/**
* Retrieve Free/Busy URL for the specified resource id.
*
* @param string $resource The id of the resource (usually a mail address).
*
* @return string The Free/Busy URL for that resource.
*/
protected function getUrl($resource)
{
$server = Horde_Kolab_Server::singleton();
$uid = $server->uidForMailAddress($resource);
$result = $server->fetch($uid)->getServer('freebusy');
return sprintf('%s/%s.xfb', $result, $resource);
}
public function getServer()
{
if (!isset(self::$server)) {
self::$server = Horde_Kolab_Server::singleton(array('user' => $GLOBALS['registry']->getAuth(), 'pass' => $GLOBALS['registry']->getAuthCredential('password')));
}
return self::$server;
}
/**
* Try to connect the session handler.
*
* @param string $user_id The user ID to connect with.
* @param array $credentials An array of login credentials. For Kolab,
* this must contain a "password" entry.
*
* @return NULL
*
* @throws Horde_Kolab_Session_Exception If the connection failed.
*/
public function connect($user_id = null, array $credentials = null)
{
$this->_data['user']['id'] = $user_id;
if (isset($credentials['password'])) {
$password = $credentials['password'];
} else {
$password = '';
}
try {
$this->_server->connect($this->_data['user']['id'], $password);
$user_object = $this->_server->objects->fetch();
} catch (Horde_Kolab_Server_Exception_Bindfailed $e) {
throw new Horde_Kolab_Session_Exception_Badlogin('Invalid credentials!', 0, $e);
} catch (Horde_Kolab_Server_Exception $e) {
throw new Horde_Kolab_Session_Exception('Login failed!', 0, $e);
}
$this->_initMail($user_object);
$this->_initUid($user_object);
$this->_initName($user_object);
$this->_initImapServer($user_object);
$this->_initFreebusyServer($user_object);
}
/**
* Check that the From header is not trying to impersonate a valid
* user that is not $sasluser.
*
* @param string $sasluser The current, authenticated user.
* @param string $sender Sender address
* @param string $fromhdr From header
* @param string $client_addr Client IP
*
* @return mixed A PEAR_Error in case of an error, true if From
* can be accepted, false if From must be rejected,
* or a string with a corrected From header that
* makes From acceptable
*/
function _verify_sender($sasluser, $sender, $fromhdr, $client_addr)
{
global $conf;
if (isset($conf['kolab']['filter']['email_domain'])) {
$domains = $conf['kolab']['filter']['email_domain'];
} else {
$domains = 'localhost';
}
if (!is_array($domains)) {
$domains = array($domains);
}
if (isset($conf['kolab']['filter']['local_addr'])) {
$local_addr = $conf['kolab']['filter']['local_addr'];
} else {
$local_addr = '127.0.0.1';
}
if (empty($client_addr)) {
$client_addr = $local_addr;
}
if (isset($conf['kolab']['filter']['verify_subdomains'])) {
$verify_subdomains = $conf['kolab']['filter']['verify_subdomains'];
} else {
$verify_subdomains = true;
}
if (isset($conf['kolab']['filter']['reject_forged_from_header'])) {
$reject_forged_from_header = $conf['kolab']['filter']['reject_forged_from_header'];
} else {
$reject_forged_from_header = false;
}
if (isset($conf['kolab']['filter']['kolabhosts'])) {
$kolabhosts = $conf['kolab']['filter']['kolabhosts'];
} else {
$kolabhosts = 'localhost';
}
