Request 2183 (accepted)

kolab-freebusy.spec Changed

​x
 
@@ -24,7 +24,7 @@
 
 Name:           kolab-freebusy
 Version:        1.1.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Kolab Free/Busy Web Presentation Layer
 
 Group:          Applications/Internet
@@ -163,6 +163,9 @@
 %attr(0770,root,%{httpd_group}) %{_localstatedir}/log/%{name}
 
 %changelog
+* Wed Feb  7 2018 Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com> - 1.1.0-2
+- Repack of tagged version
+
 * Thu Jun 15 2017 Jeroen van Meeuwen <vanmeeuwen@kolabsys.com> - 1.1.0-1
 - Release 1.1.0
 
​

debian.changelog Changed

 
@@ -1,3 +1,23 @@
+kolab-freebusy (1.1.0-0~kolab3) unstable; urgency=low
+
+  * Fix autoloader configuration
+  * Add missing dependency on php-sabre-vobject-3
+  * Add debian/source/format
+
+ -- Christoph Erhardt <kolab@sicherha.de>  Fri, 16 Feb 2018 16:34:51 +0100
+
+kolab-freebusy (1.1.0-0~kolab2) unstable; urgency=low
+
+  * Repack of tagged version
+
+ -- Jeroen van Meeuwen <vanmeeuwen@kolabsys.com>  Wed,  7 Feb 2018 12:00:22 +0200
+
+kolab-freebusy (1.1.0-0~kolab1mic1) unstable; urgency=low
+
+  * fix pbuilder builds
+
+ -- hede <kolab983@der-he.de>  Sun, 06 Aug 2017 10:00:12 +0200
+
 kolab-freebusy (1.1.0-0~kolab1) unstable; urgency=low
 
   * Release of version 1.1.0
​

debian.control Changed

 
@@ -13,6 +13,7 @@
 Depends: ${misc:Depends},
         php-monolog,
         php-net-ldap3,
+        php-sabre-vobject-3,
         roundcubemail-core,
         roundcubemail-plugins-kolab
 Description: Free/Busy for Kolab Groupware
​

debian.rules Changed

 
@@ -15,9 +15,14 @@
        rm -rf composer.json ; \
        mv composer.json-dist composer.json ; \
    fi
-   mkdir -p $$HOME/.composer/
-   echo '{}' > $$HOME/.composer/composer.json
-   composer -vvv dumpautoload --optimize
+   mkdir -p $(CURDIR)/debian/home/.composer/
+   echo '{}' > $(CURDIR)/debian/home/.composer/composer.json
+   patch -p1 < debian/patches/add-composer-autoloader.diff || :
+   HOME=$(CURDIR)/debian/home/ composer -vvv dumpautoload --optimize
+   sed -i -e "s|.baseDir . '/../../../share|'/usr/share|" $(CURDIR)/vendor/composer/autoload_psr4.php
+   sed -i -e "s|.baseDir . '/../../../share|'/usr/share|" $(CURDIR)/vendor/composer/autoload_namespaces.php
+   sed -i -e "s|.baseDir . '/../../../share|'/usr/share|" $(CURDIR)/vendor/composer/autoload_classmap.php
+   sed -i -e "s|__DIR__ . '/../..' . '/../../../share|'/usr/share|" $(CURDIR)/vendor/composer/autoload_static.php || true
 
    dh_install --list-missing -XLICENSE
 
​

debian.tar.gz/patches Added

 
+(directory)
​

debian.tar.gz/patches/add-composer-autoloader.diff Added

 
@@ -0,0 +1,12 @@
+Index: kolab-freebusy-1.1.0/composer.json
+===================================================================
+--- kolab-freebusy-1.1.0/composer.json
++++ kolab-freebusy-1.1.0-orig/composer.json
+@@ -8,6 +8,7 @@
+           "": "/usr/share/pear/"
+       },
+       "psr-4": {
++          "Sabre\\": "/usr/share/php/sabre21/Sabre/",
+           "": "/usr/share/php/"
+       }
+   }
​

debian.tar.gz/source Added

 
+(directory)
​

debian.tar.gz/source/format Added

 
@@ -0,0 +1,1 @@
+1.0
​

kolab-freebusy-1.1.0.tar.gz/autogen.sh Changed

 
@@ -42,7 +42,7 @@
     exit 1
 fi
 
-mv composer-dist.json composer.json
+mv composer.json-dist composer.json
 
 ./composer.phar install --no-dev
 
​

kolab-freebusy-1.1.0.tar.gz/doc/kolab-freebusy.config.ini Changed

 
@@ -16,6 +16,8 @@
 ; base_dn = "dc=yourdomain,dc=com"
 ; filter = "(&(|(mail=%s)(alias=%s)(uid=%s))(objectclass=inetorgperson))"  ; optional, %s is replaced by the username
 
+;; Enables session token authentication
+; allow_token = true
 
 ;; Allow privileged access from these IPs
 [trustednetworks]
​

kolab-freebusy-1.1.0.tar.gz/lib/Kolab/FreeBusy/HTTPAuth.php Changed

@@ -23,6 +23,7 @@
 
 namespace Kolab\FreeBusy;
 
