gunnar: server/php-kolab/Kolab_Filter/Filter Incoming.php, 1.1, 1.2 Outgoing.php, 1.1, 1.2 olhacks.php, 1.3, NONE resmgr.php, 1.6, NONE
cvs at kolab.org
cvs at kolab.org
Tue Nov 27 08:30:27 CET 2007
Author: gunnar
Update of /kolabrepository/server/php-kolab/Kolab_Filter/Filter
In directory doto:/tmp/cvs-serv5494/php-kolab/Kolab_Filter/Filter
Modified Files:
Incoming.php Outgoing.php
Removed Files:
olhacks.php resmgr.php
Log Message:
Continued fixing of kolab-filter.
Index: Incoming.php
===================================================================
RCS file: /kolabrepository/server/php-kolab/Kolab_Filter/Filter/Incoming.php,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- Incoming.php 26 Nov 2007 16:35:21 -0000 1.1
+++ Incoming.php 27 Nov 2007 07:30:25 -0000 1.2
@@ -94,7 +94,7 @@
}
if ($ical) {
- require_once 'Kolab/Filter/resmgr.php';
+ require_once 'Kolab/Filter/Resource.php';
$newrecips = array();
foreach ($this->_recipients as $recip) {
Horde::logMessage(sprintf(_("Calling resmgr_filter(%s, %s, %s, %s)"),
Index: Outgoing.php
===================================================================
RCS file: /kolabrepository/server/php-kolab/Kolab_Filter/Filter/Outgoing.php,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- Outgoing.php 26 Nov 2007 16:35:21 -0000 1.1
+++ Outgoing.php 27 Nov 2007 07:30:25 -0000 1.2
@@ -94,7 +94,7 @@
$rc = verify_sender($this->_sasl_username, $this->_sender,
$from, $this->_client_address);
if (is_a($rc, 'PEAR_Error')) {
- return $this->_rewriteCode($rc);
+ return $rc;
} else if ($rc === true) {
/* All OK, do nothing */
} else if ($rc === false) {
@@ -169,11 +169,11 @@
if (!$senderok) {
if ($ical && $allow_outlook_ical_forward ) {
- require_once('Kolab/Filter/olhacks.php');
+ require_once('Kolab/Filter/Outlook.php');
$rc = olhacks_embedical($this->_fqhostname, $this->_sender, $this->_recipients,
$from, $subject, $this->_tmpfname);
if (is_a($rc, 'PEAR_Error')) {
- return $this->_rewriteCode($rc);
+ return $rc;
} else if ($rc === true) {
return;
}
@@ -272,105 +272,128 @@
}
// Cleanup function
-function is_my_domain( $addr ) {
- global $params;
- if( is_array($params['email_domain']) ) {
- $domains = $params['email_domain'];
- } else {
- $domains = array($params['email_domain']);
- }
+function is_my_domain($addr)
+{
+ global $conf;
+
+ if (!empty($conf['filter']['verify_subdomains'])) {
+ $verify_subdomains = $conf['filter']['verify_subdomains'];
+ } else {
+ $verify_subdomains = true;
+ }
+
+ if (!empty($conf['filter']['email_domain'])) {
+ $email_domain = $conf['filter']['email_domain'];
+ } else {
+ $email_domain = 'localhost';
+ }
+
+ $domains = (array) $email_domain;
- $adrs = imap_rfc822_parse_adrlist($addr, $params['email_domain']);
- foreach ($adrs as $adr) {
- $adrdom = $adr->host;
- if( empty($adrdom) ) continue;
- foreach( $domains as $dom ) {
- if( $dom == $adrdom ) return true;
- if( $params['verify_subdomains'] && substr($adrdom, -strlen($dom)-1) == ".$dom" ) return true;
+ $adrs = imap_rfc822_parse_adrlist($addr, $email_domain);
+ foreach ($adrs as $adr) {
+ $adrdom = $adr->host;
+ if (empty($adrdom)) {
+ continue;
+ }
+ foreach ($domains as $dom) {
+ if ($dom == $adrdom) {
+ return true;
+ }
+ if ($verify_subdomains && substr($adrdom, -strlen($dom)-1) == ".$dom") {
+ return true;
+ }
+ }
}
- }
- return false;
+ return false;
}
/**
Returns a list of allowed email addresses for user $sasluser
or a PEAR_Error object if something croaked.
