X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=functions%2Fimap_general.php;h=6011497ebb5f151bd77b3276f29709b365138d70;hp=958e835d17f214daece6f07ae2285889911c72f0;hb=935d09e135efa05b02313fea08794139c8963ec7;hpb=c4de9863a2cd0e8da286a7d8fa5bf407e3a4d12f diff --git a/functions/imap_general.php b/functions/imap_general.php index 958e835d..6011497e 100755 --- a/functions/imap_general.php +++ b/functions/imap_general.php @@ -5,7 +5,7 @@ * * This implements all functions that do general IMAP functions. * - * @copyright © 1999-2006 The SquirrelMail Project Team + * @copyright © 1999-2007 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package squirrelmail @@ -13,9 +13,8 @@ */ /** Includes.. */ -require_once(SM_PATH . 'functions/page_header.php'); -require_once(SM_PATH . 'functions/auth.php'); -include_once(SM_PATH . 'functions/rfc822address.php'); + +require_once(SM_PATH . 'functions/rfc822address.php'); /** @@ -64,11 +63,10 @@ function sqimap_run_command_list ($imap_stream, $query, $handle_errors, &$respon } else { global $squirrelmail_language, $color; set_up_language($squirrelmail_language); - require_once(SM_PATH . 'functions/display_messages.php'); $string = "\n" . _("ERROR: No available IMAP stream.") . "\n"; - error_box($string,$color); + error_box($string); return false; } } @@ -115,11 +113,10 @@ function sqimap_run_command ($imap_stream, $query, $handle_errors, &$response, } else { global $squirrelmail_language, $color; set_up_language($squirrelmail_language); - require_once(SM_PATH . 'functions/display_messages.php'); $string = "\n" . _("ERROR: No available IMAP stream.") . "\n"; - error_box($string,$color); + error_box($string); return false; } } @@ -317,9 +314,8 @@ function sqimap_fread($imap_stream,$iSize,$filter=false, */ function sqimap_read_data_list($imap_stream, $tag, $handle_errors, &$response, &$message, $query = '') { - global $color, $squirrelmail_language; + global $color, $oTemplate, $squirrelmail_language; set_up_language($squirrelmail_language); - require_once(SM_PATH . 'functions/display_messages.php'); $string = "\n" . _("ERROR: Bad function call.") . "
\n" . @@ -330,8 +326,8 @@ function sqimap_read_data_list($imap_stream, $tag, $handle_errors, 'sqimap_run_command or sqimap_run_command_list instead

'. 'The following query was issued:
'. htmlspecialchars($query) . '
' . "
\n"; - error_box($string,$color); - echo ''; + error_box($string); + $oTemplate->display('footer.tpl'); exit; } @@ -350,7 +346,6 @@ function sqimap_error_box($title, $query = '', $message_title = '', $message = ' global $color, $squirrelmail_language; set_up_language($squirrelmail_language); - require_once(SM_PATH . 'functions/display_messages.php'); $string = "\n" . $title . "
\n"; $cmd = explode(' ',$query); $cmd= strtolower($cmd[0]); @@ -364,7 +359,7 @@ function sqimap_error_box($title, $query = '', $message_title = '', $message = ' $string .= "
\n"; if ($link != '') $string .= $link; - error_box($string,$color); + error_box($string); } /** @@ -392,6 +387,12 @@ function sqimap_retrieve_imap_response($imap_stream, $tag, $handle_errors, $aResponse = ''; $resultlist = array(); $data = array(); + $sCommand = ''; + if (preg_match("/^(\w+)\s*/",$query,$aMatch)) { + $sCommand = strtoupper($aMatch[1]); + } else { + // error reporting (shouldn't happen) + } $read = sqimap_fgets($imap_stream); $i = 0; while ($read) { @@ -455,7 +456,7 @@ function sqimap_retrieve_imap_response($imap_stream, $tag, $handle_errors, case '*': { - if (preg_match('/^\*\s\d+\sFETCH/',$read)) { + if (($sCommand == "FETCH" || $sCommand == "STORE") && preg_match('/^\*\s\d+\sFETCH/',$read)) { /* check for literal */ $s = substr($read,-3); $fetch_data = array(); @@ -465,6 +466,7 @@ function sqimap_retrieve_imap_response($imap_stream, $tag, $handle_errors, we prohibid that literal responses appear in the outer loop so we can trust the untagged and tagged info provided by $read */ + $read_literal = false; if ($s === "}\r\n") { $j = strrpos($read,'{'); $iLit = substr($read,$j+1,-3); @@ -489,7 +491,9 @@ function sqimap_retrieve_imap_response($imap_stream, $tag, $handle_errors, if ($read === false) { /* error */ break 4; /* while while switch while */ } - $fetch_data[] = $read; + $s = substr($read,-3); + $read_literal = true; + continue; } else { $fetch_data[] = $read; } @@ -502,7 +506,7 @@ function sqimap_retrieve_imap_response($imap_stream, $tag, $handle_errors, /* check for next untagged reponse and break */ if ($read{0} == '*') break 2; $s = substr($read,-3); - } while ($s === "}\r\n"); + } while ($s === "}\r\n" || $read_literal); $s = substr($read,-3); } while ($read{0} !