diff --git a/lib/Autodiscover.php b/lib/Autodiscover.php index 769adcf..1060418 100644 --- a/lib/Autodiscover.php +++ b/lib/Autodiscover.php @@ -1,390 +1,390 @@ | | | | This program is free software: you can redistribute it and/or modify | | it under the terms of the GNU General Public License as published by | | the Free Software Foundation, either version 3 of the License, or | | (at your option) any later version. | | | | This program is distributed in the hope that it will be useful, | | but WITHOUT ANY WARRANTY; without even the implied warranty of | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | | GNU General Public License for more details. | | | | You should have received a copy of the GNU General Public License | | along with this program. If not, see http://www.gnu.org/licenses/. | +--------------------------------------------------------------------------+ | Author: Aleksander Machniak | +--------------------------------------------------------------------------+ */ /** * Main application class */ class Autodiscover { const CHARSET = 'UTF-8'; protected $conf; protected $config = array(); /** * Autodiscover main execution path */ public static function run() { $uris = array($_SERVER['REQUEST_URI'], $_SERVER['SCRIPT_NAME']); $type = ''; // Detect request type foreach ($uris as $uri) { // Outlook/Activesync if (stripos($uri, 'autodiscover.xml') !== false) { $type = 'Microsoft'; break; } // Microsoft Autodiscover V2 elseif (stripos($uri, 'autodiscover.json') !== false) { $type = 'Json'; break; } // Mozilla Thunderbird (Kmail/Kontact/Evolution) else if (strpos($uri, 'config-v1.1.xml') !== false) { $type = 'Mozilla'; break; } } if (!$type) { header("HTTP/1.0 404 Not Found"); exit; } $class = "Autodiscover$type"; require_once __DIR__ . '/' . $class . '.php'; $engine = new $class; $engine->handle(); // fallback to 404 header("HTTP/1.0 404 Not Found"); exit; } /** * Initialization of class instance */ public function __construct() { require_once __DIR__ . '/Conf.php'; require_once __DIR__ . '/Log.php'; $this->conf = Conf::get_instance(); } /** * Handle request */ public function handle() { // read request parameters $this->handle_request(); // validate requested email address if (empty($this->email)) { $this->error("Email address not provided"); } if (!strpos($this->email, '@')) { $this->error("Invalid email address"); } // find/set services parameters $this->configure(); // send response $this->handle_response(); } /** * Send error to the client and exit */ protected function error($msg) { header("HTTP/1.0 500 $msg"); exit; } /** * Send 401 Unauthorized to the client end exit */ protected function unauthorized($basicauth = true) { if ($basicauth) { header('WWW-Authenticate: Basic realm="'.$_SERVER['HTTP_HOST'].'"'); } header('HTTP/1.0 401 Unauthorized'); exit; } /** * Get services configuration */ protected function configure() { $pos = strrpos($this->email, '@'); $this->config = array( 'email' => $this->email, 'domain' => strtolower(substr($this->email, $pos + 1)), 'displayName' => $this->conf->get('autodiscover', 'service_name'), 'displayShortName' => $this->conf->get('autodiscover', 'service_short'), ); // get user form LDAP, set domain/login/user in $this->config $user = $this->get_user($this->email, $this->config['domain']); $proto_map = array('tls' => 'STARTTLS', 'ssl' => 'SSL'); foreach (array('imap', 'pop3', 'smtp') as $type) { if ($value = $this->conf->get('autodiscover', $type)) { $params = explode(';', $value); $pass_secure = in_array($params[1] ?? null, array('CRAM-MD5', 'DIGEST-MD5')); $host = $params[0]; $host = str_replace('%d', $this->config['domain'], $host); $url = parse_url($host); $this->config[$type] = array( 'hostname' => $url['host'], 'port' => $url['port'], 'socketType' => ($proto_map[$url['scheme']] ?? false) ?: 'plain', 'username' => ($this->config['login'] ?? false) ?: $this->config['email'], 'authentication' => 'password-' . ($pass_secure ? 'encrypted' : 'cleartext'), ); } } if ($host = $this->conf->get('autodiscover', 'activesync')) { $host = str_replace('%d', $this->config['domain'], $host); $this->config['activesync'] = $host; } // Log::debug(print_r($this->config, true)); } /** * Get user record from LDAP */ protected function get_user($email, $domain) { // initialize LDAP connection $result = $this->init_ldap(); if (!$result) { $this->config = array_merge( $this->config, Array('mail' => $email, 'domain' => $domain) ); return; } // find domain if (!