diff --git a/webui/config.php b/webui/config.php index 07570004..e93ec587 100644 --- a/webui/config.php +++ b/webui/config.php @@ -110,6 +110,9 @@ $config['ENABLE_SYSLOG'] = 1; $config['REWRITE_MESSAGE_ID'] = 0; $config['RESTRICTED_AUDITOR'] = 0; +$config['SHOW_ENVELOPE_JOURNAL'] = 0; +$config['BULK_DOWNLOAD_FOR_USERS'] = 1; + $config['MAX_CGI_FROM_SUBJ_LEN'] = 34; $config['PAGE_LEN'] = 20; $config['MAX_NUMBER_OF_FROM_ITEMS'] = 5; @@ -149,7 +152,7 @@ $config['DB_DATABASE'] = 'piler'; $config['SPHINX_DRIVER'] = 'sphinx'; $config['SPHINX_DATABASE'] = 'sphinx'; $config['SPHINX_HOSTNAME'] = '127.0.0.1:9306'; -$config['SPHINX_MAIN_INDEX'] = 'dailydelta1,main1,main2,main3,main4'; +$config['SPHINX_MAIN_INDEX'] = 'dailydelta1,main1'; $config['SPHINX_TAG_INDEX'] = 'tag1'; $config['SPHINX_NOTE_INDEX'] = 'note1'; @@ -225,6 +228,9 @@ require_once 'config-site.php'; if(isset($_SESSION['theme']) && preg_match("/^([a-zA-Z0-9\-\_]+)$/", $_SESSION['theme'])) { $config['THEME'] = $_SESSION['theme']; } +// make sure auditors are restricted in a saas environment +if($config['ENABLE_SAAS'] == 1 && $_SESSION['username'] != 'auditor@local') { $config['RESTRICTED_AUDITOR'] = 1; } + foreach ($config as $k => $v) { define($k, $v); } diff --git a/webui/controller/message/headers.php b/webui/controller/message/headers.php index d3d31d2a..8906ed0d 100644 --- a/webui/controller/message/headers.php +++ b/webui/controller/message/headers.php @@ -37,7 +37,7 @@ class ControllerMessageHeaders extends Controller { $this->data['piler_id'] = $this->model_search_message->get_piler_id_by_id($this->data['id']); - $this->data['data'] = $this->model_search_message->get_message_headers($this->data['piler_id']); + $this->data['message'] = $this->model_search_message->get_message_headers($this->data['piler_id']); $this->render(); } diff --git a/webui/controller/message/journal.php b/webui/controller/message/journal.php new file mode 100644 index 00000000..c26ca0fd --- /dev/null +++ b/webui/controller/message/journal.php @@ -0,0 +1,48 @@ +id = "content"; + $this->template = "message/journal.tpl"; + $this->layout = "common/layout-empty"; + + $request = Registry::get('request'); + $db = Registry::get('db'); + + $this->load->model('search/search'); + $this->load->model('search/message'); + + $this->load->model('user/user'); + + $this->document->title = $this->data['text_message']; + + $this->data['id'] = @$this->request->get['id']; + + if(!verify_piler_id($this->data['id'])) { + AUDIT(ACTION_UNKNOWN, '', '', $this->data['id'], 'unknown id: ' . $this->data['id']); + die("invalid id: " . $this->data['id']); + } + + if(!$this->model_search_search->check_your_permission_by_id($this->data['id'])) { + AUDIT(ACTION_UNAUTHORIZED_VIEW_MESSAGE, '', '', $this->data['id'], ''); + die("no permission for " . $this->data['id']); + } + + AUDIT(ACTION_VIEW_HEADER, '', '', $this->data['id'], ''); + + if(Registry::get('auditor_user') == 1) { $this->data['rcpt'] = $this->model_search_search->get_message_addresses_in_my_domain($this->data['id']); } + + $this->data['piler_id'] = $this->model_search_message->get_piler_id_by_id($this->data['id']); + + $this->data['data'] = $this->model_search_message->get_message_journal($this->data['piler_id']); + + $this->render(); + } + + +} + +?