Branch 'roundcubemail-plugins-kolab-3.1' - plugins/kolab_auth

Thomas Brüderli bruederli at kolabsys.com
Thu Jan 16 10:49:28 CET 2014 

 plugins/kolab_auth/kolab_auth.php |   63 ++++++++++++++++----------------------
 1 file changed, 27 insertions(+), 36 deletions(-)

New commits:
commit 7c3f239725f486d7fe6d2bb5995c1d3c19e9bf36
Author: Thomas Bruederli <bruederli at kolabsys.com>
Date:   Thu Jan 16 10:04:03 2014 +0100

    Adapt write_log hook to new per-user logging capabilities of Roundcube core (#2750):
    - Return the 'dir' property in write_log hook instead of writing the log directly
    - Provide a user log directory during authentication with the username submitted or retrieved from LDAP respectively
    - Requires Roundcube core rev 3786a4
    
    Conflicts:
    	plugins/kolab_auth/kolab_auth.php

diff --git a/plugins/kolab_auth/kolab_auth.php b/plugins/kolab_auth/kolab_auth.php
index b5e8081..b8daf96 100644
--- a/plugins/kolab_auth/kolab_auth.php
+++ b/plugins/kolab_auth/kolab_auth.php
@@ -31,6 +31,7 @@
 class kolab_auth extends rcube_plugin
 {
     static $ldap;
+    private $username;
     private $data = array();
 
     public function init()
@@ -54,10 +55,13 @@ class kolab_auth extends rcube_plugin
         // Hook to modify some configuration, e.g. ldap
         $this->add_hook('config_get', array($this, 'config_get'));
 
+        // Hook to modify logging directory
         $this->add_hook('write_log', array($this, 'write_log'));
+        $this->username = $_SESSION['username'];
 
-        // TODO: This section does not actually seem to work
-        if ($rcmail->config->get('kolab_auth_auditlog', false)) {
+        // Enable debug logs per-user, this enables logging only after
+        // user has logged in
+        if (!empty($_SESSION['username']) && $rcmail->config->get('kolab_auth_auditlog')) {
             $rcmail->config->set('debug_level', 1);
             $rcmail->config->set('devel_mode', true);
             $rcmail->config->set('smtp_log', true);
@@ -231,42 +235,26 @@ class kolab_auth extends rcube_plugin
             return $args;
         }
 
-        $args['abort'] = true;
+        // log_driver == 'file' is assumed here
+        $log_dir  = $rcmail->config->get('log_dir', RCUBE_INSTALL_PATH . 'logs');
 
-        if ($rcmail->config->get('log_driver') == 'syslog') {
-            $prio = $args['name'] == 'errors' ? LOG_ERR : LOG_INFO;
-            syslog($prio, $args['line']);
-            return $args;
-        }
-        else {
-            $line = sprintf("[%s]: %s\n", $args['date'], $args['line']);
-
-            // log_driver == 'file' is assumed here
-            $log_dir  = $rcmail->config->get('log_dir', INSTALL_PATH . 'logs');
-            $log_path = $log_dir.'/'.strtolower($_SESSION['kolab_auth_admin']).'/'.strtolower($_SESSION['username']);
+        // Append original username + target username for audit-logging
+        if ($rcmail->config->get('kolab_auth_auditlog') && !empty($_SESSION['kolab_auth_admin'])) {
+            $args['dir'] = $log_dir . '/' . strtolower($_SESSION['kolab_auth_admin']) . '/' . strtolower($this->username);
 
-            // Append original username + target username
-            if (!is_dir($log_path)) {
-                // Attempt to create the directory
-                if (@mkdir($log_path, 0750, true)) {
-                    $log_dir = $log_path;
-                }
-            }
-            else {
-                $log_dir = $log_path;
+            // Attempt to create the directory
+            if (!is_dir($args['dir'])) {
+                @mkdir($args['dir'], 0750, true);
             }
-
-            // try to open specific log file for writing
-            $logfile = $log_dir.'/'.$args['name'];
-
-            if ($fp = fopen($logfile, 'a')) {
-                fwrite($fp, $line);
-                fflush($fp);
-                fclose($fp);
-                return $args;
+        }
+        // Define the user log directory if a username is provided
+        else if ($rcmail->config->get('per_user_logging') && !empty($this->username)) {
+            $user_log_dir = $log_dir . '/' . strtolower($this->username);
+            if (is_writable($user_log_dir)) {
+                $args['dir'] = $user_log_dir;
             }
-            else {
-                trigger_error("Error writing to log file $logfile; Please check permissions", E_USER_WARNING);
+            else if ($args['name'] != 'errors') {
+                $args['abort'] = true;  // don't log if unauthenticed
             }
         }
 
@@ -352,6 +340,9 @@ class kolab_auth extends rcube_plugin
             return $args;
         }
 
+        // temporarily set the current username to the one submitted
+        $this->username = $user;
+
         $ldap = self::ldap();
         if (!$ldap || !$ldap->ready) {
             $args['abort'] = true;
@@ -482,7 +473,7 @@ class kolab_auth extends rcube_plugin
                 return $args;
             }
 
-            $args['user'] = $loginas;
+            $args['user'] = $this->username = $loginas;
 
             // Mark session to use SASL proxy for IMAP authentication
             $_SESSION['kolab_auth_admin']    = strtolower($origname);
@@ -505,7 +496,7 @@ class kolab_auth extends rcube_plugin
             $this->data['user_login'] = is_array($record[$login_attr]) ? $record[$login_attr][0] : $record[$login_attr];
         }
         if ($this->data['user_login']) {
-            $args['user'] = $this->data['user_login'];
+            $args['user'] = $this->username = $this->data['user_login'];
         }
 
         // User name for identity (first log in)

More information about the commits mailing list