Projects
Kolab:16
kolab-autoconf
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 11
View file
kolab-autoconf.spec
Changed
@@ -29,8 +29,8 @@ %global _ap_sysconfdir %{_sysconfdir}/%{httpd_name} Name: kolab-autoconf -Version: 1.3.1 -Release: 2%{?dist} +Version: 1.3.2 +Release: 1%{?dist} Summary: Autodiscovery for clients of Kolab Groupware Group: Applications/Internet @@ -39,8 +39,6 @@ Source0: http://mirror.kolabsys.com/pub/releases/%{name}-%{version}.tar.gz -Patch0002: 0002-fix-return-value-of-init_ldap.patch - %if 0%{?plesk} < 1 Requires: php-kolab-net-ldap3 %endif @@ -55,8 +53,6 @@ %prep %setup -q -%patch0002 -p1 - %build %install @@ -87,6 +83,9 @@ %attr(0750,%{httpd_user},%{httpd_group}) %{_var}/log/%{name} %changelog +* Mon Mar 2 2020 Jeroen van Meeuwen <vanmeeuwen@kolabsys.com> - 1.3.2-1 +- Release of version 1.3.2 + * Wed Apr 10 2019 Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com> - 1.3.1-2 - Fix init_ldap()
View file
0002-fix-return-value-of-init_ldap.patch
Deleted
@@ -1,44 +0,0 @@ -From bbd4949ef5309598d8e439cf61a43760b7ddb616 Mon Sep 17 00:00:00 2001 -From: Daniel Hoffend <dh@dotlan.net> -Date: Wed, 10 Apr 2019 12:15:31 +0200 -Subject: [PATCH 2/2] fix return value of init_ldap() - -Summary: -init_ldap doesn't return true on success - -autoconf doesn't lookup the username in ldap because init_ldap() always returns -null, but get_user() expects a non-false response. - -Reviewers: machniak, vanmeeuwen - -Reviewed By: machniak - -Differential Revision: https://git.kolab.org/D737 ---- - lib/Autodiscover.php | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/lib/Autodiscover.php b/lib/Autodiscover.php -index 9031fa9..33cda73 100644 ---- a/lib/Autodiscover.php -+++ b/lib/Autodiscover.php -@@ -236,12 +236,16 @@ class Autodiscover - // connect to LDAP - if (!$this->ldap->connect()) { - $this->error("Storage connection failed"); -+ return false; - } - - // bind as the service user - if (!$this->ldap->bind($this->_ldap_bind_dn, $this->_ldap_bind_pw)) { - $this->error("Storage connection failed"); -+ return false; - } -+ -+ return true; - } - - /** --- -2.20.1 -
View file
debian.changelog
Changed
@@ -1,3 +1,9 @@ +kolab-autoconf (1.3.2-1) unstable; urgency=medium + + * Release of version 1.3.2 + + -- Jeroen van Meeuwen <vanmeeuwen@kolabsys.com> Mon, 2 Mar 2020 16:24:02 +0100 + kolab-autoconf (1.3.1-3) unstable; urgency=medium * Create log folder, install autodiscover apache configuration
View file
debian.series
Changed
@@ -1,1 +0,0 @@ -0002-fix-return-value-of-init_ldap.patch -p1
View file
kolab-autoconf-1.3.2.tar.gz/.arcconfig
Added
@@ -0,0 +1,3 @@ +{ + "phabricator.uri": "https://git.kolab.org" +}
View file
kolab-autoconf-1.3.1.tar.gz/lib/Autodiscover.php -> kolab-autoconf-1.3.2.tar.gz/lib/Autodiscover.php
Changed
@@ -48,6 +48,11 @@ $type = 'Microsoft'; break; } + // Microsoft Autodiscover V2 + elseif (stripos($uri, 'autodiscover.json') !== false) { + $type = 'Json'; + break; + } // Mozilla Thunderbird (Kmail/Kontact/Evolution) else if (strpos($uri, 'config-v1.1.xml') !== false) { $type = 'Mozilla'; @@ -117,6 +122,18 @@ } /** + * Send 401 Unauthorized to the client end exit + */ + protected function unauthorized($basicauth = true) + { + if ($basicauth) { + header('WWW-Authenticate: Basic realm="'.