$this->ldap->find_domain($domain)) { $this->error("Unknown domain"); } // find user $user = $this->find_user($email, $domain); // update config $this->config = array_merge($this->config, (array)$user, array('domain' => $domain)); } /** * Initialize LDAP connection */ protected function init_ldap() { $ldap_uri = $this->conf->get('ldap_uri', false); if (!$ldap_uri) { return false; } $uri = parse_url($ldap_uri); $this->_ldap_server = ($uri['scheme'] === 'ldaps' ? 'ldaps://' : '') . $uri['host']; $this->_ldap_port = $uri['port']; $this->_ldap_scheme = $uri['scheme']; $this->_ldap_bind_dn = $this->conf->get('ldap', 'service_bind_dn'); $this->_ldap_bind_pw = $this->conf->get('ldap', 'service_bind_pw'); // Catch cases in which the ldap server port has not been explicitely defined if (!$this->_ldap_port) { $this->_ldap_port = $this->_ldap_scheme == 'ldaps' ? 636 : 389; } $this->ldap = new Net_LDAP3(array( 'debug' => in_array(strtolower($this->conf->get('autodiscover', 'debug_mode')), array('trace', 'debug')), 'log_hook' => array($this, 'ldap_log'), 'vlv' => $this->conf->get('ldap', 'vlv', Conf::AUTO), 'config_root_dn' => "cn=config", 'hosts' => array($this->_ldap_server), 'port' => $this->_ldap_port, 'use_tls' => $this->_ldap_scheme == 'tls', 'domain_base_dn' => $this->conf->get('ldap', 'domain_base_dn'), 'domain_filter' => $this->conf->get('ldap', 'domain_filter'), 'domain_name_attribute' => $this->conf->get('ldap', 'domain_name_attribute'), )); $this->_ldap_domain = $this->conf->get('primary_domain'); // connect to LDAP if (!$this->ldap->connect()) { $this->error("Storage connection failed"); return false; } // bind as the service user if (!$this->ldap->bind($this->_ldap_bind_dn, $this->_ldap_bind_pw)) { $this->error("Storage connection failed"); return false; } return true; } /** * Find user in LDAP */ private function find_user($email, $domain) { $filter = $this->conf->get('login_filter'); if (empty($filter)) { $filter = $this->conf->get('filter'); } if (empty($filter)) { $filter = "(&(|(mail=%s)(mail=%U@%d)(alias=%s)(alias=%U@%d)(uid=%s))(objectclass=inetorgperson))"; } $_parts = explode('@', $email); $localpart = $_parts[0]; $replace_patterns = array( '/%s/' => $email, '/%d/' => $domain, '/%U/' => $localpart, '/%r/' => $domain, ); $attributes = array( 'login' => $this->conf->get('autodiscover', 'login_attribute') ?: 'mail', 'username' => $this->conf->get('autodiscover', 'name_attribute') ?: 'cn', ); $filter = preg_replace(array_keys($replace_patterns), array_values($replace_patterns), $filter); $base_dn = $this->ldap->domain_root_dn($domain); $result = $this->ldap->search($base_dn, $filter, 'sub', array_values($attributes)); if (!$result) { Log::debug("Could not search $base_dn with $filter"); return; } if ($result->count() > 1) { Log::debug("Multiple entries found."); return; } else if ($result->count() < 1) { Log::debug("No entries found."); return; } // parse result $entries = $result->entries(true); $dn = key($entries); $entry = $entries[$dn]; $result = array('dn' => $dn); foreach ($attributes as $idx => $attr) { $result[$idx] = is_array($entry[$attr]) ? current($entry[$attr]) : $entry[$attr]; } return $result; } /** * authenticate a user by his given dn and password */ protected function authenticate($dn, $password) { if (empty($this->_ldap_server)) { return false; } $ldap = new Net_LDAP3(array( 'debug' => in_array(strtolower($this->conf->get('autodiscover', 'debug_mode')), array('trace', 'debug')), 'log_hook' => array($this, 'ldap_log'), 'hosts' => array($this->_ldap_server), 'port' => $this->_ldap_port, 'use_tls' => $this->_ldap_scheme == 'tls' )); // connect to LDAP if (!$ldap->connect()) { $this->error("Storage connection failed"); return false; } // bind as given userdn if (!$ldap->bind($dn, $password)) { $this->unauthorized(); return false; } $ldap->close(); return true; } /** * LDAP logging handler */ public function ldap_log($level, $msg) { if (is_array($msg)) { $msg = implode("\n", $msg); } switch ($level) { case LOG_DEBUG: - Log::debug($str . $msg); + Log::debug($msg); break; case LOG_ERR: - Log::error($str . $msg); + Log::error($msg); break; case LOG_INFO: - Log::info($str . $msg); + Log::info($msg); break; case LOG_WARNING: - Log::warning($str . $msg); + Log::warning($msg); break; case LOG_ALERT: case LOG_CRIT: case LOG_EMERG: case LOG_NOTICE: default: - Log::trace($str . $msg); + Log::trace($msg); break; } } }