[imp] added feature

Uruloke Firewing uruloke at artamir.org
Fri Apr 2 08:26:16 PST 2004


I'm using the latest non-CVS version of Horde and IMP, that is Horde 2.2.5 and
IMP 3.2.3. I have set up IMP as the login/logout handler and I missed a feature
after getting it all set up. That is to be able to specify who can login and
who cannot login to each mail server even if the user itself does have a user
account on the mail server.

This will add a the ability to add an entry to the servers in conf/servers.php
file looking like this:

    'allow_uids' => 'user1, user2'

To disable the feature, just leave the field blank.

I don't know if this would be useful for others, but it certainly is for me.

I put together a little patch which you can see here:

*** login.php	Fri May  9 16:55:06 2003
--- login.php.patched	Fri Apr  2 17:33:29 2004
***************
*** 19,25 ****
  $reasons = array('login'   => '',
                   'session' => sprintf(_("Your %s session has expired. Please
login again."), $registry->getParam('name')),
                   'logout'  => _("You have been logged out.<br />Thank you for
using the system."),
!                  'failed'  => _("Login failed for some reason. Most likely
your username or password was entered incorrectly."));

  /* Default to 'login' if no $reason is set. */
  $actionID = Horde::getFormData('actionID');
--- 19,26 ----
  $reasons = array('login'   => '',
                   'session' => sprintf(_("Your %s session has expired. Please
login again."), $registry->getParam('name')),
                   'logout'  => _("You have been logged out.<br />Thank you for
using the system."),
!                  'failed'  => _("Login failed for some reason. Most likely
your username or password was entered incorrectly."),
!                  'notallowed' => _("Login failed for some reason. The username
you entered is not allowed to login."));

  /* Default to 'login' if no $reason is set. */
  $actionID = Horde::getFormData('actionID');
***************
*** 59,64 ****
--- 60,71 ----
          if ($registry->getMethod('auth/login') == 'imp') {
              Auth::clearAuth();
          }
+     } elseif ($reason == 'notallowed') {
+         unset($_SESSION['imp']);
+
+         if ($registry->getMethod('auth/login') == 'imp') {
+             Auth::clearAuth();
+         }
      } else {
          $url = Horde::applicationUrl('mailbox.php', true);
          /* If there is an existing session, redirect the user to the mailbox.
*/
***************
*** 138,143 ****
--- 145,151 ----
  $namespace_value = $servers[$server_key]['namespace'];
  $maildomain_value = $servers[$server_key]['maildomain'];
  $realm_value = $servers[$server_key]['realm'];
+ $allow_uids_value = $servers[$server_key]['allow_uids'];

  /* Build the <DEFANGED_select> widget for the servers list. */
  if ($conf['server']['server_list'] == 'shown') {
*** lib/IMP.php	Wed Jan 28 10:38:10 2004
--- lib/IMP.php.patched	Fri Apr  2 16:57:42 2004
***************
*** 82,87 ****
--- 82,88 ----
              $_SESSION['imp']['maildomain'] = $servers[$server]['maildomain'];
              $_SESSION['imp']['namespace'] = $servers[$server]['namespace'];
              $_SESSION['imp']['folders'] = $servers[$server]['folders'];
+             $_SESSION['imp']['allow_uids'] = $servers[$server]['allow_uids'];

              if (($conf['mailer']['type'] == 'smtp') &&
                  !empty($servers[$server]['smtphost'])) {
***************
*** 119,124 ****
--- 120,126 ----
              }
              $_SESSION['imp']['maildomain'] = Horde::getFormData('maildomain',
'');
              $_SESSION['imp']['namespace'] = Horde::getFormData('namespace',
'');
+             $_SESSION['imp']['allow_uids'] = Horde::getFormData('allow_uids',
'');
          }

          $protocols = explode('/', $_SESSION['imp']['protocol']);
***************
*** 133,138 ****
--- 135,160 ----
          } else {
              $_SESSION['imp']['direct_access'] = true;
          }
+
+         /* Check to see if the user is allowed to login. */
+         $allowed_uids = isset($_SESSION['imp']['allow_uids']) &&
$_SESSION['imp']['allow_uids'] != "" ? explode(',',
$_SESSION['imp']['allow_uids']) : "";
+         $uid_found = false;
+         if (is_array($allowed_uids)) {
+             foreach ($allowed_uids as $uid) {
+                 if (strtolower($_SESSION['imp']['user']) == strtolower($uid))
{
+                     $uid_found = true;
+                 }
+             }
+             if ($uid_found == false) {
+                 return 'notallowed';
+             }
+         } else {
+             if (!empty($allowed_uids)) {
+                 if (strtolower($_SESSION['imp']['user']) !=
strtolower($allowed_uids)) {
+                     return 'notallowed';
+                 }
+             }
+         }

          $_SESSION['imp']['mailbox'] = '';
          if (IMP::authenticate(OP_HALFOPEN) === true) {
*** templates/login/login.inc	Tue Nov  5 16:57:44 2002
--- templates/login/login.inc.patched	Fri Apr  2 17:32:58 2004
***************
*** 121,126 ****
--- 121,127 ----
          <input type="hidden" name="maildomain" value="<?php echo
$maildomain_value ?>" />
          <input type="hidden" name="protocol" value="<?php echo $protocol_value
?>" />
          <input type="hidden" name="realm" value="<?php echo $realm_value ?>"
/>
+         <input type="hidden" name="allow_uids" value="<?php echo
$allow_uids_value ?>" />
      </td>
  <?php endif; ?>

_______
Henric

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

-- 
This message has been sanitized - it may have been altered 
to improve security, as described below. 

Sanitizer (start="0"):
  SanitizeFile (filename="unnamed.txt", mimetype="text/plain"):
    Match (names="unnamed.txt", rule="2"):
      ScanFile (file="/var/spool/spam/att-unnamed.txt-406d942f.ABC"):
        Scan succeeded, file is clean.

      Enforced policy: accept

  Note: Forms invoke complex, interactive elements of the operating
  system which may be buggy.  In addition, carefully crafted
  forms can be used to trick the user into performing attacks
  on his own network (thus avoiding firewalls).  References:
   - http://www.securityfocus.com/bid/606
   - http://www.remote.org/jochen/sec/hfpa/
  Rewrote HTML tag: >>_select_<<
                as: >>_DEFANGED_select_<<
  Total modifications so far: 1






More information about the imp mailing list