115 lines
3.5 KiB
PHP
115 lines
3.5 KiB
PHP
<?php
|
|
|
|
/**
|
|
* Allow specific user to impersonate as any other user
|
|
* to services based on Roundcube Framework.
|
|
*
|
|
* @author Aleksander Machniak <machniak@kolabsys.com>
|
|
*
|
|
* Copyright (C) 2019, Kolab Systems AG <contact@kolabsys.com>
|
|
*
|
|
* This program is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Affero General Public License as
|
|
* published by the Free Software Foundation, either version 3 of the
|
|
* License, or (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Affero General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Affero General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
class kolab_auth_proxy extends rcube_plugin
|
|
{
|
|
private $rc;
|
|
|
|
/**
|
|
* Plugin initialization
|
|
*/
|
|
public function init()
|
|
{
|
|
// Only iRony for now
|
|
if (defined('KOLAB_DAV_VERSION')) {
|
|
$this->add_hook('authenticate', [$this, 'authenticate']);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Authenticate hook handler
|
|
*/
|
|
public function authenticate($args)
|
|
{
|
|
$this->load_config();
|
|
$this->rc = rcube::get_instance();
|
|
|
|
$proxy_user = $this->rc->config->get('kolab_auth_proxy_user');
|
|
$proxy_pass = $this->rc->config->get('kolab_auth_proxy_pass');
|
|
|
|
// Login is in a form of: <proxy_user>**<username>
|
|
|
|
if ($proxy_user && $args['pass'] === $proxy_pass
|
|
&& strpos($args['user'], $proxy_user . '**') === 0
|
|
&& ($target = substr($args['user'], strlen($proxy_user . '**')))
|
|
) {
|
|
$args['user'] = $target;
|
|
$args['pass'] = '-dummy-'; // cannot be empty
|
|
|
|
// Disable iRony's auth cache, otherwise 'authenticate' hook will not
|
|
// be executed on each request
|
|
$args['no-cache'] = true;
|
|
|
|
$this->add_hook('storage_connect', [$this, 'storage_connect']);
|
|
// $this->add_hook('managesieve_connect', array($this, 'storage_connect'));
|
|
$this->add_hook('smtp_connect', [$this, 'smtp_connect']);
|
|
$this->add_hook('ldap_connected', [$this, 'ldap_connected']);
|
|
}
|
|
|
|
return $args;
|
|
}
|
|
|
|
/**
|
|
* Storage_connect/managesieve_connect hook handler
|
|
*/
|
|
public function storage_connect($args)
|
|
{
|
|
$imap_user = $this->rc->config->get('kolab_auth_proxy_imap_user');
|
|
$imap_pass = $this->rc->config->get('kolab_auth_proxy_imap_pass');
|
|
|
|
$args['auth_cid'] = $imap_user;
|
|
$args['auth_pw'] = $imap_pass;
|
|
$args['auth_type'] = 'PLAIN';
|
|
|
|
return $args;
|
|
}
|
|
|
|
/**
|
|
* Smtp_connect hook handler
|
|
*/
|
|
public function smtp_connect($args)
|
|
{
|
|
foreach (['smtp_server', 'smtp_user', 'smtp_pass'] as $prop) {
|
|
$args[$prop] = $this->rc->config->get("kolab_auth_proxy_$prop", $args[$prop]);
|
|
}
|
|
|
|
return $args;
|
|
}
|
|
|
|
/**
|
|
* ldap_connected hook handler
|
|
*/
|
|
public function ldap_connected($args)
|
|
{
|
|
$ldap_user = $this->rc->config->get('kolab_auth_proxy_ldap_user');
|
|
$ldap_pass = $this->rc->config->get('kolab_auth_proxy_ldap_pass');
|
|
|
|
if ($ldap_user && $ldap_pass && $args['user_specific']) {
|
|
$args['bind_dn'] = $ldap_user;
|
|
$args['bind_pass'] = $ldap_pass;
|
|
$args['search_filter'] = null;
|
|
}
|
|
|
|
return $args;
|
|
}
|
|
}
|