From 6c1c60f3b908aa922a46cbae94a03eb162147b70 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sat, 02 Aug 2014 03:03:29 -0400
Subject: [PATCH] Support password encryption using openssl extension (#1489989)
---
program/lib/Roundcube/rcube.php | 264 +++++++++++++++++++++++++++++++++++++++-------------
1 files changed, 198 insertions(+), 66 deletions(-)
diff --git a/program/lib/Roundcube/rcube.php b/program/lib/Roundcube/rcube.php
index 6543a39..e3e26d8 100644
--- a/program/lib/Roundcube/rcube.php
+++ b/program/lib/Roundcube/rcube.php
@@ -3,8 +3,8 @@
/*
+-----------------------------------------------------------------------+
| This file is part of the Roundcube Webmail client |
- | Copyright (C) 2008-2012, The Roundcube Dev Team |
- | Copyright (C) 2011-2012, Kolab Systems AG |
+ | Copyright (C) 2008-2014, The Roundcube Dev Team |
+ | Copyright (C) 2011-2014, Kolab Systems AG |
| |
| Licensed under the GNU General Public License version 3 or |
| any later version with exceptions for skins & plugins. |
@@ -94,6 +94,13 @@
*/
public $plugins;
+ /**
+ * Instance of rcube_user class.
+ *
+ * @var rcube_user
+ */
+ public $user;
+
/* private/protected vars */
protected $texts;
@@ -105,13 +112,14 @@
* This implements the 'singleton' design pattern
*
* @param integer Options to initialize with this instance. See rcube::INIT_WITH_* constants
+ * @param string Environment name to run (e.g. live, dev, test)
*
* @return rcube The one and only instance
*/
- static function get_instance($mode = 0)
+ static function get_instance($mode = 0, $env = '')
{
if (!self::$instance) {
- self::$instance = new rcube();
+ self::$instance = new rcube($env);
self::$instance->init($mode);
}
@@ -122,10 +130,10 @@
/**
* Private constructor
*/
- protected function __construct()
+ protected function __construct($env = '')
{
// load configuration
- $this->config = new rcube_config;
+ $this->config = new rcube_config($env);
$this->plugins = new rcube_dummy_plugin_api;
register_shutdown_function(array($this, 'shutdown'));
@@ -164,9 +172,13 @@
public function get_dbh()
{
if (!$this->db) {
- $config_all = $this->config->all();
- $this->db = rcube_db::factory($config_all['db_dsnw'], $config_all['db_dsnr'], $config_all['db_persistent']);
- $this->db->set_debug((bool)$config_all['sql_debug']);
+ $this->db = rcube_db::factory(
+ $this->config->get('db_dsnw'),
+ $this->config->get('db_dsnr'),
+ $this->config->get('db_persistent')
+ );
+
+ $this->db->set_debug((bool)$this->config->get('sql_debug'));
}
return $this->db;
@@ -347,39 +359,18 @@
// for backward compat. (deprecated, will be removed)
$this->imap = $this->storage;
- // enable caching of mail data
- $storage_cache = $this->config->get("{$driver}_cache");
- $messages_cache = $this->config->get('messages_cache');
- // for backward compatybility
- if ($storage_cache === null && $messages_cache === null && $this->config->get('enable_caching')) {
- $storage_cache = 'db';
- $messages_cache = true;
- }
-
- if ($storage_cache) {
- $this->storage->set_caching($storage_cache);
- }
- if ($messages_cache) {
- $this->storage->set_messages_caching(true);
- }
-
- // set pagesize from config
- $pagesize = $this->config->get('mail_pagesize');
- if (!$pagesize) {
- $pagesize = $this->config->get('pagesize', 50);
- }
- $this->storage->set_pagesize($pagesize);
-
// set class options
$options = array(
- 'auth_type' => $this->config->get("{$driver}_auth_type", 'check'),
- 'auth_cid' => $this->config->get("{$driver}_auth_cid"),
- 'auth_pw' => $this->config->get("{$driver}_auth_pw"),
- 'debug' => (bool) $this->config->get("{$driver}_debug"),
- 'force_caps' => (bool) $this->config->get("{$driver}_force_caps"),
- 'timeout' => (int) $this->config->get("{$driver}_timeout"),
- 'skip_deleted' => (bool) $this->config->get('skip_deleted'),
- 'driver' => $driver,
+ 'auth_type' => $this->config->get("{$driver}_auth_type", 'check'),
+ 'auth_cid' => $this->config->get("{$driver}_auth_cid"),
+ 'auth_pw' => $this->config->get("{$driver}_auth_pw"),
+ 'debug' => (bool) $this->config->get("{$driver}_debug"),
+ 'force_caps' => (bool) $this->config->get("{$driver}_force_caps"),
+ 'disabled_caps' => $this->config->get("{$driver}_disabled_caps"),
+ 'socket_options' => $this->config->get("{$driver}_conn_options"),
+ 'timeout' => (int) $this->config->get("{$driver}_timeout"),
+ 'skip_deleted' => (bool) $this->config->get('skip_deleted'),
+ 'driver' => $driver,
);
if (!empty($_SESSION['storage_host'])) {
@@ -403,22 +394,65 @@
/**
* Set storage parameters.