+use \Kolab\Config;
 use \Net_LDAP3;
 use \Monolog\Logger as Monolog;
 
@@ -40,6 +41,15 @@
 	{
 		$logger = Logger::get('httpauth');
 
+		// First try token authentication if enabled and user/token detected in the URL
+		if (!empty($_SERVER['FREEBUSY_URI'])
+			&& Config::boolean($config['allow_token'])
+			&& preg_match('|([^@/]+@[^@/]+)/([a-f0-9]{32})/[^/]+$|', $_SERVER['FREEBUSY_URI'], $matches)
+			&& self::checkToken($config, $matches[1], $matches[2])
+		) {
+			return true;
+		}
+
 		// no http auth submitted, abort!
 		if (empty($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
 			$logger->addDebug('No HTTP auth submitted');
@@ -118,6 +128,40 @@
 	}
 
 	/**
+	 * Validate user token and credentials from freebusy_auth cache
+	 */
+	private static function checkToken($config, $user, $token)
+	{
+		// See 'ready' hook handler in kolab_auth plugin
+		// for details on how the token auth (cache) entries are created
+
+		// load the Roundcube framework with its autoloader
+		require_once KOLAB_FREEBUSY_ROOT . '/lib/Roundcube/bootstrap.php';
+
+		$rcube  = \rcube::get_instance(\rcube::INIT_WITH_DB | \rcube::INIT_WITH_PLUGINS);
+		$ip     = \rcube_utils::remote_addr();
+		$key    = md5("$token:$ip:$user");
+		$valid  = false;
+
+		$rcube->config->set('freebusy_auth_cache', 'db');
+		$cache = $rcube->get_cache_shared('freebusy_auth', false);
+
+		if ($cache && ($deadline = $cache->get($key))) {
+			$now      = new \DateTime('now', new \DateTimeZone('UTC'));
+			$deadline = new \DateTime($deadline);
+
+			if ($deadline >= $now) {
+				$valid = true;
+			}
+		}
+
+		$status = $valid ? 'SUCCESS' : 'FAILURE';
+		Logger::get('httpauth')->addInfo("Token: authenticating user $user/$token/$ip: $status");
+
+		return $valid;
+	}
+
+	/**
 	 * Callback for Net_LDAP3 logging
 	 */
 	public static function ldapLog($level, $msg)

 
@@ -23,6 +23,7 @@
 
 namespace Kolab\FreeBusy;
 
+use \Kolab\Config;
 use \Net_LDAP3;
 use \Monolog\Logger as Monolog;
 
@@ -40,6 +41,15 @@
    {
        $logger = Logger::get('httpauth');
 
+       // First try token authentication if enabled and user/token detected in the URL
+       if (!empty($_SERVER['FREEBUSY_URI'])
+           && Config::boolean($config['allow_token'])
+           && preg_match('|([^@/]+@[^@/]+)/([a-f0-9]{32})/[^/]+$|', $_SERVER['FREEBUSY_URI'], $matches)
+           && self::checkToken($config, $matches[1], $matches[2])
+       ) {
+           return true;
+       }
+
        // no http auth submitted, abort!
        if (empty($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
            $logger->addDebug('No HTTP auth submitted');
@@ -118,6 +128,40 @@
    }
 
    /**
+    * Validate user token and credentials from freebusy_auth cache
+    */
+   private static function checkToken($config, $user, $token)
+   {
+       // See 'ready' hook handler in kolab_auth plugin
+       // for details on how the token auth (cache) entries are created
+
+       // load the Roundcube framework with its autoloader
+       require_once KOLAB_FREEBUSY_ROOT . '/lib/Roundcube/bootstrap.php';
+
+       $rcube  = \rcube::get_instance(\rcube::INIT_WITH_DB | \rcube::INIT_WITH_PLUGINS);
+       $ip     = \rcube_utils::remote_addr();
+       $key    = md5("$token:$ip:$user");
+       $valid  = false;
+
+       $rcube->config->set('freebusy_auth_cache', 'db');
+       $cache = $rcube->get_cache_shared('freebusy_auth', false);
+
+       if ($cache && ($deadline = $cache->get($key))) {
+           $now      = new \DateTime('now', new \DateTimeZone('UTC'));
+           $deadline = new \DateTime($deadline);
+
+           if ($deadline >= $now) {
+               $valid = true;
+           }
+       }
+
+       $status = $valid ? 'SUCCESS' : 'FAILURE';
+       Logger::get('httpauth')->addInfo("Token: authenticating user $user/$token/$ip: $status");
+
+       return $valid;
+   }
+
+   /**
     * Callback for Net_LDAP3 logging
     */
    public static function ldapLog($level, $msg)
​

kolab-freebusy-1.1.0.tar.gz/lib/Kolab/FreeBusy/SourceIMAP.php Changed

 
@@ -29,12 +29,6 @@
 use Sabre\VObject\FreeBusyGenerator;
 use Sabre\VObject\ParseException;
 
