Page MenuHomePhorge
Files F118308916

D931.1775748609.diff
No OneTemporary
Actions

Authored By
Unknown
Size
7 KB
Referenced Files
None
Subscribers
None

D931.1775748609.diff
View Options

diff --git a/lib/Autodiscover.php b/lib/Autodiscover.php
--- a/lib/Autodiscover.php
+++ b/lib/Autodiscover.php
@@ -48,6 +48,11 @@
$type = 'Microsoft';
break;
}
+ // Microsoft Autodiscover V2
+ elseif (stripos($uri, 'autodiscover.json') !== false) {
+ $type = 'Json';
+ break;
+ }
// Mozilla Thunderbird (Kmail/Kontact/Evolution)
else if (strpos($uri, 'config-v1.1.xml') !== false) {
$type = 'Mozilla';
@@ -116,6 +121,18 @@
exit;
}
+ /**
+ * Send 401 Unauthorized to the client end exit
+ */
+ protected function unauthorized($basicauth = true)
+ {
+ if ($basicauth) {
+ header('WWW-Authenticate: Basic realm="'.$_SERVER['HTTP_HOST'].'"');
+ }
+ header('HTTP/1.0 401 Unauthorized');
+ exit;
+ }
+
/**
* Get services configuration
*/
@@ -299,7 +316,7 @@
$entries = $result->entries(true);
$dn = key($entries);
$entry = $entries[$dn];
- $result = array();
+ $result = array('dn' => $dn);
foreach ($attributes as $idx => $attr) {
$result[$idx] = is_array($entry[$attr]) ? current($entry[$attr]) : $entry[$attr];
@@ -308,6 +325,39 @@
return $result;
}
+ /**
+ * authenticate a user by his given dn and password
+ */
+ protected function authenticate($dn, $password)
+ {
+ if (empty($this->_ldap_server)) {
+ return false;
+ }
+
+ $ldap = new Net_LDAP3(array(
+ 'debug' => in_array(strtolower($this->conf->get('autodiscover', 'debug_mode')), array('trace', 'debug')),
+ 'log_hook' => array($this, 'ldap_log'),
+ 'hosts' => array($this->_ldap_server),
+ 'port' => $this->_ldap_port,
+ 'use_tls' => $this->_ldap_scheme == 'tls'
+ ));
+
+ // connect to LDAP
+ if (!$ldap->connect()) {
+ $this->error("Storage connection failed");
+ return false;
+ }
+
+ // bind as given userdn
+ if (!$ldap->bind($dn, $password)) {
+ $this->unauthorized();
+ return false;
+ }
+
+ $ldap->close();
+ return true;
+ }
+
/**
* LDAP logging handler
*/
diff --git a/lib/AutodiscoverJson.php b/lib/AutodiscoverJson.php
new file mode 100644
--- /dev/null
+++ b/lib/AutodiscoverJson.php
@@ -0,0 +1,82 @@
+<?php
+
+/**
+ +--------------------------------------------------------------------------+
+ | Kolab Autodiscover Service |
+ | |
+ | Copyright (C) 2011-2014, Kolab Systems AG <contact@kolabsys.com> |
+ | |
+ | This program is free software: you can redistribute it and/or modify |
+ | it under the terms of the GNU General Public License as published by |
+ | the Free Software Foundation, either version 3 of the License, or |
+ | (at your option) any later version. |
+ | |
+ | This program is distributed in the hope that it will be useful, |
+ | but WITHOUT ANY WARRANTY; without even the implied warranty of |
+ | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
+ | GNU General Public License for more details. |
+ | |
+ | You should have received a copy of the GNU General Public License |
+ | along with this program. If not, see http://www.gnu.org/licenses/. |
+ +--------------------------------------------------------------------------+
+ | Author: Daniel Hoffend <dh@dotlan.net> |
+ +--------------------------------------------------------------------------+
+*/
+
+/**
