*
* This implements all functions that do general IMAP functions.
*
- * @copyright © 1999-2006 The SquirrelMail Project Team
+ * @copyright © 1999-2007 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
$string = "<b><font color=\"$color[2]\">\n" .
_("ERROR: No available IMAP stream.") .
"</b></font>\n";
- error_box($string,$color);
+ error_box($string);
return false;
}
}
$string = "<b><font color=\"$color[2]\">\n" .
_("ERROR: No available IMAP stream.") .
"</b></font>\n";
- error_box($string,$color);
+ error_box($string);
return false;
}
}
*/
function sqimap_read_data_list($imap_stream, $tag, $handle_errors,
&$response, &$message, $query = '') {
- global $color, $squirrelmail_language;
+ global $color, $oTemplate, $squirrelmail_language;
set_up_language($squirrelmail_language);
$string = "<b><font color=\"$color[2]\">\n" .
_("ERROR: Bad function call.") .
'sqimap_run_command or sqimap_run_command_list instead<br /><br />'.
'The following query was issued:<br />'.
htmlspecialchars($query) . '<br />' . "</font><br />\n";
- error_box($string,$color);
- echo '</body></html>';
+ error_box($string);
+ $oTemplate->display('footer.tpl');
exit;
}
$string .= "</font><br />\n";
if ($link != '')
$string .= $link;
- error_box($string,$color);
+ error_box($string);
}
/**
if ($s === "}\r\n") {
$j = strrpos($read,'{');
$iLit = substr($read,$j+1,-3);
- $data[] = $read;
- $sLiteral = fread($imap_stream,$iLit);
- if ($sLiteral === false) { /* error */
- $read = false;
- break 3; /* while switch while */
+ // check for numeric value to avoid that untagged responses like:
+ // * OK [PARSE] Unexpected characters at end of address: {SET:debug=51}
+ // will trigger literal fetching ({SET:debug=51} !== int )
+ if (is_numeric($iLit)) {
+ $data[] = $read;
+ $sLiteral = fread($imap_stream,$iLit);
+ if ($sLiteral === false) { /* error */
+ $read = false;
+ break 3; /* while switch while */
+ }
+ $data[] = $sLiteral;
+ $data[] = sqimap_fgets($imap_stream);
+ } else {
+ $data[] = $read;
}
- $data[] = $sLiteral;
- $data[] = sqimap_fgets($imap_stream);
} else {
$data[] = $read;
}
/**
* Logs the user into the IMAP server. If $hide is set, no error messages
- * will be displayed. This function returns the IMAP connection handle.
+ * will be displayed (if set to 1, just exits, if set to 2, returns FALSE).
+ * This function returns the IMAP connection handle.
* @param string $username user name
- * @param string $password encrypted password
+ * @param string $password password encrypted with onetimepad. Since 1.5.2
+ * function can use internal password functions, if parameter is set to
+ * boolean false.
* @param string $imap_server_address address of imap server
* @param integer $imap_port port of imap server
- * @param boolean $hide controls display connection errors
- * @return stream
+ * @param int $hide controls display connection errors:
+ * 0 = do not hide
+ * 1 = show no errors (just exit)
+ * 2 = show no errors (return FALSE)
+ * 3 = show no errors (return error string)
+ * @return mixed The IMAP connection stream, or if the connection fails,
+ * FALSE if $hide is set to 2 or an error string if $hide
+ * is set to 3.
*/
function sqimap_login ($username, $password, $imap_server_address, $imap_port, $hide) {
global $color, $squirrelmail_language, $onetimepad, $use_imap_tls,
$imap_auth_mech, $sqimap_capabilities;
- if (!isset($onetimepad) || empty($onetimepad)) {
- sqgetglobalvar('onetimepad' , $onetimepad , SQ_SESSION );
+ // Note/TODO: This hack grabs the $authz argument from the session. In the short future,
+ // a new argument in function sqimap_login() will be used instead.
+ $authz = '';
+ global $authz;
+ sqgetglobalvar('authz' , $authz , SQ_SESSION);
+
+ if(!empty($authz)) {
+ /* authz plugin - specific:
+ * Get proxy login parameters from authz plugin configuration. If they
+ * exist, they will override the current ones.
+ * This is useful if we want to use different SASL authentication mechanism
+ * and/or different TLS settings for proxy logins. */
+ global $authz_imap_auth_mech, $authz_use_imap_tls, $authz_imapPort_tls;
+ $imap_auth_mech = !empty($authz_imap_auth_mech) ? strtolower($authz_imap_auth_mech) : $imap_auth_mech;
+ $use_imap_tls = !empty($authz_use_imap_tls)? $authz_use_imap_tls : $use_imap_tls;
+ $imap_port = !empty($authz_use_imap_tls)? $authz_imapPort_tls : $imap_port;
+
+ if($imap_auth_mech == 'login' || $imap_auth_mech == 'cram-md5') {
+ logout_error("Misconfigured Plugin (authz or equivalent):<br/>".
