X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=functions%2Fimap_general.php;h=d1e81cdaaf83198d9354499c5e52fd97846ac104;hp=0a70f685f36fcc8bd0eb7581808494531c3dce90;hb=cf088f55b6943a4db1d1bf5abe7904670186ce33;hpb=ce68b76bfdef63cbc85d7bc46f7f1d538db9b4a4 diff --git a/functions/imap_general.php b/functions/imap_general.php index 0a70f685..d1e81cda 100755 --- a/functions/imap_general.php +++ b/functions/imap_general.php @@ -3,26 +3,28 @@ /** * imap_general.php * - * Copyright (c) 1999-2004 The SquirrelMail Project Team - * Licensed under the GNU GPL. For full terms see the file COPYING. - * - * This implements all functions that do general imap functions. + * This implements all functions that do general IMAP functions. * + * @copyright © 1999-2007 The SquirrelMail Project Team + * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package squirrelmail * @subpackage imap */ /** Includes.. */ -require_once(SM_PATH . 'functions/page_header.php'); -require_once(SM_PATH . 'functions/auth.php'); + +require_once(SM_PATH . 'functions/rfc822address.php'); /** * Generates a new session ID by incrementing the last one used; * this ensures that each command has a unique ID. - * @param bool unique_id + * @param bool $unique_id (since 1.3.0) controls use of unique + * identifiers/message sequence numbers in IMAP commands. See IMAP + * rfc 'UID command' chapter. * @return string IMAP session id of the form 'A000'. + * @since 1.2.0 */ function sqimap_session_id($unique_id = FALSE) { static $sqimap_session_id = 1; @@ -37,6 +39,15 @@ function sqimap_session_id($unique_id = FALSE) { /** * Both send a command and accept the result from the command. * This is to allow proper session number handling. + * @param stream $imap_stream imap connection resource + * @param string $query imap command + * @param boolean $handle_errors see sqimap_retrieve_imap_response() + * @param array $response + * @param array $message + * @param boolean $unique_id (since 1.3.0) see sqimap_session_id(). + * @return mixed returns false on imap error. displays error message + * if imap stream is not available. + * @since 1.2.3 */ function sqimap_run_command_list ($imap_stream, $query, $handle_errors, &$response, &$message, $unique_id = false) { if ($imap_stream) { @@ -49,18 +60,34 @@ function sqimap_run_command_list ($imap_stream, $query, $handle_errors, &$respon $message = $message[$tag]; $response = $response[$tag]; return $read[$tag]; +//FIXME: obey $handle_errors below! } else { global $squirrelmail_language, $color; set_up_language($squirrelmail_language); - require_once(SM_PATH . 'functions/display_messages.php'); +//FIXME: NO HTML IN CORE! $string = "\n" . - _("ERROR : No available imapstream.") . + _("ERROR: No available IMAP stream.") . +//FIXME: NO HTML IN CORE! "\n"; - error_box($string,$color); + error_box($string); return false; } } +/** + * @param stream $imap_stream imap connection resource + * @param string $query imap command + * @param boolean $handle_errors see sqimap_retrieve_imap_response() + * @param array $response empty string, if return = false + * @param array $message empty string, if return = false + * @param boolean $unique_id (since 1.3.0) see sqimap_session_id() + * @param boolean $filter (since 1.4.1 and 1.5.0) see sqimap_fread() + * @param mixed $outputstream (since 1.4.1 and 1.5.0) see sqimap_fread() + * @param boolean $no_return (since 1.4.1 and 1.5.0) see sqimap_fread() + * @return mixed returns false on imap error. displays error message + * if imap stream is not available. + * @since 1.2.3 + */ function sqimap_run_command ($imap_stream, $query, $handle_errors, &$response, &$message, $unique_id = false,$filter=false, $outputstream=false,$no_return=false) { @@ -72,7 +99,7 @@ function sqimap_run_command ($imap_stream, $query, $handle_errors, &$response, $read = sqimap_read_data ($imap_stream, $tag, $handle_errors, $response, $message, $query,$filter,$outputstream,$no_return); - if (empty($read)) { //Imap server dropped its connection + if (empty($read)) { //IMAP server dropped its connection $response = ''; $message = ''; return false; @@ -86,18 +113,27 @@ function sqimap_run_command ($imap_stream, $query, $handle_errors, &$response, } else { return $read[$tag]; } +//FIXME: obey $handle_errors below! } else { global $squirrelmail_language, $color; set_up_language($squirrelmail_language); - require_once(SM_PATH . 'functions/display_messages.php'); +//FIXME: NO HTML IN CORE! $string = "\n" . - _("ERROR : No available imapstream.") . + _("ERROR: No available IMAP stream.") . +//FIXME: NO HTML IN CORE! "\n"; - error_box($string,$color); + error_box($string); return false; } } +/** + * @param mixed $new_query + * @param string $tag + * @param array $aQuery + * @param boolean $unique_id see sqimap_session_id() + * @since 1.5.0 + */ function sqimap_prepare_pipelined_query($new_query,&$tag,&$aQuery,$unique_id) { $sid = sqimap_session_id($unique_id); $tag_uid_a = explode(' ',trim($sid)); @@ -106,15 +142,27 @@ function sqimap_prepare_pipelined_query($new_query,&$tag,&$aQuery,$unique_id) { $aQuery[$tag] = $query; } +/** + * @param stream $imap_stream imap stream + * @param array $aQueryList + * @param boolean $handle_errors + * @param array $aServerResponse + * @param array $aServerMessage + * @param boolean $unique_id see sqimap_session_id() + * @param boolean $filter see sqimap_fread() + * @param mixed $outputstream see sqimap_fread() + * @param boolean $no_return see sqimap_fread() + * @since 