diff --git a/lib/Autodiscover.php b/lib/Autodiscover.php --- a/lib/Autodiscover.php +++ b/lib/Autodiscover.php @@ -48,6 +48,11 @@ $type = 'Microsoft'; break; } + // Microsoft Autodiscover V2 + elseif (stripos($uri, 'autodiscover.json') !== false) { + $type = 'Json'; + break; + } // Mozilla Thunderbird (Kmail/Kontact/Evolution) else if (strpos($uri, 'config-v1.1.xml') !== false) { $type = 'Mozilla'; @@ -117,6 +122,18 @@ } /** + * Send 401 Unauthorized to the client end exit + */ + protected function unauthorized($basicauth = true) + { + if ($basicauth) { + header('WWW-Authenticate: Basic realm="'.$_SERVER['HTTP_HOST'].'"'); + } + header('HTTP/1.0 401 Unauthorized'); + exit; + } + + /** * Get services configuration */ protected function configure() @@ -299,7 +316,7 @@ $entries = $result->entries(true); $dn = key($entries); $entry = $entries[$dn]; - $result = array(); + $result = array('dn' => $dn); foreach ($attributes as $idx => $attr) { $result[$idx] = is_array($entry[$attr]) ? current($entry[$attr]) : $entry[$attr]; @@ -309,6 +326,39 @@ } /** + * authenticate a user by his given dn and password + */ + protected function authenticate($dn, $password) + { + if (empty($this->_ldap_server)) { + return false; + } + + $ldap = new Net_LDAP3(array( + 'debug' => in_array(strtolower($this->conf->get('autodiscover', 'debug_mode')), array('trace', 'debug')), + 'log_hook' => array($this, 'ldap_log'), + 'hosts' => array($this->_ldap_server), + 'port' => $this->_ldap_port, + 'use_tls' => $this->_ldap_scheme == 'tls' + )); + + // connect to LDAP + if (!$ldap->connect()) { + $this->error("Storage connection failed"); + return false; + } + + // bind as given userdn + if (!$ldap->bind($dn, $password)) { + $this->unauthorized(); + return false; + } + + $ldap->close(); + return true; + } + + /** * LDAP logging handler */ public function ldap_log($level, $msg) diff --git a/lib/AutodiscoverJson.php b/lib/AutodiscoverJson.php new file mode 100644 --- /dev/null +++ b/lib/AutodiscoverJson.php @@ -0,0 +1,82 @@ + | + | | + | This program is free software: you can redistribute it and/or modify | + | it under the terms of the GNU General Public License as published by | + | the Free Software Foundation, either version 3 of the License, or | + | (at your option) any later version. | + | | + | This program is distributed in the hope that it will be useful, | + | but WITHOUT ANY WARRANTY; without even the implied warranty of | + | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | + | GNU General Public License for more details. | + | | + | You should have received a copy of the GNU General Public License | + | along with this program. If not, see http://www.gnu.org/licenses/. | + +--------------------------------------------------------------------------+ + | Author: Daniel Hoffend | + +--------------------------------------------------------------------------+ +*/ + +/** + * Autodiscover Service class for Microsoft Autodiscover V2 + */ +class AutodiscoverJson extends Autodiscover +{ + + public function handle_request() + { + if (preg_match('|autodiscover.json/v1.0/([^\?]+)|', $_SERVER['REQUEST_URI'], $regs)) { + $this->email = $regs[1]; + } + + Log::debug('Request [json]: ' . $_SERVER['REQUEST_URI']); + } + + /** + * Generates JSON response + */ + protected function handle_response() + { + if (strtolower($_GET['Protocol']) == 'activesync' + && !empty($this->config['activesync']) + ) { + if (!preg_match('/^https?:/i', $this->config['activesync'])) { + $this->config['activesync'] = 'https://' . $this->config['activesync'] . '/Microsoft-Server-ActiveSync'; + } + $json = array( + 'Protocol' => 'ActiveSync', + 'Url' => $this->config['activesync'] + ); + } + elseif (strtolower($_GET['Protocol']) == 'autodiscoverv1') { + $json = array( + 'Protocol' => 'ActiveSync', + 'Url' => 'https://' . $_SERVER['HTTP_HOST'] . '/Autodiscover/Autodiscover.xml' + ); + } + else { + http_response_code(400); + $json = array( + 'ErrorCore' => 'InvalidProtocol', + 'ErrorMessage' => 'The given protocol value \u0027' + . $_GET['Protocol'] + . '\u0027 is invalid. Supported values are \u0027' + . (!empty($this->config['activesync']) ? 'ActiveSync,' : '') + . 'AutodiscoverV1\u0027' + ); + } + + $response = json_encode($json, JSON_PRETTY_PRINT); + Log::debug('Response [json]: ' . $response); + + header('Content-Type: application/json; charset=' . Autodiscover::CHARSET); + echo $response; + exit; + } +} diff --git a/lib/AutodiscoverMicrosoft.php b/lib/AutodiscoverMicrosoft.php --- a/lib/AutodiscoverMicrosoft.php +++ b/lib/AutodiscoverMicrosoft.php @@ -33,6 +33,7 @@ const MOBILESYNC_NS = "http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006"; private $type = 'outlook'; + private $password; /** * Handle request parameters (find email address) @@ -41,8 +42,15 @@ { $post = $_SERVER['REQUEST_METHOD'] == 'POST' ? file_get_contents('php://input') : null; - Log::debug('Request [microsoft]: ' . $post); + // check for basic authentication + Log::debug('Request [microsoft]: Basic Auth Username: ' . ($_SERVER['PHP_AUTH_USER'] ?: 'none')); + if (empty($_SERVER['PHP_AUTH_USER']) || empty($_SERVER['PHP_AUTH_PW'])) { + $this->unauthorized(); + } + $this->password = $_SERVER['PHP_AUTH_PW']; + // check for request object + Log::debug('Request [microsoft]: ' . $post); if (empty($post)) { $this->error("Invalid input"); } @@ -73,6 +81,11 @@ catch (Exception $e) { $this->error("Invalid input"); } + + // basic auth username must match with given email address + if ($_SERVER['PHP_AUTH_USER'] != $this->email) { + $this->unauthorized(); + } } /** @@ -80,8 +93,12 @@ */ public function handle_response() { - $method = $this->type . '_response'; + // authenticate the user found during configure() against ldap + if (empty($this->config['dn']) || !$this->authenticate($this->config['dn'], $this->password)) { + $this->unauthorized(); + } + $method = $this->type . '_response'; $xml = $this->$method(); $xml->formatOutput = true;