> diff --git a/webui/language/de/messages.php b/webui/language/de/messages.php index d6f5a3a2..06c74ee5 100644 --- a/webui/language/de/messages.php +++ b/webui/language/de/messages.php @@ -345,6 +345,7 @@ $_['text_users_quarantine'] = "Quarantäne des Benutzers"; $_['text_view_formatted_email'] = "Nachricht formatiert ansehen"; $_['text_view_header'] = "Kopfzeilen anzeigen"; $_['text_view_headers'] = "Kopfzeilen anzeigen"; +$_['text_view_journal_envelope'] = "Envelope anzeigen"; $_['text_view_message'] = "Nachrichtentext anzeigen"; $_['text_view_message2'] = "Nachricht anzeigen"; $_['text_view_raw_email'] = "Quelltext anzeigen"; diff --git a/webui/language/en/messages.php b/webui/language/en/messages.php index a39e884e..30383519 100644 --- a/webui/language/en/messages.php +++ b/webui/language/en/messages.php @@ -345,6 +345,7 @@ $_['text_users_quarantine'] = "User's quarantine"; $_['text_view_formatted_email'] = "View formatted email"; $_['text_view_header'] = "view header"; $_['text_view_headers'] = "View headers"; +$_['text_view_journal_envelope'] = "View envelope"; $_['text_view_message'] = "View message"; $_['text_view_message2'] = "view message"; $_['text_view_raw_email'] = "View raw email"; diff --git a/webui/language/hu/messages.iso-8859-2.php b/webui/language/hu/messages.iso-8859-2.php index 3e19d537..1d020637 100644 --- a/webui/language/hu/messages.iso-8859-2.php +++ b/webui/language/hu/messages.iso-8859-2.php @@ -346,6 +346,7 @@ $_['text_users_quarantine'] = "Felhaszn $_['text_view_formatted_email'] = "Formázott levél megtekintése"; $_['text_view_header'] = "fejléc megtekintése"; $_['text_view_headers'] = "Levél fejléce"; +$_['text_view_journal_envelope'] = "Journal envelope"; $_['text_view_message'] = "Levél megtekintése"; $_['text_view_message2'] = "levél megtekintése"; $_['text_view_raw_email'] = "Formázatlan levél megtekintése"; diff --git a/webui/language/hu/messages.php b/webui/language/hu/messages.php index c2db733c..653c59c5 100644 --- a/webui/language/hu/messages.php +++ b/webui/language/hu/messages.php @@ -346,6 +346,7 @@ $_['text_users_quarantine'] = "FelhasználĂłk karantĂ©nja"; $_['text_view_formatted_email'] = "Formázott levĂ©l megtekintĂ©se"; $_['text_view_header'] = "fejlĂ©c megtekintĂ©se"; $_['text_view_headers'] = "LevĂ©l fejlĂ©ce"; +$_['text_view_journal_envelope'] = "Journal envelope"; $_['text_view_message'] = "LevĂ©l megtekintĂ©se"; $_['text_view_message2'] = "levĂ©l megtekintĂ©se"; $_['text_view_raw_email'] = "Formázatlan levĂ©l megtekintĂ©se"; diff --git a/webui/language/pt/messages.php b/webui/language/pt/messages.php index 68a6bd77..49ff6711 100644 --- a/webui/language/pt/messages.php +++ b/webui/language/pt/messages.php @@ -339,6 +339,7 @@ $_['text_users_quarantine'] = "Quarentena de usuário"; $_['text_view_formatted_email'] = "Visualizar email formatado"; $_['text_view_header'] = "Visualizar cabeçalho"; $_['text_view_headers'] = "Visualizar cabeçalho"; +$_['text_view_journal_envelope'] = "Visualizar envelope"; $_['text_view_message'] = "Visualizar mensagem"; $_['text_view_message2'] = "visualizar mensagem"; $_['text_view_raw_email'] = "Visualizar email em formar RAW"; diff --git a/webui/model/saas/ldap.php b/webui/model/saas/ldap.php index 751624da..2ea7a16b 100644 --- a/webui/model/saas/ldap.php +++ b/webui/model/saas/ldap.php @@ -5,7 +5,7 @@ class ModelSaasLdap extends Model public function get() { - $query = $this->db->query("SELECT id, description, ldap_host, ldap_base_dn, ldap_bind_dn FROM " . TABLE_LDAP . " ORDER BY description ASC"); + $query = $this->db->query("SELECT id, description, ldap_type, ldap_host, ldap_base_dn, ldap_bind_dn FROM " . TABLE_LDAP . " ORDER BY description ASC"); if($query->num_rows > 0) { return $query->rows; } @@ -29,11 +29,11 @@ class ModelSaasLdap extends Model public function add($arr = array()) { if(!isset($arr['description']) || !isset($arr['ldap_host'])) { return 0; } - $query = $this->db->query("INSERT INTO " . TABLE_LDAP . " (description, ldap_host, ldap_base_dn, ldap_bind_dn, ldap_bind_pw) VALUES (?,?,?,?,?)", array($arr['description'], $arr['ldap_host'], $arr['ldap_base_dn'], $arr['ldap_bind_dn'], $arr['ldap_bind_pw'])); + $query = $this->db->query("INSERT INTO " . TABLE_LDAP . " (description, ldap_host, ldap_base_dn, ldap_bind_dn, ldap_bind_pw, ldap_type) VALUES (?,?,?,?,?,?)", array($arr['description'], $arr['ldap_host'], $arr['ldap_base_dn'], $arr['ldap_bind_dn'], $arr['ldap_bind_pw'], $arr['ldap_type'])); $rc = $this->db->countAffected(); - LOGGER("add ldap entry: " . $arr['description'] . " / " . $arr['ldap_host'] . " / " . $arr['ldap_base_dn'] . " (rc=$rc)"); + LOGGER("add ldap entry: " . $arr['description'] . " / " . $arr['ldap_type'] . " / " . $arr['ldap_host'] . " / " . $arr['ldap_base_dn'] . " (rc=$rc)"); if($rc == 1){ return 1; } @@ -48,9 +48,9 @@ class ModelSaasLdap extends Model list($l,$d) = explode("@", $email); - $query = $this->db->query("SELECT ldap_host, ldap_base_dn, ldap_bind_dn, ldap_bind_pw from " . TABLE_DOMAIN . " as d, " . TABLE_LDAP . " as l where d.ldap_id=l.id and d.domain=?", array($d)); + $query = $this->db->query("SELECT ldap_type, ldap_host, ldap_base_dn, ldap_bind_dn, ldap_bind_pw from " . TABLE_DOMAIN . " as d, " . TABLE_LDAP . " as l where d.ldap_id=l.id and d.domain=?", array($d)); - if($query->num_rows > 0) { return array($query->row['ldap_host'], $query->row['ldap_base_dn'], $query->row['ldap_bind_dn'], $query->row['ldap_bind_pw']); } + if($query->num_rows > 0) { return array($query->row['ldap_type'], $query->row['ldap_host'], $query->row['ldap_base_dn'], $query->row['ldap_bind_dn'], $query->row['ldap_bind_pw']); } return array(); } diff --git a/webui/model/search/message.php b/webui/model/search/message.php index ed0bc58e..31309a29 100644 --- a/webui/model/search/message.php +++ b/webui/model/search/message.php @@ -178,7 +178,7 @@ class ModelSearchMessage extends Model { $msg = $this->get_raw_message($id); $this->disconnect_from_pilergetd(); - $this->remove_journal($msg); + $has_journal = $this->remove_journal($msg); $pos = strpos($msg, "\n\r\n"); if($pos == false) { @@ -193,6 +193,55 @@ class ModelSearchMessage extends Model { $data = preg_replace("/\/", ">", $data); + return array('headers' => $data, 'has_journal' => $has_journal); + } + + + public function get_message_journal($id = '') { + $data = '< >'; + $boundary = ''; + + $this->connect_to_pilergetd(); + $msg = $this->get_raw_message($id); + $this->disconnect_from_pilergetd(); + + $hdr = substr($msg, 0, 8192); + + $s = preg_split("/\n/", $hdr); + while(list($k, $v) = each($s)) { + if(preg_match("/boundary\s{0,}=\s{0,}\"{0,}([\w\_\-\@\.]