X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=src%2Fconfigtest.php;h=82a3ac9e571bc711a9489022de88c956879348d4;hp=d9d2a268862063b50e326dbfcae3663ed43a9ff9;hb=088af3c4d7e878d89577fb109e785bdf38d253cd;hpb=cafb13435acfda55eb2f619ac998bc19fa104eb9 diff --git a/src/configtest.php b/src/configtest.php index d9d2a268..82a3ac9e 100644 --- a/src/configtest.php +++ b/src/configtest.php @@ -3,7 +3,7 @@ /** * SquirrelMail configtest script * - * @copyright © 2003-2005 The SquirrelMail Project Team + * @copyright © 2003-2006 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package squirrelmail @@ -17,13 +17,17 @@ // This script could really use some restructuring as it has grown quite rapidly // but is not very 'clean'. Feel free to get some structure into this thing. - -function do_err($str, $exit = TRUE) { - global $IND; - echo '

'.$IND.'ERROR: ' .$str. "

\n"; - if($exit) { - echo ''; - exit; +$warnings = 0; + +function do_err($str, $fatal = TRUE) { + global $IND, $warnings; + $level = $fatal ? 'FATAL ERROR:' : 'WARNING:'; + echo '

'.$IND.'' . $level . ' ' .$str. "

\n"; + if($fatal) { + echo ''; + exit; + } else { + $warnings++; } } @@ -46,11 +50,12 @@ if (file_exists(SM_PATH . 'config/config.php')) { include(SM_PATH . 'config/config.php'); include(SM_PATH . 'functions/strings.php'); } -?> +?> - - SquirrelMail configtest + + SquirrelMail configtest

SquirrelMail configtest

@@ -65,29 +70,37 @@ $included = array_map('basename', get_included_files() ); if(!in_array('config.php', $included)) { if(!file_exists(SM_PATH . 'config/config.php')) { do_err('Config file '.SM_PATH . 'config/config.php does not exist!
'. - 'You need to run conf.pl first.'); + 'You need to run conf.pl first.'); } do_err('Could not read '.SM_PATH.'config/config.php! Check file permissions.'); } if(!in_array('strings.php', $included)) { do_err('Could not include '.SM_PATH.'functions/strings.php!
'. - 'Check permissions on that file.'); + 'Check permissions on that file.'); } /* Block remote use of script */ if (! $allow_remote_configtest) { sqGetGlobalVar('REMOTE_ADDR',$client_ip,SQ_SERVER); - if (! isset($client_ip) || $client_ip!='127.0.0.1') { + sqGetGlobalVar('SERVER_ADDR',$server_ip,SQ_SERVER); + + if ((! isset($client_ip) || $client_ip!='127.0.0.1') && + (! isset($client_ip) || ! isset($server_ip) || $client_ip!=$server_ip)) { do_err('Enable "Allow remote configtest" option in squirrelmail configuration in order to use this script.'); } } /* checking PHP specs */ echo "

\n\n" . - '\n" . - '\n
SquirrelMail version:" . $version . "
Config file version:' . $config_version . "
Config file last modified:' . - date ('d F Y H:i:s', filemtime(SM_PATH . 'config/config.php')) . - "
\n

\n\n"; + 'Config file version:' . $config_version . "\n" . + 'Config file last modified:' . + date ('d F Y H:i:s', filemtime(SM_PATH . 'config/config.php')) . + "\n\n