1.5.0 + */ function sqimap_run_pipelined_command ($imap_stream, $aQueryList, $handle_errors, &$aServerResponse, &$aServerMessage, $unique_id = false, $filter=false,$outputstream=false,$no_return=false) { $aResponse = false; /* - Do not fire all calls at once to the imap-server but split the calls up + Do not fire all calls at once to the IMAP server but split the calls up in portions of $iChunkSize. If we do not do that I think we misbehave as - IMAP client or should handle BYE calls if the IMAP-server drops the + IMAP client or should handle BYE calls if the IMAP server drops the connection because the number of queries is to large. This isn't tested but a wild guess how it could work in the field. @@ -170,10 +218,11 @@ function sqimap_run_pipelined_command ($imap_stream, $aQueryList, $handle_errors } /** - * Custom fgets function: gets a line from the IMAP-server, + * Custom fgets function: gets a line from the IMAP server, * no matter how big it may be. - * @param stream imap_stream the stream to read from + * @param stream $imap_stream the stream to read from * @return string a line + * @since 1.2.8 */ function sqimap_fgets($imap_stream) { $read = ''; @@ -195,6 +244,15 @@ function sqimap_fgets($imap_stream) { return $results; } +/** + * @param stream $imap_stream + * @param integer $iSize + * @param boolean $filter + * @param mixed $outputstream stream or 'php://stdout' string + * @param boolean $no_return controls data returned by function + * @return string + * @since 1.4.1 + */ function sqimap_fread($imap_stream,$iSize,$filter=false, $outputstream=false, $no_return=false) { if (!$filter || !$outputstream) { @@ -251,15 +309,23 @@ function sqimap_fread($imap_stream,$iSize,$filter=false, /** * Obsolete function, inform plugins that use it - * @deprecated use sqimap_run_command or sqimap_run_command_list instead + * @param stream $imap_stream + * @param string $tag + * @param boolean $handle_errors + * @param array $response + * @param array $message + * @param string $query + * @since 1.1.3 + * @deprecated (since 1.5.0) use sqimap_run_command or sqimap_run_command_list instead */ function sqimap_read_data_list($imap_stream, $tag, $handle_errors, &$response, &$message, $query = '') { - global $color, $squirrelmail_language; + global $color, $oTemplate, $squirrelmail_language; set_up_language($squirrelmail_language); - require_once(SM_PATH . 'functions/display_messages.php'); +//FIXME: NO HTML IN CORE! $string = "\n" . - _("ERROR : Bad function call.") . + _("ERROR: Bad function call.") . +//FIXME: NO HTML IN CORE! "
\n" . _("Reason:") . ' '. 'There is a plugin installed which make use of the
' . @@ -267,27 +333,29 @@ function sqimap_read_data_list($imap_stream, $tag, $handle_errors, 'Please adapt the installed plugin and let it use
'. 'sqimap_run_command or sqimap_run_command_list instead

'. 'The following query was issued:
'. +//FIXME: NO HTML IN CORE! htmlspecialchars($query) . '
' . "
\n"; - error_box($string,$color); - echo ''; + error_box($string); + $oTemplate->display('footer.tpl'); exit; } /** - * Function to display an error related to an IMAP-query. + * Function to display an error related to an IMAP query. * @param string title the caption of the error box * @param string query the query that went wrong * @param string message_title optional message title * @param string message optional error message * @param string $link an optional link to try again * @return void + * @since 1.5.0 */ function sqimap_error_box($title, $query = '', $message_title = '', $message = '', $link = '') { global $color, $squirrelmail_language; set_up_language($squirrelmail_language); - require_once(SM_PATH . 'functions/display_messages.php'); +//FIXME: NO HTML IN CORE! $string = "\n" . $title . "
\n"; $cmd = explode(' ',$query); $cmd= strtolower($cmd[0]); @@ -298,16 +366,27 @@ function sqimap_error_box($title, $query = '', $message_title = '', $message = ' $string .= $message_title; if ($message != '') $string .= htmlspecialchars($message); +//FIXME: NO HTML IN CORE! $string .= "
\n"; if ($link != '') $string .= $link; - error_box($string,$color); + error_box($string); } /** * Reads the output from the IMAP stream. If handle_errors is set to true, * this will also handle all errors that are received. If it is not set, * the errors will be sent back through $response and $message. + * @param stream $imap_stream imap stream + * @param string $tag + * @param boolean $handle_errors handle errors internally or send them in $response and $message. + * @param array $response + * @param array $message + * @param string $query command that can be printed if something fails + * @param boolean $filter see sqimap_fread() + * @param mixed $outputstream see sqimap_fread() + * @param boolean $no_return see sqimap_fread() + * @since 1.5.0 */ function sqimap_retrieve_imap_response($imap_stream, $tag, $handle_errors, &$response, &$message, $query = '', @@ -319,8 +398,14 @@ function sqimap_retrieve_imap_response($imap_stream, $tag, $handle_errors, $aResponse = ''; $resultlist = array(); $data = array(); + $sCommand = ''; + if (preg_match("/^(\w+)\s*/",$query,$aMatch)) { + $sCommand = strtoupper($aMatch[1]); + } else { + // error reporting (shouldn't happen) + } $read = sqimap_fgets($imap_stream); - $i = $k = 0; + $i = 0; while ($read) { $char = $read{0}; switch ($char) @@ -382,7 +467,7 @@ function sqimap_retrieve_imap_response($imap_stream, $tag, $handle_errors, case '*': { - if (preg_match('/^\*\s\d+\sFETCH/',$read)) { + if (($sCommand == "FETCH" || $sCommand == "STORE") && preg_match('/^\*\s\d+\sFETCH/',$read)) { /* check for literal */ $s = substr($read,-3); $fetch_data = array(); @@ -392,6 +477,7 @@ function sqimap_retrieve_imap_response($imap_stream, $tag, $handle_errors, we prohibid that literal responses appear in the outer loop so we can trust the untagged and tagged info provided by $read */ + $read_literal = false; if ($s === "}\r\n") { $j = strrpos($read,'{'); $iLit = substr($read,$j+1,-3); @@ -416,7 +502,9 @@ function sqimap_retrieve_imap_response($imap_stream, $tag, $handle_errors, if ($read === false) { /* error */ break 4; /* while while switch while */ } - $fetch_data[] = $read; + $s = substr($read,-3); + $read_literal = true; + continue; } else { $fetch_data[] = $read; } @@ -429,7 +517,7 @@ function sqimap_retrieve_imap_response($imap_stream, $tag, $handle_errors, /* check for next untagged reponse and break */ if ($read{0} == '*') break 2; $s = substr($read,-3); - } while ($s === "}\r\n"); + } while ($s === "}\r\n" || $read_literal); $s = substr($read,-3); } while ($read{0} !== '*' && substr($read,0,strlen($tag)) !== $tag); @@ -442,14 +530,21 @@ function sqimap_retrieve_imap_response($imap_stream, $tag, $handle_errors, if ($s === "}\r\n") { $j = strrpos($read,'{'); $iLit = substr($read,$j+1,-3); - $data[] = $read; - $sLiteral = fread($imap_stream,$iLit); - if ($sLiteral === false) { /* error */ - $read = false; - break 3; /* while switch while */ + // check for numeric value to avoid that untagged responses like: + // * OK [PARSE] Unexpected characters at end of address: {SET:debug=51} + // will trigger literal fetching ({SET:debug=51} !== int ) + if (is_numeric($iLit)) { + $data[] = $read; + $sLiteral = fread($imap_stream,$iLit); + if ($sLiteral === false) { /* error */ + $read = false; + break 3; /* while switch while */ + } + $data[] = $sLiteral; + $data[] = sqimap_fgets($imap_stream); + } else { + $data[] = $read; } - $data[] = $sLiteral; - $data[] = sqimap_fgets($imap_stream); } else { $data[] = $read; } @@ -476,12 +571,13 @@ function sqimap_retrieve_imap_response($imap_stream, $tag, $handle_errors, if (!$handle_errors) { $query = ''; } - sqimap_error_box(_("ERROR : Imap server closed the connection."), $query, _("Server responded:"),$sResponse); + sqimap_error_box(_("ERROR: IMAP server closed the connection."), $query, _("Server responded:"),$sResponse); +//FIXME: NO HTML IN CORE! echo ''; exit; } else if ($handle_errors) { unset($data); - sqimap_error_box(_("ERROR : Connection dropped by imap-server."), $query); + sqimap_error_box(_("ERROR: Connection dropped by IMAP server."), $query); exit; } } @@ -505,21 +601,23 @@ function sqimap_retrieve_imap_response($imap_stream, $tag, $handle_errors, case 'NO': /* ignore this error from M$ exchange, it is not fatal (aka bug) */ if (strstr($message[$tag], 'command resulted in') === false) { - sqimap_error_box(_("ERROR : Could not complete request."), $query, _("Reason Given: "), $message[$tag]); + sqimap_error_box(_("ERROR: Could not complete request."), $query, _("Reason Given:") . ' ', $message[$tag]); echo ''; exit; } break; case 'BAD': - sqimap_error_box(_("ERROR : Bad or malformed request."), $query, _("Server responded: "), $message[$tag]); + sqimap_error_box(_("ERROR: Bad or malformed request."), $query, _("Server responded:") . ' ', $message[$tag]); +//FIXME: NO HTML IN CORE! echo ''; exit; case 'BYE': - sqimap_error_box(_("ERROR : Imap server closed the connection."), $query, _("Server responded: "), $message[$tag]); + sqimap_error_box(_("ERROR: IMAP server closed the connection."), $query, _("Server responded:") . ' ', $message[$tag]); +//FIXME: NO HTML IN CORE! echo ''; exit; default: - sqimap_error_box(_("ERROR : Unknown imap response."), $query, _("Server responded: "), $message[$tag]); + sqimap_error_box(_("ERROR: Unknown IMAP response."), $query, _("Server responded:") . ' ', $message[$tag]); /* the error is displayed but because we don't know the reponse we return the result anyway */ return $aResponse; @@ -527,6 +625,17 @@ function sqimap_retrieve_imap_response($imap_stream, $tag, $handle_errors, } } +/** + * @param stream $imap_stream imap string + * @param string $tag_uid + * @param boolean $handle_errors + * @param array $response + * @param array $message + * @param string $query (since 1.2.5) + * @param boolean $filter (since 1.4.1) see sqimap_fread() + * @param mixed $outputstream (since 1.4.1) see sqimap_fread() + * @param boolean $no_return (since 1.4.1) see sqimap_fread() + */ function sqimap_read_data ($imap_stream, $tag_uid, $handle_errors, &$response, &$message, $query = '', $filter=false,$outputstream=false,$no_return=false) { @@ -541,16 +650,23 @@ function sqimap_read_data ($imap_stream, $tag_uid, $handle_errors, /** * Connects to the IMAP server and returns a resource identifier for use with - * the other SquirrelMail IMAP functions. Does NOT login! + * the other SquirrelMail IMAP functions. Does NOT login! * @param string server hostname of IMAP server * @param int port port number to connect to - * @param bool tls whether to use TLS when connecting. + * @param integer $tls whether to use plain text(0), TLS(1) or STARTTLS(2) when connecting. + * Argument was boolean before 1.5.1. * @return imap-stream resource identifier + * @since 1.5.0 (usable only in 1.5.1 or later) */ -function sqimap_create_stream($server,$port,$tls=false) { +function sqimap_create_stream($server,$port,$tls=0) { global $squirrelmail_language; - if ($tls == true) { + if (strstr($server,':') && ! preg_match("/^\[.*\]$/",$server)) { + // numerical IPv6 address must be enclosed in square brackets + $server = '['.$server.']'; + } + + if ($tls == 1) { if ((check_php_version(4,3)) and (extension_loaded('openssl'))) { /* Use TLS by prefixing "tls://" to the hostname */ $server = 'tls://' . $server; @@ -560,7 +676,8 @@ function sqimap_create_stream($server,$port,$tls=false) { '