- * This must be done AFTER connecting to the server!
*/
protected function set_storage_prop()
{
$storage = $this->get_storage();
+ // set pagesize from config
+ $pagesize = $this->config->get('mail_pagesize');
+ if (!$pagesize) {
+ $pagesize = $this->config->get('pagesize', 50);
+ }
+
+ $storage->set_pagesize($pagesize);
$storage->set_charset($this->config->get('default_charset', RCUBE_CHARSET));
- if ($default_folders = $this->config->get('default_folders')) {
- $storage->set_default_folders($default_folders);
+ // enable caching of mail data
+ $driver = $this->config->get('storage_driver', 'imap');
+ $storage_cache = $this->config->get("{$driver}_cache");
+ $messages_cache = $this->config->get('messages_cache');
+ // for backward compatybility
+ if ($storage_cache === null && $messages_cache === null && $this->config->get('enable_caching')) {
+ $storage_cache = 'db';
+ $messages_cache = true;
}
- if (isset($_SESSION['mbox'])) {
- $storage->set_folder($_SESSION['mbox']);
+
+ if ($storage_cache) {
+ $storage->set_caching($storage_cache);
}
- if (isset($_SESSION['page'])) {
- $storage->set_page($_SESSION['page']);
+ if ($messages_cache) {
+ $storage->set_messages_caching(true);
+ }
+ }
+
+
+ /**
+ * Set special folders type association.
+ * This must be done AFTER connecting to the server!
+ */
+ protected function set_special_folders()
+ {
+ $storage = $this->get_storage();
+ $folders = $storage->get_special_folders(true);
+ $prefs = array();
+
+ // check SPECIAL-USE flags on IMAP folders
+ foreach ($folders as $type => $folder) {
+ $idx = $type . '_mbox';
+ if ($folder !== $this->config->get($idx)) {
+ $prefs[$idx] = $folder;
+ }
+ }
+
+ // Some special folders differ, update user preferences
+ if (!empty($prefs) && $this->user) {
+ $this->user->save_prefs($prefs);
+ }
+
+ // create default folders (on login)
+ if ($this->config->get('create_default_folders')) {
+ $storage->create_default_folders();
}
}
@@ -465,6 +499,10 @@
$this->session->set_secret($this->config->get('des_key') . dirname($_SERVER['SCRIPT_NAME']));
$this->session->set_ip_check($this->config->get('ip_check'));
+ if ($this->config->get('session_auth_name')) {
+ $this->session->set_cookiename($this->config->get('session_auth_name'));
+ }
+
// start PHP session (if not in CLI mode)
if ($_SERVER['REMOTE_ADDR']) {
$this->session->start();
@@ -492,15 +530,22 @@
public function gc_temp()
{
$tmp = unslashify($this->config->get('temp_dir'));
- $expire = time() - 172800; // expire in 48 hours
+
+ // expire in 48 hours by default
+ $temp_dir_ttl = $this->config->get('temp_dir_ttl', '48h');
+ $temp_dir_ttl = get_offset_sec($temp_dir_ttl);
+ if ($temp_dir_ttl < 6*3600)
+ $temp_dir_ttl = 6*3600; // 6 hours sensible lower bound.