if (isset($conf['kolab']['filter']['privileged_networks'])) {
$privnetworks = $conf['kolab']['filter']['privileged_networks'];
} else {
$privnetworks = '127.0.0.0/8';
}
/* Allow anything from localhost and
* fellow Kolab-hosts
*/
if ($client_addr == $local_addr) {
return true;
}
$kolabhosts = explode(',', $kolabhosts);
$kolabhosts = array_map('gethostbyname', $kolabhosts);
$privnetworks = explode(',', $privnetworks);
if (array_search($client_addr, $kolabhosts) !== false) {
return true;
}
foreach ($privnetworks as $network) {
$iplong = ip2long($client_addr);
$cidr = explode("/", $network);
$netiplong = ip2long($cidr[0]);
if (count($cidr) == 2) {
$iplong = $iplong & 0xffffffff << 32 - $cidr[1];
$netiplong = $netiplong & 0xffffffff << 32 - $cidr[1];
}
if ($iplong == $netiplong) {
return true;
}
}
if ($sasluser) {
/* Load the Server library */
require_once 'Horde/Kolab/Server.php';
$server =& Horde_Kolab_Server::singleton();
if (is_a($server, 'PEAR_Error')) {
$server->code = OUT_LOG | EX_TEMPFAIL;
return $server;
}
$allowed_addrs = $server->addrsForIdOrMail($sasluser);
if (is_a($allowed_addrs, 'PEAR_Error')) {
$allowed_addrs->code = OUT_LOG | EX_NOUSER;
return $allowed_addrs;
}
} else {
$allowed_addrs = false;
}
if (isset($conf['kolab']['filter']['unauthenticated_from_insert'])) {
$fmt = $conf['kolab']['filter']['unauthenticated_from_insert'];
} else {
$fmt = '(UNTRUSTED, sender <%s> is not authenticated)';
}
$adrs = imap_rfc822_parse_adrlist($fromhdr, $domains[0]);
foreach ($adrs as $adr) {
$from = $adr->mailbox . '@' . $adr->host;
$fromdom = $adr->host;
if ($sasluser) {
if (!in_array(strtolower($from), $allowed_addrs)) {
Horde::log(sprintf("%s is not an allowed From address for %s", $from, $sasluser), 'DEBUG');
return false;
}
} else {
foreach ($domains as $domain) {
if (strtolower($fromdom) == $domain || $verify_subdomains && substr($fromdom, -strlen($domain) - 1) == ".{$domain}") {
if ($reject_forged_from_header) {
Horde::log(sprintf("%s is not an allowed From address for unauthenticated users.", $from), 'DEBUG');
return false;
} else {
require_once 'Horde/String.php';
require_once 'Horde/MIME.php';
/* Rewrite */
Horde::log(sprintf("%s is not an allowed From address for unauthenticated users, rewriting.", $from), 'DEBUG');
if (property_exists($adr, 'personal')) {
$name = str_replace(array("\\", '"'), array("\\\\", '\\"'), MIME::decode($adr->personal, 'utf-8'));
} else {
$name = '';
}
$untrusted = sprintf($fmt, $sender, $from, $name);
// Is this test really correct? Is $fromhdr a _decoded_ string?
// If not comparing with the unencoded $untrusted is wrong.
// sw - 20091125
if (strpos($fromhdr, $untrusted) === false) {
$new_from = '"' . MIME::encode($untrusted) . '"';
return $new_from . ' <' . $from . '>';
} else {
return true;
}
}
}
}
}
}
/* All seems OK */
return true;
}
/**
* Get the parent GUID of this object.
*
* @param string $guid The GUID of the child.
*
* @return string the parent GUID of this object.
*/
public function getParentGuid($guid)
{
return $this->_server->getParentGuid($guid);
}
/**
* Process both the user accessing the page as well as the
* owner of the requested free/busy information.
*
* @return boolean|PEAR_Error True if successful.
