From 2efad4865753825c2ef1001ba6a9848989e13a58 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <machniak@kolabsys.com>
Date: Mon, 19 Nov 2018 14:31:46 +0000
Subject: [PATCH] SSO + SMTP

---
 plugins/kolab_sso/README              |  6 ++++--
 plugins/kolab_sso/config.inc.php.dist | 14 ++++++++++++--
 plugins/kolab_sso/kolab_sso.php       |  9 ++-------
 3 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/plugins/kolab_sso/README b/plugins/kolab_sso/README
index f12b0eca..88ec94dc 100644
--- a/plugins/kolab_sso/README
+++ b/plugins/kolab_sso/README
@@ -6,7 +6,9 @@ services. Currently the only supported method of authentication is OpenID Connec
 
 Because Kolab backends do not support token authentication it is required
 to use master user (sasl proxy) authentication, i.e. you have to put
-master user credentials in plugin's config.
+master user credentials in plugin's config. For the same reason and also because
+the same master user does not work in Postfix, you have to specify SMTP connection
+parameters/user+password.
 
 Plugin requires libkolab plugin and HTTP/Request2 library.
 Plugin contains BSD-licensed https://github.com/firebase/php-jwt (v5.0.0) library.
@@ -22,7 +24,7 @@ INSTALLATION
 Enable plugin in Roundcube's main configuration file. Make sure it is first
 on the list of plugins, especially before any authentication plugin, e.g. kolab_auth.
 
-Default return URL for Auth Provider is https://host.roundcube?_task=login&_action=sso,
+Default return-URL for Auth Provider is https://host.roundcube?_task=login&_action=sso,
 but not all providers support query params. To workaround this limitation you have to
 define an alias URI or redirect. For example:
 
diff --git a/plugins/kolab_sso/config.inc.php.dist b/plugins/kolab_sso/config.inc.php.dist
index 2e705aab..750919ec 100644
--- a/plugins/kolab_sso/config.inc.php.dist
+++ b/plugins/kolab_sso/config.inc.php.dist
@@ -3,12 +3,22 @@
 // Enable debugging
 $config['kolab_sso_debug'] = true;
 
-// Proxy user
+// IMAP (master) user
 $config['kolab_sso_username'] = 'cyrus-admin';
 
-// Proxy user password
+// IMAP (master) password
 $config['kolab_sso_password'] = 'password';
 
+// SMTP server host
+// To override the SMTP port or connection method, provide a full URL like 'tls://somehost:587'
+$config['kolab_sso_smtp_server'] = null;
+
+// SMTP username
+$config['kolab_sso_smtp_user'] = '';
+
+// SMTP password
+$config['kolab_sso_smtp_pass'] = '';
+
 // Require SSO logon by removing possibility to logon with user/password
 $config['kolab_sso_disable_login'] = false;
 
diff --git a/plugins/kolab_sso/kolab_sso.php b/plugins/kolab_sso/kolab_sso.php
index 433e4e7f..f07d7ddc 100644
--- a/plugins/kolab_sso/kolab_sso.php
+++ b/plugins/kolab_sso/kolab_sso.php
@@ -186,13 +186,8 @@ class kolab_sso extends rcube_plugin
      */
     public function smtp_connect($args)
     {
-        $user = $this->rc->config->get('kolab_sso_username');
-        $pass = $this->rc->config->get('kolab_sso_password');
-
-        if ($user && $pass) {
-            $args['smtp_auth_cid']  = $user;
-            $args['smtp_auth_pw']   = $pass;
-            $args['smtp_auth_type'] = 'PLAIN';
+        foreach (array('smtp_server', 'smtp_user', 'smtp_pass') as $prop) {
+            $args[$prop] = $this->rc->config->get("kolab_sso_$prop", $args[$prop]);
         }
 
         return $args;