+ "The LOGIN and CRAM-MD5 authentication mechanisms cannot be used when attempting proxy login.");
+ exit;
+ }
}
+
+ /* get imap login password */
+ if ($password===false) {
+ /* standard functions */
+ $password = sqauth_read_password();
+ } else {
+ /* old way. $key must be extracted from cookie */
+ if (!isset($onetimepad) || empty($onetimepad)) {
+ sqgetglobalvar('onetimepad' , $onetimepad , SQ_SESSION );
+ }
+ /* Decrypt the password */
+ $password = OneTimePadDecrypt($password, $onetimepad);
+ }
+
if (!isset($sqimap_capabilities)) {
- sqgetglobalvar('sqimap_capabilities' , $capability , SQ_SESSION );
+ sqgetglobalvar('sqimap_capabilities' , $sqimap_capabilities , SQ_SESSION );
}
$host = $imap_server_address;
$imap_stream = sqimap_create_stream($imap_server_address,$imap_port,$use_imap_tls);
- /* Decrypt the password */
- $password = OneTimePadDecrypt($password, $onetimepad);
-
if (($imap_auth_mech == 'cram-md5') OR ($imap_auth_mech == 'digest-md5')) {
// We're using some sort of authentication OTHER than plain or login
$tag=sqimap_session_id(false);
// Got a challenge back
$challenge=$response[1];
if ($imap_auth_mech == 'digest-md5') {
- $reply = digest_md5_response($username,$password,$challenge,'imap',$host);
+ $reply = digest_md5_response($username,$password,$challenge,'imap',$host,$authz);
} elseif ($imap_auth_mech == 'cram-md5') {
$reply = cram_md5_response($username,$password,$challenge);
}
$read = sqimap_run_command ($imap_stream, $query, false, $response, $message);
} elseif ($imap_auth_mech == 'plain') {
/***
- * SASL PLAIN
- *
- * RFC 2595 Chapter 6
- *
- * The mechanism consists of a single message from the client to the
- * server. The client sends the authorization identity (identity to
- * login as), followed by a US-ASCII NUL character, followed by the
- * authentication identity (identity whose password will be used),
- * followed by a US-ASCII NUL character, followed by the clear-text
- * password. The client may leave the authorization identity empty to
- * indicate that it is the same as the authentication identity.
+ * SASL PLAIN, RFC 4616 (updates 2595)
*
- **/
+ * The mechanism consists of a single message, a string of [UTF-8]
+ * encoded [Unicode] characters, from the client to the server. The
+ * client presents the authorization identity (identity to act as),
+ * followed by a NUL (U+0000) character, followed by the authentication
+ * identity (identity whose password will be used), followed by a NUL
+ * (U+0000) character, followed by the clear-text password. As with
+ * other SASL mechanisms, the client does not provide an authorization
+ * identity when it wishes the server to derive an identity from the
+ * credentials and use that as the authorization identity.
+ */
$tag=sqimap_session_id(false);
- $sasl = (isset($capability['SASL-IR']) && $capability['SASL-IR']) ? true : false;
- $auth = base64_encode("$username\0$username\0$password");
+ $sasl = (isset($sqimap_capabilities['SASL-IR']) && $sqimap_capabilities['SASL-IR']) ? true : false;
+ if(!empty($authz)) {
+ $auth = base64_encode("$username\0$authz\0$password");
+ } else {
+ $auth = base64_encode("$username\0$username\0$password");
+ }
if ($sasl) {
// IMAP Extension for SASL Initial Client Response
// <draft-siemborski-imap-sasl-initial-response-01b.txt>
$results=explode(" ",$read,3);
$response=$results[1];
$message=$results[2];
+
} else {
$response="BAD";
$message="Internal SquirrelMail error - unknown IMAP authentication method chosen. Please contact the developers.";
/* If the connection was not successful, lets see why */
if ($response != 'OK') {
- if (!$hide) {
+ if (!$hide || $hide == 3) {
+//FIXME: UUURG... We don't want HTML in error messages, should also do html sanitizing of error messages elsewhere; should't assume output is destined for an HTML browser here
if ($response != 'NO') {
/* "BAD" and anything else gets reported here. */
$message = htmlspecialchars($message);
set_up_language($squirrelmail_language, true);
if ($response == 'BAD') {
+ if ($hide == 3) return sprintf(_("Bad request: %s"), $message);
$string = sprintf (_("Bad request: %s")."<br />\r\n", $message);
} else {
+ if ($hide == 3) return sprintf(_("Unknown error: %s"), $message);
$string = sprintf (_("Unknown error: %s") . "<br />\n", $message);
}
if (isset($read) && is_array($read)) {
$string .= htmlspecialchars($line) . "<br />\n";
}
}
- error_box($string,$color);
+ error_box($string);
exit;
} else {
/*
set_up_language($squirrelmail_language, true);
sqsession_destroy();
- sqsetcookieflush();
+
/* terminate the session nicely */
sqimap_logout($imap_stream);
+ if ($hide == 3) return _("Unknown user or password incorrect.");
logout_error( _("Unknown user or password incorrect.") );
exit;
}
} else {
+ if ($hide == 2) return FALSE;
exit;
}
}
for ($i=2; $i < count($c); $i++) {
$cap_list = explode('=', $c[$i]);
if (isset($cap_list[1])) {
+ if(isset($sqimap_capabilities[trim($cap_list[0])]) &&
+ !is_array($sqimap_capabilities[trim($cap_list[0])])) {
+ // Remove array key that was added in 'else' block below
+ // This is to accomodate for capabilities like:
+ // SORT SORT=MODSEQ
+ unset($sqimap_capabilities[trim($cap_list[0])]);
+ }
$sqimap_capabilities[trim($cap_list[0])][] = $cap_list[1];
} else {
- $sqimap_capabilities[trim($cap_list[0])] = TRUE;
+ if(!isset($sqimap_capabilities[trim($cap_list[0])])) {
+ $sqimap_capabilities[trim($cap_list[0])] = TRUE;
+ }
}
}
}
* OS: According to rfc2342 response from NAMESPACE command is:
* OS: * NAMESPACE (PERSONAL NAMESPACES) (OTHER_USERS NAMESPACE) (SHARED NAMESPACES)
* OS: We want to lookup all personal NAMESPACES...