\n\n"; + +/* check $config_version */ +if ($config_version!='1.4.0') { + do_err('Configuration file version does not match required version. Please update your configuration file.'); +} echo "Checking PHP configuration...
\n"; @@ -95,7 +108,7 @@ if(!check_php_version(4,1,0)) { do_err('Insufficient PHP version: '. PHP_VERSION . '! Minimum required: 4.1.0'); } -echo $IND . 'PHP version ' . PHP_VERSION . " OK.
\n"; +echo $IND . 'PHP version ' . PHP_VERSION . ' OK. (You have: ' . phpversion() . ". Minimum: 4.1.0)
\n"; $php_exts = array('session','pcre'); $diff = array_diff($php_exts, get_loaded_extensions()); @@ -180,12 +193,43 @@ if($data_dir == $attachment_dir) { /* check plugins and themes */ +$bad_plugins = array( + 'attachment_common', + 'auto_prune_sent', + 'compose_new_window', + 'delete_move_next', + 'disk_quota', + 'email_priority', + 'emoticons', + 'focus_change', + 'folder_preferences', + 'global_sql_addressbook', + 'hancock', + 'message_source', + 'motd', + 'paginator', + 'printer_friendly', + 'procfilter', + 'redhat_php_cgi_fix', + 'send_to_semicolon', + 'spamassassin', + 'sqcalendar', + 'sqclock', + 'sql_squirrel_logger', + 'tmda', + 'vacation', + 'view_as_html', + 'xmailer' + ); + if (isset($plugins[0])) { foreach($plugins as $plugin) { if(!file_exists(SM_PATH .'plugins/'.$plugin)) { - do_err('You have enabled the '.$plugin.' plugin but I cannot find it.', FALSE); + do_err('You have enabled the '.$plugin.' plugin, but I cannot find it.', FALSE); } elseif (!is_readable(SM_PATH .'plugins/'.$plugin.'/setup.php')) { - do_err('You have enabled the '.$plugin.' plugin but I cannot read its setup.php file.', FALSE); + do_err('You have enabled the '.$plugin.' plugin, but I cannot read its setup.php file.', FALSE); + } elseif (in_array($plugin, $bad_plugins)) { + do_err('You have enabled the '.$plugin.' plugin, which causes problems with this version of SquirrelMail. Please check the ReleaseNotes or other documentation for more information.', false); } } echo $IND . "Plugins OK.
\n"; @@ -206,13 +250,13 @@ if ( $squirrelmail_default_language != 'en_US' ) { $loc_path = SM_PATH .'locale/'.$squirrelmail_default_language.'/LC_MESSAGES/squirrelmail.mo'; if( ! file_exists( $loc_path ) ) { do_err('You have set ' . $squirrelmail_default_language . - ' as your default language, but I cannot find this translation (should be '. - 'in ' . $loc_path . '). Please note that you have to download translations '. - 'separately from the main SquirrelMail package.', FALSE); + ' as your default language, but I cannot find this translation (should be '. + 'in ' . $loc_path . '). Please note that you have to download translations '. + 'separately from the main SquirrelMail package.', FALSE); } elseif ( ! is_readable( $loc_path ) ) { do_err('You have set ' . $squirrelmail_default_language . - ' as your default language, but I cannot read this translation (file '. - 'in ' . $loc_path . ' unreadable).', FALSE); + ' as your default language, but I cannot read this translation (file '. + 'in ' . $loc_path . ' unreadable).', FALSE); } else { echo $IND . "Default language OK.
\n"; } @@ -222,10 +266,10 @@ if ( $squirrelmail_default_language != 'en_US' ) { echo $IND . "Base URL detected as: " . htmlspecialchars(get_location()) . "