'. _("TLS is enabled, but this version of PHP does not support TLS sockets, or is missing the openssl extension."). '

'. - _("Please contact your system administrator and report this error.") ); + _("Please contact your system administrator and report this error."), + sprintf(_("Error connecting to IMAP server: %s."), $server)); } } @@ -571,26 +688,144 @@ function sqimap_create_stream($server,$port,$tls=false) { set_up_language($squirrelmail_language, true); require_once(SM_PATH . 'functions/display_messages.php'); logout_error( sprintf(_("Error connecting to IMAP server: %s."), $server). - "
\r\n$error_number : $error_string
\r\n" ); +//FIXME: NO HTML IN CORE! + "
\r\n$error_number : $error_string
\r\n", + sprintf(_("Error connecting to IMAP server: %s."), $server) ); exit; } $server_info = fgets ($imap_stream, 1024); + + /** + * Implementing IMAP STARTTLS (rfc2595) in php 5.1.0+ + * http://www.php.net/stream-socket-enable-crypto + */ + if ($tls === 2) { + if (function_exists('stream_socket_enable_crypto')) { + // check starttls capability, don't use cached capability version + if (! sqimap_capability($imap_stream, 'STARTTLS', false)) { + // imap server does not declare starttls support + sqimap_error_box(sprintf(_("Error connecting to IMAP server: %s."), $server), + '','', + _("IMAP STARTTLS is enabled in SquirrelMail configuration, but used IMAP server does not support STARTTLS.")); + exit; + } + + // issue starttls command and check response + sqimap_run_command($imap_stream, 'STARTTLS', false, $starttls_response, $starttls_message); + // check response + if ($starttls_response!='OK') { + // starttls command failed + sqimap_error_box(sprintf(_("Error connecting to IMAP server: %s."), $server), + 'STARTTLS', + _("Server replied:") . ' ', + $starttls_message); + exit(); + } + + // start crypto on connection. suppress function errors. + if (@stream_socket_enable_crypto($imap_stream,true,STREAM_CRYPTO_METHOD_TLS_CLIENT)) { + // starttls was successful + + /** + * RFC 2595 requires to discard CAPABILITY information after successful + * STARTTLS command. We don't follow RFC, because SquirrelMail stores CAPABILITY + * information only after successful login (src/redirect.php) and cached information + * is used only in other php script connections after successful STARTTLS. If script + * issues sqimap_capability() call before sqimap_login() and wants to get initial + * capability response, script should set third sqimap_capability() argument to false. + */ + //sqsession_unregister('sqimap_capabilities'); + } else { + /** + * stream_socket_enable_crypto() call failed. Possible issues: + * - broken ssl certificate (uw drops connection, error is in syslog mail facility) + * - some ssl error (can reproduce with STREAM_CRYPTO_METHOD_SSLv3_CLIENT, PHP E_WARNING + * suppressed in stream_socket_enable_crypto() call) + */ + sqimap_error_box(sprintf(_("Error connecting to IMAP server: %s."), $server), + '','', + _("Unable to start TLS.")); + /** + * Bug: stream_socket_enable_crypto() does not register SSL errors in + * openssl_error_string() or stream notification wrapper and displays + * them in E_WARNING level message. It is impossible to retrieve error + * message without own error handler. + */ + exit; + } + } else { + // php install does not support stream_socket_enable_crypto() function + sqimap_error_box(sprintf(_("Error connecting to IMAP server: %s."), $server), + '','', + _("IMAP STARTTLS is enabled in SquirrelMail configuration, but used PHP version does not support functions that allow to enable encryption on open socket.")); + exit; + } + } return $imap_stream; } /** - * Logs the user into the imap server. If $hide is set, no error messages - * will be displayed. This function returns the imap connection handle. + * Logs the user into the IMAP server. If $hide is set, no error messages + * will be displayed (if set to 1, just exits, if set to 2, returns FALSE). + * This function returns the IMAP connection handle. + * @param string $username user name + * @param string $password password encrypted with onetimepad. Since 1.5.2 + * function can use internal password functions, if parameter is set to + * boolean false. + * @param string $imap_server_address address of imap server + * @param integer $imap_port port of imap server + * @param int $hide controls display connection errors: + * 0 = do not hide + * 1 = show no errors (just exit) + * 2 = show no errors (return FALSE) + * 3 = show no errors (return error string) + * @return mixed The IMAP connection stream, or if the connection fails, + * FALSE if $hide is set to 2 or an error string if $hide + * is set to 3. */ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $hide) { global $color, $squirrelmail_language, $onetimepad, $use_imap_tls, $imap_auth_mech, $sqimap_capabilities; - if (!isset($onetimepad) || empty($onetimepad)) { - sqgetglobalvar('onetimepad' , $onetimepad , SQ_SESSION ); + // Note/TODO: This hack grabs the $authz argument