+)\"{0,}/i", $v, $m)) { + if(isset($m[1])) { $boundary = $m[1]; break; } + } + } + + + $p = strstr($msg, "\nX-MS-Journal-Report:"); + $msg = ''; + + if($p) { + + $s = preg_split("/\n/", $p); + + $i=0; $j=0; $data = ''; + + while(list($k, $v) = each($s)) { + if(strstr($v, $boundary)) { $i++; } + if($i > 0 && preg_match("/^\s{1,}$/", $v)) { $j++; } + + if($j == 1) { + $data .= "$v\n"; + } + + if($i >= 2) { break; } + } + + $p = ''; + + $data = preg_replace("/\/", ">", $data); + + } + return $data; } @@ -200,6 +249,7 @@ class ModelSearchMessage extends Model { public function remove_journal(&$msg = '') { $p = $q = ''; $boundary = ''; + $has_journal = 0; $hdr = substr($msg, 0, 4096); @@ -212,6 +262,8 @@ class ModelSearchMessage extends Model { $p = strstr($msg, "\nX-MS-Journal-Report:"); if($p) { + $has_journal = 1; + $msg = ''; $q = strstr($p, "Received: from"); if($q) { @@ -225,7 +277,11 @@ class ModelSearchMessage extends Model { } } - if($boundary) { $msg = substr($msg, 0, strlen($msg) - strlen($boundary) - 6); } + if($boundary) { + $msg = substr($msg, 0, strlen($msg) - strlen($boundary) - 6); + } + + return $has_journal; } @@ -250,7 +306,7 @@ class ModelSearchMessage extends Model { $msg = $this->get_raw_message($id); $this->disconnect_from_pilergetd(); - $this->remove_journal($msg); + $has_journal = $this->remove_journal($msg); $a = explode("\n", $msg); $msg = ""; @@ -365,7 +421,8 @@ class ModelSearchMessage extends Model { 'to' => $this->decode_my_str($to), 'subject' => $this->highlight_search_terms($this->decode_my_str($subject), $terms), 'date' => $this->decode_my_str($date), - 'message' => $this->highlight_search_terms($message, $terms) + 'message' => $this->highlight_search_terms($message, $terms), + 'has_journal' => $has_journal ); } diff --git a/webui/model/user/auth.php b/webui/model/user/auth.php index f9ffa3e7..7849d8fc 100644 --- a/webui/model/user/auth.php +++ b/webui/model/user/auth.php @@ -68,20 +68,59 @@ class ModelUserAuth extends Model { $ldap_helper_dn = LDAP_HELPER_DN; $ldap_helper_password = LDAP_HELPER_PASSWORD; + $ldap_mail_attr = LDAP_MAIL_ATTR; + $ldap_account_objectclass = LDAP_ACCOUNT_OBJECTCLASS; + $ldap_distributionlist_attr = LDAP_DISTRIBUTIONLIST_ATTR; + $ldap_distributionlist_objectclass = LDAP_DISTRIBUTIONLIST_OBJECTCLASS; + if(ENABLE_SAAS == 1) { $a = $this->model_saas_ldap->get_ldap_params_by_email($username); - $ldap_host = $a[0]; - $ldap_base_dn = $a[1]; - $ldap_helper_dn = $a[2]; - $ldap_helper_password = $a[3]; + $ldap_type = $a[0]; + $ldap_host = $a[1]; + $ldap_base_dn = $a[2]; + $ldap_helper_dn = $a[3]; + $ldap_helper_password = $a[4]; + + switch ($ldap_type) { + + case 'AD': + $ldap_mail_attr = 'mail'; + $ldap_account_objectclass = 'user'; + $ldap_distributionlist_attr = 'member'; + $ldap_distributionlist_objectclass = 'group'; + break; + + case 'zimbra': + $ldap_mail_attr = 'mail'; + $ldap_account_objectclass = 'zimbraAccount'; + $ldap_distributionlist_attr = 'zimbraMailForwardingAddress'; + $ldap_distributionlist_objectclass = 'zimbraDistributionList'; + break; + + case 'iredmail': + $ldap_mail_attr = 'mail'; + $ldap_account_objectclass = 'mailUser'; + $ldap_distributionlist_attr = 'memberOfGroup'; + $ldap_distributionlist_objectclass = 'mailList'; + break; + + case 