diff --git a/cas_authn/cas_authn.php b/cas_authn/cas_authn.php index 6e0198d..a0c7c35 100644 --- a/cas_authn/cas_authn.php +++ b/cas_authn/cas_authn.php @@ -22,6 +22,7 @@ class cas_authn extends rcube_plugin { private $cas_inited; + private $_cache_cfg = null; /** * Initialize plugin @@ -33,6 +34,10 @@ function init() { // load plugin configuration $this->load_config(); + + if ($this->isDisabled()) { + return; + } // add application hooks $this->add_hook('startup', array($this, 'startup')); @@ -42,6 +47,35 @@ function init() { $this->add_hook('template_object_loginform', array($this, 'add_cas_login_html')); } + /** + * Gets config and caches + * + * @return array configuration array + */ + function getCfg() { + if (is_null($_cache_cfg)) { + $_cache_cfg = rcmail::get_instance()->config->all(); + } + return $_cache_cfg; + } + + /** + * Determine if this plugin should be disable for current request + * + * @return bool true -- disabled; false -- enabled + */ + function isDisabled() { + $cfg = $this->getCfg(); + if (is_array($cfg['cas_disable_for_domains'])) { + foreach ($cfg['cas_disable_for_domains'] as $domain_pattern) { + if (preg_match($domain_pattern, $_SERVER['SERVER_NAME'])) { + return true; + } + } + } + return false; + } + /** * Handle plugin-specific actions * These actions are handled at the startup hook rather than registered as @@ -49,7 +83,7 @@ function init() { * these actions need to be handled. * * @param array $args arguments from rcmail -* @return array modified arguments + * @return array modified arguments */ function startup($args) { // intercept PGT callback action from CAS server @@ -106,13 +140,22 @@ function startup($args) { $user = phpCAS::getUser(); $pass = ''; // retrieve credentials, either a Proxy Ticket or 'masteruser' password - $cfg = rcmail::get_instance()->config->all(); + $cfg = $this->getCfg(); if ($cfg['cas_proxy']) { $_SESSION['cas_pt'][php_uname('n')] = phpCAS::retrievePT($cfg['cas_imap_name'], $err_code, $output); $pass = $_SESSION['cas_pt'][php_uname('n')]; } else { $pass = $cfg['cas_imap_password']; + + if (!empty($cfg['cas_imap_masteruser'])) { + if (!empty($cfg['username_domain'])) { + $user .= '@'.rcube_utils::parse_host($cfg['username_domain']).'*'.$cfg['cas_imap_masteruser']; + $cfg['username_domain'] = ''; + } else { + $user .= '*'.$cfg['cas_imap_masteruser']; + } + } } // Do Roundcube login actions @@ -150,7 +193,7 @@ function startup($args) { */ function imap_connect($args) { // retrieve configuration - $cfg = rcmail::get_instance()->config->all(); + $cfg = $this->getCfg(); // RoundCube is acting as CAS proxy if ($cfg['cas_proxy']) { @@ -212,7 +255,7 @@ function imap_connect($args) { */ function smtp_connect($args) { // retrieve configuration - $cfg = rcmail::get_instance()->config->all(); + $cfg = $this->getCfg(); // RoundCube is acting as CAS proxy and performing SMTP authn if ($cfg['cas_proxy'] && $args['smtp_user'] && $args['smtp_pass']) { @@ -242,7 +285,7 @@ function smtp_connect($args) { */ function sieverules_connect($args) { // retrieve configuration - $cfg = rcmail::get_instance()->config->all(); + $cfg = $this->getCfg(); // RoundCube is acting as CAS proxy if ($cfg['opt_cas_proxy']) { @@ -268,10 +311,12 @@ function add_cas_login_html($args) { $RCMAIL = rcmail::get_instance(); $this->add_texts('localization'); // retrieve configuration - $cfg = rcmail::get_instance()->config->all(); + $cfg = $this->getCfg(); + + $this->cas_init(); // Force CAS authn? - if($cfg["cas_force"]) { + if($cfg["cas_force"] && !phpCAS::checkAuthentication()) { global $OUTPUT; $OUTPUT->redirect(array('action' => 'caslogin')); } @@ -304,7 +349,7 @@ private function cas_init() { session_destroy(); } - $cfg = rcmail::get_instance()->config->all(); + $cfg = $this->getCfg(); // include phpCAS require_once('CAS.php'); @@ -395,7 +440,7 @@ private function generate_url($params) { $delm = '&'; } } - $cfg = rcmail::get_instance()->config->all(); + $cfg = $this->getCfg(); if ( $cfg['cas_webmail_server_name'] ) { $serverName = $cfg['cas_webmail_server_name']; } else { diff --git a/cas_authn/config.inc.php.dist b/cas_authn/config.inc.php.dist index 6320259..bcf72df 100644 --- a/cas_authn/config.inc.php.dist +++ b/cas_authn/config.inc.php.dist @@ -9,6 +9,10 @@ // the CAS login URL. This means nobody will ever see the RC login page. $rcmail_config['cas_force'] = false; +// Disable this plugin for 'SERVER_NAME' that matches to a pattern from the +// array: +$rcmail_config['cas_disable_for_domains'] = array("/nocas\.example\.com/", "/.*\.nocas\.example\.com/"); + // whether to act as a CAS proxy. If set to true, a proxy ticket will be // retrieved from the CAS server to be used as password for logging into // the IMAP server. This is the preferred method of authenticating @@ -48,6 +52,15 @@ $rcmail_config['cas_imap_pt_expiration_time'] = 300; // authorized users. $rcmail_config['cas_imap_password'] = ''; +// Don't authenticate to IMAP using user's username. Use "username*masteruser" instead. +// If user's username is "user@example.com" and master's username is "master@example.com" +// then the plugin will authenticate using username "user@example.com*master@example.com". +// See "http://wiki2.dovecot.org/Authentication/MasterUsers" for more information. +// This option is ignored if "cas_proxy" is set to true. +// +// To disable this option -- just comment it out. +//$rcmail_config['cas_imap_masteruser'] = 'master@example.com'; + // CAS server host name. $rcmail_config['cas_hostname'] = 'address.of.cas.server';