the-djmaze/snappymail
1
1
Fork 0
mirror of https://github.com/the-djmaze/snappymail.git synced 2024-12-28 10:32:28 +08:00
Code Issues Projects Releases Packages Wiki Activity

Add ldap identities plugin

Browse source
This commit is contained in:
Floris Westerman 2020-11-09 21:49:18 +01:00
parent 6919a6a34f
commit abe058943e
No known key found for this signature in database
GPG key ID: E2AED138B92702B0
5 changed files with 496 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

67
plugins/ldap-identities/LdapConfig.php Normal file
View file

@ -0,0 +1,67 @@
<?php
use RainLoop\Config\Plugin;
class LdapConfig
{
public const CONFIG_SERVER = "server";
public const CONFIG_PROTOCOL_VERSION = "server_version";
public const CONFIG_BIND_USER = "bind_user";
public const CONFIG_BIND_PASSWORD = "bind_password";
public const CONFIG_USER_BASE = "user_base";
public const CONFIG_USER_OBJECTCLASS = "user_objectclass";
public const CONFIG_USER_FIELD_NAME = "user_field_name";
public const CONFIG_USER_FIELD_SEARCH = "user_field_search";
public const CONFIG_USER_FIELD_MAIL = "user_field_mail";
public const CONFIG_GROUP_GET = "group_get";
public const CONFIG_GROUP_BASE = "group_base";
public const CONFIG_GROUP_OBJECTCLASS = "group_objectclass";
public const CONFIG_GROUP_FIELD_NAME = "group_field_name";
public const CONFIG_GROUP_FIELD_MEMBER = "group_field_member";
public const CONFIG_GROUP_FIELD_MAIL = "group_field_mail";
public const CONFIG_GROUP_SENDER_FORMAT = "group_sender_format";
public $server;
public $protocol;
public $bind_user;
public $bind_password;
public $user_base;
public $user_objectclass;
public $user_field_name;
public $user_field_search;
public $user_field_mail;
public $group_get;
public $group_base;
public $group_objectclass;
public $group_field_name;
public $group_field_member;
public $group_field_mail;
public $group_sender_format;
public static function MakeConfig(Plugin $config) : LdapConfig {
$ldap = new self();
$ldap->server = trim($config->Get("plugin", self::CONFIG_SERVER));
$ldap->protocol = (int) trim($config->Get("plugin", self::CONFIG_PROTOCOL_VERSION, 3));
$ldap->bind_user = trim($config->Get("plugin", self::CONFIG_BIND_USER));
$ldap->bind_password = trim($config->Get("plugin", self::CONFIG_BIND_PASSWORD));
$ldap->user_base = trim($config->Get("plugin", self::CONFIG_USER_BASE));
$ldap->user_objectclass = trim($config->Get("plugin", self::CONFIG_USER_OBJECTCLASS));
$ldap->user_field_name = trim($config->Get("plugin", self::CONFIG_USER_FIELD_NAME));
$ldap->user_field_search = trim($config->Get("plugin", self::CONFIG_USER_FIELD_SEARCH));
$ldap->user_field_mail = trim($config->Get("plugin", self::CONFIG_USER_FIELD_MAIL));
$ldap->group_get = (bool) trim($config->Get("plugin", self::CONFIG_GROUP_GET));
$ldap->group_base = trim($config->Get("plugin", self::CONFIG_GROUP_BASE));
$ldap->group_objectclass = trim($config->Get("plugin", self::CONFIG_GROUP_OBJECTCLASS));
$ldap->group_field_name = trim($config->Get("plugin", self::CONFIG_GROUP_FIELD_NAME));
$ldap->group_field_member = trim($config->Get("plugin", self::CONFIG_GROUP_FIELD_MEMBER));
$ldap->group_field_mail = trim($config->Get("plugin", self::CONFIG_GROUP_FIELD_MAIL));
$ldap->group_sender_format = trim($config->Get("plugin", self::CONFIG_GROUP_SENDER_FORMAT));
return $ldap;
}
}

5
plugins/ldap-identities/LdapException.php Normal file
View file

@ -0,0 +1,5 @@
<?php
class LdapException extends \RainLoop\Exceptions\Exception
{
}