$_SERVER['HTTP_HOST'].'"'); + } + header('HTTP/1.0 401 Unauthorized'); + exit; + } + + /** * Get services configuration */ protected function configure() @@ -236,12 +253,16 @@ // connect to LDAP if (!$this->ldap->connect()) { $this->error("Storage connection failed"); + return false; } // bind as the service user if (!$this->ldap->bind($this->_ldap_bind_dn, $this->_ldap_bind_pw)) { $this->error("Storage connection failed"); + return false; } + + return true; } /** @@ -295,7 +316,7 @@ $entries = $result->entries(true); $dn = key($entries); $entry = $entries[$dn]; - $result = array(); + $result = array('dn' => $dn); foreach ($attributes as $idx => $attr) { $result[$idx] = is_array($entry[$attr]) ? current($entry[$attr]) : $entry[$attr]; @@ -305,6 +326,39 @@ } /** + * authenticate a user by his given dn and password + */ + protected function authenticate($dn, $password) + { + if (empty($this->_ldap_server)) { + return false; + } + + $ldap = new Net_LDAP3(array( + 'debug' => in_array(strtolower($this->conf->get('autodiscover', 'debug_mode')), array('trace', 'debug')), + 'log_hook' => array($this, 'ldap_log'), + 'hosts' => array($this->_ldap_server), + 'port' => $this->_ldap_port, + 'use_tls' => $this->_ldap_scheme == 'tls' + )); + + // connect to LDAP + if (!$ldap->connect()) { + $this->error("Storage connection failed"); + return false; + } + + // bind as given userdn + if (!$ldap->bind($dn, $password)) { + $this->unauthorized(); + return false; + } + + $ldap->close(); + return true; + } + + /** * LDAP logging handler */ public function ldap_log($level, $msg)
View file
kolab-autoconf-1.3.2.tar.gz/lib/AutodiscoverJson.php
Added
@@ -0,0 +1,82 @@ +<?php + +/** + +--------------------------------------------------------------------------+ + | Kolab Autodiscover Service | + | | + | Copyright (C) 2011-2014, Kolab Systems AG <contact@kolabsys.com> | + | | + | This program is free software: you can redistribute it and/or modify | + | it under the terms of the GNU General Public License as published by | + | the Free Software Foundation, either version 3 of the License, or | + | (at your option) any later version. | + | | + | This program is distributed in the hope that it will be useful, | + | but WITHOUT ANY WARRANTY; without even the implied warranty of | + | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | + | GNU General Public License for more details. | + | | + | You should have received a copy of the GNU General Public License | + | along with this program. If not, see http://www.gnu.org/licenses/. | + +--------------------------------------------------------------------------+ + | Author: Daniel Hoffend <dh@dotlan.net> | + +--------------------------------------------------------------------------+ +*/ + +/** + * Autodiscover Service class for Microsoft Autodiscover V2 + */ +class AutodiscoverJson extends Autodiscover +{ + + public function handle_request() + { + if (preg_match('|autodiscover.json/v1.0/([^\?]