-// configure env for Roundcube framework
-define('RCUBE_INSTALL_PATH', KOLAB_FREEBUSY_ROOT . '/');
-define('RCUBE_CONFIG_DIR',   KOLAB_FREEBUSY_ROOT . '/config/');
-define('RCUBE_PLUGINS_DIR',  KOLAB_FREEBUSY_ROOT . '/lib/plugins/');
-
-
 
 /**
  * Implementation of a Free/Busy data source reading from IMAP
​

kolab-freebusy-1.1.0.tar.gz/lib/Kolab/FreeBusy/Utils.php Changed

 
@@ -86,6 +86,12 @@
                continue;
            }
 
+           // special entries that allow all IPs
+           if ($range === '*' || $range === 'all' || $range === '0/0'
+               || $range === '0.0.0.0/0' || $range === '0.0.0.0/0.0.0.0') {
+               return true;
+           }
+
            // quick substring check (e.g. 192.168.0.)
            if (( $ipv6 && strpos($ipbin, self::ip6net2bits($range)) === 0) ||
                (!$ipv6 && strpos($ip, rtrim($range, '*')) === 0)) {
​

kolab-freebusy-1.1.0.tar.gz/public_html/index.php Changed

@@ -27,6 +27,11 @@
 
 define('KOLAB_FREEBUSY_ROOT', realpath('../'));
 
+// configure env for Roundcube framework
+define('RCUBE_INSTALL_PATH', KOLAB_FREEBUSY_ROOT . '/');
+define('RCUBE_CONFIG_DIR',   KOLAB_FREEBUSY_ROOT . '/config/');
+define('RCUBE_PLUGINS_DIR',  KOLAB_FREEBUSY_ROOT . '/lib/plugins/');
+
 // suppress error notices
 ini_set('error_reporting', E_ALL &~ E_NOTICE);
 
@@ -61,8 +66,12 @@
 		$log->addDebug('Request (redirect): ' . $uri, array('ip' => $remote_ip, 'trusted' => $trusted_ip));
 	}
 
+	list($uri, $args) = explode('?', $uri);
+
 	// check HTTP authentication
 	if (!$trusted_ip && $config->httpauth) {
+		$_SERVER['FREEBUSY_URI'] = urldecode(rtrim($uri, '/'));
+
 		if (!HTTPAuth::check($config->httpauth)) {
 			$log->addDebug("Abort with 401 Unauthorized");
 			header('WWW-Authenticate: Basic realm="Kolab Free/Busy Service"');
@@ -74,12 +83,9 @@
 	#header('Content-type: text/calendar; charset=utf-8', true);
 	header('Content-type: text/plain; charset=utf-8', true);
 
-	list($uri, $args) = explode('?', $uri);
-
 	// analyse request
-	$url = array_filter(explode('/', $uri));
-	$user = strtolower(array_pop($url));
-	$action = strtolower(array_pop($url));
+	$url      = array_filter(explode('/', $uri));
+	$user     = strtolower(array_pop($url));
 	$extended = false;
 
 	// remove file extension

 
@@ -27,6 +27,11 @@
 
 define('KOLAB_FREEBUSY_ROOT', realpath('../'));
 
+// configure env for Roundcube framework
+define('RCUBE_INSTALL_PATH', KOLAB_FREEBUSY_ROOT . '/');
+define('RCUBE_CONFIG_DIR',   KOLAB_FREEBUSY_ROOT . '/config/');
+define('RCUBE_PLUGINS_DIR',  KOLAB_FREEBUSY_ROOT . '/lib/plugins/');
+
 // suppress error notices
 ini_set('error_reporting', E_ALL &~ E_NOTICE);
 
@@ -61,8 +66,12 @@
        $log->addDebug('Request (redirect): ' . $uri, array('ip' => $remote_ip, 'trusted' => $trusted_ip));
    }
 
+   list($uri, $args) = explode('?', $uri);
+
    // check HTTP authentication
    if (!$trusted_ip && $config->httpauth) {
+       $_SERVER['FREEBUSY_URI'] = urldecode(rtrim($uri, '/'));
+
        if (!HTTPAuth::check($config->httpauth)) {
            $log->addDebug("Abort with 401 Unauthorized");
            header('WWW-Authenticate: Basic realm="Kolab Free/Busy Service"');
@@ -74,12 +83,9 @@
    #header('Content-type: text/calendar; charset=utf-8', true);
    header('Content-type: text/plain; charset=utf-8', true);
 
-   list($uri, $args) = explode('?', $uri);
-
    // analyse request
-   $url = array_filter(explode('/', $uri));
-   $user = strtolower(array_pop($url));
-   $action = strtolower(array_pop($url));
+   $url      = array_filter(explode('/', $uri));
+   $user     = strtolower(array_pop($url));
    $extended = false;
 
    // remove file extension
​

kolab-freebusy.dsc Changed

 
@@ -2,7 +2,7 @@
 Source: kolab-freebusy
 Binary: kolab-freebusy
 Architecture: all
-Version: 1.1.0-0~kolab1
+Version: 1.1.0-0~kolab3
 Maintainer: Jeroen van Meeuwen <vanmeeuwen@kolabsys.com>
 Homepage: http://www.kolab.org
 Standards-Version: 3.9.3
​

Overview

Request 2183 (accepted)

Request History