2010-11-14 14:12:07 +00:00
< ? php
/*
$Id $
This code is part of LDAP Account Manager ( http :// www . ldap - account - manager . org / )
Copyright ( C ) 2010 Pavel Pozdniak
2010 Roland Gruber
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 2 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program ; if not , write to the Free Software
Foundation , Inc . , 59 Temple Place , Suite 330 , Boston , MA 02111 - 1307 USA
*/
/**
* Manages mailboxes on an IMAP server .
*
* @ package modules
* @ author Pavel Pozdniak
* @ author Roland Gruber
*/
/**
* Manages mailboxes on an IMAP server .
*
* @ package modules
* @ author Pavel Pozdniak
*/
class imapAccess extends baseModule {
/**
* Returns meta data that is interpreted by parent class
*
* @ return array array with meta data
*
* @ see baseModule :: get_metaData ()
*/
function get_metaData () {
$return = array ();
// manages user accounts
$return [ " account_types " ] = array ( " user " );
// alias name
$return [ " alias " ] = _ ( " Mailbox " );
// module dependencies
$return [ 'dependencies' ] = array ( 'depends' => array ( 'inetOrgPerson' ), 'conflicts' => array ());
// managed object classes
$return [ 'objectClasses' ] = array ();
// managed attributes
$return [ 'attributes' ] = array ();
// PHP extensions
$return [ 'extensions' ] = array ( 'imap' );
// icon
$return [ 'icon' ] = 'mailBig.png' ;
// help
$return [ 'help' ] = array (
'ImapServerAddress' => array (
" Headline " => _ ( " Server address " ),
" Text " => _ ( " Address of IMAP server (e.g. mail.example.org). " )),
'ImapServerEncryptionProtocol' => array (
" Headline " => _ ( " Encryption protocol " ),
" Text " => _ ( " Encryption protocol for connecting to IMAP server. LAM requires an encrypted connection. " )),
'ImapValidateServerCert' => array (
" Headline " => _ ( " Validate server certificate " ),
" Text " => _ ( " This option allows you to disable the certificate check of your IMAP server certificate. Disabling the certificate check is not recommended. " )),
'ImapAdmin' => array (
" Headline " => _ ( " IMAP admin user " ),
" Text " => _ ( " The login name of your IMAP user who has rights to create/delete mailboxes. " )),
'ImapAdminPasswordSelect' => array (
" Headline " => _ ( " IMAP password input " ),
" Text " => _ ( " Choose the way how to provide the IMAP admin password. You can use the same password as for the LAM login or LAM will ask you for a password when it is required. " )),
'ImapAdminPassword_Sess' => array (
" Headline " => _ ( " Password of IMAP admin user " ),
" Text " => _ ( " The password of your IMAP admin user. The login name for the IMAP admin user is stored in the LAM server profile. " )),
'ImapUserPrefix' => array (
" Headline " => _ ( " Prefix for mailboxes " ),
" Text " => _ ( " Some IMAP servers store mailboxes with a prefix (e.g. \" user \" for Cyrus which results in \" user.username \" ). " )),
'ImapMailDomain' => array (
" Headline " => _ ( " Mail domain(s) " ),
" Text " => _ ( " Please enter a comma separated list of domain names (e.g. \" company.com,example.com \" ). LAM will only manage mailboxes from these domains. " )),
'MailAddress' => array (
" Headline " => _ ( " Mailbox " ),
" Text " => _ ( " This mailbox will be created/deleted. " ))
);
// configuration settings
$configContainer = new htmlTable ();
$configServer = new htmlTableExtendedInputField ( _ ( 'Server address' ), 'ImapAccess_ImapServerAddress' , '' , 'ImapServerAddress' );
$configServer -> setRequired ( true );
$configContainer -> addElement ( $configServer , true );
