X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=config%2Fconf.pl;h=92daefc16d22d73b48beb90024781d99aa786b32;hb=bf1d85e8aa8ebc8d1cca82084ea87f769d5431b1;hp=7543b6d951257198ed29d920cc663d7300d96ca0;hpb=93c06fa2fe24bf3baef31ac26e356d2c9d6454d7;p=squirrelmail.git diff --git a/config/conf.pl b/config/conf.pl index 7543b6d9..92daefc1 100755 --- a/config/conf.pl +++ b/config/conf.pl @@ -346,7 +346,7 @@ if ( !$use_imap_tls ) { } if ( !$imap_auth_mech ) { - $imap_auth_mech = 'plain'; + $imap_auth_mech = 'login'; } if (!$session_name ) { @@ -749,6 +749,12 @@ sub command1 { print "possible. If you set up an organization name, most places where\n"; print "SquirrelMail would take credit will be credited to your organization.\n"; print "\n"; + print "If your Organization Name includes a '\$', please precede it with a \\. \n"; + print "Other '\$' will be considered the beginning of a variable that\n"; + print "must be defined before the \$org_name is printed.\n"; + print "\$version, for example, is included by default, and will print the\n"; + print "string representing the current SquirrelMail version.\n"; + print "\n"; print "[$WHT$org_name$NRM]: $WHT"; $new_org_name = ; if ( $new_org_name eq "\n" ) { @@ -765,7 +771,7 @@ sub command2 { print "Your organization's logo is an image that will be displayed at\n"; print "different times throughout SquirrelMail. This is asking for the\n"; print "literal (/usr/local/squirrelmail/images/logo.png) or relative\n"; - print "(../images/logo.png) path to your logo.\n"; + print "(../images/logo.png) path from the config directory to your logo.\n"; print "Relative paths to files outside the SquirrelMail distribution\n"; print "will be converted to their absolute path equivalents in config.php.\n"; print "\n"; @@ -810,6 +816,12 @@ sub command3 { print "the titlebar. Usually this will end up looking something like:\n"; print "\"Netscape: $org_title\"\n"; print "\n"; + print "If your Organization Title includes a '\$', please precede it with a \\. \n"; + print "Other '\$' will be considered the beginning of a variable that\n"; + print "must be defined before the \$org_title is printed.\n"; + print "\$version, for example, is included by default, and will print the\n"; + print "string representing the current SquirrelMail version.\n"; + print "\n"; print "[$WHT$org_title$NRM]: $WHT"; $new_org_title = ; if ( $new_org_title eq "\n" ) { @@ -1118,14 +1130,14 @@ sub command111 { return $new_optional_delimiter; } # IMAP authentication type -# Possible values: plain, cram-md5, digest-md5 +# Possible values: login, cram-md5, digest-md5 # Now offers to detect supported mechs, assuming server & port are set correctly sub command112a { print "If you have already set the hostname and port number, I can try to\n"; print "detect the mechanisms your IMAP server supports.\n"; print "I will try to detect CRAM-MD5 and DIGEST-MD5 support. I can't test\n"; - print "for \"plain\" without knowing a username and password.\n"; + print "for \"login\" without knowing a username and password.\n"; print "Auto-detecting is optional - you can safely say \"n\" here.\n"; print "\nTry to detect supported mechanisms? [y/N]: "; $inval=; @@ -1160,15 +1172,15 @@ sub command112a { } print "\nWhat authentication mechanism do you want to use for IMAP connections?\n\n"; - print $WHT . "plain" . $NRM . " - Plaintext. If you can do better, you probably should.\n"; - print $WHT . "cram-md5" . $NRM . " - Slightly better than plaintext.\n"; + print $WHT . "login" . $NRM . " - Plaintext. If you can do better, you probably should.\n"; + print $WHT . "cram-md5" . $NRM . " - Slightly better than plaintext methods.\n"; print $WHT . "digest-md5" . $NRM . " - Privacy protection - better than cram-md5.\n"; print "\n*** YOUR IMAP SERVER MUST SUPPORT THE MECHANISM YOU CHOOSE HERE ***\n"; - print "If you don't understand or are unsure, you probably want \"plain\"\n\n"; - print "plain, cram-md5, or digest-md5 [$WHT$imap_auth_mech$NRM]: $WHT"; + print "If you don't understand or are unsure, you probably want \"login\"\n\n"; + print "login, cram-md5, or digest-md5 [$WHT$imap_auth_mech$NRM]: $WHT"; $inval=; chomp($inval); - if ( ($inval =~ /^cram-md5\b/i) || ($inval =~ /^digest-md5\b/i) || ($inval =~ /^plain\b/i)) { + if ( ($inval =~ /^cram-md5\b/i) || ($inval =~ /^digest-md5\b/i) || ($inval =~ /^login\b/i)) { return lc($inval); } else { # user entered garbage or default value so nothing needs to be set @@ -1191,7 +1203,7 @@ sub command112b { print "Trying to detect supported methods (SMTP)...