Micke/roundcubemail-plugins-kolab
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Adapt write_log hook to new per-user logging capabilities of Roundcube core (#2750):

Browse source 
- Return the 'dir' property in write_log hook instead of writing the log directly
- Provide a user log directory during authentication with the username submitted or retrieved from LDAP respectively
- Requires Roundcube core rev 3786a4
This commit is contained in:
Thomas Bruederli 2014-01-16 10:04:03 +01:00
parent b0e06ccdb7
commit 8996e8fa60
1 changed files with 25 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
plugins/kolab_auth/kolab_auth.php
View file

@ -31,6 +31,7 @@
class kolab_auth extends rcube_plugin class kolab_auth extends rcube_plugin
{ {
static $ldap; static $ldap;
private $username;
private $data = array(); private $data = array();
public function init() public function init()
@ -56,11 +57,13 @@ class kolab_auth extends rcube_plugin
// Hook to modify some configuration, e.g. ldap // Hook to modify some configuration, e.g. ldap
$this->add_hook('config_get', array($this, 'config_get')); $this->add_hook('config_get', array($this, 'config_get'));
// Hook to modify logging directory
$this->add_hook('write_log', array($this, 'write_log'));
$this->username = $_SESSION['username'];
// Enable debug logs per-user, this enables logging only after // Enable debug logs per-user, this enables logging only after
// user has logged in // user has logged in
if (!empty($_SESSION['username']) && $rcmail->config->get('kolab_auth_auditlog')) { if (!empty($_SESSION['username']) && $rcmail->config->get('kolab_auth_auditlog')) {
$this->add_hook('write_log', array($this, 'write_log'));
$rcmail->config->set('debug_level', 1); $rcmail->config->set('debug_level', 1);
$rcmail->config->set('devel_mode', true); $rcmail->config->set('devel_mode', true);
$rcmail->config->set('smtp_log', true); $rcmail->config->set('smtp_log', true);
@ -241,37 +244,29 @@ class kolab_auth extends rcube_plugin
return $args; return $args;
} }
$line = sprintf("[%s]: %s\n", $args['date'], $args['line']);
// log_driver == 'file' is assumed here // log_driver == 'file' is assumed here
$log_dir = $rcmail->config->get('log_dir', RCUBE_INSTALL_PATH . 'logs'); $log_dir = $rcmail->config->get('log_dir', RCUBE_INSTALL_PATH . 'logs');
$log_path = $log_dir.'/'.strtolower($_SESSION['kolab_auth_admin']).'/'.strtolower($_SESSION['username']);
// Append original username + target username // Append original username + target username for audit-logging
if (!is_dir($log_path)) { if ($rcmail->config->get('kolab_auth_auditlog') && !empty($_SESSION['kolab_auth_admin'])) {
$args['dir'] = $log_dir . '/' . strtolower($_SESSION['kolab_auth_admin']) . '/' . strtolower($this->username);
// Attempt to create the directory // Attempt to create the directory
if (@mkdir($log_path, 0750, true)) { if (!is_dir($args['dir'])) {
$log_dir = $log_path; @mkdir($args['dir'], 0750, true);
} }
} }
else { // Define the user log directory if a username is provided
$log_dir = $log_path; else if ($rcmail->config->get('per_user_logging') && !empty($this->username)) {
$user_log_dir = $log_dir . '/' . strtolower($this->username);
if (is_writable($user_log_dir)) {
$args['dir'] = $user_log_dir;
} }
else if ($args['name'] != 'errors') {
// try to open specific log file for writing $args['abort'] = true; // don't log if unauthenticed
$logfile = $log_dir.'/'.$args['name'];
if ($fp = fopen($logfile, 'a')) {
fwrite($fp, $line);
fflush($fp);
fclose($fp);
} }
else {
trigger_error("Error writing to log file $logfile; Please check permissions", E_USER_WARNING);
} }
$args['abort'] = true;
return $args; return $args;
} }
@ -353,6 +348,9 @@ class kolab_auth extends rcube_plugin
return $args; return $args;
} }
// temporarily set the current username to the one submitted
$this->username = $user;
$ldap = self::ldap(); $ldap = self::ldap();
if (!$ldap || !$ldap->ready) { if (!$ldap || !$ldap->ready) {
$args['abort'] = true; $args['abort'] = true;
@ -483,7 +481,7 @@ class kolab_auth extends rcube_plugin
return $args; return $args;
} }
$args['user'] = $loginas; $args['user'] = $this->username = $loginas;
// Mark session to use SASL proxy for IMAP authentication // Mark session to use SASL proxy for IMAP authentication
$_SESSION['kolab_auth_admin'] = strtolower($origname); $_SESSION['kolab_auth_admin'] = strtolower($origname);
@ -506,7 +504,7 @@ class kolab_auth extends rcube_plugin
$this->data['user_login'] = is_array($record[$login_attr]) ? $record[$login_attr][0] : $record[$login_attr]; $this->data['user_login'] = is_array($record[$login_attr]) ? $record[$login_attr][0] : $record[$login_attr];
} }
if ($this->data['user_login']) { if ($this->data['user_login']) {
$args['user'] = $this->data['user_login']; $args['user'] = $this->username = $this->data['user_login'];
} }
// User name for identity (first log in) // User name for identity (first log in)