*/
-function addrs_for_uid( $sasluser )
+function addrs_for_uid($sasluser)
{
- global $params;
- /* Connect to the LDAP server and retrieve the users'
- allowed email addresses */
- $ldap = ldap_connect($params['ldap_uri']);
- if (!ldap_bind($ldap, $params['bind_dn'], $params['bind_pw'])) {
- myLog('Unable to contact LDAP server: ' . ldap_error($ldap));
- return new PEAR_Error('Unable to contact LDAP server: ' . ldap_error($ldap));
- }
+ global $conf;
+
+ /* Connect to the LDAP server and retrieve the users'
+ * allowed email addresses
+ */
+ $ldap = ldap_connect($conf['filter']['ldap_uri']);
+
+ if (!ldap_bind($ldap, $conf['filter']['bind_dn'], $conf['filter']['bind_pw'])) {
+ return PEAR::raiseError(sprintf(_("Unable to contact LDAP server: %s"),
+ ldap_error($ldap)),
+ OUT_LOG || ERR_TEMPFAIL);
+ }
- $filter = "(&(objectClass=kolabInetOrgPerson)(|(mail=$sasluser)(uid=$sasluser)))";
- $result = ldap_search($ldap, $params['base_dn'],
- $filter,
- array("dn", "mail", "alias" ));
- if (!$result) {
- myLog('Unable to perform LDAP search: ' . ldap_error($ldap));
- return new PEAR_Error('Unable to perform LDAP search: ' . ldap_error($ldap));
- }
+ $filter = "(&(objectClass=kolabInetOrgPerson)(|(mail=$sasluser)(uid=$sasluser)))";
+ $result = ldap_search($ldap, $conf['filter']['base_dn'],
+ $filter,
+ array("dn", "mail", "alias" ));
+ if (!$result) {
+ return PEAR::raiseError(sprintf(_("Unable to perform LDAP search: %s"),
+ ldap_error($ldap)),
+ OUT_LOG || ERR_TEMPFAIL);
+ }
- $entries = ldap_get_entries($ldap, $result);
- if ($entries['count'] != 1) {
- myLog($entries['count']." objects returned for uid $sasluser");
- return new PEAR_Error("Temporary LDAP error, unable to look up user $sasluser");
- }
- unset($entries[0]['mail']['count']);
- unset($entries[0]['alias']['count']);
- $addrs = array_merge((array) $entries[0]['mail'],(array) $entries[0]['alias']);
- $mail = $entries[0]['mail'][0];
+ $entries = ldap_get_entries($ldap, $result);
+ if ($entries['count'] != 1) {
+ return PEAR::raiseError(sprintf(_("%s objects returned for uid %s. Unable to look up user."),
+ $entries['count'], $sasluser),
+ OUT_LOG || ERR_TEMPFAIL);
+ }
+ unset($entries[0]['mail']['count']);
+ unset($entries[0]['alias']['count']);
+ $addrs = array_merge((array) $entries[0]['mail'],(array) $entries[0]['alias']);
+ $mail = $entries[0]['mail'][0];
- ldap_free_result($result);
+ ldap_free_result($result);
- $filter = "(&(objectClass=kolabInetOrgPerson)(kolabDelegate=$mail))";
- $result = ldap_search($ldap, $params['base_dn'],
- $filter,
- array("dn", "mail" ));
- if (!$result) {
- myLog('Unable to perform LDAP search: ' . ldap_error($ldap));
- return new PEAR_Error('Unable to perform LDAP search: ' . ldap_error($ldap));
- }
+ $filter = "(&(objectClass=kolabInetOrgPerson)(kolabDelegate=$mail))";
+ $result = ldap_search($ldap, $conf['filter']['base_dn'],
+ $filter,
+ array("dn", "mail" ));
+ if (!$result) {
+ return PEAR::raiseError(sprintf(_("Unable to perform LDAP search: %s"),
+ ldap_error($ldap)),
+ OUT_LOG || ERR_TEMPFAIL);
+ }
- $entries = ldap_get_entries($ldap, $result);
- unset( $entries['count'] );
- foreach( $entries as $adr ) {
- if( $adr['mail']['count'] > 0 ) {
- unset($adr['mail']['count']);
- $addrs = array_merge((array) $addrs,(array) $adr['mail']);
+ $entries = ldap_get_entries($ldap, $result);
+ unset( $entries['count'] );
+ foreach( $entries as $adr ) {
+ if( $adr['mail']['count'] > 0 ) {
+ unset($adr['mail']['count']);
+ $addrs = array_merge((array) $addrs,(array) $adr['mail']);
+ }
}
- }
