X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=config%2Fconf.pl;h=61f2bf98325cad7fb5da9564c4ade0da6fc17df8;hp=7258069a11f2286927513f78cdda5684c675ed7a;hb=ab0c4c3a6d9ae04b2d9735a8b7a040d49a14eec9;hpb=b6cbc7e02317573ab78f9dda62929153f992eca5 diff --git a/config/conf.pl b/config/conf.pl index 7258069a..61f2bf98 100755 --- a/config/conf.pl +++ b/config/conf.pl @@ -1,7 +1,7 @@ #!/usr/bin/env perl # conf.pl # -# Copyright (c) 1999-2007 The SquirrelMail Project Team +# Copyright (c) 1999-2012 The SquirrelMail Project Team # Licensed under the GNU GPL. For full terms see COPYING. # # A simple configure script to configure SquirrelMail @@ -491,6 +491,8 @@ $icon_theme_def = '' if ( !$icon_theme_def ); $disable_plugins = 'false' if ( !$disable_plugins ); $disable_plugins_user = '' if ( !$disable_plugins_user ); $only_secure_cookies = 'true' if ( !$only_secure_cookies ); +$disable_security_tokens = 'false' if ( !$disable_security_tokens ); +$check_referrer = '' if ( !$check_referrer ); $ask_user_info = 'true' if ( !$ask_user_info ); if ( $ARGV[0] eq '--install-plugin' ) { @@ -543,11 +545,12 @@ $list_supported_imap_servers = " hmailserver = hMailServer\n" . " macosx = Mac OS X Mailserver\n" . " mercury32 = Mercury/32\n" . - " uw = University of Washington's IMAP server\n"; + " uw = University of Washington's IMAP server\n" . + " gmail = IMAP access to Google mail (Gmail) accounts\n"; ##################################################################################### if ( $config_use_color == 1 ) { - $WHT = "\x1B[37;1m"; + $WHT = "\x1B[1m"; $NRM = "\x1B[0m"; } else { $WHT = ""; @@ -720,6 +723,8 @@ while ( ( $command ne "q" ) && ( $command ne "Q" ) && ( $command ne ":q" ) ) { print "15. Time zone configuration : $WHT$time_zone_type$NRM\n"; print "16. Location base : $WHT$config_location_base$NRM\n"; print "17. Only secure cookies if poss. : $WHT$only_secure_cookies$NRM\n"; + print "18. Disable secure forms : $WHT$disable_security_tokens$NRM\n"; + print "19. Page referal requirement : $WHT$check_referrer$NRM\n"; print "\n"; print "R Return to Main Menu\n"; } elsif ( $menu == 5 ) { @@ -906,7 +911,7 @@ while ( ( $command ne "q" ) && ( $command ne "Q" ) && ( $command ne ":q" ) ) { $NRM = ""; } else { $config_use_color = 1; - $WHT = "\x1B[37;1m"; + $WHT = "\x1B[1m"; $NRM = "\x1B[0m"; } } elsif ( $command =~ /^w([0-9]+)/ ) { @@ -994,6 +999,8 @@ while ( ( $command ne "q" ) && ( $command ne "Q" ) && ( $command ne ":q" ) ) { elsif ( $command == 15 ) { $time_zone_type = command318(); } elsif ( $command == 16 ) { $config_location_base = command_config_location_base(); } elsif ( $command == 17 ) { $only_secure_cookies = command319(); } + elsif ( $command == 18 ) { $disable_security_tokens = command320(); } + elsif ( $command == 19 ) { $check_referrer = command321(); } } elsif ( $menu == 5 ) { if ( $command == 1 ) { $use_icons = commandB3(); } # elsif ( $command == 3 ) { $icon_theme_def = command53(); } @@ -1518,7 +1525,7 @@ sub command112a { # SMTP authentication type -# Possible choices: none, plain, cram-md5, digest-md5 +# Possible choices: none, login, plain, cram-md5, digest-md5 sub command112b { if ($use_smtp_tls ne "0") { print "Auto-detection of login methods is unavailable when using TLS or STARTTLS.\n"; @@ -1559,6 +1566,7 @@ sub command112b { print $sock "QUIT\r\n"; close $sock; } + # Try login (SquirrelMail default) print "Testing login:\t\t"; $tmp=detect_auth_support('SMTP',$host,'LOGIN'); @@ -1572,6 +1580,19 @@ sub command112b { print $WHT . "ERROR DETECTING$NRM\n"; } + # Try plain + print "Testing plain:\t\t"; + $tmp=detect_auth_support('SMTP',$host,'PLAIN'); + if (defined($tmp)) { + if ($tmp eq 'YES') { + print $WHT . "SUPPORTED$NRM\n"; + } else { + print $WHT . "NOT SUPPORTED$NRM\n"; + } + } else { + print $WHT . "ERROR DETECTING$NRM\n"; + } + # Try CRAM-MD5 print "Testing CRAM-MD5:\t"; $tmp=detect_auth_support('SMTP',$host,'CRAM-MD5'); @@ -1602,12 +1623,12 @@ sub command112b { print "\nWhat authentication mechanism do you want to use for SMTP connections?