+ *
+ * TODO: remove this in favour of the information from sqimap_get_namespace()
*/
$read = sqimap_run_command($imap_stream, 'NAMESPACE', true, $a, $b);
if (eregi('\\* NAMESPACE +(\\( *\\(.+\\) *\\)|NIL) +(\\( *\\(.+\\) *\\)|NIL) +(\\( *\\(.+\\) *\\)|NIL)', $read[0], $data)) {
return $sqimap_delimiter;
}
+/**
+ * Retrieves the namespaces from the IMAP server.
+ * NAMESPACE is an IMAP extension defined in RFC 2342.
+ *
+ * @param stream $imap_stream
+ * @return array
+ */
+function sqimap_get_namespace($imap_stream) {
+ $read = sqimap_run_command($imap_stream, 'NAMESPACE', true, $a, $b);
+ return sqimap_parse_namespace($read[0]);
+}
+
+/**
+ * Parses a NAMESPACE response and returns an array with the available
+ * personal, users and shared namespaces.
+ *
+ * @param string $input
+ * @return array The returned array has the following format:
+ * <pre>
+ * array(
+ * 'personal' => array(
+ * 0 => array('prefix'=>'INBOX.','delimiter' =>'.'),
+ * 1 => ...
+ * ),
+ * 'users' => array(..
+ * ),
+ * 'shared' => array( ..
+ * )
+ * )
+ * </pre>
+ * Note that if a namespace is not defined in the server, then the corresponding
+ * array will be empty.
+ */
+function sqimap_parse_namespace(&$input) {
+ $ns_strings = array(1=>'personal', 2=>'users', 3=>'shared');
+ $namespace = array();
+
+ if(ereg('NAMESPACE (\(\(.*\)\)|NIL) (\(\(.*\)\)|NIL) (\(\(.*\)\)|NIL)', $input, $regs) !== false) {
+ for($i=1; $i<=3; $i++) {
+ if($regs[$i] == 'NIL') {
+ $namespace[$ns_strings[$i]] = array();
+ } else {
+ // Pop-out the first ( and last ) for easier parsing
+ $ns = substr($regs[$i], 1, sizeof($regs[$i])-2);
+ if($c = preg_match_all('/\((?:(.*?)\s*?)\)/', $ns, $regs2)) {
+ $namespace[$ns_strings[$i]] = array();
+ for($j=0; $j<sizeof($regs2[1]); $j++) {
+ preg_match('/"(.*)"\s+("(.*)"|NIL)/', $regs2[1][$j], $regs3);
+ $namespace[$ns_strings[$i]][$j]['prefix'] = $regs3[1];
+ if($regs3[2] == 'NIL') {
+ $namespace[$ns_strings[$i]][$j]['delimiter'] = null;
+ } else {
+ // $regs[3] is $regs[2] without the quotes
+ $namespace[$ns_strings[$i]][$j]['delimiter'] = $regs3[3];
+ }
+ unset($regs3);
+ }
+ }
+ unset($ns);
+ }
+ }
+ }
+ return($namespace);
+}
+
/**
* This encodes a mailbox name for use in IMAP commands.
* @param string $what the mailbox to encode
if (!empty($hook_status)) {
$hook_status['MAILBOX']=$mailbox;
$hook_status['CALLER']='sqimap_status_messages';
- do_hook_function('folder_status',$hook_status);
+ do_hook('folder_status', $hook_status);
}
return $status;
}
$yp = `ypmatch $username aliases`;
return chop(substr($yp, strlen($username)+1));
}
-
-?>
\ No newline at end of file