X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=functions%2Fimap_general.php;h=414e2a95ecb2947c7f0757358d92d28204ca059d;hp=01874c3a662e055d9328644def88b73bbea19648;hb=22387c8d44f3ab104db6e19180d3775a45762359;hpb=79ba18dc89b1b096ecdf0b77169d57e0caf661db diff --git a/functions/imap_general.php b/functions/imap_general.php index 01874c3a..414e2a95 100755 --- a/functions/imap_general.php +++ b/functions/imap_general.php @@ -5,7 +5,7 @@ * * This implements all functions that do general IMAP functions. * - * @copyright 1999-2013 The SquirrelMail Project Team + * @copyright 1999-2017 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package squirrelmail @@ -616,22 +616,34 @@ function sqimap_retrieve_imap_response($imap_stream, $tag, $handle_errors, case 'NO': /* ignore this error from M$ exchange, it is not fatal (aka bug) */ if (strstr($message[$tag], 'command resulted in') === false) { + sqsession_register('NO', 'IMAP_FATAL_ERROR_TYPE'); + sqsession_register($query, 'IMAP_FATAL_ERROR_QUERY'); + sqsession_register($message[$tag], 'IMAP_FATAL_ERROR_MESSAGE'); sqimap_error_box(_("ERROR: Could not complete request."), $query, _("Reason Given:") . ' ', $message[$tag]); echo ''; exit; } break; case 'BAD': + sqsession_register('BAD', 'IMAP_FATAL_ERROR_TYPE'); + sqsession_register($query, 'IMAP_FATAL_ERROR_QUERY'); + sqsession_register($message[$tag], 'IMAP_FATAL_ERROR_MESSAGE'); sqimap_error_box(_("ERROR: Bad or malformed request."), $query, _("Server responded:") . ' ', $message[$tag]); //FIXME: NO HTML IN CORE! echo ''; exit; case 'BYE': + sqsession_register('BYE', 'IMAP_FATAL_ERROR_TYPE'); + sqsession_register($query, 'IMAP_FATAL_ERROR_QUERY'); + sqsession_register($message[$tag], 'IMAP_FATAL_ERROR_MESSAGE'); sqimap_error_box(_("ERROR: IMAP server closed the connection."), $query, _("Server responded:") . ' ', $message[$tag]); //FIXME: NO HTML IN CORE! echo ''; exit; default: + sqsession_register('UNKNOWN', 'IMAP_FATAL_ERROR_TYPE'); + sqsession_register($query, 'IMAP_FATAL_ERROR_QUERY'); + sqsession_register($message[$tag], 'IMAP_FATAL_ERROR_MESSAGE'); sqimap_error_box(_("ERROR: Unknown IMAP response."), $query, _("Server responded:") . ' ', $message[$tag]); /* the error is displayed but because we don't know the reponse we return the result anyway */ @@ -670,10 +682,12 @@ function sqimap_read_data ($imap_stream, $tag_uid, $handle_errors, * @param int port port number to connect to * @param integer $tls whether to use plain text(0), TLS(1) or STARTTLS(2) when connecting. * Argument was boolean before 1.5.1. + * @param array $stream_options Stream context options, see config_local.php + * for more details (OPTIONAL) * @return imap-stream resource identifier * @since 1.5.0 (usable only in 1.5.1 or later) */ -function sqimap_create_stream($server,$port,$tls=0) { +function sqimap_create_stream($server,$port,$tls=0,$stream_options=array()) { global $squirrelmail_language; if (strstr($server,':') && ! preg_match("/^\[.*\]$/",$server)) { @@ -681,10 +695,23 @@ function sqimap_create_stream($server,$port,$tls=0) { $server = '['.$server.']'; } + // NB: Using "ssl://" ensures the highest possible TLS version + // will be negotiated with the server (whereas "tls://" only + // uses TLS version 1.0) + // if ($tls == 1) { if ((check_php_version(4,3)) and (extension_loaded('openssl'))) { - /* Use TLS by prefixing "tls://" to the hostname */ - $server = 'tls://' . $server; + if (function_exists('stream_socket_client')) { + $server_address = 'ssl://' . $server . ':' . $port; + $ssl_context = @stream_context_create($stream_options); + $connect_timeout = ini_get('default_socket_timeout'); + // null timeout is broken + if ($connect_timeout == 0) + $connect_timeout = 15; + $imap_stream = @stream_socket_client($server_address, $error_number, $error_string, $connect_timeout, STREAM_CLIENT_CONNECT, $ssl_context); + } else { + $imap_stream = @fsockopen('ssl://' . $server, $port, $error_number, $error_string, 15); + } } else { require_once(SM_PATH . 'functions/display_messages.php'); logout_error( sprintf(_("Error connecting to IMAP server: %s."), $server). @@ -694,9 +721,10 @@ function sqimap_create_stream($server,$port,$tls=0) { _("Please contact your system administrator and report this error."), sprintf(_("Error connecting to IMAP server: %s."), $server)); } + } else { + $imap_stream = @fsockopen($server, $port, $error_number, $error_string, 15); } - $imap_stream = @fsockopen($server, $port, $error_number, $error_string, 15); /* Do some error correction */ if (!$imap_stream) { @@ -794,13 +822,16 @@ function sqimap_create_stream($server,$port,$tls=0) { * 1 = show no errors (just exit) * 2 = show no errors (return FALSE) * 3 = show no errors (return error string) + * @param array $stream_options Stream context options, see config_local.php + * for more details (OPTIONAL) * @return mixed The IMAP connection stream, or if the connection fails, * FALSE if $hide is set to 2 or an error string if $hide * is set to 3. */ -function sqimap_login ($username, $password, $imap_server_address, $imap_port, $hide) { +function sqimap_login ($username, $password, $imap_server_address, + $imap_port, $hide, $stream_options=array()) { global $color, $squirrelmail_language, $onetimepad, $use_imap_tls, - $imap_auth_mech, $sqimap_capabilities; + $imap_auth_mech, $sqimap_capabilities, $display_imap_login_error; // Note/TODO: This hack grabs the $authz argument from the session. In the short future, // a new argument in function sqimap_login() will be used instead. @@ -846,7 +877,7 @@ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $ $host = $imap_server_address; $imap_server_address = sqimap_get_user_server($imap_server_address, $username); - $imap_stream = sqimap_create_stream($imap_server_address,$imap_port,$use_imap_tls); + $imap_stream = sqimap_create_stream($imap_server_address,$imap_port,$use_imap_tls,$stream_options); if (($imap_auth_mech == 'cram-md5') OR ($imap_auth_mech == 'digest-md5')) { // We're using some sort of authentication OTHER than plain or login @@ -975,8 +1006,30 @@ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $ /* terminate the session nicely */ sqimap_logout($imap_stream); - if ($hide == 3) return _("Unknown user or password incorrect."); - logout_error( _("Unknown user or password incorrect.") ); + + // determine what error message to use + // + $fail_msg = _("Unknown user or password incorrect."); + if ($display_imap_login_error) { + // See if there is an error message from the server + // Skip any rfc5530 response code: '[something]' at the + // start of the message + if (!empty($message) + && $message{0} == '[' + && ($end = strstr($message, ']')) + && $end != ']') { + $message = substr($end, 1); + } + // Remove surrounding spaces and if there + // is anything left, display that as the + // error message: + $message = trim($message); + if (strlen($message)) + $fail_msg = _($message); + } + + if ($hide == 3) return $fail_msg; + logout_error($fail_msg); exit; } } else {