$configContainer -> addElement ( new htmlTableExtendedSelect ( 'ImapAccess_ImapServerEncriptionProtocol' , array ( 'TLS' , 'SSL' ), array ( 'TLS' ), _ ( " Encryption protocol " ), 'ImapServerEncryptionProtocol' ), true );
$configCertValidate = new htmlTableExtendedSelect ( 'ImapAccess_ImapValidateServerCert' , array ( _ ( 'Yes' ) => 'validate-cert' , _ ( 'No' ) => 'novalidate-cert' ), array ( 'validate-cert' ), _ ( " Validate server certificate " ), 'ImapValidateServerCert' );
$configCertValidate -> setHasDescriptiveElements ( true );
$configContainer -> addElement ( $configCertValidate , true );
$configUser = new htmlTableExtendedInputField ( _ ( 'IMAP admin user' ), 'ImapAccess_ImapAdmin' , '' , 'ImapAdmin' );
$configUser -> setRequired ( true );
$configContainer -> addElement ( $configUser , true );
$configPasswordType = new htmlTableExtendedSelect ( 'ImapAccess_ImapAdminPasswordSelect' , array ( _ ( 'LAM user password' ) => 'lam_user_pass' , _ ( 'Ask' ) => 'ask_pass' ), array ( 'ask_pass' ), _ ( " IMAP password input " ), 'ImapAdminPasswordSelect' );
$configPasswordType -> setHasDescriptiveElements ( true );
$configContainer -> addElement ( $configPasswordType , true );
$configContainer -> addElement ( new htmlTableExtendedInputField ( _ ( 'Prefix for mailboxes' ), 'ImapAccess_ImapUserPrefix' , '' , 'ImapUserPrefix' ), true );
2010-11-28 20:24:17 +00:00
$mailDomainsInput = new htmlTableExtendedInputField ( _ ( 'Mail domain(s)' ), 'ImapAccess_ImapDomain' , '' , 'ImapMailDomain' );
$mailDomainsInput -> setRequired ( true );
$configContainer -> addElement ( $mailDomainsInput , true );
2010-11-14 14:12:07 +00:00
$return [ 'config_options' ][ 'all' ] = $configContainer ;
2010-11-28 20:24:17 +00:00
// configuration checks
$return [ 'config_checks' ][ 'all' ][ 'ImapAccess_ImapServerAddress' ] = array (
'type' => 'ext_preg' ,
'regex' => 'DNSname' ,
'required' => true ,
'required_message' => $this -> messages [ 'config' ][ 0 ],
'error_message' => $this -> messages [ 'config' ][ 0 ]);
$return [ 'config_checks' ][ 'all' ][ 'ImapAccess_ImapDomain' ] = array (
'type' => 'regex_i' ,
'regex' => '[a-z0-9\\._-]+(,[a-z0-9\\._-]+)*' ,
'required' => true ,
'required_message' => $this -> messages [ 'config' ][ 1 ],
'error_message' => $this -> messages [ 'config' ][ 1 ]);
2010-11-14 14:12:07 +00:00
return $return ;
}
/**
* This function fills the error message array with messages
*/
function load_Messages () {
2010-11-28 20:24:17 +00:00
$this -> messages [ 'config' ][ 0 ] = array ( 'ERROR' , _ ( 'Please enter a valid server name where the mailboxes reside.' ));
$this -> messages [ 'config' ][ 1 ] = array ( 'ERROR' , _ ( 'Please enter a correct list of valid mail domains.' ));
2010-11-14 14:12:07 +00:00
$this -> messages [ 'managemailbox' ][ 0 ] = array ( 'ERROR' , _ ( 'Unable to change ACL on IMAP server for mailbox deletion.' ));
$this -> messages [ 'managemailbox' ][ 1 ] = array ( 'ERROR' , _ ( 'Unable to delete mailbox from IMAP server.' ));
$this -> messages [ 'managemailbox' ][ 2 ] = array ( 'ERROR' , _ ( 'Unable to create mailbox on IMAP server.' ));
$this -> messages [ 'managemailbox' ][ 3 ] = array ( 'ERROR' , _ ( 'Unable to locate mailbox on IMAP.' ));
$this -> messages [ 'managemailbox' ][ 4 ] = array ( 'ERROR' , _ ( 'Your IMAP domain(s) and email address domain do not match.' ));
$this -> messages [ 'managemailbox' ][ 5 ] = array ( 'ERROR' , _ ( 'Invalid password for IMAP admin or other problem occured.' ));
}
/**
* Returns the HTML meta data for the main account page .