\n"; +/* check minimal requirements for other security options */ -/* check outgoing mail */ - -if($use_smtp_tls || $use_imap_tls) { +/* imaps or ssmtp */ +if($use_smtp_tls == 1 || $use_imap_tls == 1) { if(!check_php_version(4,3,0)) { do_err('You need at least PHP 4.3.0 for SMTP/IMAP TLS!'); } @@ -233,6 +277,20 @@ if($use_smtp_tls || $use_imap_tls) { do_err('You need the openssl PHP extension to use SMTP/IMAP TLS!'); } } +/* starttls extensions */ +if($use_smtp_tls == 2 || $use_imap_tls == 2) { + if (! function_exists('stream_socket_enable_crypto')) { + do_err('If you want to use STARTTLS extension, you need stream_socket_enable_crypto() function from PHP 5.1.0 and newer.'); + } +} +/* digest-md5 */ +if ($smtp_auth_mech=='digest-md5' || $imap_auth_mech =='digest-md5') { + if (!extension_loaded('xml')) { + do_err('You need the PHP XML extension to use Digest-MD5 authentication!'); + } +} + +/* check outgoing mail */ echo "Checking outgoing mail service....
\n"; @@ -247,37 +305,87 @@ if($useSendmail) { echo $IND . "sendmail OK
\n"; } else { - $stream = fsockopen( ($use_smtp_tls?'tls://':'').$smtpServerAddress, $smtpPort, - $errorNumber, $errorString); + $stream = fsockopen( ($use_smtp_tls==1?'tls://':'').$smtpServerAddress, $smtpPort, + $errorNumber, $errorString); if(!$stream) { do_err("Error connecting to SMTP server \"$smtpServerAddress:$smtpPort\".". - "Server error: ($errorNumber) ".htmlspecialchars($errorString)); + "Server error: ($errorNumber) ".htmlspecialchars($errorString)); } // check for SMTP code; should be 2xx to allow us access $smtpline = fgets($stream, 1024); if(((int) $smtpline{0}) > 3) { do_err("Error connecting to SMTP server. Server error: ". - htmlspecialchars($smtpline)); + htmlspecialchars($smtpline)); + } + + /* smtp starttls checks */ + if ($use_smtp_tls==2) { + // if something breaks, script should close smtp connection on exit. + + // say helo + fwrite($stream,"EHLO $client_ip\r\n"); + + $ehlo=array(); + $ehlo_error = false; + while ($line=fgets($stream, 1024)){ + if (preg_match("/^250(-|\s)(\S*)\s+(\S.*)/",$line,$match)|| + preg_match("/^250(-|\s)(\S*)\s+/",$line,$match)) { + if (!isset($match[3])) { + // simple one word extension + $ehlo[strtoupper($match[2])]=''; + } else { + // ehlo-keyword + ehlo-param + $ehlo[strtoupper($match[2])]=trim($match[3]); + } + if ($match[1]==' ') { + $ret = $line; + break; + } + } else { + // + $ehlo_error = true; + $ehlo[]=$line; + break; + } + } + if ($ehlo_error) { + do_err('SMTP EHLO failed. You need ESMTP support for SMTP STARTTLS'); + } elseif (!array_key_exists('STARTTLS',$ehlo)) { + do_err('STARTTLS support is not declared by SMTP server.'); + } + + fwrite($stream,"STARTTLS\r\n"); + $starttls_response=fgets($stream, 1024); + if ($starttls_response[0]!=2) { + $starttls_cmd_err = 'SMTP STARTTLS failed. Server replied: ' + .htmlspecialchars($starttls_response); + do_err($starttls_cmd_err); + } elseif(! stream_socket_enable_crypto($stream,true,STREAM_CRYPTO_METHOD_TLS_CLIENT)) { + do_err('Failed to enable encryption on SMTP STARTTLS connection.'); + } else { + echo $IND . "SMTP STARTTLS extension looks OK.
\n"; + } + // According to RFC we should second ehlo call here. } fputs($stream, 'QUIT'); fclose($stream); echo $IND . 'SMTP server OK ('. - trim(htmlspecialchars($smtpline)).")