\n"; print $WHT . "none" . $NRM . " - Your SMTP server does not require authorization.\n"; print $WHT . "login" . $NRM . " - Plaintext. If you can do better, you probably should.\n"; - print $WHT . "plain" . $NRM . " - SASL PLAIN. You already know it if you need this.\n"; + print $WHT . "plain" . $NRM . " - SASL PLAIN. Plaintext. If you can do better, you probably should.\n"; print $WHT . "cram-md5" . $NRM . " - Slightly better than plaintext.\n"; print $WHT . "digest-md5" . $NRM . " - Privacy protection - better than cram-md5.\n"; print $WHT . "\n*** YOUR SMTP SERVER MUST SUPPORT THE MECHANISM YOU CHOOSE HERE ***\n" . $NRM; print "If you don't understand or are unsure, you probably want \"none\"\n\n"; - print "none, login, cram-md5, or digest-md5 [$WHT$smtp_auth_mech$NRM]: $WHT"; + print "none, login, plain, cram-md5, or digest-md5 [$WHT$smtp_auth_mech$NRM]: $WHT"; $inval=; chomp($inval); if ($inval =~ /^none\b/i) { @@ -1747,17 +1768,22 @@ sub display_use_tls($) { # $encode_header_key sub command114 { - print "Encryption key allows to hide SquirrelMail Received: headers\n"; - print "in outbound messages. Interface uses encryption key to encode\n"; - print "username, remote address and proxied address, then stores encoded\n"; - print "information in X-Squirrel-* headers.\n"; + print "This encryption key allows the hiding of SquirrelMail Received:\n"; + print "headers in outbound messages. SquirrelMail uses the encryption\n"; + print "key to encode the username, remote address, and proxied address\n"; + print "and then stores that encoded information in X-Squirrel-* headers.\n"; print "\n"; - print "Warning: used encryption function is not bulletproof. When used\n"; - print "with static encryption keys, it provides only minimal security\n"; - print "measures and information can be decoded quickly.\n"; + print "Warning: the encryption function used to accomplish this is not\n"; + print "bulletproof. When used with a static encryption key as it is here,\n"; + print "it provides only minimal security and the encoded user information\n"; + print "in the X-Squirrel-* headers can be decoded quickly by a skilled\n"; + print "attacker.\n"; print "\n"; - print "Encoded information can be decoded with decrypt_headers.php script\n"; - print "from SquirrelMail contrib/ directory.\n"; + print "When you need to inspect an email sent from your system with the\n"; + print "X-Squirrel-* headers, you can decode the user information therein\n"; + print "by using the decrypt_headers.php script found in the SquirrelMail\n"; + print "contrib/ directory. You'll need the encryption key that you\n"; + print "defined here when doing so.\n"; print "\n"; print "Enter encryption key: "; $new_encode_header_key = ; @@ -2540,7 +2566,7 @@ sub command310 { sub command311 { print "$NRM"; - print " Given that users are not allowed to modify their + print "\n Given that users are not allowed to modify their email address, can they edit their full name? "; @@ -2562,17 +2588,22 @@ sub command311 { sub command311b { print "$NRM"; - print " SquirrelMail adds username information to every sent email - in order to prevent possible sender forging when users are allowed + print "\n SquirrelMail adds username information to every outgoing email in + order to prevent possible sender forging by users that are allowed to change their email and/or full name. - You can remove user information from this header (y), if you think that - it violates privacy or security. + You can remove user information from this header (y) if you think + that it violates privacy or security. - Note: If users are allowed to change their email addresses, - this setting will make it difficult to determine who sent what where. + Note: If users are allowed to change their email addresses, this + setting will make it difficult to determine who sent what where. Use at your own risk. + Note: If you have defined a header encryption key in your SMTP or + Sendmail settings (see the \"Server Settings\" option page), this + setting is ignored because all user information in outgoing messages + is encoded. + "; if ( lc($hide_auth_header) eq "true" ) { @@ -2760,6 +2791,63 @@ sub command319 { } +# disable_security_tokens (since 1.5.2) +sub command320 { + print "This option allows you to turn off the security checks in the forms\n"; + print "that SquirrelMail generates. It is NOT RECOMMENDED that you disable\n"; + print "this feature - otherwise, your users may be exposed to phishing and\n"; + print "other attacks.\n"; + print "Unless you know what you are doing, you should leave this set to \"NO\".\n"; + print "\n"; + + if ( lc($disable_security_tokens) eq 'true' ) { + $default_value = "y"; + } else { + $default_value = "n"; + } + print "Disable secure forms? (y/n) [$WHT$default_value$NRM]: $WHT"; + $disable_security_tokens = ; + if ( ( $disable_security_tokens =~ /^y\n/i ) || ( ( $disable_security_tokens =~ /^\n/ ) && ( $default_value eq "y" ) ) ) { + $disable_security_tokens = 'true'; + } else { + $disable_security_tokens = 'false'; + } + return $disable_security_tokens; +} + + + +# check_referrer (since 1.1.5.2) +sub command321 { + print "This option allows you to enable referal checks for all page requests\n"; + print "made to SquirrelMail. This can help ensure that page requests came\n"; + print "from the same server and not from an attacker's site (usually the\n"; + print "result of a XSS or phishing attack). To enable referal checking,\n"; + print "this setting can be set to the domain where your SquirrelMail is\n"; + print "being hosted (usually the same as the Domain setting under Server\n"; + print "Settings). For example, it could be \"example.com\", or if you\n"; + print "use a plugin (such as Login Manager) to host SquirrelMail on more\n"; + print "than one domain, you can set this to \"###DOMAIN###\" to tell it\n"; + print "to use the current domain.\n"; + print "\n"; + print "However, in some cases (where proxy servers are in use, etc.), the\n"; + print "domain might be different.\n"; + print "\n"; + print "NOTE that referal checks are not foolproof - they can be spoofed by\n"; + print "browsers, and some browsers intentionally don't send referal\n"; + print "information (in which case, the check is silently bypassed)\n"; + print "\n"; + + print "Referal requirement? [$WHT$check_referrer$NRM]: $WHT"; + $new_check_referrer = ; + chomp($new_check_referrer); + $check_referrer = $new_check_referrer; + + return $check_referrer; +} + + + sub command_userThemes { print "\nDefine the user themes that you wish to use. If you have added\n"; print "a theme of your own, just follow the instructions (?) about\n"; @@ -4088,9 +4176,7 @@ sub command94 { sub command95 { print "This is the name of the field in which you want to store the\n"; - print "username of the person the prefs are for. It default to 'user'\n"; - print "which clashes with a reserved keyword in PostgreSQL so this\n"; - print "will need to be changed for that database at least\n"; + print "username of the person the prefs are for. It defaults to 'user'\n"; print "\n"; print "[$WHT$prefs_user_field$NRM]: $WHT"; $new_field = ; @@ -4555,12 +4641,12 @@ sub commandB8 { print "1 " . ($sm_debug_mode & 1 ? "y" : " ") . " Simple debugging (PHP E_ERROR)\n"; print "2 " . ($sm_debug_mode & 512 ? "y" : " ") - . " Moderate debugging (PHP E_ALL)\n"; + . " Moderate debugging (PHP E_ALL without E_STRICT)\n"; print "3 " . ($sm_debug_mode & 524288 ? "y" : " ") - . " Advanced debugging (PHP E_ALL plus log errors\n"; - print " intentionally suppressed)\n"; + . " Advanced debugging (PHP E_ALL (without E_STRICT) plus\n"; + print " log errors intentionally suppressed)\n"; print "4 " . ($sm_debug_mode & 536870912 ? "y" : " ") - . " Strict debugging (PHP E_STRICT)\n"; + . " Strict debugging (PHP E_ALL and E_STRICT)\n"; print "\n"; print "SquirrelMail debug mode (0,1,2,3,4) or d when done? : $WHT"; @@ -5018,7 +5104,7 @@ sub save_data { # integer print CF " 'search_tree' => $ldap_search_tree[$count]"; } - if ( $ldap_listing[$count] ) { + if ( $ldap_starttls[$count] ) { print CF ",\n"; # boolean print CF " 'starttls' => $ldap_starttls[$count]"; @@ -5080,7 +5166,11 @@ sub save_data { # string print CF "\$session_name = '$session_name';\n"; # boolean - print CF "\$only_secure_cookies = $only_secure_cookies;\n"; + print CF "\$only_secure_cookies = $only_secure_cookies;\n"; + print CF "\$disable_security_tokens = $disable_security_tokens;\n"; + + # string + print CF "\$check_referrer = '$check_referrer';\n"; print CF "\n"; @@ -5294,6 +5384,50 @@ sub set_defaults { $message = "\nIf you use IMAPdir depot, you must set default folder prefix to empty string.\n"; $continue = 1; + } elsif ( $server eq "gmail" ) { + $imap_server_type = "gmail"; + $default_folder_prefix = ""; + $trash_folder = "[Gmail]/Trash"; + $default_move_to_trash = true; + $sent_folder = "[Gmail]/Sent Mail"; + $draft_folder = "[Gmail]/Drafts"; + $auto_create_special = false; + $show_prefix_option = false; + $default_sub_of_inbox = false; + $show_contain_subfolders_option = false; + $delete_folder = true; + $force_username_lowercase = false; + $optional_delimiter = "/"; + $disp_default_folder_prefix = ""; + $domain = "gmail.com"; + $imapServerAddress = "imap.gmail.com"; + $imapPort = 993; + $use_imap_tls = true; + $imap_auth_mech = "login"; + $smtpServerAddress = "smtp.gmail.com"; + $smtpPort = 465; + $pop_before_smtp = false; + $useSendmail = false; + $use_smtp_tls = true; + $smtp_auth_mech = "login"; + $continue = 1; + + # Gmail changes system folder names (Drafts, Sent, Trash) out + # from under you when the user changes language settings + $message = "\nNOTE! When a user changes languages in Gmail's interface, the\n" + . "Drafts, Sent and Trash folder names are changed to localized\n" + . "versions thereof. To see those folders correctly in SquirrelMail,\n" + . "the user should change the SquirrelMail language to match.\n" + . "Moreover, SquirrelMail then needs to be told what folders to use\n" + . "for Drafts, Sent and Trash in Options --> Folder Preferences.\n" + . "These default settings will only correctly find the Sent, Trash\n" + . "and Drafts folders if both Gmail and SquirrelMail languages are\n" + . "set to English.\n\n" + . "Also note that in some regions (Europe?), the default folder\n" + . "names (see main menu selection 3. Folder Defaults) are different\n" + . "(they may need to have the prefix \"[Google Mail]\" instead of\n" + . "\"[Gmail]\") and \"Trash\" may be called \"Bin\" instead.\n"; + } elsif ( $server eq "quit" ) { $continue = 1; } else { @@ -5325,12 +5459,13 @@ sub set_defaults { # the SM directory tree, the SM_PATH variable will be # prepended to the path, if not, then the path will be # converted to an absolute path, e.g. -# '../images/logo.gif' --> SM_PATH . 'images/logo.gif' -# '../../someplace/data' --> '/absolute/path/someplace/data' -# 'images/logo.gif' --> SM_PATH . 'config/images/logo.gif' -# '/absolute/path/logo.gif' --> '/absolute/path/logo.gif' -# 'http://whatever/' --> 'http://whatever' -# $some_var/path --> "$some_var/path" +# '../images/logo.gif' --> SM_PATH . 'images/logo.gif' +# '../../someplace/data' --> '/absolute/path/someplace/data' +# 'images/logo.gif' --> SM_PATH . 'config/images/logo.gif' +# '/absolute/path/logo.gif' --> '/absolute/path/logo.gif' +# 'C:\absolute\path\logo.gif' --> 'C:\absolute\path\logo.gif' +# 'http://whatever/' --> 'http://whatever' +# $some_var/path --> "$some_var/path" sub change_to_SM_path() { my ($old_path) = @_; my $new_path = ''; @@ -5341,7 +5476,7 @@ sub change_to_SM_path() { # If the path is absolute, don't bother. return "\'" . $old_path . "\'" if ( $old_path eq ''); return "\'" . $old_path . "\'" if ( $old_path =~ /^(\/|http)/ ); - return "\'" . $old_path . "\'" if ( $old_path =~ /^\w:\// ); + return "\'" . $old_path . "\'" if ( $old_path =~ /^\w:(\\|\/)/ ); return $old_path if ( $old_path =~ /^\'(\/|http)/ ); return $old_path if ( $old_path =~ /^\'\w:\// ); return $old_path if ( $old_path =~ /^SM_PATH/);