mirror of
https://github.com/the-djmaze/snappymail.git
synced 2026-07-08 22:18:28 +03:00
parent
2a4fbea0a8
commit
1ded94bd2d
4 changed files with 277 additions and 0 deletions
22
plugins/ldap-login-mapping/LICENSE
Normal file
22
plugins/ldap-login-mapping/LICENSE
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
The MIT License (MIT)
|
||||
|
||||
Copyright (c) 2014 RainLoop Team
|
||||
Copyright (c) 2018 <ludovic.pouzenc@mines-albi.fr>
|
||||
Copyright (c) 2022 <zephone@protonmail.com>
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
||||
this software and associated documentation files (the "Software"), to deal in
|
||||
the Software without restriction, including without limitation the rights to
|
||||
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
||||
the Software, and to permit persons to whom the Software is furnished to do so,
|
||||
subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
||||
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
||||
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
||||
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
||||
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
1
plugins/ldap-login-mapping/README
Normal file
1
plugins/ldap-login-mapping/README
Normal file
|
|
@ -0,0 +1 @@
|
|||
Plugin which allows you to set up LDAP username by email address (when IMAP/SMTP requires it)
|
||||
1
plugins/ldap-login-mapping/VERSION
Normal file
1
plugins/ldap-login-mapping/VERSION
Normal file
|
|
@ -0,0 +1 @@
|
|||
2.0
|
||||
253
plugins/ldap-login-mapping/index.php
Normal file
253
plugins/ldap-login-mapping/index.php
Normal file
|
|
@ -0,0 +1,253 @@
|
|||
<?php
|
||||
|
||||
use \MailSo\Log\Enumerations\Type;
|
||||
use \RainLoop\Enumerations\PluginPropertyType;
|
||||
use \RainLoop\Plugins\AbstractPlugin;
|
||||
use RainLoop\Plugins\Property;
|
||||
|
||||
class LDAPLoginMappingPlugin extends AbstractPlugin
|
||||
{
|
||||
const
|
||||
NAME = 'LDAP login mapping',
|
||||
VERSION = '2.0',
|
||||
AUTHOR = 'RainLoop Team, Ludovic Pouzenc<ludovic@pouzenc.fr>, ZephOne<zephone@protonmail.com>',
|
||||
RELEASE = '2022-07-13',
|
||||
REQUIRED = '2.16.3',
|
||||
CATEGORY = 'Login',
|
||||
DESCRIPTION = 'Enable custom mapping using ldap field';
|
||||
/**
|
||||
* @var array
|
||||
*/
|
||||
private $aDomains = array();
|
||||
|
||||
/**
|
||||
* @var string
|
||||
*/
|
||||
private $sSearchDomain = '';
|
||||
|
||||
/**
|
||||
* @var string
|
||||
*/
|
||||
private $sHostName = '127.0.0.1';
|
||||
|
||||
/**
|
||||
* @var int
|
||||
*/
|
||||
private $iHostPort = 389;
|
||||
|
||||
/**
|
||||
* @var string
|
||||
*/
|
||||
private $sUsersDn = '';
|
||||
|
||||
/**
|
||||
* @var string
|
||||
*/
|
||||
private $sObjectClass = 'inetOrgPerson';
|
||||
|
||||
/**
|
||||
* @var string
|
||||
*/
|
||||
private $sLoginField = 'uid';
|
||||
|
||||
/**
|
||||
* @var string
|
||||
*/
|
