLOBALS['config_error'] = $ex->getMessage();
}
break;
}
}
/**
* Set vfs_fstab depending from what the user selected for vfs_storage_mode
*

View File

@ -445,6 +445,44 @@
<td colspan="2">&nbsp;</td>
</tr>
<tr class="th">
<td colspan="2"><b>{lang_If_using_Mail_authentication_(requires_PHP_IMAP_extension!}:</b></td>
</tr>
<tr class="row_on">
<td>{lang_POP/IMAP_mail_server_hostname_or_IP_address}[:{lang_port}]:</td>
<td><input name="newsettings[mail_server]" value="{value_mail_server}"></td>
</tr>
<tr class="row_off">
<td>{lang_Mail_server_protocol}:</td>
<td>
<select name="newsettings[mail_server_type]">
<option value="imap" {selected_mail_server_type_imap}>IMAP</option>
<option value="imaps" {selected_mail_server_type_imaps}>IMAPS</option>
<option value="pop3" {selected_mail_server_type_pop3}>POP3</option>
<option value="pop3s" {selected_mail_server_type_pop3s}>POP3s</option>
</select>
</td>
</tr>
<tr class="row_on">
<td>{lang_Mail_server_login_type}:</td>
<td>
<select name="newsettings[mail_login_type]">
<option value="standard" {selected_mail_login_type_standard}>{lang_username_(standard)}</option>
<option value="vmailmgr" {selected_mail_login_type_vmailmgr}>{lang_username@domainname_(Virtual_MAIL_ManaGeR)}</option>
<option value="email" {selected_mail_login_type_email}>{lang_EMail-address}</option>
<option value="uidNumber" {selected_mail_login_type_uidNumber}>{lang_UserId@domain_eg._u1234@domain}</option>
</select>
</td>
</tr>
<tr class="row_off">
<td>{lang_Mail_domain_(for_Virtual_MAIL_ManaGeR)}:</td>
<td><input name="newsettings[mail_suffix]" value="{value_mail_suffix}"></td>
</tr>
<tr class="row_off">
<td colspan="2">&nbsp;</td>
</tr>
<tr class="th">
<td colspan="2"><b>{lang_If_using_CAS_(Central_Authentication_Service):}</b></td>
</tr>