- ldap_free_result($result);
- ldap_close($ldap);
+ ldap_free_result($result);
+ ldap_close($ldap);
- #myLog("Found addresses ".print_r($addrs,true)." for user $sasluser", RM_LOG_DEBUG);
- return $addrs;
+ return $addrs;
}
/** Returns the format string used to rewrite
the From header for untrusted messages */
function get_untrusted_subject_insert($sasluser,$sender)
{
- global $params;
- if( $sasluser ) {
- if( array_key_exists('untrusted_subject_insert', $params) ) {
- $fmt = $params['untrusted_subject_insert'];
- } else {
- $fmt = "(UNTRUSTED, sender is <%s>)";
- }
- } else {
- if( array_key_exists('unauthenticated_subject_insert', $params) ) {
- $fmt = $params['unauthenticated_subject_insert'];
+ global $conf;
+
+ if ($sasluser) {
+ if (!empty($conf['filter']['untrusted_subject_insert'])) {
+ $fmt = $conf['filter']['untrusted_subject_insert'];
+ } else {
+ $fmt = _("(UNTRUSTED, sender is <%s>)");
+ }
} else {
- $fmt = "(UNTRUSTED, sender <%s> is not authenticated)";
+ if (!empty($conf['filter']['unauthenticated_subject_insert'])) {
+ $fmt = $conf['filter']['unauthenticated_subject_insert'];
+ } else {
+ $fmt = _("(UNTRUSTED, sender <%s> is not authenticated)");
+ }
}
- }
- return sprintf($fmt,$sender);
+ return sprintf($fmt, $sender);
}
/** Check that the From header is not trying
@@ -383,90 +406,131 @@
From acceptable
* A PEAR_Error object if something croaked
*/
-function verify_sender( $sasluser, $sender, $fromhdr, $client_addr ) {
- global $params;
+function verify_sender($sasluser, $sender, $fromhdr, $client_addr) {
- /* Allow anything from localhost and
- fellow Kolab-hosts */
- if( $client_addr == $params['local_addr'] ) return true;
- $kolabhosts = split(',', $params['kolabhosts'] );
- $kolabhosts = array_map( "gethostbyname", $kolabhosts );
- if( array_search( $client_addr, $kolabhosts ) !== false ) return true;
+ global $conf;
- if( is_array($params['email_domain']) ) {
- $domains = $params['email_domain'];
- } else {
- $domains = array($params['email_domain']);
- }
+ if (!empty($conf['filter']['email_domain'])) {
+ $domains = $conf['filter']['email_domain'];
+ } else {
+ $domains = 'localhost';
+ }
- if( $sasluser ) {
- if( PEAR::isError($allowed_addrs = addrs_for_uid($sasluser)) ) {
- myLog("Error reading allowed addresses for $sasluser: ".$allowed_addrs->getMessage(), RM_LOG_ERROR);
- return $allowed_addrs;
+ if (!is_array($domains)) {
+ $domains = array($domains);
}
- } else {
- $allowed_addrs = false;
- }
- $untrusted = get_untrusted_subject_insert($sasluser,$sender);
- $adrs = imap_rfc822_parse_adrlist($fromhdr, $params['email_domain'][0]);
- foreach ($adrs as $adr) {
- $from = $adr->mailbox.'@'.$adr->host;
- $fromdom = $adr->host;
- if( $sasluser ) {
- if( !in_array( strtolower($from), $allowed_addrs ) ) {
- myLog("$from is not an allowed From address for $sasluser", RM_LOG_DEBUG);
- return false;
- }
+
+ if (!empty($conf['filter']['local_addr'])) {
+ $local_addr = $conf['filter']['local_addr'];
} else {
- foreach( $domains as $domain ) {
- if( strtolower($fromdom) == $domain
- || ( $params['verify_subdomains']
- && substr($fromdom, -strlen($domain)-1) == ".$domain" ) ) {
- if( $params['reject_forged_from_header'] ) {
- myLog("$from is not an allowed From address for unauthenticated users", RM_LOG_DEBUG);
- return false;
- } else {
- /* Rewrite */
- myLog("$from is not an allowed From address for unauthenticated users, rewriting", RM_LOG_DEBUG);
-
- if( strpos( $fromhdr, $untrusted )===false ) {
- return '"'.str_replace(array("\\",'"'),array("\\\\",'\"'),$adr->personal).' '.$untrusted.'" '.'<'.$from.'>';
