beenull/nocc_webmail
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Resolves problems with Horde Imap Client and PLAIN SASL AUTH if login name is something like ad\user

Browse source
This commit is contained in:
oheil 2023-03-07 15:57:31 +01:00
parent f8aa216137
commit 4a009ebaaa
2 changed files with 57 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

65
webmail/classes/class_local.php
View file

@ -16,7 +16,7 @@
* *
* @package NOCC * @package NOCC
* @license http://www.gnu.org/licenses/ GNU General Public License * @license http://www.gnu.org/licenses/ GNU General Public License
* @version SVN: $Id: class_local.php 3050 2023-02-23 13:18:20Z oheil $ * @version SVN: $Id: class_local.php 3068 2023-03-07 14:57:08Z oheil $
*/ */
@ -134,11 +134,30 @@ class nocc_imap
$secure="true"; $secure="true";
} }
} }
$tmp_username=$this->login;
if( preg_match("/^ssl/",$secure) ) {
//With SSL we most probably run into PLAIN SASL AUTH
// strip domain part from login user name
// For PLAIN SASL auth we want as a login string:
// authzid\0authcid\0passwd
// If authcid is something like "ad\user" the "ad\" must be stripped from authzid
// For Details about PLAIN SASL see https://www.rfc-editor.org/rfc/rfc4616.html
if(
isset($conf->domains[$_SESSION['nocc_domainnum']]->from_part) &&
strlen($conf->domains[$_SESSION['nocc_domainnum']]->from_part) > 0
) {
$reg=$conf->domains[$_SESSION['nocc_domainnum']]->from_part;
$reg=preg_replace("/\\\/",'\\\\\\',$reg);
$tmp_username=preg_replace("/^".$reg."$/","$1",$tmp_username);
}
}
if( $pop3 ) { if( $pop3 ) {
try { try {
$conn = new Horde_Imap_Client_Socket_Pop3(array( $conn = new Horde_Imap_Client_Socket_Pop3(array(
'username' => $this->login, 'username' => $tmp_username,
'authusername' => $this->login,
'password' => $this->passwd, 'password' => $this->passwd,
'hostspec' => $host, 'hostspec' => $host,
'port' => $port, 'port' => $port,
@ -150,13 +169,14 @@ class nocc_imap
$_SESSION['is_imap'] = $this->_isImap; $_SESSION['is_imap'] = $this->_isImap;
} }
} catch(Horde_Imap_Client_Exception $e) { } catch(Horde_Imap_Client_Exception $e) {
throw new Exception($lang_could_not_connect."(1)".":".$e->$raw_msg); throw new Exception($lang_could_not_connect."(1)".":".$e->raw_msg);
} }
} }
else if( $imap ) { else if( $imap ) {
try { try {
$conn = new Horde_Imap_Client_Socket(array( $conn = new Horde_Imap_Client_Socket(array(
'username' => $this->login, 'username' => $tmp_username,
'authusername' => $this->login,
'password' => $this->passwd, 'password' => $this->passwd,
'hostspec' => $host, 'hostspec' => $host,
'port' => $port, 'port' => $port,
@ -168,14 +188,15 @@ class nocc_imap
$_SESSION['is_imap'] = $this->_isImap; $_SESSION['is_imap'] = $this->_isImap;
} }
} catch(Horde_Imap_Client_Exception $e) { } catch(Horde_Imap_Client_Exception $e) {
throw new Exception($lang_could_not_connect."(2)".":".$e->$raw_msg); throw new Exception($lang_could_not_connect."(2)".":".$e->raw_msg);
} }
} }
else { else {
$success=false; $success=false;
try { try {
$conn = new Horde_Imap_Client_Socket(array( $conn = new Horde_Imap_Client_Socket(array(
'username' => $this->login, 'username' => $tmp_username,
'authusername' => $this->login,
'password' => $this->passwd, 'password' => $this->passwd,
'hostspec' => $host, 'hostspec' => $host,
'port' => $port, 'port' => $port,
@ -188,7 +209,7 @@ class nocc_imap
$_SESSION['is_imap'] = $this->_isImap; $_SESSION['is_imap'] = $this->_isImap;
} }
} catch(Horde_Imap_Client_Exception $e) { } catch(Horde_Imap_Client_Exception $e) {
$log_string='NOCC: open imap connection to '.$host.' failed, trying pop3'; $log_string='NOCC: open imap connection to '.$host.' failed with: "'.$e->raw_msg.'", trying pop3';
error_log($log_string); error_log($log_string);
if( isset($conf->syslog) && $conf->syslog ) { if( isset($conf->syslog) && $conf->syslog ) {
syslog(LOG_INFO,$log_string); syslog(LOG_INFO,$log_string);
@ -197,7 +218,8 @@ class nocc_imap
if( ! $success ) { if( ! $success ) {
try { try {
$conn = new Horde_Imap_Client_Socket_Pop3(array( $conn = new Horde_Imap_Client_Socket_Pop3(array(
'username' => $this->login, 'username' => $tmp_username,
'authusername' => $this->login,
'password' => $this->passwd, 'password' => $this->passwd,
'hostspec' => $host, 'hostspec' => $host,
'port' => $port, 'port' => $port,
@ -210,6 +232,8 @@ class nocc_imap
$_SESSION['is_imap'] = $this->_isImap; $_SESSION['is_imap'] = $this->_isImap;
} }
} catch(Horde_Imap_Client_Exception $e) { } catch(Horde_Imap_Client_Exception $e) {
$log_string='NOCC: open pop3 connection to '.$host.' failed with: "'.$e->raw_msg.'", giving up';
error_log($log_string);
$error=""; $error="";
if( strlen($this->login)==0 ) { if( strlen($this->login)==0 ) {
$error=$error.$err_user_empty.".\n"; $error=$error.$err_user_empty.".\n";
@ -1320,9 +1344,29 @@ class nocc_imap
$secure="true"; $secure="true";
} }
} }
$tmp_username=$TMP_SESSION['nocc_login'];
if( preg_match("/^ssl/",$secure) ) {
//With SSL we most probably run into PLAIN SASL AUTH
// strip domain part from login user name
// For PLAIN SASL auth we want as a login string:
// authzid\0authcid\0passwd
// If authcid is something like "ad\user" the "ad\" must be stripped from authzid
// For Details about PLAIN SASL see https://www.rfc-editor.org/rfc/rfc4616.html
if(
isset($conf->domains[$TMP_SESSION['nocc_domainnum']]->from_part) &&
strlen($conf->domains[$TMP_SESSION['nocc_domainnum']]->from_part) > 0
) {
$reg=$conf->domains[$TMP_SESSION['nocc_domainnum']]->from_part;
$reg=preg_replace("/\\\/",'\\\\\\',$reg);
$tmp_username=preg_replace("/^".$reg."$/","$1",$tmp_username);
}
}
if( $pop3 ) { if( $pop3 ) {
$conn = new Horde_Imap_Client_Socket_Pop3(array( $conn = new Horde_Imap_Client_Socket_Pop3(array(
'username' => $TMP_SESSION['nocc_login'], 'username' => $tmp_username,
'authusername' => $TMP_SESSION['nocc_login'],
'password' => decpass($TMP_SESSION['nocc_passwd'], $conf->master_key), 'password' => decpass($TMP_SESSION['nocc_passwd'], $conf->master_key),
'hostspec' => $host, 'hostspec' => $host,
'port' => $port, 'port' => $port,
@ -1334,7 +1378,8 @@ class nocc_imap
} }
else { else {
$conn = new Horde_Imap_Client_Socket(array( $conn = new Horde_Imap_Client_Socket(array(
'username' => $TMP_SESSION['nocc_login'], 'username' => $tmp_username,
'authusername' => $TMP_SESSION['nocc_login'],
'password' => decpass($TMP_SESSION['nocc_passwd'], $conf->master_key), 'password' => decpass($TMP_SESSION['nocc_passwd'], $conf->master_key),
'hostspec' => $host, 'hostspec' => $host,
'port' => $port, 'port' => $port,