from the session. In the short future, + // a new argument in function sqimap_login() will be used instead. + $authz = ''; + global $authz; + sqgetglobalvar('authz' , $authz , SQ_SESSION); + + if(!empty($authz)) { + /* authz plugin - specific: + * Get proxy login parameters from authz plugin configuration. If they + * exist, they will override the current ones. + * This is useful if we want to use different SASL authentication mechanism + * and/or different TLS settings for proxy logins. */ + global $authz_imap_auth_mech, $authz_use_imap_tls, $authz_imapPort_tls; + $imap_auth_mech = !empty($authz_imap_auth_mech) ? strtolower($authz_imap_auth_mech) : $imap_auth_mech; + $use_imap_tls = !empty($authz_use_imap_tls)? $authz_use_imap_tls : $use_imap_tls; + $imap_port = !empty($authz_use_imap_tls)? $authz_imapPort_tls : $imap_port; + + if($imap_auth_mech == 'login' || $imap_auth_mech == 'cram-md5') { + logout_error("Misconfigured Plugin (authz or equivalent):
". + "The LOGIN and CRAM-MD5 authentication mechanisms cannot be used when attempting proxy login."); + exit; + } + } + + /* get imap login password */ + if ($password===false) { + /* standard functions */ + $password = sqauth_read_password(); + } else { + /* old way. $key must be extracted from cookie */ + if (!isset($onetimepad) || empty($onetimepad)) { + sqgetglobalvar('onetimepad' , $onetimepad , SQ_SESSION ); + } + /* Decrypt the password */ + $password = OneTimePadDecrypt($password, $onetimepad); } + if (!isset($sqimap_capabilities)) { - sqgetglobalvar('sqimap_capabilities' , $capability , SQ_SESSION ); + sqgetglobalvar('sqimap_capabilities' , $sqimap_capabilities , SQ_SESSION ); } $host = $imap_server_address; @@ -598,9 +833,6 @@ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $ $imap_stream = sqimap_create_stream($imap_server_address,$imap_port,$use_imap_tls); - /* Decrypt the password */ - $password = OneTimePadDecrypt($password, $onetimepad); - if (($imap_auth_mech == 'cram-md5') OR ($imap_auth_mech == 'digest-md5')) { // We're using some sort of authentication OTHER than plain or login $tag=sqimap_session_id(false); @@ -617,7 +849,7 @@ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $ // Got a challenge back $challenge=$response[1]; if ($imap_auth_mech == 'digest-md5') { - $reply = digest_md5_response($username,$password,$challenge,'imap',$host); + $reply = digest_md5_response($username,$password,$challenge,'imap',$host,$authz); } elseif ($imap_auth_mech == 'cram-md5') { $reply = cram_md5_response($username,$password,$challenge); } @@ -645,22 +877,25 @@ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $ $read = sqimap_run_command ($imap_stream, $query, false, $response, $message); } elseif ($imap_auth_mech == 'plain') { /*** - * SASL PLAIN + * SASL PLAIN, RFC 4616 (updates 2595) * - * RFC 2595 Chapter 6 - * - * The mechanism consists of a single message from the client to the - * server. The client sends the authorization identity (identity to - * login as), followed by a US-ASCII NUL character, followed by the - * authentication identity (identity whose password will be used), - * followed by a US-ASCII NUL character, followed by the clear-text - * password. The client may leave the authorization identity empty to - * indicate that it is the same as the authentication identity. - * - **/ + * The mechanism consists of a single message, a string of [UTF-8] + * encoded [Unicode] characters, from the client to the server. The + * client presents the authorization identity (identity to act as), + * followed by a NUL (U+0000) character, followed by the authentication + * identity (identity whose password will be used), followed by a NUL + * (U+0000) character, followed by the clear-text password. As with + * other SASL mechanisms, the client does not provide an authorization + * identity when it wishes the server to derive an identity from the + * credentials and use that as the authorization identity. + */ $tag=sqimap_session_id(false); - $sasl = (isset($capability['SASL-IR']) && $capability['SASL-IR']) ? true : false; - $auth = base64_encode("$username\0$username\0$password"); + $sasl = (isset($sqimap_capabilities['SASL-IR']) && $sqimap_capabilities['SASL-IR']) ? true : false; + if(!empty($authz)) { + $auth = base64_encode("$username\0$authz\0$password"); + } else { + $auth = base64_encode("$username\0$username\0$password"); + } if ($sasl) { // IMAP Extension for SASL Initial Client Response // @@ -679,6 +914,7 @@ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $ $results=explode(" ",$read,3); $response=$results[1]; $message=$results[2]; + } else { $response="BAD"; $message="Internal SquirrelMail error - unknown IMAP authentication method chosen. Please contact the developers."; @@ -686,15 +922,17 @@ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $ /* If the connection was not successful, lets see why */ if ($response != 'OK') { - if (!$hide) { + if (!$hide || $hide == 3) { +//FIXME: UUURG... We don't want HTML in error messages, should also do html sanitizing of error messages elsewhere; should't assume output is destined for an HTML browser here if ($response != 'NO') { /* "BAD" and anything else gets reported here. */ $message = htmlspecialchars($message); set_up_language($squirrelmail_language, true); - require_once(SM_PATH . 'functions/display_messages.php'); if ($response == 'BAD') { + if ($hide == 3) return sprintf(_("Bad request: %s"), $message); $string = sprintf (_("Bad request: %s")."