- } else {
- return true;
- }
- }
- }
- }
+ $local_addr = 'localhost';
}
- }
- /* All seems OK */
- return true;
+ if (!empty($conf['filter']['verify_subdomains'])) {
+ $verify_subdomains = $conf['filter']['verify_subdomains'];
+ } else {
+ $verify_subdomains = true;
+ }
+ if (!empty($conf['filter']['reject_forged_from_headers'])) {
+ $reject_forged_from_headers = $conf['filter']['reject_forged_from_headers'];
+ } else {
+ $reject_forged_from_headers = true;
+ }
- /* TODO: What do we do about subdomains? */
- /*
- $senderdom = substr(strrchr($sender, '@'), 1);
- foreach( $domains as $domain ) {
- if( $params['verify_subdomains'] ) {
- if( ($senderdom == $domain ||
- $fromdom == $domain ||
- substr($senderdom, -strlen($domain)-1) == ".$domain" ||
- substr($fromdom, -strlen($domain)-1) == ".$domain" ) &&
- $sender != $from ) {
- return false;
- }
- } else {
- if( ($senderdom == $domain ||
- $fromdom == $domain ) &&
- $sender != $from ) {
- return false;
- }
- }
+ if (!empty($conf['filter']['kolabhosts'])) {
+ $kolabhosts = $conf['filter']['kolabhosts'];
+ } else {
+ $kolabhosts = 'localhost';
}
- }
- return true;
- */
+
+ /* Allow anything from localhost and
+ * fellow Kolab-hosts
+ */
+ if ($client_addr == $local_addr) {
+ return true;
+ }
+
+ $kolabhosts = split(',', $kolabhosts);
+ $kolabhosts = array_map('gethostbyname', $kolabhosts );
+
+ if (array_search($client_addr, $kolabhosts) !== false) {
+ return true;
+ }
+
+ if ($sasluser) {
+ $allowed_addrs = addrs_for_uid($sasluser);
+ if (is_a($allowed_addrs, 'PEAR_Error')) {
+ return $allowed_addrs;
+ }
+ } else {
+ $allowed_addrs = false;
+ }
+
+ $untrusted = get_untrusted_subject_insert($sasluser,$sender);
+ $adrs = imap_rfc822_parse_adrlist($fromhdr, $domains[0]);
+
+ foreach ($adrs as $adr) {
+ $from = $adr->mailbox . '@' . $adr->host;
+ $fromdom = $adr->host;
+ if ($sasluser) {
+ if (!in_array(strtolower($from), $allowed_addrs)) {
+ Horde::logMessage(sprintf(_("%s is not an allowed From address for %s"),
+ $from, $sasluser), __FILE__, __LINE__, PEAR_LOG_DEBUG);
+ return false;
+ }
+ } else {
+ foreach ($domains as $domain) {
+ if (strtolower($fromdom) == $domain
+ || ($verify_subdomains
+ && substr($fromdom, -strlen($domain)-1) == ".$domain")) {
+ if ($reject_forged_from_header) {
+ Horde::logMessage(sprintf(_("%s is not an allowed From address for unauthenticated users."),
+ $from), __FILE__, __LINE__, PEAR_LOG_DEBUG);
+ return false;
+ } else {
+ /* Rewrite */
+ Horde::logMessage(sprintf(_("%s is not an allowed From address for unauthenticated users, rewriting."),
+ $from), __FILE__, __LINE__, PEAR_LOG_DEBUG);
+ if (strpos( $fromhdr, $untrusted )===false) {
+ return '"'.str_replace(array("\\",'"'),array("\\\\",'\"'),$adr->personal).' '.$untrusted.'" '.'<'.$from.'>';
+ } else {
+ return true;
+ }
+ }
+ }
+ }
+ }
+ }
+
+ /* All seems OK */
+ return true;
+
+
+ /* TODO: What do we do about subdomains? */
+ /*
+ $senderdom = substr(strrchr($sender, '@'), 1);
+ foreach( $domains as $domain ) {
+ if( $conf['filter']['verify_subdomains'] ) {
+ if( ($senderdom == $domain ||
+ $fromdom == $domain ||
+ substr($senderdom, -strlen($domain)-1) == ".$domain" ||
+ substr($fromdom, -strlen($domain)-1) == ".$domain" ) &&
+ $sender != $from ) {
+ return false;
+ }
+ } else {
+ if( ($senderdom == $domain ||
+ $fromdom == $domain ) &&
+ $sender != $from ) {
+ return false;
+ }
+ }
+ }
+ }
+ return true;
+ */
+
}
--- olhacks.php DELETED ---
--- resmgr.php DELETED ---
More information about the commits
mailing list