From: Peter Popovec Date: Tue, 4 Jul 2006 06:40:00 +0000 (+0200) Subject: better error check in php ldap calls X-Git-Tag: 0.3.1^0 X-Git-Url: http://zub.fei.tuke.sk/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d46e77574f81d56761f48ec1082a337d421dc8be;p=ldapvmail better error check in php ldap calls web: check for multiple aliases, and multiple or redundand forwards web: select 'leave copy of message on server' if forward is activated --- diff --git a/debian/README b/debian/README index 639a061..93228b4 100644 --- a/debian/README +++ b/debian/README @@ -1,6 +1,7 @@ The Debian Package ldapvmail ---------------------------- -NEWT based TUI for virtual mail system based on postfix, courier and ldap +NEWT based TUI and web interface for virtual mail system based on +postfix, courier and ldap Peter Popovec , Sun, 30 Jan 2005 12:15:51 +0100 diff --git a/debian/changelog b/debian/changelog index e93b3fc..afe7dec 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,8 +1,16 @@ +ldapvmail (0.3.1) unstable; urgency=low + + * better error check in php ldap calls + * web: check for multiple aliases, and multiple or redundand forwards + * web: select 'leave copy of message on server' if forward is activated + + -- Peter Popovec Tue, 4 Jul 2006 08:35:16 +0200 + ldapvmail (0.3) unstable; urgency=low * web interface first wersion - -- Peter Popovec Fri, 23 Sep 2005 08:01:26 +0200 + -- Peter Popovec Fri, 23 Sep 2005 08:01:26 +0200 ldapvmail (0.2.1) unstable; urgency=low diff --git a/debian/dirs b/debian/dirs index e772481..7c764db 100644 --- a/debian/dirs +++ b/debian/dirs @@ -1 +1,2 @@ usr/bin +usr/share/ldapVmail diff --git a/debian/postinst b/debian/postinst.ex similarity index 100% rename from debian/postinst rename to debian/postinst.ex diff --git a/web/etc/ldapVmail/config.php b/web/etc/ldapVmail/config.php index d289685..e9085e7 100644 --- a/web/etc/ldapVmail/config.php +++ b/web/etc/ldapVmail/config.php @@ -1,8 +1,8 @@ diff --git a/web/usr/share/ldapVmail/help.html b/web/usr/share/ldapVmail/help.html new file mode 100644 index 0000000..5612e21 --- /dev/null +++ b/web/usr/share/ldapVmail/help.html @@ -0,0 +1,103 @@ + + + + +ldapVmail + + +

Zakladne informacie:

+Postovy system je tvoreny z niekolkych sluzieb, ktore su zabezpecovane +samostatnym programovym vybavenim. Jedna sa o nasledujuce casti:
+

POSTFIX

+Stara sa o prijem posty z internetu a intranetu. Jeho ulohou je pocuvat na +porte 25 a porte 465. Po pripojeni sa klienta, na niektory z uvedenych +portov, postfix skontroluje ci prichadzajuca posta moze byt prijata a bud ju +prijme alebo odmietne. Prijatu postu potom ulozi do mailboxu alebo preposle +podla poziadaviek prijimatela. +

COURIER

+Caka na portoch 110, 143, 993 a 995. Po pripojeni klienta skontroluje login +a heslo a podla tychto parametrov spristupni pre klienta jeho mailbox, alebo +pri nespravnom prihlaseni uzivatela odmietne. +

SQUIRRELMAIL

+Samostatna WEB aplikacia, ktora vyuziva COURIER aj POSTFIX tak, ze umoznuje +pomocou WEB rozhrania odosielat a prezerat postu pre uzivatelov. +

LDAP

+Autentifikacny a autorizacny server. Tento udrzuje informacie o postovych +kontach mailsystemu. U tohoto serveru si POSTFIX aj COURIER overuju, ci +prijimana posta ma byt prijata, resp. ci sa uzivatel spravne prihlasil pri +pristupe k svojemu mailboxu. +

Informacie o mailovom konte

Mailova schranka

Je spristupnovana pre uzivatela pomocou loginu a hesla. Kazda +mailova schranka ma svoju mail adresu.