== '*' && substr($read,0,strlen($tag)) !== $tag); @@ -515,14 +519,21 @@ function sqimap_retrieve_imap_response($imap_stream, $tag, $handle_errors, if ($s === "}\r\n") { $j = strrpos($read,'{'); $iLit = substr($read,$j+1,-3); - $data[] = $read; - $sLiteral = fread($imap_stream,$iLit); - if ($sLiteral === false) { /* error */ - $read = false; - break 3; /* while switch while */ + // check for numeric value to avoid that untagged responses like: + // * OK [PARSE] Unexpected characters at end of address: {SET:debug=51} + // will trigger literal fetching ({SET:debug=51} !== int ) + if (is_numeric($iLit)) { + $data[] = $read; + $sLiteral = fread($imap_stream,$iLit); + if ($sLiteral === false) { /* error */ + $read = false; + break 3; /* while switch while */ + } + $data[] = $sLiteral; + $data[] = sqimap_fgets($imap_stream); + } else { + $data[] = $read; } - $data[] = $sLiteral; - $data[] = sqimap_fgets($imap_stream); } else { $data[] = $read; } @@ -740,23 +751,66 @@ function sqimap_create_stream($server,$port,$tls=0) { /** * Logs the user into the IMAP server. If $hide is set, no error messages - * will be displayed. This function returns the IMAP connection handle. + * will be displayed (if set to 1, just exits, if set to 2, returns FALSE). + * This function returns the IMAP connection handle. * @param string $username user name - * @param string $password encrypted password + * @param string $password password encrypted with onetimepad. Since 1.5.2 + * function can use internal password functions, if parameter is set to + * boolean false. * @param string $imap_server_address address of imap server * @param integer $imap_port port of imap server - * @param boolean $hide controls display connection errors - * @return stream + * @param int $hide controls display connection errors: + * 0 = do not hide + * 1 = show no errors (just exit) + * 2 = show no errors (return FALSE) + * 3 = show no errors (return error string) + * @return mixed The IMAP connection stream, or if the connection fails, + * FALSE if $hide is set to 2 or an error string if $hide + * is set to 3. */ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $hide) { global $color, $squirrelmail_language, $onetimepad, $use_imap_tls, $imap_auth_mech, $sqimap_capabilities; - if (!isset($onetimepad) || empty($onetimepad)) { - sqgetglobalvar('onetimepad' , $onetimepad , SQ_SESSION ); + // Note/TODO: This hack grabs the $authz argument from the session. In the short future, + // a new argument in function sqimap_login() will be used instead. + $authz = ''; + global $authz; + sqgetglobalvar('authz' , $authz , SQ_SESSION); + + if(!empty($authz)) { + /* authz plugin - specific: + * Get proxy login parameters from authz plugin configuration. If they + * exist, they will override the current ones. + * This is useful if we want to use different SASL authentication mechanism + * and/or different TLS settings for proxy logins. */ + global $authz_imap_auth_mech, $authz_use_imap_tls, $authz_imapPort_tls; + $imap_auth_mech = !empty($authz_imap_auth_mech) ? strtolower($authz_imap_auth_mech) : $imap_auth_mech; + $use_imap_tls = !empty($authz_use_imap_tls)? $authz_use_imap_tls : $use_imap_tls; + $imap_port = !empty($authz_use_imap_tls)? $authz_imapPort_tls : $imap_port; + + if($imap_auth_mech == 'login' || $imap_auth_mech == 'cram-md5') { + logout_error("Misconfigured Plugin (authz or equivalent):