*
* @ return array HTML meta data
*/
function display_html_attributes () {
$return = new htmlTable ();
$prefix = $this -> getMailboxPrefix ();
$email = '' ;
$attrs = $this -> getAccountContainer () -> getAccountModule ( 'inetOrgPerson' ) -> getAttributes ();
$email = $attrs [ 'mail' ][ 0 ];
if ( $email == '' ) {
$return -> addElement ( new htmlStatusMessage ( 'INFO' , _ ( 'Email address is not set. Please set it on tab "Personal".' )));
return $return ;
}
$imap_admin_password = $this -> getAdminPassword (); //Check for password for fall back mechanism
if (( strcasecmp ( $this -> moduleSettings [ 'ImapAccess_ImapAdminPasswordSelect' ][ 0 ], " ask_pass " ) == 0 && ! isset ( $_SESSION [ 'imapAdmPass' ])) || ( ! $imap_admin_password )) {
return $this -> display_html_password ();
}
$return -> addElement ( new htmlOutputText ( _ ( 'Email address' )));
$return -> addElement ( new htmlOutputText ( $email ), true );
$imap_server_address = $this -> getServerAddress ();
$imap_admin_user = $this -> moduleSettings [ 'ImapAccess_ImapAdmin' ][ 0 ];
$imap_admin_password = $this -> getAdminPassword ();
$mbox = imap_open ( " { " . $imap_server_address . " } " , $imap_admin_user , $imap_admin_password , OP_HALFOPEN ) or die ( " can't connect: " . imap_last_error ());
$attrs = $this -> getAccountContainer () -> getAccountModule ( 'inetOrgPerson' ) -> getAttributes ();
$email_domain = substr ( strstr ( $email , '@' ), 1 );
$email_parts = explode ( '@' , $email , 2 );
$email_username = array_shift ( $email_parts );
$return -> addElement ( new htmlOutputText ( _ ( 'Mailbox' )));
$return -> addElement ( new htmlOutputText ( $prefix . " . " . $email_username ));
$return -> addElement ( new htmlHelpLink ( 'MailAddress' ), true );
$return -> addElement ( new htmlSpacer ( null , '10px' ), true );
$is_mailbox_exist = false ; //default is false
$list = imap_list ( $mbox , " { " . $imap_server_address . " } " , $prefix . " . " . $email_username );
if ( is_array ( $list ) && sizeof ( $list ) == 1 ) {
$mailboxMessage = new htmlOutputText ( _ ( " Mailbox already exists on IMAP server. " ));
$mailboxMessage -> colspan = 3 ;
$return -> addElement ( $mailboxMessage , true );
$return -> addElement ( new htmlSpacer ( null , '10px' ), true );
$return -> addElement ( new htmlButton ( 'deleteMailbox' , _ ( 'Delete mailbox' )));
}
else {
$mailboxMessage = new htmlOutputText ( _ ( " Mailbox does not exist on IMAP server. " ));
$mailboxMessage -> colspan = 3 ;
$return -> addElement ( $mailboxMessage , true );
$return -> addElement ( new htmlSpacer ( null , '10px' ), true );
$createButton = new htmlButton ( 'createMailbox' , _ ( 'Create mailbox' ));
$message = '' ;
if ( $this -> isWrongDomain ( $email_domain )) {
$createButton -> setIsEnabled ( false );
$message = '<< ' . $this -> messages [ 'managemailbox' ][ 4 ][ 1 ];
}
$return -> addElement ( $createButton );
$return -> addElement ( new htmlOutputText ( $message ));
}
imap_close ( $mbox );
return $return ;
}
/**
* Returns the HTML meta data for the password page .
*
* @ return array HTML meta data
*/
function display_html_password () {
$return = new htmlTable ();
$passwordInput = new htmlTableExtendedInputField ( _ ( " Password of IMAP admin user " ), 'ImapAdminPassword' , '' , 'ImapAdminPassword_Sess' );
$passwordInput -> setIsPassword ( true );
$passwordInput -> setRequired ( true );
$return -> addElement ( $passwordInput , true );
$return -> addElement ( new htmlSpacer ( null , '10px' ), true );
$return -> addElement ( new htmlButton ( 'enterPasswordButton' , _ ( 'Ok' )));
return $return ;
}
/**
* Processes user input of the primary module page .