\r\n", $message); } else { + if ($hide == 3) return sprintf(_("Unknown error: %s"), $message); $string = sprintf (_("Unknown error: %s") . "
\n", $message); } if (isset($read) && is_array($read)) { @@ -703,7 +941,7 @@ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $ $string .= htmlspecialchars($line) . "
\n"; } } - error_box($string,$color); + error_box($string); exit; } else { /* @@ -718,23 +956,40 @@ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $ */ set_up_language($squirrelmail_language, true); - include_once(SM_PATH . 'functions/display_messages.php' ); sqsession_destroy(); + /* terminate the session nicely */ sqimap_logout($imap_stream); + if ($hide == 3) return _("Unknown user or password incorrect."); logout_error( _("Unknown user or password incorrect.") ); exit; } } else { + if ($hide == 2) return FALSE; exit; } } + + /* Special error case: + * Login referrals. The server returns: + * ? OK [REFERRAL ] + * Check RFC 2221 for details. Since we do not support login referrals yet + * we log the user out. + */ + if ( stristr($message, 'REFERRAL imap') === TRUE ) { + sqimap_logout($imap_stream); + set_up_language($squirrelmail_language, true); + sqsession_destroy(); + logout_error( _("Your mailbox is not located at this server. Try a different server or consult your system administrator") ); + exit; + } + return $imap_stream; } /** * Simply logs out the IMAP session - * @param stream imap_stream the IMAP connection to log out. + * @param stream $imap_stream the IMAP connection to log out. * @return void */ function sqimap_logout ($imap_stream) { @@ -745,24 +1000,37 @@ function sqimap_logout ($imap_stream) { } /** - * Retreive the CAPABILITY string from the IMAP server. + * Retrieve the CAPABILITY string from the IMAP server. * If capability is set, returns only that specific capability, * else returns array of all capabilities. + * @param stream $imap_stream + * @param string $capability (since 1.3.0) + * @param boolean $bUseCache (since 1.5.1) Controls use of capability data stored in session + * @return mixed (string if $capability is set and found, + * false, if $capability is set and not found, + * array if $capability not set) */ -function sqimap_capability($imap_stream, $capability='') { - global $sqimap_capabilities; - if (!is_array($sqimap_capabilities)) { - $read = sqimap_run_command($imap_stream, 'CAPABILITY', true, $a, $b); +function sqimap_capability($imap_stream, $capability='', $bUseCache=true) { + // sqgetGlobalVar('sqimap_capabilities', $sqimap_capabilities, SQ_SESSION); + if (!$bUseCache || ! sqgetGlobalVar('sqimap_capabilities', $sqimap_capabilities, SQ_SESSION)) { + $read = sqimap_run_command($imap_stream, 'CAPABILITY', true, $a, $b); $c = explode(' ', $read[0]); for ($i=2; $i < count($c); $i++) { $cap_list = explode('=', $c[$i]); if (isset($cap_list[1])) { - // FIX ME. capabilities can occure multiple times. - // THREAD=REFERENCES THREAD=ORDEREDSUBJECT - $sqimap_capabilities[$cap_list[0]] = $cap_list[1]; + if(isset($sqimap_capabilities[trim($cap_list[0])]) && + !is_array($sqimap_capabilities[trim($cap_list[0])])) { + // Remove array key that was added in 'else' block below + // This is to accomodate for capabilities like: + // SORT SORT=MODSEQ + unset($sqimap_capabilities[trim($cap_list[0])]); + } + $sqimap_capabilities[trim($cap_list[0])][] = $cap_list[1]; } else { - $sqimap_capabilities[$cap_list[0]] = TRUE; + if(!isset($sqimap_capabilities[trim($cap_list[0])])) { + $sqimap_capabilities[trim($cap_list[0])] = TRUE; + } } } } @@ -777,7 +1045,9 @@ function sqimap_capability($imap_stream, $capability='') { } /** - * Returns the delimeter between mailboxes: INBOX/Test, or INBOX.Test + * Returns the delimiter between mailboxes: INBOX/Test, or INBOX.Test + * @param stream $imap_stream + * @return string */ function sqimap_get_delimiter ($imap_stream = false) { global $sqimap_delimiter, $optional_delimiter; @@ -787,6 +1057,11 @@ function sqimap_get_delimiter ($imap_stream = false) { return $optional_delimiter; } + /* Delimiter is stored in the session from redirect. Try fetching from there first */ + if (empty($sqimap_delimiter)) { + sqgetGlobalVar('delimiter',$sqimap_delimiter,SQ_SESSION); + } + /* Do some caching here */ if (!$sqimap_delimiter) { if (sqimap_capability($imap_stream, 'NAMESPACE')) { @@ -796,6 +1071,8 @@ function sqimap_get_delimiter ($imap_stream = false) { * OS: According to rfc2342 response from NAMESPACE command is: * OS: * NAMESPACE (PERSONAL NAMESPACES) (OTHER_USERS NAMESPACE) (SHARED NAMESPACES) * OS: We want to lookup all personal NAMESPACES... + * + * TODO: remove this in favour of the information from sqimap_get_namespace() */ $read = sqimap_run_command($imap_stream, 'NAMESPACE', true, $a, $b); if (eregi('\\* NAMESPACE +(\\( *\\(.+\\) *\\)|NIL) +(\\( *\\(.+\\) *\\)|NIL) +(\\( *\\(.+\\) *\\)|NIL)', $read[0], $data)) { @@ -816,7 +1093,7 @@ function sqimap_get_delimiter ($imap_stream = false) { } else { fputs ($imap_stream, ". LIST \"INBOX\" \"\"\r\n"); $read = sqimap_read_data($imap_stream, '.', true, $a, $b); - $read = $read['.'][0]; //sqimap_read_data() now returns a tag array of response array + $read = $read['.'][0]; //sqimap_read_data() now returns a tag array of response array $quote_position = strpos ($read[0], '"'); $sqimap_delimiter = substr ($read[0], $quote_position+1, 1); } @@ -824,37 +1101,105 @@ function sqimap_get_delimiter ($imap_stream = false) { return $sqimap_delimiter; } +/** + * Retrieves the namespaces from the IMAP server. + * NAMESPACE is an IMAP extension defined in RFC 2342. + * + * @param stream $imap_stream + * @return array + */ +function sqimap_get_namespace($imap_stream) { + $read = sqimap_run_command($imap_stream, 'NAMESPACE', true, $a, $b); + return sqimap_parse_namespace($read[0]); +} + +/** + * Parses a NAMESPACE response and returns an array with the available + * personal, users and shared namespaces. + * + * @param string $input + * @return array The returned array has the following format: + * 
+ * array(
+ *   'personal' => array(
+ *       0 => array('prefix'=>'INBOX.','delimiter' =>'.'),
+ *       1 => ...