\n"; + trim(htmlspecialchars($smtpline)).")
\n"; /* POP before SMTP */ if($pop_before_smtp) { $stream = fsockopen($smtpServerAddress, 110, $err_no, $err_str); if (!$stream) { do_err("Error connecting to POP Server ($smtpServerAddress:110) " - . $err_no . ' : ' . htmlspecialchars($err_str)); + . $err_no . ' : ' . htmlspecialchars($err_str)); } $tmp = fgets($stream, 1024); if (substr($tmp, 0, 3) != '+OK') { do_err("Error connecting to POP Server ($smtpServerAddress:110)" - . ' '.htmlspecialchars($tmp)); + . ' '.htmlspecialchars($tmp)); } fputs($stream, 'QUIT'); fclose($stream); @@ -291,19 +399,19 @@ if($useSendmail) { echo "Checking IMAP service....
\n"; /** Can we open a connection? */ -$stream = fsockopen( ($use_imap_tls?'tls://':'').$imapServerAddress, $imapPort, - $errorNumber, $errorString); +$stream = fsockopen( ($use_imap_tls==1?'tls://':'').$imapServerAddress, $imapPort, + $errorNumber, $errorString); if(!$stream) { do_err("Error connecting to IMAP server \"$imapServerAddress:$imapPort\".". - "Server error: ($errorNumber) ". - htmlspecialchars($errorString)); + "Server error: ($errorNumber) ". + htmlspecialchars($errorString)); } /** Is the first response 'OK'? */ $imapline = fgets($stream, 1024); if(substr($imapline, 0,4) != '* OK') { - do_err('Error connecting to IMAP server. Server error: '. - htmlspecialchars($imapline)); + do_err('Error connecting to IMAP server. Server error: '. + htmlspecialchars($imapline)); } echo $IND . 'IMAP server ready ('. @@ -311,19 +419,54 @@ echo $IND . 'IMAP server ready ('. /** Check capabilities */ fputs($stream, "A001 CAPABILITY\r\n"); -$capline = fgets($stream, 1024); +$capline = ''; +while ($line=fgets($stream, 1024)){ + if (preg_match("/A001.*/",$line)) { + break; + } else { + $capline.=$line; + } +} + +/* don't display capabilities before STARTTLS */ +if ($use_imap_tls==2 && stristr($capline, 'STARTTLS') === false) { + do_err('Your server doesn\'t support STARTTLS.'); +} elseif($use_imap_tls==2) { + /* try starting starttls */ + fwrite($stream,"A002 STARTTLS\r\n"); + $starttls_line=fgets($stream, 1024); + if (! preg_match("/^A002 OK.*/i",$starttls_line)) { + $imap_starttls_err = 'IMAP STARTTLS failed. Server replied: ' + .htmlspecialchars($starttls_line); + do_err($imap_starttls_err); + } elseif (! stream_socket_enable_crypto($stream,true,STREAM_CRYPTO_METHOD_TLS_CLIENT)) { + do_err('Failed to enable encryption on IMAP connection.'); + } else { + echo $IND . "IMAP STARTTLS extension looks OK.
\n"; + } + + // get new capability line + fwrite($stream,"A003 CAPABILITY\r\n"); + $capline=''; + while ($line=fgets($stream, 1024)){ + if (preg_match("/A003.*/",$line)) { + break; + } else { + $capline.=$line; + } + } +} echo $IND . 'Capabilities: '.htmlspecialchars($capline)."
\n"; if($imap_auth_mech == 'login' && stristr($capline, 'LOGINDISABLED') !== FALSE) { do_err('Your server doesn\'t allow plaintext logins. '. - 'Try enabling another authentication mechanism like CRAM-MD5, DIGEST-MD5 or TLS-encryption '. - 'in the SquirrelMail configuration.', FALSE); + 'Try enabling another authentication mechanism like CRAM-MD5, DIGEST-MD5 or TLS-encryption '. + 'in the SquirrelMail configuration.', FALSE); } -/* don't test for STARTTLS in CAPABILITY */ /** OK, close connection */ -fputs($stream, "A002 LOGOUT\r\n"); +fputs($stream, "A004 LOGOUT\r\n"); fclose($stream); echo "Checking internationalization (i18n) settings...