+ +

K mailovej schranke je mozne priradit niekolko dalsich adries, ktore sa +nazyvaju alias. Nie je mozne mat rovnaky alias alebo mail adresu +pridelenu pre viacero schranok.

+ +

Uzivatel moze od mailsystemu pozadovat, aby posty urcene pre jeho mailovu +schranku boli presmerovane na inu mail adresu. Mechanizmus ktory toto +umoznuje sa nazyva forward.

+ +

Informacie o WEB rozhrani pre prezeranie, pridavanie a zmenu +vlastnosti mail schranok

+ +

Administrator systemu

+Ma plne prava k vytvaraniu, mazaniu a editovaniu schranok uzivatelov. Na +prislusnych strankach zadava svoj login s plnym kontextom a prislusne heslo +k nemu. Je dolezite pristupovat k stranke len cez sifrovane pripojenie t.j. +protokolom https. + +

Zakladna stranka

+ +

Zakladna stranka WEB rozhrania obsahuje v hornej casti formular, +umoznujuci pridat noveho uzivatela. Dole pokracuje zoznam aktualne +evidovanych mail schranok.

+ +

Stranka uzivatela

+ +

Tato stranka je rozdelena na niekolko casti. V hornej casti je login a +mail prisluchajuci chranke, smerom dole pokracuje zoznam aliasov a dalej +zoznam forwardov pre danu mail schranku. Uplne naspodku je niekolko +tlacidiel, ktore umoznuju ulozit pozmenene forwards a aliases, zmenit heslo +uzivatela, zmazat uzivatela pripadne sa vratit na hlavnu stranku.

+ +

Ovladanie hlavnej stranky

+ +

Pridavanie uzivatela sa realizuje zadanim emailu do textoveho pola v +hornej casti stranky a po stlaceni tlacidla na pridanie, pokracujete v +nasledujucej stranke autorizacie (ci mozete pridavat uzivatelov) a +nasledne po pridani uzivatela pokracujete na stranke uzivatela, t.j. mozete +doplnit alias, forward, zmenit heslo alebo uzivatela hned zmazat.

+ +

V spodnej casti je zoznam aktualnych stranok, obsahuje 3 stlpce, v prvom +je nazov schranky v druhom zoznam adries (hlavnej aj aliasov) k schranke a v +tretom je pole, kam sa ma obsah schranky preposielat, t.j. zoznam forwardov. V +pripade, ze je forwardov alebo aliasov viacej, je mozne si ich prezerat +"roletkou" v danom poli. Uzivatela je mozne vybrat pre editaciu kliknutim na +meno schranky v prvom stlpci tabulky.

+ +

Stranka autorizacie

+ +

Akcie chranene heslom (zmena hesla, mazanie uzivatela, pridavanie +uzivatela a editovanie aliasov a forwardov) ziadaju autorizaciu +administratora. Jedna sa stale o stranku, ktora v hornej casti oznamuje +informacie o ktoru schranku sa jedna a v spodnej casti je identifikacia +administratora a jeho heslo. Identifikacia administratora je predvyplnena. +Po zadani hesla nasledujuca stranka oznamuje aka akcia bola prevedena a +informuje o pripadnej chybe pri prevedeni akcie. + +

Ovladanie stranky uzivatela

+ +

Pridanie aliasu alebo forwardu realizujete zapisom do volneho textoveho +pola a stlacenim prislusneho tlacidla na pridanie, resp. odobratie forwardu +alebo aliasu realizujete kliknutim na prislusne tlacidla vedla mazaneho +aliasu/forwardu. Zmeny takto prevedene, sa aktivuju az po stlaceni tlacitka +pre ulozenie zmien v dolnej casti stranky. Dalej je mozne tlacidlami v +spodnej casti stranky vyziadat zmenu hesla uzivatela alebo zmazanie +uzivatela. Vsetky operacie su chranene heslom a su pristupne len pre +administratora systemu.