'lotus': + $ldap_mail_attr = 'mail'; + $ldap_account_objectclass = 'dominoPerson'; + $ldap_distributionlist_attr = 'mail'; + $ldap_distributionlist_objectclass = 'dominoGroup'; + break; + + + } } $ldap = new LDAP($ldap_host, $ldap_helper_dn, $ldap_helper_password); if($ldap->is_bind_ok()) { - $query = $ldap->query($ldap_base_dn, "(&(objectClass=" . LDAP_ACCOUNT_OBJECTCLASS . ")(" . LDAP_MAIL_ATTR . "=$username))", array()); + $query = $ldap->query($ldap_base_dn, "(&(objectClass=$ldap_account_objectclass)($ldap_mail_attr=$username))", array()); if(isset($query->row['dn']) && $query->row['dn']) { $a = $query->row; @@ -92,7 +131,7 @@ class ModelUserAuth extends Model { if($ldap_auth->is_bind_ok()) { - $query = $ldap->query($ldap_base_dn, "(|(&(objectClass=" . LDAP_ACCOUNT_OBJECTCLASS . ")(" . LDAP_MAIL_ATTR . "=$username))(&(objectClass=" . LDAP_DISTRIBUTIONLIST_OBJECTCLASS . ")(" . LDAP_DISTRIBUTIONLIST_ATTR . "=$username)" . ")(&(objectClass=" . LDAP_DISTRIBUTIONLIST_OBJECTCLASS . ")(" . LDAP_DISTRIBUTIONLIST_ATTR . "=" . stripslashes($a['dn']) . ")))", array()); + $query = $ldap->query($ldap_base_dn, "(|(&(objectClass=$ldap_account_objectclass)($ldap_mail_attr=$username))(&(objectClass=$ldap_distributionlist_objectclass)($ldap_distributionlist_attr=$username)" . ")(&(objectClass=$ldap_distributionlist_objectclass)($ldap_distributionlist_attr=" . stripslashes($a['dn']) . ")))", array("mail", "mailalternateaddress", "proxyaddresses", $ldap_distributionlist_attr)); $is_auditor = $this->check_ldap_membership($query->rows); @@ -148,7 +187,7 @@ class ModelUserAuth extends Model { $data = array(); foreach($e as $a) { - foreach (array("mail", "mailalternateaddress", "proxyaddresses", LDAP_MAIL_ATTR, LDAP_DISTRIBUTIONLIST_ATTR) as $mailattr) { + //foreach (array("mail", "mailalternateaddress", "proxyaddresses", LDAP_MAIL_ATTR, LDAP_DISTRIBUTIONLIST_ATTR) as $mailattr) { if(isset($a[$mailattr])) { if(isset($a[$mailattr]['count'])) { @@ -164,7 +203,7 @@ class ModelUserAuth extends Model { if(!in_array($email, $data) && strchr($email, '@') && substr($email, 0, 4) != 'sip:') { array_push($data, $email); } } } - } + //} } return $data; @@ -243,6 +282,11 @@ class ModelUserAuth extends Model { public function check_ntlm_auth() { + $ldap_mail_attr = 'mail'; + $ldap_account_objectclass = 'user'; + $ldap_distributionlist_attr = 'member'; + $ldap_distributionlist_objectclass = 'group'; + if(!isset($_SERVER['REMOTE_USER'])) { return 0; } $u = explode("\\", $_SERVER['REMOTE_USER']); @@ -253,7 +297,7 @@ class ModelUserAuth extends Model { if($ldap->is_bind_ok()) { - $query = $ldap->query(LDAP_BASE_DN, "(&(objectClass=" . LDAP_ACCOUNT_OBJECTCLASS . ")(samaccountname=" . $u[1] . "))", array()); + $query = $ldap->query(LDAP_BASE_DN, "(&(objectClass=$ldap_account_objectclass)(samaccountname=" . $u[1] . "))", array()); if(isset($query->row['dn'])) { $a = $query->row; @@ -261,7 +305,7 @@ class ModelUserAuth extends Model { if(isset($a['mail']['count'])) { $username = $a['mail'][0]; } else { $username = $a['mail']; } $username = strtolower(preg_replace("/^smtp\:/i", "", $username)); - $query = $ldap->query(LDAP_BASE_DN, "(|(&(objectClass=" . LDAP_ACCOUNT_OBJECTCLASS . ")(" . LDAP_MAIL_ATTR . "=$username))(&(objectClass=" . LDAP_DISTRIBUTIONLIST_OBJECTCLASS . ")(" . LDAP_DISTRIBUTIONLIST_ATTR . "=$username)" . ")(&(objectClass=" . LDAP_DISTRIBUTIONLIST_OBJECTCLASS . ")(" . LDAP_DISTRIBUTIONLIST_ATTR . "=" . $a['dn'] . ")))", array()); + $query = $ldap->query(LDAP_BASE_DN, "(|(&(objectClass=$ldap_account_objectclass)($ldap_mail_attr=$username))(&(objectClass=$ldap_distributionlist_objectclass)($ldap_distributionlist_attr=$username)" . ")(&(objectClass=$ldap_distributionlist_objectclass)($ldap_distributionlist_attr=" . $a['dn'] . ")))", array()); $emails = $this->get_email_array_from_ldap_attr($query->rows); diff --git a/webui/view/javascript/piler-in.js b/webui/view/javascript/piler-in.js index 0aa29036..d084a68a 100644 --- a/webui/view/javascript/piler-in.js +++ b/webui/view/javascript/piler-in.js @@ -274,6 +274,13 @@ var Piler = }, + view_journal:function(id) + { + Piler.log("[view_journal]"); + Piler.load_url_to_preview_pane('/index.php?route=message/journal&id=' + id); + }, + + restore_message:function(id) { Piler.log("[restore_message]"); diff --git a/webui/view/theme/default/templates/ldap/list.tpl b/webui/view/theme/default/templates/ldap/list.tpl index 05c11a6a..19477c90 100644 --- a/webui/view/theme/default/templates/ldap/list.tpl +++ b/webui/view/theme/default/templates/ldap/list.tpl @@ -6,6 +6,17 @@
+
+ +
+ +
+
@@ -53,6 +64,7 @@ + @@ -62,6 +74,7 @@ + diff --git a/webui/view/theme/default/templates/message/headers.tpl b/webui/view/theme/default/templates/message/headers.tpl index 6dd2dbca..b48d2c95 100644 --- a/webui/view/theme/default/templates/message/headers.tpl +++ b/webui/view/theme/default/templates/message/headers.tpl @@ -20,9 +20,13 @@   |   + + |   + +

-
+
diff --git a/webui/view/theme/default/templates/message/journal.tpl b/webui/view/theme/default/templates/message/journal.tpl new file mode 100644 index 00000000..e25f871f --- /dev/null +++ b/webui/view/theme/default/templates/message/journal.tpl @@ -0,0 +1,30 @@ +
+ 0) { ?> + +
+ +
+ + + + +
+ +
+ +

+   | + +   | + +   | + +   +   + +

+ +
+ +
+ diff --git a/webui/view/theme/default/templates/message/restore.tpl b/webui/view/theme/default/templates/message/restore.tpl index 57701ecf..0b9830d2 100644 --- a/webui/view/theme/default/templates/message/restore.tpl +++ b/webui/view/theme/default/templates/message/restore.tpl @@ -8,4 +8,5 @@
-
\ No newline at end of file + + diff --git a/webui/view/theme/default/templates/message/view.tpl b/webui/view/theme/default/templates/message/view.tpl index 343244b1..6d285b10 100644 --- a/webui/view/theme/default/templates/message/view.tpl +++ b/webui/view/theme/default/templates/message/view.tpl @@ -20,6 +20,9 @@   |   + + |   +


diff --git a/webui/view/theme/default/templates/search/helper.tpl b/webui/view/theme/default/templates/search/helper.tpl index fdd0d4d6..49512b49 100644 --- a/webui/view/theme/default/templates/search/helper.tpl +++ b/webui/view/theme/default/templates/search/helper.tpl @@ -137,6 +137,8 @@   + + diff --git a/webui/view/theme/orig/templates/search/helper.tpl b/webui/view/theme/orig/templates/search/helper.tpl index 4afd9a18..bd9da664 100644 --- a/webui/view/theme/orig/templates/search/helper.tpl +++ b/webui/view/theme/orig/templates/search/helper.tpl @@ -9,7 +9,10 @@ - + +
checked="checked" onclick="Piler.toggle_bulk_check();" />aaa + + aaa