297
plugins/ldap-identities/LdapIdentities.php Normal file
View file

@ -0,0 +1,297 @@
<?php
use MailSo\Log\Enumerations\Type;
use MailSo\Log\Logger;
use RainLoop\Model\Account;
use RainLoop\Model\Identity;
use RainLoop\Providers\Identities\IIdentities;
class LdapIdentities implements IIdentities
{
/** @var resource */
private $ldap;
/** @var bool */
private $ldapAvailable = true;
/** @var bool */
private $ldapConnected = false;
/** @var bool */
private $ldapBound = false;
/** @var LdapConfig */
private $config;
/** @var Logger */
private $logger;
private const LOG_KEY = "Ldap";
/**
* LdapIdentities constructor.
*
* @param LdapConfig $config
* @param Logger $logger
*/
public function __construct(LdapConfig $config, Logger $logger)
{
$this->config = $config;
$this->logger = $logger;
// Check if LDAP is available
if(!extension_loaded('ldap') || !function_exists('ldap_connect')) {
$this->ldapAvailable = false;
$logger->Write("The LDAP plugin is not available!", Type::WARNING, self::LOG_KEY);
return;
}
$this->Connect();
}
/**
* @inheritDoc
*/
public function GetIdentities(Account $account): array
{
try {
$this->EnsureBound();
} catch(LdapException $e) {
return []; // exceptions are only thrown from the handleerror function that does logging already
}
$identities = [];
// Try and get identity information
$username = @ldap_escape($account->Email(), "", LDAP_ESCAPE_FILTER);
try {
$userResults = $this->FindLdapResults(
$this->config->user_field_search,
$username,
$this->config->user_base,
$this->config->user_objectclass,
$this->config->user_field_name,
$this->config->user_field_mail
);
} catch (LdapException $e) {
return []; // exceptions are only thrown from the handleerror function that does logging already
}
if(count($userResults) < 1) {
$this->logger->Write("Could not find user $username", Type::NOTICE, self::LOG_KEY);
return [];
} else if(count($userResults) > 1) {
$this->logger->Write("Found multiple matches for user $username", Type::WARNING, self::LOG_KEY);
}
$userResult = $userResults[0];
foreach($userResult->emails as $email) {
$identity = new Identity($email, $email);
$identity->SetName($userResult->name);
if($email === $account->Email())
$identity->SetId(""); // primary identity
$identities[] = $identity;
}
try {
$groupResults = $this->FindLdapResults(
$this->config->group_field_member,
$userResult->dn,
$this->config->group_base,
$this->config->group_objectclass,
$this->config->group_field_name,
$this->config->group_field_mail
);
} catch (LdapException $e) {
return []; // exceptions are only thrown from the handleerror function that does logging already
}
foreach($groupResults as $group) {
foreach($group->emails as $email) {
$name = $this->config->group_sender_format;
$name = str_replace("#USER#", $userResult->name, $name);
$name = str_replace("#GROUP#", $group->name, $name);
$identity = new Identity($email, $email);
$identity->SetName($name);
$identity->SetBcc($email);
$identities[] = $identity;
}
}
return $identities;
}
/**
* @inheritDoc
* @throws \RainLoop\Exceptions\Exception
*/
public function SetIdentities(Account $account, array $identities)
{
throw new \RainLoop\Exceptions\Exception("Ldap identities provider does not support storage");
}
/**
* @inheritDoc
*/
public function SupportsStore(): bool
{
return false;
}
/**
* @inheritDoc
*/
public function Name(): string
{
return "Ldap";
}
/** @throws LdapException */
private function EnsureConnected() : void {