+ + + diff --git a/web/usr/share/ldapVmail/admin.php b/web/usr/share/ldapVmail/index.php similarity index 89% rename from web/usr/share/ldapVmail/admin.php rename to web/usr/share/ldapVmail/index.php index 63d939c..38ec26b 100644 --- a/web/usr/share/ldapVmail/admin.php +++ b/web/usr/share/ldapVmail/index.php @@ -58,7 +58,7 @@ printf("

Changing password for pop3/imap user %s:

",$uid); New user password: Retype user password: -Admin name: +Admin name: Admin password: @@ -99,6 +99,12 @@ else { if($action=="browse") { +printf("

"); + $sr=ldap_search($ds,$netBase,$filter); if ($sr!=NULL) { ldap_sort ($ds, $sr, "uid" ); @@ -116,10 +122,10 @@ $dcolor[3]="red"; for($spolu=$index=0;$index<$info["count"];$index++) { - printf("%s", + printf("%s", $dcolor[$index % 2 ], - $_SERVER["PHP_SELF"], - $info[$index]["uid"][0], +// $_SERVER["PHP_SELF"], + $info[$index]["uid"][0], $info[$index]["uid"][0]); if (0==$info[$index]["mailalternateaddress"]["count"]) printf("%s", diff --git a/web/usr/share/ldapVmail/k.php b/web/usr/share/ldapVmail/k.php new file mode 100644 index 0000000..307aadc --- /dev/null +++ b/web/usr/share/ldapVmail/k.php @@ -0,0 +1,490 @@ +",base64_encode($dn)); +printf("",$runtype); +printf("\n",base64_encode($uid)); +printf("\n",base64_encode($mail)); + for($j=0;strlen($alias[$j])>0;$j++){ + printf("\n",$j,base64_encode($alias[$j])); + } + for($j=0;strlen($forward[$j])>0;$j++){ + printf("\n",$j,base64_encode($forward[$j])); + } +} + +function putEditForm ($warningMessage) +{ +global $dn,$uid,$mail,$alias,$forward; +printf(""); +//------------------------------------------- + printf("Login: %s

Mail: %s

Aliases:
\n",htmlspecialchars($uid),htmlspecialchars($mail)); + $alias1=$alias; + //remove alias if match primary mail + foreach($alias1 as $i=>$value1){ + if($alias1[$i]==$mail){ + printf("Upozornenie, nasiel sa alias zhodny s primarnym mailom, pouzite SAVE na ulozenie zmien
"); + unset($alias1[$i]); + } + //remove duplicate aliases + foreach($alias1 as $jx=>$value2){ + if(($j != $i) && ($alias1[$j]==$alias1[$i])){ + printf("Upozornenie, nasiel sa duplicitny alias, pouzite SAVE na ulozenie zmien
"); + + unset($alias1[$j]); + } + } + } + $alias=$alias1; + foreach($alias as $i => $value1){ + if(strlen($alias[$i])>0){ + printf("\n\n"); + } + } + //------------------------------------------------- + printf("

Forwards:
\n"); + //------------------------------------------------- + $fcount=0; + $selfForward=0; + $forward1=$forward; + foreach($forward1 as $i => $value1){ + //remove duplicate forwards + foreach($forward1 as $j => $value2){ + if(($j != $i) && ($forward1[$j]==$forward1[$i])){ + printf("Upozornenie, nasiel sa duplicitny forward, pouzite SAVE na ulozenie zmien
"); + unset($forward1[$j]); + } + else + $fcount++; + } + //if mail is forwarded to my alias .. change forward to primary mail + foreach($alias as $j => $value2){ + if($alias[$j]==$forward1[$i]){ + printf("Upozornenie, nasiel sa forward na alias, bude zmeneny na primarny mail, pouzite SAVE na ulozenie zmien
"); + $forward1[$i]=$mail; + } + } + if($forward1[$i]==$mail) + $selfForward=1; + + } + if($fcount==1 && $selfForward==1){ + printf("Upozornenie, nepotrebny forward, pouzite SAVE na ulozenie zmien
"); + foreach($forward1 as $i => $value1){ + unset($forward1[$i]); + } + $selfForward=0; + $fcount=0; + } + $forward=$forward1; + if($selfForward==0) { + printf("\n\n"); + } + } + //------------------------------------------------- + printf("