+
+ $expire = time() - $temp_dir_ttl;
if ($tmp && ($dir = opendir($tmp))) {
while (($fname = readdir($dir)) !== false) {
- if ($fname{0} == '.') {
+ if ($fname[0] == '.') {
continue;
}
- if (filemtime($tmp.'/'.$fname) < $expire) {
+ if (@filemtime($tmp.'/'.$fname) < $expire) {
@unlink($tmp.'/'.$fname);
}
}
@@ -629,10 +674,11 @@
/**
* Load a localization package
*
- * @param string Language ID
- * @param array Additional text labels/messages
+ * @param string $lang Language ID
+ * @param array $add Additional text labels/messages
+ * @param array $merge Additional text labels/messages to merge
*/
- public function load_language($lang = null, $add = array())
+ public function load_language($lang = null, $add = array(), $merge = array())
{
$lang = $this->language_prop(($lang ? $lang : $_SESSION['language']));
@@ -672,6 +718,11 @@
if (is_array($add) && !empty($add)) {
$this->texts += $add;
}
+
+ // merge additional texts (from plugin)
+ if (is_array($merge) && !empty($merge)) {
+ $this->texts = array_merge($this->texts, $merge);
+ }
}
@@ -689,7 +740,11 @@
// user HTTP_ACCEPT_LANGUAGE if no language is specified
if (empty($lang) || $lang == 'auto') {
$accept_langs = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);
- $lang = str_replace('-', '_', $accept_langs[0]);
+ $lang = $accept_langs[0];
+
+ if (preg_match('/^([a-z]+)[_-]([a-z]+)$/i', $lang, $m)) {
+ $lang = $m[1] . '_' . strtoupper($m[2]);
+ }
}
if (empty($rcube_languages)) {
@@ -774,7 +829,13 @@
*/
$clear = pack("a*H2", $clear, "80");
- if (function_exists('mcrypt_module_open') &&
+ if (function_exists('openssl_encrypt')) {
+ $method = 'DES-EDE3-CBC';
+ $opts = defined('OPENSSL_RAW_DATA') ? OPENSSL_RAW_DATA : true;
+ $iv = $this->create_iv(openssl_cipher_iv_length($method));
+ $cipher = $iv . openssl_encrypt($clear, $method, $ckey, $opts, $iv);
+ }
+ else if (function_exists('mcrypt_module_open') &&
($td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_CBC, ""))
) {
$iv = $this->create_iv(mcrypt_enc_get_iv_size($td));
@@ -795,7 +856,7 @@
self::raise_error(array(
'code' => 500, 'type' => 'php',
'file' => __FILE__, 'line' => __LINE__,
- 'message' => "Could not perform encryption; make sure Mcrypt is installed or lib/des.inc is available"
+ 'message' => "Could not perform encryption; make sure OpenSSL or Mcrypt or lib/des.inc is available"
), true, true);
}
}
@@ -821,7 +882,21 @@
$cipher = $base64 ? base64_decode($cipher) : $cipher;
- if (function_exists('mcrypt_module_open') &&
+ if (function_exists('openssl_decrypt')) {
+ $method = 'DES-EDE3-CBC';
+ $opts = defined('OPENSSL_RAW_DATA') ? OPENSSL_RAW_DATA : true;
+ $iv_size = openssl_cipher_iv_length($method);
+ $iv = substr($cipher, 0, $iv_size);
+
+ // session corruption? (#1485970)
+ if (strlen($iv) < $iv_size) {
+ return '';
+ }
+
+ $cipher = substr($cipher, $iv_size);
+ $clear = openssl_decrypt($cipher, $method, $ckey, $opts, $iv);
+ }
+ else if (function_exists('mcrypt_module_open') &&
($td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_CBC, ""))
) {
$iv_size = mcrypt_enc_get_iv_size($td);
@@ -1082,6 +1157,11 @@
return true;
}
+ // add session ID to the log
+ if ($sess = session_id()) {
+ $line = '<' . substr($sess, 0, 8) . '> ' . $line;
+ }
+
if ($log_driver == 'syslog') {
$prio = $name == 'errors' ? LOG_ERR : LOG_INFO;
syslog($prio, $line);
@@ -1091,7 +1171,20 @@
// log_driver == 'file' is assumed here
$line = sprintf("[%s]: %s\n", $date, $line);
- $log_dir = self::$instance ? self::$instance->config->get('log_dir') : null;
+ $log_dir = null;
+
