/**
* This function takes in an array of the address objects generated by the message headers and turns them into an
* associative array.
*
* @param array $addresses
* @return array
*/
protected function processAddressObject($addresses)
{
$outputAddresses = array();
if (is_array($addresses)) {
foreach ($addresses as $address) {
if (property_exists($address, 'mailbox') && $address->mailbox != 'undisclosed-recipients') {
$currentAddress = array();
$currentAddress['address'] = $address->mailbox . '@' . $address->host;
if (isset($address->personal)) {
$currentAddress['name'] = MIME::decode($address->personal, self::$charset);
}
$outputAddresses[] = $currentAddress;
}
}
}
return $outputAddresses;
}
/**
* Check that the From header is not trying to impersonate a valid
* user that is not $sasluser.
*
* @param string $sasluser The current, authenticated user.
* @param string $sender Sender address
* @param string $fromhdr From header
* @param string $client_addr Client IP
*
* @return mixed A PEAR_Error in case of an error, true if From
* can be accepted, false if From must be rejected,
* or a string with a corrected From header that
* makes From acceptable
*/
function _verify_sender($sasluser, $sender, $fromhdr, $client_addr)
{
global $conf;
if (isset($conf['kolab']['filter']['email_domain'])) {
$domains = $conf['kolab']['filter']['email_domain'];
} else {
$domains = 'localhost';
}
if (!is_array($domains)) {
$domains = array($domains);
}
if (isset($conf['kolab']['filter']['local_addr'])) {
$local_addr = $conf['kolab']['filter']['local_addr'];
} else {
$local_addr = '127.0.0.1';
}
if (empty($client_addr)) {
$client_addr = $local_addr;
}
if (isset($conf['kolab']['filter']['verify_subdomains'])) {
$verify_subdomains = $conf['kolab']['filter']['verify_subdomains'];
} else {
$verify_subdomains = true;
}
if (isset($conf['kolab']['filter']['reject_forged_from_header'])) {
$reject_forged_from_header = $conf['kolab']['filter']['reject_forged_from_header'];
} else {
$reject_forged_from_header = false;
}
if (isset($conf['kolab']['filter']['kolabhosts'])) {
$kolabhosts = $conf['kolab']['filter']['kolabhosts'];
} else {
$kolabhosts = 'localhost';
}
if (isset($conf['kolab']['filter']['privileged_networks'])) {
$privnetworks = $conf['kolab']['filter']['privileged_networks'];
} else {
$privnetworks = '127.0.0.0/8';
}
/* Allow anything from localhost and
* fellow Kolab-hosts
*/
if ($client_addr == $local_addr) {
return true;
}
$kolabhosts = explode(',', $kolabhosts);
$kolabhosts = array_map('gethostbyname', $kolabhosts);
$privnetworks = explode(',', $privnetworks);
if (array_search($client_addr, $kolabhosts) !== false) {
return true;
}
foreach ($privnetworks as $network) {
$iplong = ip2long($client_addr);
$cidr = explode("/", $network);
$netiplong = ip2long($cidr[0]);
if (count($cidr) == 2) {
$iplong = $iplong & 0xffffffff << 32 - $cidr[1];
$netiplong = $netiplong & 0xffffffff << 32 - $cidr[1];
}
if ($iplong == $netiplong) {
return true;
}
}
if ($sasluser) {
/* Load the Server library */
require_once 'Horde/Kolab/Server.php';
$server =& Horde_Kolab_Server::singleton();
if (is_a($server, 'PEAR_Error')) {
$server->code = OUT_LOG | EX_TEMPFAIL;
return $server;
}
$allowed_addrs = $server->addrsForIdOrMail($sasluser);
if (is_a($allowed_addrs, 'PEAR_Error')) {
$allowed_addrs->code = OUT_LOG | EX_NOUSER;
return $allowed_addrs;
}
} else {
$allowed_addrs = false;
}
if (isset($conf['kolab']['filter']['unauthenticated_from_insert'])) {
$fmt = $conf['kolab']['filter']['unauthenticated_from_insert'];
} else {
$fmt = '(UNTRUSTED, sender <%s> is not authenticated)';
}
$adrs = imap_rfc822_parse_adrlist($fromhdr, $domains[0]);
foreach ($adrs as $adr) {
$from = $adr->mailbox . '@' . $adr->host;
$fromdom = $adr->host;
if ($sasluser) {
if (!in_array(strtolower($from), $allowed_addrs)) {
Horde::log(sprintf("%s is not an allowed From address for %s", $from, $sasluser), 'DEBUG');
return false;
}
} else {
foreach ($domains as $domain) {
if (strtolower($fromdom) == $domain || $verify_subdomains && substr($fromdom, -strlen($domain) - 1) == ".{$domain}") {
if ($reject_forged_from_header) {
Horde::log(sprintf("%s is not an allowed From address for unauthenticated users.", $from), 'DEBUG');
return false;
} else {
require_once 'Horde/String.php';
require_once 'Horde/MIME.php';
/* Rewrite */
Horde::log(sprintf("%s is not an allowed From address for unauthenticated users, rewriting.", $from), 'DEBUG');
if (property_exists($adr, 'personal')) {
$name = str_replace(array("\\", '"'), array("\\\\", '\\"'), MIME::decode($adr->personal, 'utf-8'));
} else {
$name = '';
}
$untrusted = sprintf($fmt, $sender, $from, $name);
// Is this test really correct? Is $fromhdr a _decoded_ string?
// If not comparing with the unencoded $untrusted is wrong.
// sw - 20091125
if (strpos($fromhdr, $untrusted) === false) {
$new_from = '"' . MIME::encode($untrusted) . '"';
return $new_from . ' <' . $from . '>';
} else {
return true;
}
}
}
}
}
}
/* All seems OK */
return true;
}
/**
* @param $text
*/
protected function setFileName($text)
{
$this->filename = MIME::decode($text, Message::$charset);
}