+ *    ),
+ *    'users' => array(..
+ *    ),
+ *    'shared' => array( ..
+ *    )
+ * )
+ *
+ * Note that if a namespace is not defined in the server, then the corresponding + * array will be empty. + */ +function sqimap_parse_namespace(&$input) { + $ns_strings = array(1=>'personal', 2=>'users', 3=>'shared'); + $namespace = array(); + + if(ereg('NAMESPACE (\(\(.*\)\)|NIL) (\(\(.*\)\)|NIL) (\(\(.*\)\)|NIL)', $input, $regs) !== false) { + for($i=1; $i<=3; $i++) { + if($regs[$i] == 'NIL') { + $namespace[$ns_strings[$i]] = array(); + } else { + // Pop-out the first ( and last ) for easier parsing + $ns = substr($regs[$i], 1, sizeof($regs[$i])-2); + if($c = preg_match_all('/\((?:(.*?)\s*?)\)/', $ns, $regs2)) { + $namespace[$ns_strings[$i]] = array(); + for($j=0; $j $max)); @@ -870,6 +1215,13 @@ function parseAddress($address, $max=0) { /** * OBSOLETE FUNCTION should be removed after mailbox_display, * printMessage function is adapted + * + * callback function used for formating of addresses array in + * parseAddress() function + * @param array $aAddr + * @param integer $k array key + * @since 1.5.1 + * @deprecated */ function _adaptAddress(&$aAddr,$k) { $sPersonal = (isset($aAddr[SQM_ADDR_PERSONAL]) && $aAddr[SQM_ADDR_PERSONAL]) ? @@ -883,6 +1235,11 @@ function _adaptAddress(&$aAddr,$k) { /** * Returns the number of unseen messages in this folder. * obsoleted by sqimap_status_messages ! + * Arguments differ in 1.0.x + * @param stream $imap_stream + * @param string $mailbox + * @return integer + * @deprecated */ function sqimap_unseen_messages ($imap_stream, $mailbox) { $aStatus = sqimap_status_messages($imap_stream,$mailbox,array('UNSEEN')); @@ -892,7 +1249,13 @@ function sqimap_unseen_messages ($imap_stream, $mailbox) { /** * Returns the status items of a mailbox. * Default it returns MESSAGES,UNSEEN and RECENT - * Supported status items are MESSAGES, UNSEEN, RECENT, UIDNEXT and UIDVALIDITY + * Supported status items are MESSAGES, UNSEEN, RECENT (since 1.4.0), + * UIDNEXT (since 1.5.1) and UIDVALIDITY (since 1.5.1) + * @param stream $imap_stream imap stream + * @param string $mailbox mail folder + * @param array $aStatusItems status items + * @return array + * @since 1.3.2 */ function sqimap_status_messages ($imap_stream, $mailbox, $aStatusItems = array('MESSAGES','UNSEEN','RECENT')) { @@ -921,55 +1284,136 @@ function sqimap_status_messages ($imap_stream, $mailbox, } $i++; } - return array('MESSAGES' => $messages, + + $status=array('MESSAGES' => $messages, 'UNSEEN'=>$unseen, 'RECENT' => $recent, 'UIDNEXT' => $uidnext, 'UIDVALIDITY' => $uidvalidity); + + if (!empty($messages)) { $hook_status['MESSAGES']=$messages; } + if (!empty($unseen)) { $hook_status['UNSEEN']=$unseen; } + if (!empty($recent)) { $hook_status['RECENT']=$recent; } + if (!empty($hook_status)) { + $hook_status['MAILBOX']=$mailbox; + $hook_status['CALLER']='sqimap_status_messages'; + do_hook('folder_status', $hook_status); + } + return $status; } /** * Saves a message to a given folder -- used for saving sent messages + * @param stream $imap_stream + * @param string $sent_folder + * @param $length + * @return string $sid */ -function sqimap_append ($imap_stream, $sent_folder, $length) { - fputs ($imap_stream, sqimap_session_id() . ' APPEND ' . sqimap_encode_mailbox_name($sent_folder) . " (\\Seen) \{$length}\r\n"); +function sqimap_append ($imap_stream, $sMailbox, $length) { + $sid = sqimap_session_id(); + $query = $sid . ' APPEND ' . sqimap_encode_mailbox_name($sMailbox) . " (\\Seen) {".$length."}"; + fputs ($imap_stream, "$query\r\n"); $tmp = fgets ($imap_stream, 1024); + sqimap_append_checkresponse($tmp, $sMailbox,$sid, $query); + return $sid; } -function sqimap_append_done ($imap_stream, $folder='') { - global $squirrelmail_language, $color; +/** + * @param stream imap_stream + * @param string $folder (since 1.3.2) + */ +function sqimap_append_done ($imap_stream, $sMailbox='') { fputs ($imap_stream, "\r\n"); $tmp = fgets ($imap_stream, 1024); - if (preg_match("/(.*)(BAD|NO)(.*)$/", $tmp, $regs)) { - set_up_language($squirrelmail_language); - require_once(SM_PATH . 'functions/display_messages.php'); - $reason = $regs[3]; - if ($regs[2] == 'NO') { - $string = "\n" . - _("ERROR : Could not append message to") ." $folder." . - "
\n" . - _("Server responded: ") . - $reason . "
\n"; - if (preg_match("/(.*)(quota)(.*)$/i", $reason, $regs)) { - $string .= _("Solution: ") . - _("Remove unneccessary messages from your folder and start with your Trash folder.") - ."