+ // per-user logging is activated
+ if (self::$instance && self::$instance->config->get('per_user_logging', false) && self::$instance->get_user_id()) {
+ $log_dir = self::$instance->get_user_log_dir();
+ if (empty($log_dir))
+ return false;
+ }
+ else if (!empty($log['dir'])) {
+ $log_dir = $log['dir'];
+ }
+ else if (self::$instance) {
+ $log_dir = self::$instance->config->get('log_dir');
+ }
if (empty($log_dir)) {
$log_dir = RCUBE_INSTALL_PATH . 'logs';
@@ -1119,8 +1212,8 @@
* - code: Error code (required)
* - type: Error type [php|db|imap|javascript] (required)
* - message: Error message
- * - file: File where error occured
- * - line: Line where error occured
+ * - file: File where error occurred
+ * - line: Line where error occurred
* @param boolean True to log the error
* @param boolean Terminate script execution
*/
@@ -1129,7 +1222,6 @@
// handle PHP exceptions
if (is_object($arg) && is_a($arg, 'Exception')) {
$arg = array(
- 'type' => 'php',
'code' => $arg->getCode(),
'line' => $arg->getLine(),
'file' => $arg->getFile(),
@@ -1137,7 +1229,7 @@
);
}
else if (is_string($arg)) {
- $arg = array('message' => $arg, 'type' => 'php');
+ $arg = array('message' => $arg);
}
if (empty($arg['code'])) {
@@ -1145,15 +1237,15 @@
}
// installer
- if (class_exists('rcube_install', false)) {
- $rci = rcube_install::get_instance();
+ if (class_exists('rcmail_install', false)) {
+ $rci = rcmail_install::get_instance();
$rci->raise_error($arg);
return;
}
$cli = php_sapi_name() == 'cli';
- if (($log || $terminate) && !$cli && $arg['type'] && $arg['message']) {
+ if (($log || $terminate) && !$cli && $arg['message']) {
$arg['fatal'] = $terminate;
self::log_bug($arg);
}
@@ -1181,7 +1273,7 @@
*/
public static function log_bug($arg_arr)
{
- $program = strtoupper($arg_arr['type']);
+ $program = strtoupper(!empty($arg_arr['type']) ? $arg_arr['type'] : 'php');
$level = self::get_instance()->config->get('debug_level');
// disable errors for ajax requests, write to log instead (#1487831)
@@ -1267,6 +1359,20 @@
self::write_log($dest, sprintf("%s: %0.4f sec", $label, $diff));
}
+ /**
+ * Setter for system user object
+ *
+ * @param rcube_user Current user instance
+ */
+ public function set_user($user)
+ {
+ if (is_object($user)) {
+ $this->user = $user;
+
+ // overwrite config with user preferences
+ $this->config->set_user_prefs((array)$this->user->get_prefs());
+ }
+ }
/**
* Getter for logged user ID.
@@ -1330,6 +1436,17 @@
}
}
+ /**
+ * Get the per-user log directory
+ */
+ protected function get_user_log_dir()
+ {
+ $log_dir = $this->config->get('log_dir', RCUBE_INSTALL_PATH . 'logs');
+ $user_name = $this->get_user_name();
+ $user_log_dir = $log_dir . '/' . $user_name;
+
+ return !empty($user_name) && is_writable($user_log_dir) ? $user_log_dir : false;
+ }
/**
* Getter for logged user language code.
@@ -1390,6 +1507,17 @@
'mailto' => $mailto,
'options' => $options,
));
+
+ if ($plugin['abort']) {
+ if (!empty($plugin['error'])) {
+ $error = $plugin['error'];
+ }
+ if (!empty($plugin['body_file'])) {
+ $body_file = $plugin['body_file'];
+ }
+
+ return isset($plugin['result']) ? $plugin['result'] : false;
+ }
$from = $plugin['from'];
$mailto = $plugin['mailto'];
@@ -1516,6 +1644,10 @@
!empty($response) ? join('; ', $response) : ''));
}
}
+ else {
+ // allow plugins to catch sending errors with the same parameters as in 'message_before_send'
+ $this->plugins->exec_hook('message_send_error', $plugin + array('error' => $error));
+ }
if (is_resource($msg_body)) {
fclose($msg_body);
--
Gitblit v1.9.1