*/
private function _process()
{
global $conf;
require_once 'Horde/Kolab/Server.php';
if (isset($conf['kolab']['ldap']['phpdn'])) {
$params = array('uid' => $conf['kolab']['ldap']['phpdn'], 'pass' => $conf['kolab']['ldap']['phppw']);
} else {
$params = array('user' => $GLOBALS['registry']->getAuth(), 'pass' => $GLOBALS['registry']->getAuthCredential('password'));
}
/* Connect to the Kolab user database */
$db =& Horde_Kolab_Server::singleton($params);
// TODO: Remove once Kolab_Server has been fixed to always return the base dn
$db->fetch();
/* Retrieve the server configuration */
try {
$server = $db->fetch(sprintf('k=kolab,%s', $db->getBaseUid()), 'Horde_Kolab_Server_Object_Kolab_Server');
$this->server_object = $server;
} catch (Horde_Kolab_Server_Exception $e) {
Horde::log(sprintf("Failed fetching the k=kolab configuration object. Error was: %s", $e->getMessage()), 'ERR');
$this->server_object = null;
}
/* Fetch the user calling us */
$udn = $db->uidForIdOrMail($this->user);
if (is_a($udn, 'PEAR_Error')) {
return $udn;
}
if ($udn) {
$user = $db->fetch($udn, 'Horde_Kolab_Server_Object_Kolab_User');
if (is_a($user, 'PEAR_Error')) {
return $user;
}
$this->user_object = $user;
}
if ($this->user_object && $this->user_object->exists()) {
$mail = $this->user_object->get(Horde_Kolab_Server_Object_Kolab_User::ATTRIBUTE_MAIL);
if (is_a($mail, 'PEAR_Error')) {
return $mail;
}
if ($mail) {
$this->user = $mail;
}
}
/* Fetch the owner of the free/busy data */
$odn = $db->uidForIdOrMailOrAlias($this->owner);
if (is_a($odn, 'PEAR_Error')) {
return $odn;
}
if (!$odn) {
$idx = strpos($this->user, '@');
if ($idx !== false) {
$domain = substr($this->user, $idx + 1);
Horde::log(sprintf("Trying to append %s to %s", $domain, $this->owner), 'DEBUG');
$odn = $odn = $db->uidForIdOrMail($this->owner . '@' . $domain);
}
}
if ($odn) {
$owner = $db->fetch($odn, 'Horde_Kolab_Server_Object_Kolab_User');
if (is_a($owner, 'PEAR_Error')) {
return $owner;
}
$this->owner_object =& $owner;
}
if (!empty($this->owner_object)) {
if ($this->owner_object->exists()) {
$this->owner = $this->owner_object->get(Horde_Kolab_Server_Object_Kolab_User::ATTRIBUTE_MAIL);
$freebusyserver = $this->owner_object->getServer('freebusy');
if (!is_a($freebusyserver, 'PEAR_Error')) {
$this->freebusyserver = $freebusyserver;
}
}
} else {
return PEAR::raiseError(Horde_Kolab_FreeBusy_Translation::t("Unable to determine owner of the free/busy data!"));
}
/* Mangle the folder request into an IMAP folder name */
$this->imap_folder = $this->_getImapFolder();
return true;
}
/**
* Returns the UIDs of the bank accounts for the user with the given mail
* address.
*
* @param Horde_Kolab_Server $server The server to query.
* @param string $mail Search objects with this mail alias.
*
* @return mixed The UIDs or false if there was no result.
*
* @throws Horde_Kolab_Server_Exception
*/
public static function accountsForMail($server, $mail)
{
$uid = $server->uidForMail($mail, Horde_Kolab_Server_Object::RESULT_SINGLE);
return self::objectsForUid($server, $uid, self::OBJECTCLASS_KOLABGERMANBANKARRANGEMENT);
}
<?php
/**
* Demonstrates the use of Horde_Kolab_Server::
*
*
* @package Kolab_Server
*/
/** Configure the system for LDAP access */
global $conf;
/** Adapt these settings to match your Kolab LDAP server */
$conf['kolab']['server']['driver'] = 'ldap';
$conf['kolab']['server']['params']['server'] = 'example.com';
$conf['kolab']['server']['params']['base_dn'] = 'dc=example,dc=com';
$conf['kolab']['server']['params']['bind_dn'] = 'cn=nobody,cn=internal,dc=example,dc=com';
$conf['kolab']['server']['params']['bind_pw'] = 'MY_VERY_SECRET_PASSWORD';
/** Require the main package class */
require_once 'Horde/Kolab/Server.php';
/** Initialize the server object */
$server = Horde_Kolab_Server::singleton();
/** Fetch a dn for a mail address */
$dn = $server->dnForMailAddress('*****@*****.**');
var_dump($dn);
/** Fetch the corresponding object */
$object = $server->fetch($dn);
var_dump(get_class($object));
/** Display object attributes */
var_dump($object->get(Horde_Kolab_Server_Object::ATTRIBUTE_CN));
/**
* Assert that a save() operation yields some predictable attribute results.
*
* @param Horde_Kolab_Server_Object $object The object to work on.
* @param Horde_Kolab_Server $server The server the object resides on.