if($this->ldapConnected) return;
$res = $this->Connect();
if(!$res)
$this->HandleLdapError("Connect");
}
private function Connect() : bool {
// Set up connection
$ldap = @ldap_connect($this->config->server);
if($ldap === false) {
$this->ldapAvailable = false;
return false;
}
// Set protocol version
$option = @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, $this->config->protocol);
if(!$option) {
$this->ldapAvailable = false;
return false;
}
$this->ldap = $ldap;
$this->ldapConnected = true;
return true;
}
/** @throws LdapException */
private function EnsureBound() : void {
if($this->ldapBound) return;
$this->EnsureConnected();
$res = $this->Bind();
if(!$res)
$this->HandleLdapError("Bind");
}
private function Bind() : bool {
// Bind to LDAP here
$bindResult = @ldap_bind($this->ldap, $this->config->bind_user, $this->config->bind_password);
if(!$bindResult) {
$this->ldapAvailable = false;
return false;
}
$this->ldapBound = true;
return true;
}
/**
* @param string $op
* @throws LdapException
*/
private function HandleLdapError(string $op = ""): void {
// Obtain LDAP error and write logs
$errorNo = @ldap_errno($this->ldap);
$errorMsg = @ldap_error($this->ldap);
$message = empty($op) ? "LDAP Error: {$errorMsg} ({$errorNo})" : "LDAP Error during {$op}: {$errorMsg} ({$errorNo})";
$this->logger->Write($message, Type::ERROR, self::LOG_KEY);
throw new LdapException($message, $errorNo);
}
/**
* @param string $searchField
* @param string $searchValue
* @param string $searchBase
* @param string $objectClass
* @param string $nameField
* @param string $mailField
* @return LdapResult[]
* @throws LdapException
*/
private function FindLdapResults(string $searchField, string $searchValue, string $searchBase, string $objectClass, string $nameField, string $mailField) : array {
$this->EnsureBound();
$nameField = strtolower($nameField);
$mailField = strtolower($mailField);
$filter = "(&(objectclass=$objectClass)($searchField=$searchValue))";
$ldapResult = @ldap_search($this->ldap, $searchBase, $filter, ['dn', $mailField, $nameField]);
if(!$ldapResult) {
$this->HandleLdapError("Fetch $objectClass");
return [];
}
$entries = @ldap_get_entries($this->ldap, $ldapResult);
if(!$entries) {
$this->HandleLdapError("Fetch $objectClass");
return [];
}
$results = [];
for($i = 0; $i < $entries["count"]; $i++) {
$entry = $entries[$i];
$result = new LdapResult();
$result->dn = $entry["dn"];
$result->name = $this->LdapGetAttribute($entry, $nameField, true, true);
$result->emails = $this->LdapGetAttribute($entry, $mailField, false, false);
$results[] = $result;
}
return $results;
}
/**
* @param array $entry
* @param string $attribute
* @param bool $single
* @param bool $required
* @return string|string[]
*/
private function LdapGetAttribute(array $entry, string $attribute, bool $single = true, bool $required = false) {
if(!isset($entry[$attribute])) {
if($required)
$this->logger->Write("Attribute $attribute not found on object {$entry['dn']} while required", Type::NOTICE, self::LOG_KEY);
return $single ? "" : [];
}
if ($single) {
if($entry[$attribute]["count"] > 1)
$this->logger->Write("Attribute $attribute is multivalues while only a single value is expected", Type::NOTICE, self::LOG_KEY);
return $entry[$attribute][0];
}
$result = $entry[$attribute];
unset($result["count"]);
return array_values($result);
}
}
class LdapResult {
/** @var string */
public $dn;
/** @var string */
public $name;
/** @var string[] */
public $emails;
}