* It checks if all input values are correct and updates the associated LDAP attributes .
*
* @ return array list of info / error messages
*/
function process_attributes () {
$errors = array ();
$prefix = $this -> getMailboxPrefix ();
$imap_server_address = $this -> getServerAddress ();
$imap_admin_user = $this -> moduleSettings [ 'ImapAccess_ImapAdmin' ][ 0 ];
if ( isset ( $_POST [ 'ImapAdminPassword' ])) {
$errors = $this -> doLogin ();
}
$imap_admin_password = $this -> getAdminPassword ();
if ( $imap_admin_password ) {
$mbox = @ imap_open ( " { " . $imap_server_address . " } " , $imap_admin_user , $imap_admin_password , OP_HALFOPEN );
}
if ( $mbox ) {
$attrs = $this -> getAccountContainer () -> getAccountModule ( 'inetOrgPerson' ) -> getAttributes ();
$email = $attrs [ 'mail' ][ 0 ];
$email_domain = substr ( strstr ( $email , '@' ), 1 );
$email_parts = explode ( '@' , $email , 2 );
$email_username = array_shift ( $email_parts );
if ( isset ( $_POST [ 'deleteMailbox' ])) {
if ( $this -> isWrongDomain ( $email_domain )) {
$errors [] = $this -> messages [ 'managemailbox' ][ 4 ];
}
else {
if ( ! imap_setacl ( $mbox , $prefix . " . " . $email_username , $this -> moduleSettings [ 'ImapAccess_ImapAdmin' ][ 0 ], " c " )) {
$errors [] = $this -> messages [ 'managemailbox' ][ 0 ];
}
$delete_mailbox_arg = " { " . $imap_server_address . " } " . $prefix . " . " . $email_username ;
if ( !@ imap_deletemailbox ( $mbox , $delete_mailbox_arg )) {
$errors [] = $this -> messages [ 'managemailbox' ][ 1 ];
}
}
}
if ( isset ( $_POST [ 'createMailbox' ])) {
if ( $this -> isWrongDomain ( $email_domain )) {
$errors [] = $this -> messages [ 'managemailbox' ][ 4 ];
}
else {
$create_mailbox_arg = " { " . $imap_server_address . " } " . $prefix . " . " . $email_username ;
if ( imap_createmailbox ( $mbox , imap_utf7_encode ( $create_mailbox_arg ))) {
$list = imap_list ( $mbox , " { " . $imap_server_address . " } " , $prefix . " . " . $email_username );
if ( is_array ( $list ) && sizeof ( $list ) == 1 ) {
}
else {
$errors [] = $this -> messages [ 'managemailbox' ][ 3 ];
}
}
else {
$errors [] = $this -> messages [ 'managemailbox' ][ 2 ];
}
}
}
imap_close ( $mbox );
}
// Return error-messages
return $errors ;
}
/**
* Returns the admin password .
*
* @ return String password
*/
function getAdminPassword () {
$imap_admin_user = $this -> moduleSettings [ 'ImapAccess_ImapAdmin' ][ 0 ];
//perform admin password
$imap_admin_password = null ; //default value is null, it can be changed during the work
if ( isset ( $this -> moduleSettings [ 'ImapAccess_ImapAdminPasswordSelect' ][ 0 ]) && ( $this -> moduleSettings [ 'ImapAccess_ImapAdminPasswordSelect' ][ 0 ] == " lam_user_pass " )) {
$credentials = $_SESSION [ 'ldap' ] -> decrypt_login ();
$imap_admin_password = $credentials [ 1 ];
}
elseif ( strcasecmp ( $this -> moduleSettings [ 'ImapAccess_ImapAdminPasswordSelect' ][ 0 ], " ask_pass " ) == 0 && isset ( $_SESSION [ 'imapAdmPass' ])) {
$imap_admin_password = $_SESSION [ 'ldap' ] -> decrypt ( $_SESSION [ 'imapAdmPass' ]);
}
return $imap_admin_password ;
}
/**
* Checks the password given by user and save it as session parameter .