* @param array $store The information to save.
* @param array $fetch The expected results.
*
* @return NULL.
*/
protected function assertStoreFetch(Horde_Kolab_Server_Object $object, Horde_Kolab_Server $server, array $store, array $fetch, $pop_arrays = false)
{
$result = $object->save($store);
$this->assertNoError($result);
$object = $server->fetch($object->getUid());
foreach ($fetch as $attribute => $expect) {
$actual = $object->get($attribute, false);
if ($pop_arrays && is_array($actual) && count($actual) == 1) {
$actual = array_pop($actual);
}
$this->assertEquals($expect, $actual);
}
}
/**
* Returns the resource policy applying for the given sender
*
* @param string $sender The sender address
* @param string $resource The resource
*
* @return array|PEAR_Error An array with "cn", "home server" and the policy.
*/
function _getResourceData($sender, $resource)
{
require_once 'Horde/Kolab/Server.php';
$db = Horde_Kolab_Server::singleton();
if ($db instanceof PEAR_Error) {
$db->code = OUT_LOG | EX_SOFTWARE;
return $db;
}
$dn = $db->uidForMail($resource, Horde_Kolab_Server_Object::RESULT_MANY);
if ($dn instanceof PEAR_Error) {
$dn->code = OUT_LOG | EX_NOUSER;
return $dn;
}
if (is_array($dn)) {
if (count($dn) > 1) {
Horde::log(sprintf("%s objects returned for %s", $count($dn), $resource), 'WARN');
return false;
} else {
$dn = $dn[0];
}
}
$user = $db->fetch($dn, 'Horde_Kolab_Server_Object_Kolab_User');
$cn = $user->get(Horde_Kolab_Server_Object_Kolab_User::ATTRIBUTE_CN);
$id = $user->get(Horde_Kolab_Server_Object_Kolab_User::ATTRIBUTE_MAIL);
$hs = $user->get(Horde_Kolab_Server_Object_Kolab_User::ATTRIBUTE_HOMESERVER);
if (is_a($hs, 'PEAR_Error')) {
return $hs;
}
$hs = Horde_String::lower($hs);
$actions = $user->get(Horde_Kolab_Server_Object_Kolab_User::ATTRIBUTE_IPOLICY, false);
if (is_a($actions, 'PEAR_Error')) {
$actions->code = OUT_LOG | EX_UNAVAILABLE;
return $actions;
}
if ($actions === false) {
$actions = array(RM_ACT_MANUAL);
}
$policies = array();
$defaultpolicy = false;
foreach ($actions as $action) {
if (preg_match('/(.*):(.*)/', $action, $regs)) {
$policies[Horde_String::lower($regs[1])] = $regs[2];
} else {
$defaultpolicy = $action;
}
}
// Find sender's policy
if (array_key_exists($sender, $policies)) {
// We have an exact match, stop processing
$action = $policies[$sender];
} else {
$action = false;
$dn = $db->uidForMailOrAlias($sender);
if (is_a($dn, 'PEAR_Error')) {
$dn->code = OUT_LOG | EX_NOUSER;
return $dn;
}
if ($dn) {
// Sender is local, check for groups
foreach ($policies as $gid => $policy) {
if ($db->memberOfGroupAddress($dn, $gid)) {
// User is member of group
if (!$action) {
$action = $policy;
} else {
$action = min($action, $policy);
}
}
}
}
if (!$action && $defaultpolicy) {
$action = $defaultpolicy;
}
}
return array('cn' => $cn, 'id' => $id, 'homeserver' => $hs, 'action' => $action);
}
/**
* Returns the UIDs of the pop3 accounts for the user with the given mail
* address.
*
* @param Horde_Kolab_Server $server The server to query.
* @param string $mail Search objects with this mail alias.
*
* @return mixed The UIDs or false if there was no result.
*
* @throws Horde_Kolab_Server_Exception
*/
public static function pop3AccountsForMail($server, $mail)
{
$uid = $server->uidForMail($mail, Horde_Kolab_Server_Object::RESULT_SINGLE);
return self::objectsForUid($server, $uid, self::OBJECTCLASS_KOLABEXTERNALPOP3ACCOUNT);
}