3
webmail/config/conf.php.dist
View file

@ -14,7 +14,7 @@
* @package NOCC * @package NOCC
* @subpackage Configuration * @subpackage Configuration
* @license http://www.gnu.org/licenses/ GNU General Public License * @license http://www.gnu.org/licenses/ GNU General Public License
* @version SVN: $Id: conf.php.dist 3060 2023-03-05 19:06:00Z oheil $ * @version SVN: $Id: conf.php.dist 3068 2023-03-07 14:57:08Z oheil $
*/ */
// ################### This is the main configuration for NOCC ########## // // ################### This is the main configuration for NOCC ########## //
@ -199,6 +199,7 @@ $conf->loaded = true;
// your user login with 'ad\user' and his password, but the From:-address is user@domain.com // your user login with 'ad\user' and his password, but the From:-address is user@domain.com
// without the ad\, than above setting is used to extract the part in the parantheses to form // without the ad\, than above setting is used to extract the part in the parantheses to form
// the From:-address. // the From:-address.
// Setting this option helps with IMAP PLAIN SASL AUTH too.
// //
// $conf->domains[$i]->allow_rss = false; // $conf->domains[$i]->allow_rss = false;
// This optional setting allows RSS feed for this domain if set to true // This optional setting allows RSS feed for this domain if set to true