". + "The LOGIN and CRAM-MD5 authentication mechanisms cannot be used when attempting proxy login."); + exit; + } + } + + /* get imap login password */ + if ($password===false) { + /* standard functions */ + $password = sqauth_read_password(); + } else { + /* old way. $key must be extracted from cookie */ + if (!isset($onetimepad) || empty($onetimepad)) { + sqgetglobalvar('onetimepad' , $onetimepad , SQ_SESSION ); + } + /* Decrypt the password */ + $password = OneTimePadDecrypt($password, $onetimepad); } + if (!isset($sqimap_capabilities)) { - sqgetglobalvar('sqimap_capabilities' , $capability , SQ_SESSION ); + sqgetglobalvar('sqimap_capabilities' , $sqimap_capabilities , SQ_SESSION ); } $host = $imap_server_address; @@ -764,9 +818,6 @@ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $ $imap_stream = sqimap_create_stream($imap_server_address,$imap_port,$use_imap_tls); - /* Decrypt the password */ - $password = OneTimePadDecrypt($password, $onetimepad); - if (($imap_auth_mech == 'cram-md5') OR ($imap_auth_mech == 'digest-md5')) { // We're using some sort of authentication OTHER than plain or login $tag=sqimap_session_id(false); @@ -783,7 +834,7 @@ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $ // Got a challenge back $challenge=$response[1]; if ($imap_auth_mech == 'digest-md5') { - $reply = digest_md5_response($username,$password,$challenge,'imap',$host); + $reply = digest_md5_response($username,$password,$challenge,'imap',$host,$authz); } elseif ($imap_auth_mech == 'cram-md5') { $reply = cram_md5_response($username,$password,$challenge); } @@ -811,22 +862,25 @@ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $ $read = sqimap_run_command ($imap_stream, $query, false, $response, $message); } elseif ($imap_auth_mech == 'plain') { /*** - * SASL PLAIN + * SASL PLAIN, RFC 4616 (updates 2595) * - * RFC 2595 Chapter 6 - * - * The mechanism consists of a single message from the client to the - * server. The client sends the authorization identity (identity to - * login as), followed by a US-ASCII NUL character, followed by the - * authentication identity (identity whose password will be used), - * followed by a US-ASCII NUL character, followed by the clear-text - * password. The client may leave the authorization identity empty to - * indicate that it is the same as the authentication identity. - * - **/ + * The mechanism consists of a single message, a string of [UTF-8] + * encoded [Unicode] characters, from the client to the server. The + * client presents the authorization identity (identity to act as), + * followed by a NUL (U+0000) character, followed by the authentication + * identity (identity whose password will be used), followed by a NUL + * (U+0000) character, followed by the clear-text password. As with + * other SASL mechanisms, the client does not provide an authorization + * identity when it wishes the server to derive an identity from the + * credentials and use that as the authorization identity. + */ $tag=sqimap_session_id(false); - $sasl = (isset($capability['SASL-IR']) && $capability['SASL-IR']) ? true : false; - $auth = base64_encode("$username\0$username\0$password"); + $sasl = (isset($sqimap_capabilities['SASL-IR']) && $sqimap_capabilities['SASL-IR']) ? true : false; + if(!empty($authz)) { + $auth = base64_encode("$username\0$authz\0$password"); + } else { + $auth = base64_encode("$username\0$username\0$password"); + } if ($sasl) { // IMAP Extension for SASL Initial Client Response // @@ -845,6 +899,7 @@ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $ $results=explode(" ",$read,3); $response=$results[1]; $message=$results[2]; + } else { $response="BAD"; $message="Internal SquirrelMail error - unknown IMAP authentication method chosen. Please contact the developers."; @@ -852,15 +907,17 @@ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $ /* If the connection was not successful, lets see why */ if ($response != 'OK') { - if (!$hide) { + if (!$hide || $hide == 3) { +//FIXME: UUURG... We don't want HTML in error messages, should also do html sanitizing of error messages elsewhere; should't assume output is destined for an HTML browser here if ($response != 'NO') { /* "BAD" and anything else gets reported here. */ $message = htmlspecialchars($message); set_up_language($squirrelmail_language, true); - require_once(SM_PATH . 'functions/display_messages.php'); if ($response == 'BAD') { + if ($hide == 3) return sprintf(_("Bad request: %s"), $message); $string = sprintf (_("Bad request: %s")."