\n"); + //------------------------------------------------- + if(strlen($warningMessage)>0) + printf("%s

",$warningMessage); + //------------------------------------------------- + printf("

"); + printf("

"); + printf(""); +} + +function putAdminPassInput($LdapAdmin,$submitString) +{ + printf("\n"); + printf(""); + printf("\n",strip_tags($LdapAdmin)); + printf(""); + printf("

Admin name:
Admin password:

\n"); + printf("",strip_tags($submitString)); +} + +function continueForm1 ($warningMessage) +{ +printf("%s"); +} + +function browseForm ($warningMessage) +{ +printf("%s"); +} + +function getValuesFromForm () +{ +global $dn,$uid,$mail,$alias,$forward; + $dn=base64_decode($_POST["dn"]); + $uid=base64_decode($_POST["uid"]); + $mail=base64_decode($_POST["mail"]); +} +function getAllValuesFromForm () +{ +global $dn,$uid,$mail,$alias,$forward; + getValuesFromForm (); + for($j=0,$i=0;strlen(base64_decode($_POST["alias"][$i]))>0;$i++) + $alias[$j++]=base64_decode($_POST["alias"][$i]); + for($j=0,$i=0;strlen(base64_decode($_POST["forward"][$i]))>0;$i++) + $forward[$j++]=base64_decode($_POST["forward"][$i]); +} +/* +echo "

";
+print_r ($_POST);
+echo "

"; +*/ + +global $dn,$uid,$mail,$alias,$forward; + +require("config.php"); +$ds=@ldap_connect($LdapHost); +if($ds==FALSE) + { + printf("INIT: Ldap server connect error"); + exit(0); + } +$r=@ldap_bind($ds,$LdapBind,$LdapPass); +if($r==FALSE) + { + printf("Ldap server bind error"); + exit(0); + } + +switch($_POST["running"]) { +case "ADDnew" : + $uid=$_POST["uid"]; + if(strlen($uid)>0) { + printf("Novy uzivatel %s:

",strip_tags($uid)); + printf("\n"); + putHiddenVariables ("ADDgo"); + putAdminPassInput($LdapAdmin,"SAVE"); + printf(""); + } + else { + browseForm ("Novy uzivatel bol chybne zadany"); + } + break; + +case "ADDgo": + getAllValuesFromForm (); + @ldap_close($ds); //rebind + $ds=@ldap_connect($LdapHost); + if($ds==FALSE){ + continueForm1("SAVE user: Ldap server connect error"); + break; + } + $r=@ldap_bind($ds,$_POST['admin'],$_POST['adminpasswd']); + if ($r==FALSE) { + continueForm1("Bad admin password\n"); + break; + } + + unset ($entree); + $entree["objectClass"][0]="top"; + $entree["objectClass"][1]="person"; + $entree["objectClass"][2]="organizationalPerson"; + $entree["objectClass"][3]="inetOrgPerson"; + $entree["objectClass"][4]="qmailUser"; + $entree["mail"]=$uid; + $entree["uid"]=$uid; + $entree["cn"]=$uid; + $entree["sn"]=$uid; + $entree["givenname"]=$uid; + $entree["userpassword"]=$uid; + $entree["accountstatus"]="active"; + $entree["mailmessagestore"]="/home/vmail/".$uid."/Maildir/"; + $dn="uid=".$uid.",".$netBase ; + $r=@ldap_add($ds, $dn, $entree); + $mail=$uid; + if ($r==FALSE) + continueForm1(sprintf("Nie je mozne upravit data uzivatela %s",strip_tags($uid))); + else + continueForm1(sprintf("uzivatel %s zavedeny",strip_tags($uid))); + break; + + +//run from edited editform +case "EDITform" : + getValuesFromForm (); + for($j=0,$i=0;strlen(base64_decode($_POST["alias"][$i]))>0;$i++) + if($_POST["zmazA"]!=$_POST["alias"][$i]) + $alias[$j++]=base64_decode($_POST["alias"][$i]); + if(strlen($_POST["aliasN"])>0) { + $aliasN=stripslashes($_POST["aliasN"]); + $filterx="(|(mail=".$aliasN.")(mailalternateaddress=".$aliasN."))"; + $sr=@ldap_search($ds,$netBase,$filterx); + if ($sr!=NULL) { + $info = @ldap_get_entries($ds, $sr); + if($info["count"]==0) + $alias[$j++]=$aliasN; + else + $warningMessage=sprintf("Pridavany alias %s uz pouziva iny uzivatel!
\n",strip_tags($aliasN)); + } + else + $warningMessage=sprintf("Ldapsearch error, pridavany alias moze byt pouzivany"); + } + for($j=0,$i=0;strlen(base64_decode($_POST["forward"][$i]))>0;$i++) + if($_POST["zmazF"]!=$_POST["forward"][$i]) + $forward[$j++]=base64_decode($_POST["forward"][$i]); + if(strlen($_POST["forwardN"])>0) + $forward[$j++]=stripslashes($_POST["forwardN"]); + + if(strlen($_POST["selfForward"])>0) + { + getAllValuesFromForm (); + if(in_array($mail,$forward)) + unset($forward[array_search($mail, $forward)]); + else + array_push($forward, $mail); + } + putEditForm($warningMessage); + break; + +//Add to ldap +case "SAVE": + getAllValuesFromForm (); + printf("Uzivatel %s zmena udajov:

",strip_tags($uid)); + printf("

\n"); + putHiddenVariables ("SAVEgo"); + putAdminPassInput($LdapAdmin,"SAVE"); + printf(""); + break; + +case "SAVEgo": + getAllValuesFromForm (); + @ldap_close($ds); //rebind + $ds=@ldap_connect($LdapHost); + if($ds==FALSE){ + continueForm1("SAVE user: Ldap server connect error"); + break; + } + $r=@ldap_bind($ds,$_POST['admin'],$_POST['adminpasswd']); + if ($r==FALSE) { + continueForm1("Bad admin password\n"); + break; + } + + unset ($entree); + for($j=0;strlen($forward[$j])>0;$j++) + $entree["mailforwardingaddress"][$j] = $forward[$j]; + if($j==0) {//workaround + $entree["mailforwardingaddress"]=$mail; + $r=@ldap_mod_replace($ds, $dn, $entree); + if($r==FALSE){ + continueForm1(sprintf("Nie je mozne upravit data uzivatela %s",strip_tags($uid))); + break; + } + $entree["mailforwardingaddress"]=$mail; + $r=ldap_mod_del($ds, $dn, $entree); + if($r==FALSE){ + continueForm1(sprintf("Nie je mozne upravit data uzivatela %s",strip_tags($uid))); + break; + } + } + else { + $r=ldap_mod_replace($ds, $dn, $entree); + if($r==FALSE){ + continueForm1(sprintf("Nie je mozne upravit data uzivatela %s",strip_tags($uid))); + break; + } + } + unset ($entree); + for($j=0;strlen($alias[$j])>0;$j++) + $entree["mailalternateaddress"][$j] = $alias[$j]; + if($j==0) {//workaround + $entree["mailalternateaddress"]=$mail; + $r=ldap_mod_replace($ds, $dn, $entree); + if($r==FALSE){ + continueForm1(sprintf("Nie je mozne upravit data uzivatela %s",strip_tags($uid))); + break; + } + $entree["mailalternateaddress"]=$mail; + $r=ldap_mod_del($ds, $dn, $entree); + if($r==FALSE){ + continueForm1(sprintf("Nie je mozne upravit data uzivatela %s",strip_tags($uid))); + break; + } + } + else { + $r=ldap_mod_replace($ds, $dn, $entree); + if($r==FALSE){ + continueForm1(sprintf("Nie je mozne upravit data uzivatela %s",strip_tags($uid))); + break; + } + } + continueForm1(sprintf("data uzivatela %s su upravene",strip_tags($uid))); + break; + +//password change button was pressed +case "PASS": + $userpassword=0; //now only admin is approved to change passwords + getAllValuesFromForm (); + $sr=@ldap_search($ds,$dn,$filter); + if ($sr==NULL) { + $warningMessage=sprintf("Ldapsearch error, neviem najst uzivatela pre zmenu hesla"); + putEditForm($warningMessage); + exit(0); + } + $info = @ldap_get_entries($ds, $sr); + if($info["count"]!=1) { + $warningMessage=sprintf("Ldapsearch error, neviem najst uzivatela pre zmenu hesla"); + putEditForm($warningMessage); + exit(0); + } + $uid=$info[0]["uid"][0]; + printf("Changing password for pop3/imap user %s