+ * Autodiscover Service class for Microsoft Autodiscover V2
+ */
+class AutodiscoverJson extends Autodiscover
+{
+
+ public function handle_request()
+ {
+ if (preg_match('|autodiscover.json/v1.0/([^\?]+)|', $_SERVER['REQUEST_URI'], $regs)) {
+ $this->email = $regs[1];
+ }
+
+ Log::debug('Request [json]: ' . $_SERVER['REQUEST_URI']);
+ }
+
+ /**
+ * Generates JSON response
+ */
+ protected function handle_response()
+ {
+ if (strtolower($_GET['Protocol']) == 'activesync'
+ && !empty($this->config['activesync'])
+ ) {
+ if (!preg_match('/^https?:/i', $this->config['activesync'])) {
+ $this->config['activesync'] = 'https://' . $this->config['activesync'] . '/Microsoft-Server-ActiveSync';
+ }
+ $json = array(
+ 'Protocol' => 'ActiveSync',
+ 'Url' => $this->config['activesync']
+ );
+ }
+ elseif (strtolower($_GET['Protocol']) == 'autodiscoverv1') {
+ $json = array(
+ 'Protocol' => 'ActiveSync',
+ 'Url' => 'https://' . $_SERVER['HTTP_HOST'] . '/Autodiscover/Autodiscover.xml'
+ );
+ }
+ else {
+ http_response_code(400);
+ $json = array(
+ 'ErrorCore' => 'InvalidProtocol',
+ 'ErrorMessage' => 'The given protocol value \u0027'
+ . $_GET['Protocol']
+ . '\u0027 is invalid. Supported values are \u0027'
+ . (!empty($this->config['activesync']) ? 'ActiveSync,' : '')
+ . 'AutodiscoverV1\u0027'
+ );
+ }
+
+ $response = json_encode($json, JSON_PRETTY_PRINT);
+ Log::debug('Response [json]: ' . $response);
+
+ header('Content-Type: application/json; charset=' . Autodiscover::CHARSET);
+ echo $response;
+ exit;
+ }
+}
diff --git a/lib/AutodiscoverMicrosoft.php b/lib/AutodiscoverMicrosoft.php
--- a/lib/AutodiscoverMicrosoft.php
+++ b/lib/AutodiscoverMicrosoft.php
@@ -33,6 +33,7 @@
const MOBILESYNC_NS = "http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006";
private $type = 'outlook';
+ private $password;
/**
* Handle request parameters (find email address)
@@ -41,8 +42,15 @@
{
$post = $_SERVER['REQUEST_METHOD'] == 'POST' ? file_get_contents('php://input') : null;
- Log::debug('Request [microsoft]: ' . $post);
+ // check for basic authentication
+ Log::debug('Request [microsoft]: Basic Auth Username: ' . ($_SERVER['PHP_AUTH_USER'] ?: 'none'));
+ if (empty($_SERVER['PHP_AUTH_USER']) || empty($_SERVER['PHP_AUTH_PW'])) {
+ $this->unauthorized();
+ }
+ $this->password = $_SERVER['PHP_AUTH_PW'];
+ // check for request object
+ Log::debug('Request [microsoft]: ' . $post);
if (empty($post)) {
$this->error("Invalid input");
}
@@ -73,6 +81,11 @@
catch (Exception $e) {
$this->error("Invalid input");
}
+
+ // basic auth username must match with given email address
+ if ($_SERVER['PHP_AUTH_USER'] != $this->email) {
+ $this->unauthorized();
+ }
}
/**
@@ -80,8 +93,12 @@
*/
public function handle_response()
{
- $method = $this->type . '_response';
+ // authenticate the user found during configure() against ldap
+ if (empty($this->config['dn']) || !$this->authenticate($this->config['dn'], $this->password)) {
+ $this->unauthorized();
+ }
+ $method = $this->type . '_response';
$xml = $this->$method();
$xml->formatOutput = true;

File Metadata

Mime Type
text/plain
Expires
Thu, Apr 9, 3:30 PM (20 h, 53 m ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
18833823
Default Alt Text
D931.1775748609.diff (7 KB)

Event Timeline