+)|', $_SERVER['REQUEST_URI'], $regs)) { + $this->email = $regs[1]; + } + + Log::debug('Request [json]: ' . $_SERVER['REQUEST_URI']); + } + + /** + * Generates JSON response + */ + protected function handle_response() + { + if (strtolower($_GET['Protocol']) == 'activesync' + && !empty($this->config['activesync']) + ) { + if (!preg_match('/^https?:/i', $this->config['activesync'])) { + $this->config['activesync'] = 'https://' . $this->config['activesync'] . '/Microsoft-Server-ActiveSync'; + } + $json = array( + 'Protocol' => 'ActiveSync', + 'Url' => $this->config['activesync'] + ); + } + elseif (strtolower($_GET['Protocol']) == 'autodiscoverv1') { + $json = array( + 'Protocol' => 'ActiveSync', + 'Url' => 'https://' . $_SERVER['HTTP_HOST'] . '/Autodiscover/Autodiscover.xml' + ); + } + else { + http_response_code(400); + $json = array( + 'ErrorCore' => 'InvalidProtocol', + 'ErrorMessage' => 'The given protocol value \u0027' + . $_GET['Protocol'] + . '\u0027 is invalid. Supported values are \u0027' + . (!empty($this->config['activesync']) ? 'ActiveSync,' : '') + . 'AutodiscoverV1\u0027' + ); + } + + $response = json_encode($json, JSON_PRETTY_PRINT); + Log::debug('Response [json]: ' . $response); + + header('Content-Type: application/json; charset=' . Autodiscover::CHARSET); + echo $response; + exit; + } +}
View file
kolab-autoconf-1.3.1.tar.gz/lib/AutodiscoverMicrosoft.php -> kolab-autoconf-1.3.2.tar.gz/lib/AutodiscoverMicrosoft.php
Changed
@@ -33,6 +33,7 @@ const MOBILESYNC_NS = "http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006"; private $type = 'outlook'; + private $password; /** * Handle request parameters (find email address) @@ -41,8 +42,15 @@ { $post = $_SERVER['REQUEST_METHOD'] == 'POST' ? file_get_contents('php://input') : null; - Log::debug('Request [microsoft]: ' . $post); + // check for basic authentication + Log::debug('Request [microsoft]: Basic Auth Username: ' . ($_SERVER['PHP_AUTH_USER'] ?: 'none')); + if (empty($_SERVER['PHP_AUTH_USER']) || empty($_SERVER['PHP_AUTH_PW'])) { + $this->unauthorized(); + } + $this->password = $_SERVER['PHP_AUTH_PW']; + // check for request object + Log::debug('Request [microsoft]: ' . $post); if (empty($post)) { $this->error("Invalid input"); } @@ -73,6 +81,11 @@ catch (Exception $e) { $this->error("Invalid input"); } + + // basic auth username must match with given email address + if ($_SERVER['PHP_AUTH_USER'] != $this->email) { + $this->unauthorized(); + } } /** @@ -80,8 +93,12 @@ */ public function handle_response() { - $method = $this->type . '_response'; + // authenticate the user found during configure() against ldap + if (empty($this->config['dn']) || !$this->authenticate($this->config['dn'], $this->password)) { + $this->unauthorized(); + } + $method = $this->type . '_response'; $xml = $this->$method(); $xml->formatOutput = true;
View file
kolab-autoconf.dsc
Changed
@@ -2,9 +2,9 @@ Source: kolab-autoconf Binary: kolab-autoconf Architecture: all -Version: 1.3.1-3 -Maintainer: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com> -Uploaders: Tobias Brunner <tobias.brunner@vshn.ch> +Version: 1.3.2-1 +Maintainer: Jeroen van Meeuwen <vanmeeuwen@kolabsys.com> +Uploaders: Jeroen van Meeuwen <vanmeeuwen@kolabsys.com> Homepage: http://www.kolab.org/ Standards-Version: 3.9.3 Vcs-Browser: http://git.kolabsys.com/apt/kolab-autoconf/ @@ -13,5 +13,5 @@ Package-List: kolab-autoconf deb admin extra Files: - 00000000000000000000000000000000 0 kolab-autoconf-1.3.1.tar.gz + 00000000000000000000000000000000 0 kolab-autoconf-1.3.2.tar.gz 00000000000000000000000000000000 0 debian.tar.gz
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.