\r\n", $message); } else { + if ($hide == 3) return sprintf(_("Unknown error: %s"), $message); $string = sprintf (_("Unknown error: %s") . "
\n", $message); } if (isset($read) && is_array($read)) { @@ -869,7 +926,7 @@ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $ $string .= htmlspecialchars($line) . "
\n"; } } - error_box($string,$color); + error_box($string); exit; } else { /* @@ -884,14 +941,16 @@ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $ */ set_up_language($squirrelmail_language, true); - include_once(SM_PATH . 'functions/display_messages.php' ); sqsession_destroy(); + /* terminate the session nicely */ sqimap_logout($imap_stream); + if ($hide == 3) return _("Unknown user or password incorrect."); logout_error( _("Unknown user or password incorrect.") ); exit; } } else { + if ($hide == 2) return FALSE; exit; } } @@ -905,7 +964,6 @@ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $ if ( stristr($message, 'REFERRAL imap') === TRUE ) { sqimap_logout($imap_stream); set_up_language($squirrelmail_language, true); - include_once(SM_PATH . 'functions/display_messages.php' ); sqsession_destroy(); logout_error( _("Your mailbox is not located at this server. Try a different server or consult your system administrator") ); exit; @@ -942,14 +1000,22 @@ function sqimap_capability($imap_stream, $capability='', $bUseCache=true) { if (!$bUseCache || ! sqgetGlobalVar('sqimap_capabilities', $sqimap_capabilities, SQ_SESSION)) { $read = sqimap_run_command($imap_stream, 'CAPABILITY', true, $a, $b); - $c = explode(' ', $read[0]); for ($i=2; $i < count($c); $i++) { $cap_list = explode('=', $c[$i]); if (isset($cap_list[1])) { + if(isset($sqimap_capabilities[trim($cap_list[0])]) && + !is_array($sqimap_capabilities[trim($cap_list[0])])) { + // Remove array key that was added in 'else' block below + // This is to accomodate for capabilities like: + // SORT SORT=MODSEQ + unset($sqimap_capabilities[trim($cap_list[0])]); + } $sqimap_capabilities[trim($cap_list[0])][] = $cap_list[1]; } else { - $sqimap_capabilities[trim($cap_list[0])] = TRUE; + if(!isset($sqimap_capabilities[trim($cap_list[0])])) { + $sqimap_capabilities[trim($cap_list[0])] = TRUE; + } } } } @@ -990,6 +1056,8 @@ function sqimap_get_delimiter ($imap_stream = false) { * OS: According to rfc2342 response from NAMESPACE command is: * OS: * NAMESPACE (PERSONAL NAMESPACES) (OTHER_USERS NAMESPACE) (SHARED NAMESPACES) * OS: We want to lookup all personal NAMESPACES... + * + * TODO: remove this in favour of the information from sqimap_get_namespace() */ $read = sqimap_run_command($imap_stream, 'NAMESPACE', true, $a, $b); if (eregi('\\* NAMESPACE +(\\( *\\(.+\\) *\\)|NIL) +(\\( *\\(.+\\) *\\)|NIL) +(\\( *\\(.+\\) *\\)|NIL)', $read[0], $data)) { @@ -1018,6 +1086,71 @@ function sqimap_get_delimiter ($imap_stream = false) { return $sqimap_delimiter; } +/** + * Retrieves the namespaces from the IMAP server. + * NAMESPACE is an IMAP extension defined in RFC 2342. + * + * @param stream $imap_stream + * @return array + */ +function sqimap_get_namespace($imap_stream) { + $read = sqimap_run_command($imap_stream, 'NAMESPACE', true, $a, $b); + return sqimap_parse_namespace($read[0]); +} + +/** + * Parses a NAMESPACE response and returns an array with the available + * personal, users and shared namespaces. + * + * @param string $input + * @return array The returned array has the following format: + * 
+ * array(
+ *   'personal' => array(
+ *       0 => array('prefix'=>'INBOX.','delimiter' =>'.'),
+ *       1 => ...
+ *    ),
+ *    'users' => array(..
+ *    ),
+ *    'shared' => array( ..
+ *    )
+ * )
+ *
+ * Note that if a namespace is not defined in the server, then the corresponding + * array will be empty. + */ +function sqimap_parse_namespace(&$input) { + $ns_strings = array(1=>'personal', 2=>'users', 3=>'shared'); + $namespace = array(); + + if(ereg('NAMESPACE (\(\(.*\)\)|NIL) (\(\(.*\)\)|NIL) (\(\(.*\)\)|NIL)', $input, $regs) !== false) { + for($i=1; $i<=3; $i++) { + if($regs[$i] == 'NIL') { + $namespace[$ns_strings[$i]] = array(); + } else { + // Pop-out the first ( and last ) for easier parsing + $ns = substr($regs[$i], 1, sizeof($regs[$i])-2); + if($c = preg_match_all('/\((?:(.*?)\s*?)\)/', $ns, $regs2)) { + $namespace[$ns_strings[$i]] = array(); + for($j=0; $j