*
* @ return array list of error messages
*/
function doLogin () {
$errors = array ();
$imap_server_address = $this -> getServerAddress ();
$imap_admin_user = $this -> moduleSettings [ 'ImapAccess_ImapAdmin' ][ 0 ];
if ( isset ( $_POST [ 'ImapAdminPassword' ]) && $_POST [ 'ImapAdminPassword' ] != " " ) {
$imap_admin_password = $_POST [ 'ImapAdminPassword' ];
$mbox = @ imap_open ( " { " . $imap_server_address . " } " , $imap_admin_user , $imap_admin_password , OP_HALFOPEN );
if ( $mbox ) {
$_SESSION [ 'imapAdmPass' ] = $_SESSION [ 'ldap' ] -> encrypt ( $_POST [ 'ImapAdminPassword' ]);
@ imap_close ( $mbox );
}
else {
$error = $this -> messages [ 'managemailbox' ][ 5 ];
$error [] = imap_last_error ();
$errors [] = $error ;
}
}
return $errors ;
}
/**
* This function returns the IMAP server address including encryption options .
*
* @ return String server address
*/
function getServerAddress () {
$imap_encryption_protocol = $this -> moduleSettings [ 'ImapAccess_ImapServerEncriptionProtocol' ][ 0 ];
if ( strrpos ( $this -> moduleSettings [ 'ImapAccess_ImapServerAddress' ][ 0 ], " : " )) {
$imap_port_number = substr ( strstr ( $this -> moduleSettings [ 'ImapAccess_ImapServerAddress' ][ 0 ], ':' ), 1 );
$imap_server_name = array_shift ( explode ( ':' , $this -> moduleSettings [ 'ImapAccess_ImapServerAddress' ][ 0 ], 2 ));
}
else {
$imap_server_name = $this -> moduleSettings [ 'ImapAccess_ImapServerAddress' ][ 0 ];
if ( strcmp ( $imap_encryption_protocol , " TLS " ) == 0 ) {
$imap_port_number = 143 ;
}
else {
$imap_port_number = 993 ;
}
}
if ( isset ( $this -> moduleSettings [ 'ImapAccess_ImapValidateServerCert' ][ 0 ]) && ( $this -> moduleSettings [ 'ImapAccess_ImapValidateServerCert' ][ 0 ] == 'novalidate-cert' )) {
$validate_opt = " novalidate-cert " ;
}
else {
$validate_opt = " validate-cert " ;
}
$imap_server_address = $imap_server_name . " : " . $imap_port_number . " / " . $imap_encryption_protocol . " / " . $validate_opt ;
return $imap_server_address ;
}
/**
* This function returns the prefix for mailboxes .
* If no prefix was given during configuration then " user " will be used ( default for Cyrus ) .
*
* @ return String prefix
*/
function getMailboxPrefix () {
if ( ! isset ( $this -> moduleSettings [ 'ImapAccess_ImapUserPrefix' ][ 0 ]) || ( $this -> moduleSettings [ 'ImapAccess_ImapUserPrefix' ][ 0 ] == '' )) {
return " user " ;
}
else {
return $this -> moduleSettings [ 'ImapAccess_ImapUserPrefix' ][ 0 ];
}
}
/**
* This function checks if the domain of the mailbox is not in the list of domains listed in the configuration .
* If it is in the list then it returns false , otherwise returns true . If the list of domains is not set then it returns true .
*
* @ return boolean true if domains match
*/
function isWrongDomain ( $email_domain ) {
$ret_result = true ;
if ( isset ( $this -> moduleSettings [ 'ImapAccess_ImapDomain' ][ 0 ])) {
$domain_list_string = $this -> moduleSettings [ 'ImapAccess_ImapDomain' ][ 0 ];
$domains_array = explode ( " , " , $domain_list_string );
if ( in_array ( $email_domain , $domains_array )) {
$ret_result = false ;
}
}
else {
$ret_result = false ;
}
return $ret_result ;
}
}
?>