\n"; # Special case! - # Check none by trying to relay to junk@birdbrained.org + # Check none by trying to relay to junk@microsoft.com $host = $smtpServerAddress . ':' . $smtpPort; use IO::Socket; my $sock = IO::Socket::INET->new($host); @@ -1202,7 +1214,7 @@ sub command112b { } else { print $sock "mail from: tester\@squirrelmail.org\n"; $got = <$sock>; # Discard - print $sock "rcpt to: junk\@birdbrained.org\n"; + print $sock "rcpt to: junk\@microsoft.com\n"; $got = <$sock>; # This is the important line if ($got =~ /^250\b/) { # SMTP will relay without auth print "SUPPORTED$NRM\n"; @@ -1213,8 +1225,8 @@ sub command112b { print $sock "quit\n"; close $sock; } - # Try plain (SquirrelMail default) - print "Testing plain:\t\t"; + # Try login (SquirrelMail default) + print "Testing login:\t\t"; $tmp=detect_auth_support('SMTP',$host,'LOGIN'); if (defined($tmp)) { if ($tmp eq 'YES') { @@ -1254,12 +1266,12 @@ sub command112b { } print "\tWhat authentication mechanism do you want to use for SMTP connections?\n"; print $WHT . "none" . $NRM . " - Your SMTP server does not require authorization.\n"; - print $WHT . "plain" . $NRM . " - Plaintext. If you can do better, you probably should.\n"; + print $WHT . "login" . $NRM . " - Plaintext. If you can do better, you probably should.\n"; print $WHT . "cram-md5" . $NRM . " - Slightly better than plaintext.\n"; print $WHT . "digest-md5" . $NRM . " - Privacy protection - better than cram-md5.\n"; - print "\n*** YOUR SMTP SERVER MUST SUPPORT THE MECHANISM YOU CHOOSE HERE ***\n"; + print $WHT . "\n*** YOUR SMTP SERVER MUST SUPPORT THE MECHANISM YOU CHOOSE HERE ***\n" . $NRM; print "If you don't understand or are unsure, you probably want \"none\"\n\n"; - print "none, plain, cram-md5, or digest-md5 [$WHT$smtp_auth_mech$NRM]: $WHT"; + print "none, login, cram-md5, or digest-md5 [$WHT$smtp_auth_mech$NRM]: $WHT"; $inval=; chomp($inval); if ($inval =~ /^none\b/i) { @@ -1267,7 +1279,7 @@ sub command112b { return "none"; } if ( ($inval =~ /^cram-md5\b/i) || ($inval =~ /^digest-md5\b/i) || - ($inval =~ /^plain\b/i)) { + ($inval =~ /^login\b/i)) { return lc($inval); } else { # user entered garbage, or default value so nothing needs to be set @@ -1813,16 +1825,17 @@ sub command31 { # Data directory sub command33a { - print "It is a possible security hole to have a writable directory\n"; - print "under the web server's root directory (ex: /home/httpd/html).\n"; - print "For this reason, it is possible to put the data directory\n"; - print "anywhere you would like. The path name can be absolute or\n"; - print "relative (to the config directory). It doesn't matter. Here\n"; - print "are two examples:\n"; - print " Absolute: /usr/local/squirrelmail/data/\n"; - print " Relative: ../data/\n"; + print "Specify the location for your data directory.\n"; + print "The path name can be absolute or relative (to the config directory).\n"; + print "It doesn't matter. Here are two examples:\n"; + print " Absolute: /var/spool/data/\n"; + print " Relative: ../data/\n"; print "Relative paths to directories outside of the SquirrelMail distribution\n"; - print "will be converted to their absolute path equivalents in config.php.\n"; + print "will be converted to their absolute path equivalents in config.php.\n\n"; + print "Note: There are potential security risks with having a writable directory\n"; + print "under the web server's root directory (ex: /home/httpd/html).\n"; + print "For this reason, it is recommended to put the data directory\n"; + print "in an alternate location of your choice. \n"; print "\n"; print "[$WHT$data_dir$NRM]: $WHT"; @@ -1844,19 +1857,25 @@ sub command33a { # Attachment directory sub command33b { print "Path to directory used for storing attachments while a mail is\n"; - print "being sent. There are a few security considerations regarding this\n"; + print "being sent. The path name can be absolute or relative (to the config directory).