",strip_tags($uid)); + printf("

\n"); + printf(""); + printf("\n"); + printf(""); + printf("

New user password:
Retype user password:

\n"); + if($userpassword==0) + putAdminPassInput($LdapAdmin,"Change password"); + else + putAdminPassInput($uid,"Change password"); + putHiddenVariables ("PASSgo"); + printf(""); + break; + + +//new password update +case "PASSgo": + getAllValuesFromForm (); + if(strlen($_POST['new1passwd'])<8 ) { + continueForm1("Prilis kratke heslo, ma mat aspon 8 znakov\n"); + break; + } + if($_POST['new1passwd'] != $_POST['new2passwd']) { + continueForm1("Nove hesla uzivatela sa nezhoduju\n"); + break; + } + @ldap_close($ds); //rebind + $ds=@ldap_connect($LdapHost); + if($ds==FALSE){ + continueForm1("Password change: Ldap server connect error"); + break; + } + $r=@ldap_bind($ds,$_POST['admin'],$_POST['adminpasswd']); + if ($r==FALSE) { + continueForm1("Bad admin password\n"); + break; + } + $CRYPT_MD5=1; //create a md5 password + $infoNew["userpassword"]="{crypt}".crypt($_POST['new1passwd']); + $r2=@ldap_mod_replace($ds, $dn, $infoNew); + if($r2==FALSE){ + continueForm1(sprintf("Nebolo mozne zmenit heslo
Server oznamil: [%s]\n",strip_tags($ldap_error($ds)))); + break; + } + continueForm1(sprintf("Heslo pre uzivatela %s bolo uspesne zmenene",strip_tags($uid))); + break; + +case "DEL": + getAllValuesFromForm (); + printf("Delete user %s mail: %s ? ",strip_tags($uid),strip_tags($mail)); + printf("\n"); + putHiddenVariables ("DELgo"); + putAdminPassInput($LdapAdmin,"Delete user"); + printf(""); + break; + +case "DELgo": + getAllValuesFromForm (); + @ldap_close($ds); //rebind + $ds=@ldap_connect($LdapHost); + if($ds==FALSE){ + continueForm1("DEL user: Ldap server connect error"); + break; + } + $r=@ldap_bind($ds,$_POST['admin'],$_POST['adminpasswd']); + if ($r==FALSE) { + continueForm1("Bad admin password\n"); + break; + } + $r2=@ldap_delete($ds, $dn); + if($r2==FALSE){ + continueForm1(sprintf("Nie je mozne zmazat uzivatela %s",strip_tags($uid))); + break; + } + browseForm(sprintf("Uzivatel %s bol zmazany",strip_tags($uid))); + break; + +//first run +default: + $uid=$_GET["uid"]; + $sr=@ldap_search($ds,$netBase,"uid=".$uid); + if ($sr==NULL) { + printf("ldapsearch error\n"); + exit(0); + } + @ldap_sort ($ds, $sr, "uid" ); + $info = @ldap_get_entries($ds, $sr); + if($info["count"]!=1) { + printf("Multiple uid selections !, database integrity error or bad query! %d\n",$info["count"]); + exit(0); + } + $mail=$info[0]["mail"][0]; + $dn=$info[0]["dn"]; + for($i=0;$i<$info[0]["mailalternateaddress"]["count"];$i++) + $alias[$i]=$info[0]["mailalternateaddress"][$i]; + for($i=0;$i<$info[0]["mailforwardingaddress"]["count"];$i++) + $forward[$i]=$info[0]["mailforwardingaddress"][$i]; + putEditForm(""); + break; +} //switch +@ldap_close($ds); +?>