banananetwork
/
roundcubemail
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

krb_authentication: Support per-protocol contexts

Browse Source
pull/6664/head
Aleksander Machniak 7 years ago
parent b2961742ef
commit c1e8bd75c2
3 changed files with 43 additions and 36 deletions
Show Stats Download Patch File Download Diff File

2
plugins/krb_authentication/composer.json
Unescape Escape View File

@ -3,7 +3,7 @@
"type": "roundcube-plugin",
"description": "Kerberos Authentication",
"license": "GPLv3+",
"version": "1.1",
"version": "1.2",
"authors": [
{
"name": "Jeroen van Meeuwen",

11
plugins/krb_authentication/config.inc.php.dist
Unescape Escape View File

@ -9,5 +9,12 @@
// Unlike $config['default_host'] this must be a string!
$config['krb_authentication_host'] = '';
// GSS API security context
$config['krb_authentication_context'] = 'imap/kolab.example.org@EXAMPLE.ORG';
// GSS API security context.
// Single value or an array with per-protocol values. Example:
//
// $config['krb_authentication_context'] = array(
// 'imap' => 'imap/host.fqdn@REALM.NAME',
// 'smtp' => 'smtp/host.fqdn@REALM.NAME',
// 'sieve' => 'sieve/host.fqdn@REALM.NAME',
// );
$config['krb_authentication_context'] = 'host.fqdn@REALM.NAME';

66
plugins/krb_authentication/krb_authentication.php
Unescape Escape View File

@ -76,34 +76,28 @@ class krb_authentication extends rcube_plugin
}
/**
* Storage_connect hook handler
* login_after hook handler
*/
function storage_connect($args)
function login($args)
{
if (!empty($_SERVER['REMOTE_USER']) && !empty($_SERVER['KRB5CCNAME'])) {
// Load plugin's config file
$this->load_config();
$rcmail = rcmail::get_instance();
$context = $rcmail->config->get('krb_authentication_context');
$args['gssapi_context'] = $context ?: 'imap/kolab.example.org@EXAMPLE.ORG';
$args['gssapi_cn'] = $_SERVER['KRB5CCNAME'];
$args['auth_type'] = 'GSSAPI';
// Redirect to the previous QUERY_STRING
if ($this->redirect_query) {
header('Location: ./?' . $this->redirect_query);
exit;
}
return $args;
}
/**
* login_after hook handler
* Storage_connect hook handler
*/
function login($args)
function storage_connect($args)
{
// Redirect to the previous QUERY_STRING
if ($this->redirect_query) {
header('Location: ./?' . $this->redirect_query);
exit;
if (!empty($_SERVER['REMOTE_USER']) && !empty($_SERVER['KRB5CCNAME'])) {
$args['gssapi_context'] = $this->gssapi_context('imap');
$args['gssapi_cn'] = $_SERVER['KRB5CCNAME'];
$args['auth_type'] = 'GSSAPI';
}
return $args;
@ -115,37 +109,43 @@ class krb_authentication extends rcube_plugin
function managesieve_connect($args)
{
if ((!isset($args['auth_type']) || $args['auth_type'] == 'GSSAPI') && !empty($_SERVER['REMOTE_USER']) && !empty($_SERVER['KRB5CCNAME'])) {
// Load plugin's config file
$this->load_config();
$rcmail = rcmail::get_instance();
$context = $rcmail->config->get('krb_authentication_context');
$args['gssapi_context'] = $context ?: 'imap/kolab.example.org@EXAMPLE.ORG';
$args['gssapi_context'] = $this->gssapi_context('sieve');
$args['gssapi_cn'] = $_SERVER['KRB5CCNAME'];
$args['auth_type'] = 'GSSAPI';
}
return $args;
}
/**
* smtp_connect hook handler
*/
function smtp_connect($args)
{
if ((!isset($args['smtp_auth_type']) || $args['smtp_auth_type'] == 'GSSAPI') && !empty($_SERVER['REMOTE_USER']) && !empty($_SERVER['KRB5CCNAME'])) {
// Load plugin's config file
$this->load_config();
$rcmail = rcmail::get_instance();
$context = $rcmail->config->get('krb_authentication_context');
$args['gssapi_context'] = $context ?: 'imap/kolab.example.org@EXAMPLE.ORG';
$args['gssapi_context'] = $this->gssapi_context('smtp');
$args['gssapi_cn'] = $_SERVER['KRB5CCNAME'];
$args['smtp_auth_type'] = 'GSSAPI';
}
return $args;
}
/**
* Returns configured GSSAPI context string
*/
private function gssapi_context($protocol)
{
// Load plugin's config file
$this->load_config();
$rcmail = rcmail::get_instance();
$context = $rcmail->config->get('krb_authentication_context');
if (is_array($context)) {
$context = $context[$protocol];
}
return $context ?: 'host.fqdn@REALM.NAME';
}
}

Write Preview
Loading…
Cancel
Save