||||
private $sEmailField = 'mail';
|
||||
|
||||
/**
|
||||
* @var \MailSo\Log\Logger
|
||||
*/
|
||||
private $oLogger = null;
|
||||
|
||||
public function Init(): void
|
||||
{
|
||||
$this->addHook('login.credentials', 'FilterLoginСredentials');
|
||||
}
|
||||
|
||||
/**
|
||||
* @return string
|
||||
*/
|
||||
public function Supported(): string
|
||||
{
|
||||
if (!\function_exists('ldap_connect'))
|
||||
{
|
||||
return 'The LDAP PHP extension must be installed to use this plugin';
|
||||
}
|
||||
|
||||
return '';
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $sEmail
|
||||
* @param string $sLogin
|
||||
* @param string $sPassword
|
||||
*
|
||||
* @throws \RainLoop\Exceptions\ClientException
|
||||
*/
|
||||
public function FilterLoginСredentials(&$sEmail, &$sLogin, &$sPassword)
|
||||
{
|
||||
$this->oLogger = \MailSo\Log\Logger::SingletonInstance();
|
||||
|
||||
$this->aDomains = explode(',', $this->Config()->Get('plugin', 'domains', ''));
|
||||
$this->sSearchDomain = trim($this->Config()->Get('plugin', 'search_domain', ''));
|
||||
$this->sHostName = trim($this->Config()->Get('plugin', 'hostname', ''));
|
||||
$this->iHostPort = (int) $this->Config()->Get('plugin', 'port', 389);
|
||||
$this->sUsersDn = trim($this->Config()->Get('plugin', 'users_dn', ''));
|
||||
$this->sObjectClass = trim($this->Config()->Get('plugin', 'object_class', ''));
|
||||
$this->sLoginField = trim($this->Config()->Get('plugin', 'login_field', ''));
|
||||
$this->sEmailField = trim($this->Config()->Get('plugin', 'mail_field', ''));
|
||||
|
||||
if (0 < \strlen($this->sObjectClass) && 0 < \strlen($this->sEmailField))
|
||||
{
|
||||
$sIP = $_SERVER['REMOTE_ADDR'];
|
||||
$sResult = $this->ldapSearch($sEmail);
|
||||
if ( is_array($sResult) ) {
|
||||
$sLogin = $sResult['login'];
|
||||
$sEmail = $sResult['email'];
|
||||
}
|
||||
syslog(LOG_WARNING, "plugins/ldap-login-mapping/index.php:FilterLoginСredentials() auth try: $sIP/$sEmail, resolved as $sLogin/$sEmail");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array
|
||||
*/
|
||||
public function configMapping(): array
|
||||
{
|
||||
return [
|
||||
Property::NewInstance('domains')
|
||||
->SetLabel('LDAP enabled domains')
|
||||
->SetDefaultValue('example1.com,example2.com'),
|
||||
|
||||
Property::NewInstance('search_domain')
|
||||
->SetLabel('Forced domain')
|
||||
->SetDescription('Force this domain email for LDAP search')
|
||||
->SetDefaultValue('example.com'),
|
||||
|
||||
Property::NewInstance('hostname')
|
||||
->SetLabel('LDAP hostname')
|
||||
->SetDefaultValue('127.0.0.1'),
|
||||
|
||||
Property::NewInstance('port')
|
||||
->SetLabel('LDAP port')
|
||||
->SetType(PluginPropertyType::INT)
|
||||
->SetDefaultValue(389),
|
||||
|
||||
Property::NewInstance('users_dn')
|
||||
->SetLabel('Search base DN')
|
||||
->SetDescription('LDAP users search base DN. No tokens.')