\n"; + print "It doesn't matter. Here are two examples:\n"; + print " Absolute: /var/spool/attach/\n"; + print " Relative: ../attach/\n"; + print "Relative paths to directories outside of the SquirrelMail distribution\n"; + print "will be converted to their absolute path equivalents in config.php.\n\n"; + print "Note: There are a few security considerations regarding this\n"; print "directory:\n"; print " 1. It should have the permission 733 (rwx-wx-wx) to make it\n"; print " impossible for a random person with access to the webserver\n"; print " to list files in this directory. Confidential data might\n"; print " be laying around in there.\n"; + print " Depending on your user:group assignments, 730 (rwx-wx---)\n"; + print " may be possible, and more secure (e.g. root:apache)\n"; print " 2. Since the webserver is not able to list the files in the\n"; print " content is also impossible for the webserver to delete files\n"; print " lying around there for too long.\n"; print " 3. It should probably be another directory than the data\n"; print " directory specified in option 3.\n"; - print "Relative paths to directories outside of the SquirrelMail distribution\n"; - print "will be converted to their absolute path equivalents in config.php.\n"; print "\n"; print "[$WHT$attachment_dir$NRM]: $WHT"; @@ -2952,13 +2971,15 @@ sub set_defaults { $tmp = ; } -############################################################ # This subroutine corrects relative paths to ensure they # will work within the SM space. If the path falls within # the SM directory tree, the SM_PATH variable will be # prepended to the path, if not, then the path will be -# converted to an absolute path. -############################################################ +# converted to an absolute path, e.g. +# '../images/logo.gif' --> SM_PATH . 'images/logo.gif' +# 'images/logo.gif' --> SM_PATH . 'config/images/logo.gif' +# '/absolute/path/logo.gif' --> '/absolute/path/logo.gif' +# 'http://whatever/' --> 'http://whatever' sub change_to_SM_path() { my ($old_path) = @_; my $new_path = ''; @@ -2968,10 +2989,8 @@ sub change_to_SM_path() { # If the path is absolute, don't bother. return "\'" . $old_path . "\'" if ( $old_path eq ''); - return "\'" . $old_path . "\'" if ( $old_path =~ /^\// ); - return "\'" . $old_path . "\'" if ( $old_path =~ /^http/ ); - return $old_path if ( $old_path =~ /^\$/); - return $old_path if ( $old_path =~ /^SM_PATH/ ); + return "\'" . $old_path . "\'" if ( $old_path =~ /^(\/|http)/ ); + return $old_path if ( $old_path =~ /^(\$|SM_PATH)/); # For relative paths, split on '../' @rel_path = split(/\.\.\//, $old_path); @@ -2996,26 +3015,27 @@ sub change_to_SM_path() { $new_path .= '\''; } else { # Last, it's a relative path without any leading '.' - # Prepend SM_PATH (no substitution required) - $new_path = "SM_PATH . \'" . $old_path . "\'"; + # Prepend SM_PATH and config, since the paths are + # relative to the config directory + $new_path = "SM_PATH . \'config/" . $old_path . "\'"; } return $new_path; } + +# Change SM_PATH to admin-friendly version, e.g.: +# SM_PATH . 'images/logo.gif' --> '../images/logo.gif' +# SM_PATH . 'config/some.php' --> 'some.php' +# '/absolute/path/logo.gif' --> '/absolute/path/logo.gif' +# 'http://whatever/' --> 'http://whatever' sub change_to_rel_path() { my ($old_path) = @_; - my $new_path = ''; - - return $old_path if ( $old_path eq ''); - return $old_path if ( $old_path =~ /^\$/ ); - return $old_path if ( $old_path =~ /^\// ); - return $old_path if ( $old_path =~ /^http/ ); - return $old_path if ( $old_path =~ /^\.\./ ); + my $new_path = $old_path; if ( $old_path =~ /^SM_PATH/ ) { - $new_path = $old_path; $new_path =~ s/^SM_PATH . \'/\.\.\//; + $new_path =~ s/\.\.\/config\///; } return $new_path; @@ -3056,9 +3076,16 @@ sub detect_auth_support { return undef; } my $discard = <$sock>; # Server greeting/banner - who cares.. + + if ($service eq 'SMTP') { + # Say hello first.. + print $sock "helo $domain\n"; + $discard = <$sock>; # Yeah yeah, you're happy to see me.. + } print $sock $cmd; my $response = <$sock>; + chomp($response); if (!defined($response)) { return undef; } @@ -3069,6 +3096,9 @@ sub detect_auth_support { # Not supported close $sock; return 'NO'; + } elsif ($response =~ /^503/) { + #Something went wrong + return undef; } } elsif ($service eq 'IMAP') { if ($response =~ /^A01/) {