1
plugins/ldap-identities/VERSION Normal file
View file

@ -0,0 +1 @@
1.0

126
plugins/ldap-identities/index.php Normal file
View file

@ -0,0 +1,126 @@
<?php
use RainLoop\Enumerations\PluginPropertyType;
use RainLoop\Plugins\AbstractPlugin;
use RainLoop\Plugins\Property;
class LdapIdentitiesPlugin extends AbstractPlugin
{
public function __construct()
{
include_once __DIR__.'/LdapIdentities.php';
include_once __DIR__.'/LdapConfig.php';
include_once __DIR__.'/LdapException.php';
}
public function Init() : void {
$this->addHook("main.fabrica", 'MainFabrica');
}
public function MainFabrica(string $name, &$result) {
if($name !== 'identities') return;
if(!is_array($result))
$result = [];
// Set up config
$config = LdapConfig::MakeConfig($this->Config());
$ldap = new LdapIdentities($config, $this->Manager()->Actions()->Logger());
$result[] = $ldap;
}
protected function configMapping(): array
{
return [
Property::NewInstance(LdapConfig::CONFIG_SERVER)
->SetLabel("LDAP Server URL")
->SetPlaceholder("ldap://server:port")
->SetType(PluginPropertyType::STRING),
Property::NewInstance(LdapConfig::CONFIG_PROTOCOL_VERSION)
->SetLabel("LDAP Protocol Version")
->SetType(PluginPropertyType::SELECTION)
->SetDefaultValue([2, 3]),
Property::NewInstance(LdapConfig::CONFIG_BIND_USER)
->SetLabel("Bind User DN")
->SetDescription("The user to use for binding to the LDAP server. Should be a DN or RDN. Leave empty for anonymous bind")
->SetType(PluginPropertyType::STRING),
Property::NewInstance(LdapConfig::CONFIG_BIND_PASSWORD)
->SetLabel("Bind User Password")
->SetDescription("Leave empty for anonymous bind")
->SetType(PluginPropertyType::PASSWORD),
Property::NewInstance(LdapConfig::CONFIG_USER_OBJECTCLASS)
->SetLabel("User object class")
->SetType(PluginPropertyType::STRING)
->SetDefaultValue("user"),
Property::NewInstance(LdapConfig::CONFIG_USER_FIELD_SEARCH)
->SetLabel("User search field")
->SetType(PluginPropertyType::STRING)
->SetDescription("The field in the user object to search using the email the user logged in with")
->SetDefaultValue("mail"),
Property::NewInstance(LdapConfig::CONFIG_USER_FIELD_MAIL)
->SetLabel("User mail field")
->SetType(PluginPropertyType::STRING)
->SetDescription("The field in the user object listing all identities (email addresses) of the user")
->SetDefaultValue("mail"),
Property::NewInstance(LdapConfig::CONFIG_USER_FIELD_NAME)
->SetLabel("User name field")
->SetType(PluginPropertyType::STRING)
->SetDescription("The field in the user object with their default sender name")
->SetDefaultValue("cn"),
Property::NewInstance(LdapConfig::CONFIG_USER_BASE)
->SetLabel("User base DN")
->SetType(PluginPropertyType::STRING)
->SetDescription("The base DN to search in for users"),
Property::NewInstance(LdapConfig::CONFIG_GROUP_GET)
->SetLabel("Find groups?")
->SetType(PluginPropertyType::BOOL)
->SetDescription("Whether or not to search for groups")
->SetDefaultValue(true),
Property::NewInstance(LdapConfig::CONFIG_GROUP_OBJECTCLASS)
->SetLabel("Group object class")
->SetType(PluginPropertyType::STRING)
->SetDefaultValue("group"),
Property::NewInstance(LdapConfig::CONFIG_GROUP_FIELD_MAIL)
->SetLabel("Group mail field")
->SetType(PluginPropertyType::STRING)
->SetDescription("The field in the group object listing all identities (email addresses) of the group")
->SetDefaultValue("mail"),
Property::NewInstance(LdapConfig::CONFIG_GROUP_FIELD_NAME)
->SetLabel("Group name field")
->SetType(PluginPropertyType::STRING)
->SetDescription("The field in the group object with the name")
->SetDefaultValue("cn"),
Property::NewInstance(LdapConfig::CONFIG_GROUP_FIELD_MEMBER)
->SetLabel("Group member field")
->SetType(PluginPropertyType::STRING)
->SetDescription("The field in the group object with all member DNs")
->SetDefaultValue("member"),
Property::NewInstance(LdapConfig::CONFIG_GROUP_SENDER_FORMAT)
->SetLabel("Group mail sender format")
->SetType(PluginPropertyType::STRING)
->SetDescription("The sender name format for group addresses. Available template values: #USER# for the user name and #GROUP# for the group name")
->SetDefaultValue("#USER# || #GROUP#"),
Property::NewInstance(LdapConfig::CONFIG_GROUP_BASE)
->SetLabel("Group base DN")
->SetType(PluginPropertyType::STRING)
->SetDescription("The base DN to search in for groups")
];
}
}