\n"; - } - $string .= "\n"; - error_box($string,$color); - } else { - $string = "\n" . - _("ERROR : Bad or malformed request.") . - "
\n" . - _("Server responded: ") . - $tmp . "
\n"; - error_box($string,$color); - exit; + while (!sqimap_append_checkresponse($tmp, $sMailbox)) { + $tmp = fgets ($imap_stream, 1024); + } +} + +/** + * Displays error messages, if there are errors in responses to + * commands issues by sqimap_append() and sqimap_append_done() functions. + * @param string $response + * @param string $sMailbox + * @return bool $bDone + * @since 1.5.1 and 1.4.5 + */ +function sqimap_append_checkresponse($response, $sMailbox, $sid='', $query='') { + // static vars to keep them available when sqimap_append_done calls this function. + static $imapquery, $imapsid; + + $bDone = false; + + if ($query) { + $imapquery = $query; + } + if ($sid) { + $imapsid = $sid; + } + if ($response{0} == '+') { + // continuation request triggerd by sqimap_append() + $bDone = true; + } else { + $i = strpos($response, ' '); + $sRsp = substr($response,0,$i); + $sMsg = substr($response,$i+1); + $aExtra = array('MAILBOX' => $sMailbox); + switch ($sRsp) { + case '*': //untagged response + $i = strpos($sMsg, ' '); + $sRsp = strtoupper(substr($sMsg,0,$i)); + $sMsg = substr($sMsg,$i+1); + if ($sRsp == 'NO' || $sRsp == 'BAD') { + // for the moment disabled. Enable after 1.5.1 release. + // Notices could give valueable information about the mailbox + // sqm_trigger_imap_error('SQM_IMAP_APPEND_NOTICE',$imapquery,$sRsp,$sMsg); + } + $bDone = false; + case $imapsid: + // A001 OK message + // $imapsid$sRsp$sMsg + $bDone = true; + $i = strpos($sMsg, ' '); + $sRsp = strtoupper(substr($sMsg,0,$i)); + $sMsg = substr($sMsg,$i+1); + switch ($sRsp) { + case 'NO': + if (preg_match("/(.*)(quota)(.*)$/i", $sMsg, $aMatch)) { + sqm_trigger_imap_error('SQM_IMAP_APPEND_QUOTA_ERROR',$imapquery,$sRsp,$sMsg,$aExtra); + } else { + sqm_trigger_imap_error('SQM_IMAP_APPEND_ERROR',$imapquery,$sRsp,$sMsg,$aExtra); + } + break; + case 'BAD': + sqm_trigger_imap_error('SQM_IMAP_ERROR',$imapquery,$sRsp,$sMsg,$aExtra); + break; + case 'BYE': + sqm_trigger_imap_error('SQM_IMAP_BYE',$imapquery,$sRsp,$sMsg,$aExtra); + break; + case 'OK': + break; + default: + break; + } + break; + default: + // should be false because of the unexpected response but i'm not sure if + // that will cause an endless loop in sqimap_append_done + $bDone = true; } } + return $bDone; } +/** + * Allows mapping of IMAP server address with custom function + * see map_yp_alias() + * @param string $imap_server imap server address or mapping + * @param string $username + * @return string + * @since 1.3.0 + */ function sqimap_get_user_server ($imap_server, $username) { if (substr($imap_server, 0, 4) != "map:") { return $imap_server; @@ -979,14 +1423,18 @@ function sqimap_get_user_server ($imap_server, $username) { } /** - * This is an example that gets imapservers from yellowpages (NIS). + * This is an example that gets IMAP servers from yellowpages (NIS). * you can simple put map:map_yp_alias in your $imap_server_address * in config.php use your own function instead map_yp_alias to map your - * LDAP whatever way to find the users imapserver. + * LDAP whatever way to find the users IMAP server. + * + * Requires access to external ypmatch program + * FIXME: it can be implemented in php yp extension or pecl (since php 5.1.0) + * @param string $username + * @return string + * @since 1.3.0 */ function map_yp_alias($username) { $yp = `ypmatch $username aliases`; return chop(substr($yp, strlen($username)+1)); } - -?>