\n"; @@ -365,9 +508,9 @@ if (function_exists('iconv')) { // same test as in include/validate.php echo "$IND timezone - "; if ( (!ini_get('safe_mode')) || - !strcmp(ini_get('safe_mode_allowed_env_vars'),'') || - preg_match('/^([\w_]+,)*TZ/', ini_get('safe_mode_allowed_env_vars')) ) { - echo "Webmail users can change their time zone settings.
\n"; + !strcmp(ini_get('safe_mode_allowed_env_vars'),'') || + preg_match('/^([\w_]+,)*TZ/', ini_get('safe_mode_allowed_env_vars')) ) { + echo "Webmail users can change their time zone settings.
\n"; } else { echo "Webmail users can't change their time zone settings.
\n"; } @@ -380,20 +523,20 @@ if($addrbook_dsn || $prefs_dsn || $addrbook_global_dsn) { if (class_exists('DB')) { echo "$IND PHP Pear DB support is present.
\n"; $db_functions=array( - 'dbase' => 'dbase_open', - 'fbsql' => 'fbsql_connect', - 'interbase' => 'ibase_connect', - 'informix' => 'ifx_connect', - 'msql' => 'msql_connect', - 'mssql' => 'mssql_connect', - 'mysql' => 'mysql_connect', - 'mysqli' => 'mysqli_connect', - 'oci8' => 'ocilogon', - 'odbc' => 'odbc_connect', - 'pgsql' => 'pg_connect', - 'sqlite' => 'sqlite_open', - 'sybase' => 'sybase_connect' - ); + 'dbase' => 'dbase_open', + 'fbsql' => 'fbsql_connect', + 'interbase' => 'ibase_connect', + 'informix' => 'ifx_connect', + 'msql' => 'msql_connect', + 'mssql' => 'mssql_connect', + 'mysql' => 'mysql_connect', + 'mysqli' => 'mysqli_connect', + 'oci8' => 'ocilogon', + 'odbc' => 'odbc_connect', + 'pgsql' => 'pg_connect', + 'sqlite' => 'sqlite_open', + 'sybase' => 'sybase_connect' + ); $dsns = array(); if($prefs_dsn) { @@ -417,7 +560,7 @@ if($addrbook_dsn || $prefs_dsn || $addrbook_global_dsn) { $dbh = DB::connect($dsn, true); if (DB::isError($dbh)) { do_err('Database error: '. htmlspecialchars(DB::errorMessage($dbh)) . - ' in ' .$type .' DSN.'); + ' in ' .$type .' DSN.'); } $dbh->disconnect(); echo "$IND$type database connect successful.
\n"; @@ -450,10 +593,10 @@ if( empty($ldap_server) ) { $linkid = @ldap_connect($param['host'], (empty($param['port']) ? 389 : $param['port']) ); if ( $linkid ) { - echo "$IND LDAP connect to ".$param['host']." successful: ".$linkid."
\n"; + echo "$IND LDAP connect to ".$param['host']." successful: ".$linkid."
\n"; if ( !empty($param['protocol']) && - !ldap_set_option($linkid, LDAP_OPT_PROTOCOL_VERSION, $param['protocol']) ) { + !ldap_set_option($linkid, LDAP_OPT_PROTOCOL_VERSION, $param['protocol']) ) { do_err('Unable to set LDAP protocol'); } @@ -477,11 +620,21 @@ if( empty($ldap_server) ) { } } -?> - +echo '
'; +echo '

Summary

'; +$footer = '
'; +if ($warnings) { + echo '

No fatal errors were found, but there was at least 1 warning. Please check the flagged issue(s) carefully, as correcting them may prevent erratic, undefined, or incorrect behavior (or flat out breakage).

'; + echo $footer; +} else { + print <<< EOF

Congratulations, your SquirrelMail setup looks fine to me!

Login now

- \ No newline at end of file + +EOF; + echo $footer; +} +?> \ No newline at end of file