From 6a423a38e59acbde34e12db2c7edf668e74a2338 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <machniak@test90-7.test90.kolabsys.com>
Date: Wed, 26 Oct 2011 09:36:18 +0200
Subject: [PATCH] Implemented "Login As" feature with Horde classes support
 Store admin credentails in session (encrypted) to make things simpler

---
 plugins/kolab_auth/kolab_auth.php  | 24 +++++++++---------------
 plugins/kolab_core/rcube_kolab.php | 14 +++++++++++++-
 2 files changed, 22 insertions(+), 16 deletions(-)

diff --git a/plugins/kolab_auth/kolab_auth.php b/plugins/kolab_auth/kolab_auth.php
index 30fab834..d7e07bd3 100644
--- a/plugins/kolab_auth/kolab_auth.php
+++ b/plugins/kolab_auth/kolab_auth.php
@@ -166,6 +166,7 @@ class kolab_auth extends rcube_plugin
 
         $rcmail      = rcmail::get_instance();
         $admin_login = $rcmail->config->get('kolab_auth_admin_login');
+        $admin_pass  = $rcmail->config->get('kolab_auth_admin_password');
         $login_attr  = $rcmail->config->get('kolab_auth_login');
         $alias_attr  = $rcmail->config->get('kolab_auth_alias');
         $name_attr   = $rcmail->config->get('kolab_auth_name');
@@ -245,8 +246,11 @@ class kolab_auth extends rcube_plugin
             }
 
             $args['user'] = $loginas;
+
             // Mark session to use SASL proxy for IMAP authentication
-            $_SESSION['kolab_auth_admin'] = true;
+            $_SESSION['kolab_auth_admin']    = strtolower($origname);
+            $_SESSION['kolab_auth_login']    = $rcmail->encrypt($admin_login);
+            $_SESSION['kolab_auth_password'] = $rcmail->encrypt($admin_pass);
         }
 
         // Set credentials
@@ -266,12 +270,6 @@ class kolab_auth extends rcube_plugin
         if (!empty($origname)) {
             write_log('userlogins', sprintf('Admin login for %s by %s from %s',
                 $args['user'], $origname, rcmail_remote_ip()));
-
-            // If available, additionally mark the session to come from the
-            // original user. Useful for logging sessions of user A pretending
-            // to be user B.
-            $_SESSION['kolab_auth_admin'] = strtolower($origname);
-
         }
 
         return $args;
@@ -283,11 +281,9 @@ class kolab_auth extends rcube_plugin
     public function imap_connect($args)
     {
         if (!empty($_SESSION['kolab_auth_admin'])) {
-            $this->load_config();
-
             $rcmail      = rcmail::get_instance();
-            $admin_login = $rcmail->config->get('kolab_auth_admin_login');
-            $admin_pass  = $rcmail->config->get('kolab_auth_admin_password');
+            $admin_login = $rcmail->decrypt($_SESSION['kolab_auth_login']);
+            $admin_pass  = $rcmail->decrypt($_SESSION['kolab_auth_password']);
 
             $args['auth_cid'] = $admin_login;
             $args['auth_pw']  = $admin_pass;
@@ -302,11 +298,9 @@ class kolab_auth extends rcube_plugin
     public function smtp_connect($args)
     {
         if (!empty($_SESSION['kolab_auth_admin'])) {
-            $this->load_config();
-
             $rcmail      = rcmail::get_instance();
-            $admin_login = $rcmail->config->get('kolab_auth_admin_login');
-            $admin_pass  = $rcmail->config->get('kolab_auth_admin_password');
+            $admin_login = $rcmail->decrypt($_SESSION['kolab_auth_login']);
+            $admin_pass  = $rcmail->decrypt($_SESSION['kolab_auth_password']);
 
             $args['options']['smtp_auth_cid'] = $admin_login;
             $args['options']['smtp_auth_pw']  = $admin_pass;
diff --git a/plugins/kolab_core/rcube_kolab.php b/plugins/kolab_core/rcube_kolab.php
index c773a93d..72655b48 100644
--- a/plugins/kolab_core/rcube_kolab.php
+++ b/plugins/kolab_core/rcube_kolab.php
@@ -86,10 +86,22 @@ class rcube_kolab
         // pass the current IMAP authentication credentials to the Horde auth system
         self::$horde_auth = Auth::singleton('kolab');
 
+        $username    = $_SESSION['username'];
+        $credentials = array('password' => $pwd);
+
+        // Hack proxy auth for "Login As" feature of kolab_auth plugin
+        if (!empty($_SESSION['kolab_auth_admin'])) {
+            $username = $_SESSION['kolab_auth_admin'];
+            $conf['kolab']['imap']['user'] = $_SESSION['username'];
+            $conf['kolab']['imap']['authuser'] = $rcmail->decrypt($_SESSION['kolab_auth_login']);
+            $conf['kolab']['imap']['password'] = $rcmail->decrypt($_SESSION['kolab_auth_password']);
+            $conf['kolab']['user_mail'] = $_SESSION['username'];
+        }
+
         if (self::$horde_auth->isAuthenticated()) {
             self::$ready = true;
         }
-        else if (self::$horde_auth->authenticate($_SESSION['username'], array('password' => $pwd), false)) {
+        else if (self::$horde_auth->authenticate($username, $credentials, false)) {
             // we could use Auth::setAuth() here, but it requires the whole bunch
             // of includes and global objects, do it as simple as possible
             $_SESSION['__auth'] = array(