|
||||
->SetDefaultValue('ou=People,dc=domain,dc=com'),
|
||||
|
||||
Property::NewInstance('object_class')
|
||||
->SetLabel('objectClass value')
|
||||
->SetDefaultValue('inetOrgPerson'),
|
||||
|
||||
Property::NewInstance('login_field')
|
||||
->SetLabel('Login field')
|
||||
->SetDefaultValue('uid'),
|
||||
|
||||
Property::NewInstance('mail_field')
|
||||
->SetLabel('Mail field')
|
||||
->SetDefaultValue('mail'),
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $sEmailOrLogin
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
private function ldapSearch($sEmail)
|
||||
{
|
||||
$bFound = FALSE;
|
||||
foreach ( $this->aDomains as $sDomain ) {
|
||||
$sRegex = '/^[a-z0-9._-]+@' . preg_quote(trim($sDomain)) . '$/i';
|
||||
$this->oLogger->Write('DEBUG regex ' . $sRegex, Type::INFO, 'LDAP');
|
||||
if ( preg_match($sRegex, $sEmail) === 1) {
|
||||
$bFound = TRUE;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if ( !$bFound ) {
|
||||
$this->oLogger->Write(
|
||||
'preg_match: no match in "' . $sEmail . '" for /^[a-z0-9._-]+@{configured-domains}$/i',
|
||||
Type::INFO,
|
||||
'LDAP');
|
||||
return FALSE;
|
||||
}
|
||||
$sLogin = \MailSo\Base\Utils::GetAccountNameFromEmail($sEmail);
|
||||
|
||||
$this->oLogger->Write('ldap_connect: trying...', Type::INFO, 'LDAP');
|
||||
|
||||
$oCon = @\ldap_connect($this->sHostName, $this->iHostPort);
|
||||
if (!$oCon) return FALSE;
|
||||
|
||||
$this->oLogger->Write('ldap_connect: connected', Type::INFO, 'LDAP');
|
||||
|
||||
@\ldap_set_option($oCon, LDAP_OPT_PROTOCOL_VERSION, 3);
|
||||
|
||||
if (!@\ldap_bind($oCon)) {
|
||||
$this->logLdapError($oCon, 'ldap_bind');
|
||||
return FALSE;
|
||||
}
|
||||
$sSearchDn = $this->sUsersDn;
|
||||
$aItems = array($this->sLoginField, $this->sEmailField);
|
||||
if ( 0 < \strlen($this->sSearchDomain) ) {
|
||||
$sFilter = '(&(objectclass='.$this->sObjectClass.')(|('.$this->sEmailField.'='.$sLogin.'@'.$this->sSearchDomain.')('.$this->sLoginField.'='.$sLogin.')))';
|
||||
|
||||
} else {
|
||||
$sFilter = '(&(objectclass='.$this->sObjectClass.')(|('.$this->sEmailField.'='.$sEmail.')('.$this->sLoginField.'='.$sLogin.')))';
|
||||
}
|
||||
$this->oLogger->Write('ldap_search: start: '.$sSearchDn.' / '.$sFilter, Type::INFO, 'LDAP');
|
||||
$oS = @\ldap_search($oCon, $sSearchDn, $sFilter, $aItems, 0, 30, 30);
|
||||
if (!$oS) {
|
||||
$this->logLdapError($oCon, 'ldap_search');
|
||||
return FALSE;
|
||||
}
|
||||
$aEntries = @\ldap_get_entries($oCon, $oS);
|
||||
if (!is_array($aEntries)) {
|
||||
$this->logLdapError($oCon, 'ldap_get_entries');
|
||||
return FALSE;
|
||||
}
|
||||
if (!isset($aEntries[0])) {
|
||||
$this->logLdapError($oCon, 'ldap_get_entries (no result)');
|
||||
return FALSE;
|
||||
}
|
||||
if (!isset($aEntries[0][$this->sLoginField][0])) {
|
||||
$this->logLdapError($oCon, 'ldap_get_entries (no login)');
|
||||
return FALSE;
|
||||
}
|
||||
if (!isset($aEntries[0][$this->sEmailField][0])) {
|
||||
$this->logLdapError($oCon, 'ldap_get_entries (no mail)');
|
||||
return FALSE;
|
||||
}
|
||||
$sLogin = $aEntries[0][$this->sLoginField][0];
|
||||
$sEmail = $aEntries[0][$this->sEmailField][0];
|
||||
$this->oLogger->Write('ldap_search: found "' . $this->sLoginField . ': '.$sLogin . '" and "' . $this->sEmailField . ': '.$sEmail . '"');
|
||||
|
||||
return array(
|
||||
'login' => $sLogin,
|
||||
'email' => $sEmail,
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param mixed $oCon
|
||||
* @param string $sCmd
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
private function logLdapError($oCon, $sCmd)
|
||||
{
|
||||
if ($this->oLogger)
|
||||
{
|
||||
$sError = $oCon ? @\ldap_error($oCon) : '';
|
||||
$iErrno = $oCon ? @\ldap_errno($oCon) : 0;
|
||||
|
||||
$this->oLogger->Write($sCmd.' error: '.$sError.' ('.$iErrno.')',
|
||||
Type::WARNING, 'LDAP');
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue