Micke/roundcubemail-plugins-kolab
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Implemented "Login As" feature with Horde classes support

Browse source 
Store admin credentails in session (encrypted) to make things simpler
This commit is contained in:
Aleksander Machniak 2011-10-26 09:36:18 +02:00
parent de4fef9f62
commit 6a423a38e5
2 changed files with 22 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
plugins/kolab_auth/kolab_auth.php
View file

@ -166,6 +166,7 @@ class kolab_auth extends rcube_plugin
$rcmail = rcmail::get_instance();
$admin_login = $rcmail->config->get('kolab_auth_admin_login');
$admin_pass = $rcmail->config->get('kolab_auth_admin_password');
$login_attr = $rcmail->config->get('kolab_auth_login');
$alias_attr = $rcmail->config->get('kolab_auth_alias');
$name_attr = $rcmail->config->get('kolab_auth_name');
@ -245,8 +246,11 @@ class kolab_auth extends rcube_plugin
}
$args['user'] = $loginas;
// Mark session to use SASL proxy for IMAP authentication
$_SESSION['kolab_auth_admin'] = true;
$_SESSION['kolab_auth_admin'] = strtolower($origname);
$_SESSION['kolab_auth_login'] = $rcmail->encrypt($admin_login);
$_SESSION['kolab_auth_password'] = $rcmail->encrypt($admin_pass);
}
// Set credentials
@ -266,12 +270,6 @@ class kolab_auth extends rcube_plugin
if (!empty($origname)) {
write_log('userlogins', sprintf('Admin login for %s by %s from %s',
$args['user'], $origname, rcmail_remote_ip()));
// If available, additionally mark the session to come from the
// original user. Useful for logging sessions of user A pretending
// to be user B.
$_SESSION['kolab_auth_admin'] = strtolower($origname);
}
return $args;
@ -283,11 +281,9 @@ class kolab_auth extends rcube_plugin
public function imap_connect($args)
{
if (!empty($_SESSION['kolab_auth_admin'])) {
$this->load_config();
$rcmail = rcmail::get_instance();
$admin_login = $rcmail->config->get('kolab_auth_admin_login');
$admin_pass = $rcmail->config->get('kolab_auth_admin_password');
$admin_login = $rcmail->decrypt($_SESSION['kolab_auth_login']);
$admin_pass = $rcmail->decrypt($_SESSION['kolab_auth_password']);
$args['auth_cid'] = $admin_login;
$args['auth_pw'] = $admin_pass;
@ -302,11 +298,9 @@ class kolab_auth extends rcube_plugin
public function smtp_connect($args)
{
if (!empty($_SESSION['kolab_auth_admin'])) {
$this->load_config();
$rcmail = rcmail::get_instance();
$admin_login = $rcmail->config->get('kolab_auth_admin_login');
$admin_pass = $rcmail->config->get('kolab_auth_admin_password');
$admin_login = $rcmail->decrypt($_SESSION['kolab_auth_login']);
$admin_pass = $rcmail->decrypt($_SESSION['kolab_auth_password']);
$args['options']['smtp_auth_cid'] = $admin_login;
$args['options']['smtp_auth_pw'] = $admin_pass;

14
plugins/kolab_core/rcube_kolab.php
View file

@ -86,10 +86,22 @@ class rcube_kolab
// pass the current IMAP authentication credentials to the Horde auth system
self::$horde_auth = Auth::singleton('kolab');
$username = $_SESSION['username'];
$credentials = array('password' => $pwd);
// Hack proxy auth for "Login As" feature of kolab_auth plugin
if (!empty($_SESSION['kolab_auth_admin'])) {
$username = $_SESSION['kolab_auth_admin'];
$conf['kolab']['imap']['user'] = $_SESSION['username'];
$conf['kolab']['imap']['authuser'] = $rcmail->decrypt($_SESSION['kolab_auth_login']);
$conf['kolab']['imap']['password'] = $rcmail->decrypt($_SESSION['kolab_auth_password']);
$conf['kolab']['user_mail'] = $_SESSION['username'];
}
if (self::$horde_auth->isAuthenticated()) {
self::$ready = true;
}
else if (self::$horde_auth->authenticate($_SESSION['username'], array('password' => $pwd), false)) {
else if (self::$horde_auth->authenticate($username, $credentials, false)) {
// we could use Auth::setAuth() here, but it requires the whole bunch
// of includes and global objects, do it as simple as possible
$_SESSION['__auth'] = array(